Slashdot Mirror


User: fuzzyfuzzyfungus

fuzzyfuzzyfungus's activity in the archive.

Stories
0
Comments
15,204
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 15,204

  1. Re:Serious Definitional issues... on Trust Is For Suckers: Lessons From the RSA Breach · · Score: 1

    I don't know exactly, it's still an ongoing area of research; but the research suggests that societies with high levels of mutual and institutional trust score very well in prosperity and perceived wellbeing, while low levels act as a drag on both prosperity and happiness.

    My assumption is that there are two basic flavors of factors at work: One would be 'transaction costs' in the broad sense. Every dollar spent on extra lawyer hours to draw up ironclad contracts, loss-prevention guys watching for shoplifters, and all the other people and infrastructure involve in enforcing compliance when you cannot expect it to happen voluntarily is a loss to society. Sometimes you don't have a choice; but you will be that much poorer than the people who don't have to invest as much in those things. The other would be any economic or social interaction that is roughly similar to a 'prisoner's dilemma' type problem: if people cooperate, the outcome can be substantially favorable, if they don't, it can be zero sum or worse; but it can be impossible or expensive to set up formal structures for enforcing cooperation; but if people just assume each other to be honest, they get the gains for free.

  2. Re:Trust is required on Trust Is For Suckers: Lessons From the RSA Breach · · Score: 1

    It is ironic that the man who made "trust but verify" famous is much more often trusted than verified...

  3. Serious Definitional issues... on Trust Is For Suckers: Lessons From the RSA Breach · · Score: 5, Insightful

    Speaking of trust issues, quoting a Gartner analyst?

    Anyway, back to the matter at hand: This article seems like a particularly bad situation for the two sharply different definitions of "trusted" to come into collision without very, very careful elucidation.

    On the one hand, you have the usual social usage of "trust": more or less "the belief that a person or device will do what it says/act in good faith/do what it says on the tin/etc."

    On the other, you have the paranoid security wonk definition of "trusted": "the state of being a component of the security system whose overall integrity depends on your integrity as a component."

    The two could really hardly be more different while still occupying the same word. The former is socially valuable, and societies become dystopian hellholes without it; but it is a very poor ingredient upon which to build technologically secure systems. The second is an unfortunate necessity; but it is one of the marks of a good security system that it knows exactly what parts of the system are 'trusted' and what parts need not be.(a second, and important, mark of a good security system is that the set of 'trusted' systems has been culled as much as possible, and that no 'trusted' systems remain that you do not have good reason to 'trust' in the usual social sense.)

    In the case of RSA, you really had a massive failure on both counts: In the social sense of "trust", RSA arguably oversold the security of their solution, was intensely cagey about the break-in until breaches at major defense contractors forced their hands, and generally fucked around as though they were trying to burn social trust. In the infosec sense, the fuckup was that(by retaining all token seed keys, RSA made themselves a 'trusted' component of every customer's security infrastructure. It is an architectural limitation of the RSA system that there must be a trusted system, with access to the seeds and an RTC, in order to perform authentication attempt validations. However, it is Not a requirement that there be other online seed stores out of the customers' control. By making themselves an extraneous, excess, trusted system, RSA weakened all their customers' security. Now that they are a 'trusted' component that no sensible people have social trust in, they are finding themselves written out of a fair few security architectures...

    That is the real crux of the matter. From what I've heard(both public-ally and informally from friends working in IT at largish RSA customers) the hack was some seriously sophisticated work, rather than somebody walking in through an unlocked door. However, it barely matters how tough their security is; because they never should have set themselves up as part of their customers' systems in the first place. Had the customers done the keyfill for the tokens, it wouldn't have mattered whether they had been hacked or not.

  4. Re:Licensing Fees on Hulu For Sale: Is There Good News For Users? · · Score: 2

    I'm sure that the byzantine details would make my brain leak out my ears; but there is almost certainly some sort of internal-cost-accounting mechanism in place, even with Hulu an appendage of the rightsholders.

    Since showing them on Hulu reduces, however incrementally, their sale value to other venues(Umm... why would I pay $Xmillion, if my customers can just watch it on hulu?), the Hulu ownership is almost certainly 'charging' for the stuff streamed on Hulu. It may be an actual transaction, with money being charged to Hulu, and hulu making payments from its ad revenue, or it may be an accounting fiction of one flavor or another(the same sort of thing that many large companies use to, say, allocate use of internal IT resources by various departments: No money changes hands as such; but the use of IT services is 'billed' to give a sense of how large the IT budget should be).

    Now, this doesn't mean that the selloff won't be accompanied by higher prices/ads/paywalls/whatever, since exactly unheard of to re-arrange things before doing something unpopular, so that blame can be apportioned differently(consider the examples where municipalities lease off toll roads to private corporations, and let them ram through substantial toll increases, rather than take the flack for doing so themselves); but there is no way that the shows were "free" to hulu before.

  5. Re:Eh... on +Pool Would Let New Yorkers Go River Swimming · · Score: 1

    Oh, I've taken more than a few unprotected impromptu-post-capsize swims in the dubiously swimmable waters of a river flowing through a major city... I did try to keep my mouth shut during the process, of course...

  6. Re:what I did on Learning Programming In a Post-BASIC World · · Score: 3, Funny

    Are you implying that my habit of using "elif" in natural-language conversation may be marking me out as some sort of deviant geek weirdo?

  7. Probably not the root of the problem... on Learning Programming In a Post-BASIC World · · Score: 2

    If anything, the post-BASIC world is far, far, better supplied with both explicitly pedagogical languages, application-specific rapid development tools(Processing, for instance), and fairly mature options that allow you to do anything from what is essentially shell scripting to full application development.

    However, you run into the rather messy problem that off-the-shelf examples of software have(both in terms of software complexity and in terms of ancillary stuff like graphics and sound assets) Vastly increased in number, sophistication, and availability. This makes it harder to engage any would-be-learner who isn't explicitly interested in programming by sucking them in with the cool results.

    Back when daddy borrowed the company Compaq Luggable so that he could work on spreadsheets on weekends, your choices for computer entertainment were pretty much "Lotus 1-2-3" or "Make your own damn fun with basic". Option two was pretty attractive even if you really just wanted some games and only became interested in what made them tick later.

    Nowadays, when we have all removed the onions from our belts, hypothetical kiddo is enormously better tools and documentation at his/her fingertips; but is also comparing the rudimentary results of a beginner against products of 2-3 years of effort by a professional design team, backed by artists and sound guys, available for 20-50 bucks off the shelf. Even the sort of flash games that will load about as quickly as the Python 3.2 reference manual will are comparatively polished and intimidating.

    Arguably, it might actually be better to start beginners out with more physical projects: Sure, robotics has also increased enormously in sophistication and power; but high end robots are still expensive and uncommon, and there is a more visceral "wow" factor to "Hey, I hammered out the feedback logic that allows my little *duio bot to follow lines" than there is to "Oh, I've just produced 10% of Zork; but less witty and 25 years late. Let's go play Medal of Life Half-Gear Assault 2011."

  8. Eh... on +Pool Would Let New Yorkers Go River Swimming · · Score: 3, Insightful

    In the narrow sense, this seems like a reasonably clever, if not entirely novel solution; but in the broader sense it leaves me skeptical.

    If your river has sufficiently high levels of pathogenic viruses and bacteria that it isn't swimmable, you should seriously consider pretending to be a first-world country for 15 minutes and check out this cool "sanitation systems, so you don't have to drink and swim in your own shit!" fad that all the cool civil engineers have been nattering on about since, oh, the Roman Empire or so...

    If your river has sufficiently high levels of chemical nasties and heavy metals that it isn't swimmable, trusting a pool filter to remove them probably isn't the best idea, and maybe you should be doing something about the 'chemical plants upstream of major population centers' problem. Isn't that stuff supposed to be in New Jersey, anyway?

    If your swimmers just can't handle the terror of a little silt or the normal flora of a watershed ecosystem, maybe they need a psych referral, not a pool filter.

  9. Re:Of course - its by design! on Android Phones More Prone To Hardware Problems · · Score: 3, Interesting

    I suspect that it may be slightly more than low end, crappy hardware:

    Some(by no means all, sadly) of the cheap dumbphones are both cheap and nigh-immortal, because nobody gives a damn what CPU they are using or how many UberMarks they get on some benchmarking suit that wouldn't fit in the onboard storage anyway. This means that, while they certainly don't use fancy parts, they are polished and solid designs.

    The Android low end is extra unfortunate because it suffers from cheapskate-itis and much of the hardware gets churned and replaced by a different design all the time.

  10. Re:Shocking... on Synaptic Dropped From Ubuntu 11.10 · · Score: 1

    I don't have any real personal investment in the situation; but the (in retrospect not sufficiently spelled out) point of my original post was that this seems to be a very minor change; both in architecture and philosophy.

    Something like changing the init system, or adding network-manager, or ALSA to PulseAudio, constitutes a fairly serious architectural change. Swapping one easy GUI apt frontend for a different easy GUI apt frontend just doesn't rate. Everything from APT on down is still identical, the only change is what GUI is twiddling libapt. Philosophically, Synaptic was the one that was derided as the EZ-drool-proof interface for people who weren't good enough for aptitude or just using the various apt-* commands. Now it is being replaced by a different interface intended to be even more drool-proof.

    Obviously, if the length of 'list of things that suck about distro X that I need to modify after install' is greater than that of 'list of things that suck about distro Y that I need to modify after install', it is probably time for a move to distro Y. However, I just find it hard to get worked up about a change that is only incrementally more momentous than a modification to the default theme settings.

  11. Hmm... on Android Phones More Prone To Hardware Problems · · Score: 1

    I would be curious to know if the numbers break down along any other useful lines:

    For instance, are all the phones(regardless of OS and smart/dumb status) manufactured by a given OEM comparable in reliability? How about all phones by company that designed them? or Smart vs. dumb devices? Are 'flagship' devices more or less reliable than random carrier-branded contract fodder?

    Unless android has some magical hardware-killing powers, it seems very unlikely that the OS itself has anything to do with it; but it is probably the case that Android will be the choice of any manufacturer playing the race-to-the-bottom price-sensitive-market volume sales game, and that is also where you would expect the most corners cut in terms of hardware. It would be interesting to try to break down, though, what factors exactly cut the hardware reliability.

    Do they go with the second-tier OEMs to save money, and suffer manufacturing issues? Does the culture of tech-specs one-upmanship lead to excessively short design cycles, and inadequate engineering on the designing company's part? Is unreliably spread fairly evenly, or does it disproportionately fall on devices attempting mechanically tricky stuff like slide-out keyboards and ignore the more conservative featureless-slab or embedded-keypad designs regardless of OS?

  12. Re:Contamination on Homemade 'Mars In a Bottle' Tortures Bacteria · · Score: 2

    The other question, with spores and such, is whether any of the survivors are surviving actively or passively.

    In spore/inactive form, some of the hardier microcritters won't even blink at truly alarming temperature excursions, stints in hard vacuum with a side of radiation, or potentially years to centuries of storage under martian conditions. However, they won't actually do anything until somebody takes them inside and gives them something closer to the weather they actually like.

    Such a contamination situation isn't ideal(you'll have to ensure that it isn't just them waking up during all your 'is it life?' experiments, which will be a pain); but it also isn't a deal-breaker: in inactive form they won't be mutating, or reproducing, or modifying their environment, so their numbers will be fixed and small and their impact quite minimal until we get around to doing some more experiments.

    If, on the other hand, we accidentally introduced something that is active under martian conditions, it could be merrily mutating and terraforming its way through whatever pockets of mars are only moderately hostile, which would render them pretty much hopeless for research into possible martian life.

  13. Re:Shocking... on Synaptic Dropped From Ubuntu 11.10 · · Score: 3, Informative

    My understanding is that all three, synaptic, USC, and aptitude, are apt frontends, with aptitude being the only one that(by default, I think it is an option now) uses ncurses rather than GTK.

  14. Shocking... on Synaptic Dropped From Ubuntu 11.10 · · Score: 2, Informative

    So. First there is dpkg. Upon dpkg stands APT, for your greater ease and convenience. Upon APT stands synaptic, for your GUI-based package management needs.

    Yeah, I'm just not really surprised that somebody might attempt to replace the easy, graphical, user-friendly tool at the end of this particular chain with one that they believe is easier, more user-friendly, or whatever. The tool being deprecated essentially filled the same niche, and the whole lot rests upon the same fundamental architecture.

  15. Re:Comcast has a service that does the same thing on Fonolo Lets You Bypass Company Phone Menus · · Score: 1

    Everybody lives somewhere...

  16. Re:Makes sense... on Vint Cerf Says Fix the Net With More Pipe · · Score: 1

    Have you no scientific curiosity, man? I, for one, forsee a glorious future where every child may make new scientific discoveries without going outside into the scary world where the terrorists and pedophiles live, simply by using his micrososcope to carefully inspect the family television set!

  17. Re:Makes sense... on Vint Cerf Says Fix the Net With More Pipe · · Score: 2

    We just have to "package" the idea correctly: They'd probably start lobbying for legislation declaring a 10GB optical line and a XAUI-capable home router to be a universal human right, so long as only dystopian, fritz-chipped, NGSCB/Palladium/TCG nightmare machines, and authorized citizens-in-good-standing-with-biometric-IDs were allowed to consume content on the new, shiny, now-with-extra-pipes internet...

  18. Re:Makes sense... on Vint Cerf Says Fix the Net With More Pipe · · Score: 5, Funny

    Oh you crazy nerds and your "solutions". It's as though you believe that the internet is a system for transferring data rather than extracting rents...

    Some people...

  19. Re:Comcast has a service that does the same thing on Fonolo Lets You Bypass Company Phone Menus · · Score: 5, Funny

    Sometimes a good, old-fashioned, letter is what it takes.

    Specifically, I've found that sending the relevant CEO a list of my service requests, along with photographs of his family and maps showing the routes that they commonly take during their respective daily routines(just to show that I, too, value my relationship with the $FOOCORP family), really improves responsiveness.

    Often, the response is so fast that the service techs arrive before the cops do!

  20. Well, shit. on Fonolo Lets You Bypass Company Phone Menus · · Score: 1

    I'm pretty sure that this is, second only to the one where earth is entirely reduced to a sphere of computronium surrounding the NYSE and hosting assorted expert-systems trading ever-more-baroque financial instruments with one another in obedience to the profit maximizing imperatives of programmers long dead, one of the more plausible scenarios for world-destroying-robot-apocalypse.

    Corporate phone-menu-trees already contain a burning hatred for all mankind. Anything that encourages an unbounded increase in their complexity and sophistication is just begging for a skynet scenario accompanied by soothing, affectively flat, female voices and horribly insipid 'music'.

  21. Eh. on Apple To Start Making TVs? · · Score: 1

    While my experience with non-technical people has given me the impression that their fear of cables, even relatively simple ones, should not be underestimated, I still find it hard to imagine that the TV market could possibly be in Apple's interest.

    Apple's work in hardware has, for quite some time now, observed a number of basic characteristics, all unhelpful to the TV market:

    Cost/time structure: Upon first release, a new Apple device is(strictly compared to equivalents) often reasonably aggressively priced. However, each of their product lines doesn't see a new release all that often and their prices are pretty sticky between release events(when a new Mac Pro model comes out, for instance, you'd be hard pressed to configure an equivalent Precision workstation for the same money. 6 months later, the Precision's price has been inching down, and the Mac Pro is still identically priced until a refresh happens.) The TV market, however, is a constant deluge of cheaper and/or improved and/or now-with-50%-more-lies models. Even if they used their volume buying power to make a big splash on introduction, in 6 months they'd be priced above everything but the high end of Sony's lineup.

    Industrial design/component selection: Apple has a very clear vision of what "good" is, and is largely unwilling to sell you anything else. On the plus side, this saves many non-spec-savvy users from buying something they'll be unhappy with 6 months from now. On the minus side, this means that the entry-level price is quite high. With TVs, it is empirically demonstrable that a fair proportion of buyers absolutely don't give a fuck about the finer nuances of picture quality and color accuracy and whatnot, they just want big and cheap(and, since "industrial design" in TVs largely boils down to "what bezel color would you like?" it'll be hard to justify a major premium). Because of Apple's hatred of model-proliferation, they'd be squeezed between the Big-Bright-'n-Cheap! house brands of the world, who would be eternally offering screens a size or two larger for less money, and the elitist videophile models, who would be offering markedly superior performance at a price that anyone with relatively mass-market aspirations could never hope to carry off.

    Interconnect: Apple is... Spartan... in this regard. They do often aggressively adopt new and shiny ones; but they kill of the legacy ones at least as fast. With TVs, this is something of an issue because the central family TV frequently finds itself playing host to a (not always predictable ahead of time) swarm of boxes, each of which demands an A/V connection from some different era of history.

    On strength of brand alone, Apple could easily shift some TVs: just select an OEM, remove one external HDMI connection and hardwire an apple-TV to it inside, and slap a nicer case on the result. This would run against the grain culturally, though.

  22. Thank Goodness! on Winklevoss Twins Finally Give Up Fighting Facebook · · Score: 5, Insightful

    I've been having a hard time sleeping at night, with all this uncertainty as to which set of narcissistic pricks would end up minting a giant pile of pretend internet money during the fools-from-their-money-parted IPO... I feel so much better now that the matter is settled.

  23. Hmm... on Human Eye Protein Senses Earth's Magnetism · · Score: 2

    While it sounds like the evidence is quite strong that we have a known-magnetic-sensitive protein in our eyes, it seems likely that (if we use it at all) we do so in only a very subtle way.

    The earth's magnetic field, the one that would be mostly likely to be relevant across evolutionary time, is a puny .3-.6 Gauss, depending on where you happen to be.

    By comparison, an MRI will put a magnetic field of ~1-6 Tesla, depending on the system, across the subject being imaged. Even a boring HDD magnet(at it's surface, a magnet of such size will have its field strength drop to nearly nothing at even modest distances) can be good for more than a Tesla. Humans are exposed to such fields with reasonable frequency and don't seem to notice anything unusual. If our 'magnetic sense' were something clearly perceived, simply holding a rare-earth magnet against your closed eye should be a weird, disorienting experience. It doesn't seem to be.

  24. Re:Good luck keeping it on on Tracking Bracelets for Autistic Kids and Senior Citizens · · Score: 1

    Not to worry, the increased agitation of the wearer will serve to make erratic behavior more likely, thus validating the new "security" service while lowering quality of life!

    (Incidentally, I don't even qualify as autistic and I can't stand to wear a watch, much less one designed to resist coming off)

  25. Re:Best Buy + iTunes? on Best Buy Releases Their Own Music Cloud · · Score: 1

    Interesting. My experience was with the KDE3-era original, which just silently used SQLite for metadata, unless you dug into the "you really don't need to touch this; but I know that you guys are into that kind of thing" menu. Apparently they've dropped that and gone with an embedded MySQL instance of some sort since then...

    Frankly, while a lot of KDE4 is architecturally pretty cool, the first few 4.Xs, and the associated applications, were not improvements compared to the mature(if sometimes 'mature as in now contains all the needed ugly hacks') late 3.X ones...