Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:What's changed? (Score 1) 136

On the internet, short of blocking them on social media, you are confronted with them constantly.

Actually, I think it's the ability to block (or just de-friend) that creates the biggest part of the problem. It creates echo chamber effects, which help ideas morph into their most virulent and effective forms, especially ideas that demonize the holders of opposing ideas -- which, from a memetic evolutionary perspective are really cooperating ideas, not competing at all.

A good, though somewhat annoyingly dumbed down, explanation of this process and effect is this youtube video. If you haven't watched it, you really should -- and then think about the ideas that you hold and consider the possibility that they have evolved specifically to push your hot buttons in the most effective way possible, and how you can counter that.

Comment Re:What could possibly go wrong? (Score 1) 50

Perhaps: Well the ocean temperature dropped enough, but turns out the local increase in salinity due to the cloud whitening machine spraying salt in to the air has killed off the entire Great Barrier Reef. Oops.

It should be trivial to calculate the potential salinity increase. Do you really think environmental scientists trying to protect the reef won't bother to check that?

Comment Re:DRONE ON (Score 1) 246

So working to reduce our waste volume is the only realistic plan.

Not the only one. Another is to learn how to engineer the climate. Actually, in the long run that will be necessary anyway, because the Earth's climate has significant natural variation, enough that for most of the planet's life-bearing history it's had a climate that we wouldn't like very much. There's also evidence from both Greenland and Antarctic ice core records that the planet occasionally undergoes very rapid spontaneous (i.e. not driven by obvious causes like large volcanic event) climate changes -- faster than the current anthropogenic change. We need to learn how to manage the climate.

Reducing our "accidental" impact will make the job of engineering appropriate deliberate impacts easier, of course.

Comment Re:The problem is depth perception (Score 1) 54

Your eyes are far better at matching light frequencies between both eyes to get the depth mapping correct. Your standard camera can only distinguish 24 bits of light frequency. At that level you get somewhat of a depth map but not a very good one.

Waymo uses LIDAR, not visual light cameras. It gets an extremely accurate depth map, far more accurate than any human could, because LIDAR measures the time it takes light to reach the "seen" object and bounce back to the receptor.

In a 3D mapped world, all the depth information is 100% accurate.

Which is only slightly better than LIDAR-derived depth information.

Comment Re: I think I speak for all of us here (Score 1) 73

So, not for moral reasons at all


they saw hacking as a "moral crusade", said Paul Hoare, senior manager at the NCA's cybercrime unit, who led the research. Others were motivated by a desire to tackle technical problems and prove themselves to friends

I realize that reading the article is too much to ask, but reading the summary really isn't.

Comment I think I speak for all of us here (Score 1) 73

I think I speak for all of us here when I say: Duh?

I mean, I'm glad they've realized this, but rather disappointed they didn't figure it out, oh, 30 years ago, back when kids were hacking the phone system. I mean, even back then some of them "stole" quite a bit of value in the form of hours-long international telephone calls (which used to be really expensive, not like now), but clearly the monetary value was irrelevant, except perhaps as a way to keep score.

Some of those kids grow up and turn their skills to deliberate crime for profit, sure. But I think it's always been clear that basically none of them start that way. Honestly, I don't think it's even possible. There has to be an overpowering love of and fascination with the technology at the beginning, that almost certainly overshadows any interest in material gain. Later, the glamor of the tech fades a bit, but that takes years.

Comment Re:Yeah, Climate Change isn't real /sarcasm (Score 1) 305

And the Republicans insist climate change isn't real . . . well maybe when half the red leaning states are under water they'll open their eyes. Probably be way too late by that point though.

I wouldn't count on that. A lot of red-leaning states are inland, while the coasts are 2/3 blue.

Comment Re:One day they'll discover the folly.... (Score 1) 84

If it is used as a password (IE: no other authenticating properties), it's a password.

Only if you conflate all authentication with password authentication.

In short, if someone obtains that representation and is able to utilize it, the user is toast

That statement is correct, but note that it contains two parts: (a) if someone is able to obtain the representation and (b) if someone is able to utilize it. This, in a nutshell is the difference between password and biometric authentication. With passwords, the hard part is (a), and (b) is easy. With biometrics, the hard part is (b), and (a) is easy. Exactly how hard (b) is depends on the details of the system.

Comment Re:One day they'll discover the folly.... (Score 1) 84

It looks like you don't understand yourself. Otherwise you would not claim that biometric authentication is not comparable to password authentication, and then conclude it is better than PIN authentication.

You need to re-read the post you responded to. Nowhere did I say that biometric authentication cannot be compared to password authentication. I said a biometric is not a password. The security models are different, but that does not mean they cannot be compared. Also, I did not say that biometric authentication is unambiguously better than PIN authentication. I said it's better in some ways and not as good in others, and overall, for this application, this threat models, it's "on par". That means "about as good".

Comment Re:Gen X was the same (Score 1) 214

Yep, I drank the Kool-Aid at Amazon in 2001 for a year, six figures. Never made quite that much again but it sure did help on the resume. And no, I won't go back there no matter how many head hunters call me. At least I was able to use that flush to buy a house in 2001 that we sold in 2007, walking away with $160k to out right own the house I live in now away from the city.

I ended up working for a French aerospace firm with killer benefits, fully paid healthcare, four weeks vacation, matching 401k, but lower pay. I also don't have to commute to downtown Seattle everyday, just from Tulalip Bay to downtown Everett. One of the major reasons that I have stay with my company is when my wife died back in January they were very supportive. Sent flowers and a card signed by all the managers, five weeks off, don't worry about it, anything we can do to help? Loyalty and truly caring about a co-worker is something a bigger paycheck just doesn't match. They will have to pry my cold dead fingers from my ergo-metric chair.

Comment Re:Two things (Score 1) 214

I also miss the standard 5% APR savings account. These days you can hardly find anything offer better than 1%, if that. Hell, I'm damn lucky that I inherited into a fund that is guaranteed 2.9% that I can only touch when I'm 62.

All the cream has been taken by the 1% and we're just left with the watery milk.

Comment Re:One day they'll discover the folly.... (Score 1) 84

Don't trust any organization that doesn't understand that the fingerprint is the user name not the password.

Fingerprints are not passwords, but they're even worse usernames. Fingerprints come with no uniqueness guarantees and don't consistently identify the same person. Fingerprints are useful authenticators, but you have to understand the security model of biometric authentication, and it is not the same as password authentication. You can't just slot biometrics in as either usernames or passwords. They're different, with different strengths and weaknesses.

Comment Re:One day they'll discover the folly.... (Score 3, Insightful) 84

One day they'll discover the folly of using biometrics for authentication or authorization, but then it will be too late. Let's all tie everything to a password that we can never change right? Great idea! Sigh

Sigh, indeed. You fundamentally misunderstand biometric authentication if you think it is anything like a password, or if you think it matters at all that it can't change. Biometrics do have their share of cons, but not being able to rotate them is definitely not among them.

The security model for password authentication derives its strength (or lack thereof) from the secrecy of the password. Biometrics do not. Your fingerprints are not secrets; you leave them everywhere you go (which is what makes them so useful forensically). From a security perspective the only reasonable way to treat fingerprints or other biometric data is as public information. Assume that the whole world knows your fingerprints, because anyone who really wants to, does.

Because password security is based on secrecy, and because over time those secrets may leak, or be discoverable through time-consuming brute force, password rotation is important. It closes the window of vulnerability if they've leaked, and if you rotate them soon enough that no realistic attacker could have had time to discover them via brute force search (given whatever brute force mitigations are in place), then you maintain the secrecy. Because biometric security is not based on secrecy, rotation helps nothing and is irrelevant.

But if biometric authentication security is not based on secrecy of the biometric, what is it based on? The integrity of the measurement and matching process. Your fingerprint is public information, indeed it's almost certainly conveniently available from the surface of your credit card. So the security of the authentication is precisely equal to the difficulty that an attacker has in presenting your known-fingerprint to the card in a way that it will accept it. If the attacker can splice into the data link between the scanner and matching engine and replay a digital copy, he can authenticate as you. Various techniques, strong ones, can mitigate against that attack.If the attacker can subvert the matching process and get it to report success regardless of input, he can authenticate as you. This is fairly easy to defend against, unless the attacker is very well-equipped. If the attacker can create a fake finger that the scanner will believe is real, and which contains your print image, he can authenticate as you. Various techniques can be used to mitigate against that... but the ones that are deployable in mass-produced consumer devices to be used in essentially unattended operation are pretty weak.

Weak is honestly just fine for this application, though. The fingerprint is just one mitigation on top of many others. It's definitely better than the signature "authentication" currently used in the US. In many ways it's better than PIN authentication, because PINs can be shoulder-surfed. In other ways it's not as good, but overall it's definitely on par.

Slashdot Top Deals

"We learn from history that we learn nothing from history." -- George Bernard Shaw