I assumed that was the case, that those old interfaces generated interrupts, but your statement made me wonder if perhaps they used a different approach -- which would have been weird back then.
I had a keyboard once with a dedicated start/shutdown key.
After shutting down my system a few times accidentally I threw that keyboard away.
Apple keyboards have a power button on the keyboard. It's not the location or difficulty of hitting the key that matters, it's how it's handled. The approach currently used by Apple (but not invented by Apple, BTW) of "tap = request to shutdown, requires confirmation" and "press and hold means forcible power off" works just fine.
Perhaps, in the past.I seriously doubt that is still true. Modern USB keyboards have no special handling for C-A-D.
Neither did old keyboards, but that's not the point. The point is that the operating system's low-level keyboard drivers have special handling for it, at a level that can't be modified by trojans unless they can muck with the deepest parts of the system internals -- and if they can do that then they already completely own the machine anyway.
As any technically minded person, I am sceptical it even can work but we techies tend towards unhealthy amounts of cynicism and lack of understanding business models so it wouldn't surprise me if it turned out to be possible.
If you define the scope of the right to be forgotten to include only information that you put out there on sites with which you have a relationship (e.g. Facebook, Google+, Twitter, etc.), then it's not only possible, it's easy. If you expand it to information posted by other people on the same sorts of sites that explicitly references you, then it's still possible and technically easy, but it gets to be a little sticky from a content ownership perspective. Do I have the right to delete something you wrote just because it mentions me?
If you expand it to include all information on-line everywhere then it becomes darned near impossible. Even deciding whether or not a particular piece of content refers to or is about a given person is really hard -- and may be fundamentally ambiguous, perhaps even intentionally so -- and then there's the problem of tracking down someone who is capable of removing the data, on top of questions about ownership.
once they have a US presence they're subject to all the same laws that allow the NSA to spy on you in the first place
The laws make the NSA less free to spy on organizations in the US. Given a completely non-US Internet, the NSA wouldn't have to concern itself with legal restrictions, other than not being seen to violate international law, at all.
Inside the US, the NSA is supposed to be constrained to acting within the constraints of due process. Granted that it appears that due process is less constraining than we thought it was, and that the NSA doesn't seem to have been complying even with that. But on balance, I suspect an organization like the NSA would trade the ability to issue National Security Letters through the FISA court for having all constraints removed in a heartbeat.
You mean, like the way you can delete your Twitter, Facebook and Google+ posts today? Assuming this is about social media like the summary implies, this law irrelevant, because you can already do it. I suppose it might prevent the social sites from taking the ability to delete stuff away, but it's not clear why they'd ever do that anyway.
If I made some approximation or used an algorithm that may fall apart in some limits, that is worth mentioning.
Uh, huh. And what if you don't realize that your code has subtle failings that may have significantly altered your results? Anyone trying to reproduce your results but doing it right will fail, but be unable to explain why their results differed. Without your code peer review of your work is both harder and less valuable.
Unless deterring review is the researcher's intent, of course.
All of which are great if code is to be maintained, which this type of code rarely is.
Or if it is re-used, which is one of the potential benefits of publishing it alongside the paper.
Also, since the purpose of research papers is to transmit ideas, clear, readable code serves readers much better than functional but opaque code... and that assumes the code is actually functional. Ugly code tends to be buggier, precisely because it's harder to understand.
I actually didn't buy, though. Given the rapid pace of change in EV technology I opted for a two-year lease instead. I pay just over $200 per month to lease it, and virtually nothing else, since there's basically no maintenance other than new tires every couple of years and I do nearly all of my charging at work. I figure my net cost, after factoring in fuel savings, is about $70 per month.
so what happens if Tesla decides to cap each models production to 199,999 vehicals, then just comes out with a slightly different model? It's a reality with a small car company
I re-checked the IRS site and I was mistaken. It's not 200,000 per model, it's 200,000 qualifying vehicles per manufacturer. So they'd actually have to spin up a new company.
Not sure why you're picking on the Volt as your example vs. any of the other EVs. GM has nothing to do with this lawsuit, or any control over the California dealer association.
If the dealer association were also complaining about GM's web site, you'd have a point.
The Tesla website has no such explanation.
I suppose there may be someone, somewhere, who would buy a $70K car but not have enough federal income tax liability to recover the full $7500, but I doubt it. The Volt is fairly pricey, but in a different class, one in which it may be more of an issue.
The maximum tax credit is $7,500.00, but it adjusts on a sliding scale inversely proportional to your gross taxable earnings. In reality, anyone who can afford a $70,000.00 car will get a significantly smaller credit, like $1,500.00 or less.
This isn't true. The tax credit is a pure credit, no sliding scale based on income. It's not a refundable credit, meaning that if your net federal income tax liability is less than $7500 then you'll only get a credit equal to the amount of your liability, but that's unlikely to be a problem for anyone who is buying a $70K car.
There is a phase-out of the credit that begins to kick in once a manufacturer has sold at least 200,000 of the qualifying model, and the amount of the credit depends on vehicle battery capacity ($2500 for 5 kWh of capacity, plus $417 for each additional kWh, up to $7500), but the Tesla qualifies for the full amount, and Tesla hasn't yet sold 200K cars, so neither of those are an issue.
Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity.
What would encryption do when the NSA has access to the servers?
Nothing, if they have access to the servers, which Google denies giving them, and which none of Snowden's documents have claimed. The documents only said that they were getting Google data, not how, and they say the take started back before Google went SSL for nearly everything, which may be a clue as to how they were getting the data. Or maybe the NSA managed to sneak some hardware in to get it on the sly; that possibility is why Google has accelerated their plans to encrypt all internal traffic as well.
Given what I know about the incredibly flexible and dynamic nature of servers in Google's data centers (I work for Google), I think it would be virtually impossible to snoop at the machine level without actual support being built into the system, and given what I know about Google employees, that is virtually impossible. I think any data the NSA is getting (without legal due process) has to be network traffic, and encrypting all of the traffic will shut that off.
As others have said, the NSA documents say they have access to Google's servers.
No, they don't. The PRISM slides were extremely vague about how the data was collected; the idea that they have direct access is speculation which Google has consistently and clearly denied. And it's worth noting that they claimed they started getting data from Google back before Google went SSL for nearly everything.
Even if Google wanted to tell you that the NSA has access to their servers, knowing full well it would kill their bottom line (assuming it would), they'd be forbidden from telling you the truth anyways.
True... but I'm not so certain that they could be compelled to lie. When I look at the pattern of public statements and later revisions from all of the big players (telcos and tech companies), I don't see a single case of anyone actually contradicting an earlier statement. It seems to me that they've all been careful to tell the truth, though they've often been careful about how much truth they've told. Government agencies have been caught lying, but they don't have the same legal requirements to citizens as publicly-traded companies have to shareholders.
Based on that, and on my viewpoint as a Google employee who builds some of the internal security systems that the NSA would have to compromise to snoop, I am completely convinced that Google is telling the truth when it says that it has not given the NSA any sort of direct or indirect access. I'm not certain that the NSA hasn't managed to insert snooping equipment into Google data centers or on Google fiber lines without Google's knowledge. But that's why Google is making a push to get everything encrypted, internally and externally.
Just to quiet the obvious retort: Yes, I know that won't prevent the government from serving Google with warrants and NSLs and obtaining user data that way. But if they have to do it through the front door, with a request that satisfies Google's attorneys with respect to its propriety and narrow scope, then I think we (as a society) have a much more manageable problem. Still a problem, but one that can be addressed with legislation and better oversight. If the NSA is silently devouring the whole Google data stream... that's an entirely different kettle of fish.
LOL... You were going along fine until you said "develop an app for GNU/Linux". Yeah, right - like any web developer is going to create an app specially for that 1.3% market...
Only if you insist on asking religion to explain physical phenomena, which makes about as much sense as studying mechanics in order to understand atonement.
There's nothing logically inconsistent or brittle about believing that God created the universe for the spiritual progression of his creations, and that what matters is the spiritual. No need to speculate about exact mechanisms of the creation, which are probably unknowable from the inside, anyway. There's also no problem with trying to understand as much as possible about the universe, either.
Yes, many people throughout history have looked to religious beliefs in an attempt to understand the nature of the physical world, and their assumptions and interpretations have been turned on their head time and again as our understanding increases. You are trying to imply that that casts doubt upon God and religion. It actually just points out the fallacy of trying to learn physics, chemistry and biology from religious texts. You wouldn't use a math book to learn chemistry, nor a book on C programming to learn mathematics, even though you might actually find useful bits and pieces of information -- though you may also find some misleading information.
Science and religion address entirely different spheres of human experience and needs. Trying use one where you should use the other will lead to trouble, but there is no fundamental conflict between them. Neither is there any way to prove one with the tools of the other.
Most of slashdot tends to fall into the extremely distorted american political spectrum since most slashdot commenters/moderators are american.
How is the American political spectrum any more or less distorted than any other? It is what it is. It is different than the range of political ideas in other places, but you could just as easily argue that those are "distorted", and make just as much sense (i.e. none).
I think what you mean to say is that slashdot discussion tends to gravitate towards major elements of the American political spectrum, which may be very different from what people from other countries are accustomed to.
Fingerprints are good because they replace ZERO security. Most people don't PIN lock their phones. Finger Print lock is too convenient not to use.
This is correct.
I've been explaining on/. (and elsewhere) for years that fingerprint authentication is useless except in high-security applications where someone validates the scan is done properly... but that it's highly useful for identification applications, where all you need is a very low assurance that the person being scanned is who they appear to be.
The key is to make sure that users understand that the fingerprint scanner is a security upgrade for those who would use NO security, but significantly less secure than using a passcode. So people who would use a passcode should probably continue. People who just swipe to unlock should consider using the fingerprint scanner.
It's a capacitative scanner. Whether you like it or not, that's not imaging the surface layer of skin, but the complexity of what's behind it.
You're correct that it doesn't image the surface layer, but wrong about it getting what's behind the skin. Capacitive sensors obtain an image of, essentially, the back side of the skin. The ridges are there, but no other subdermal structure is visible, and the ridges are the same ones visible on the surface, so a surface image (e.g. a skin-oil negative), provides a fine panel from which to construct a usable fake finger.
FWIW, I used to build biometric authentication systems, especially fingerprint stuff. I did security analyses of fingerprint scanners (optical and capacitive) for Visa, wrote the Linux kernel driver for the AuthenTec scanner, and a bunch of other stuff over 10-year period. I've never designed them and don't claim to fully understand the physics (though I've consulted extensively with people who do), but I've worked with them, a lot, and I know very well what they do and do not do.
Apple's little toy is just another fingerprint sensor (albeit a more attractive one than the usual little stripe-thing)
The little stripe thing would actually have been a little more secure. It's fairly hard to make latex or gummi fingers that can be slid across a stripe sensor without being either too stiff to present the ridges properly, or so flexible that the friction deforms the patterns. It's still possible, just a little harder.
In general, unattended fingerprint validation should never be viewed as a security measure. It's a good fast and easy identification tool where you want to tell the device who you are (from among a smallish set of candidates), but don't need security. A good example (that I actually worked on) is nurse access to patient records. All of the nurses working the floor have access, and security comes from not allowing unauthorized people access to the machine, not from authentication, but for HIPAA compliance it's necessary to record who accesses the record. For practical reasons access needs to be fast. For practical reasons, it also has to work when the nurse is wearing gloves, so the system is unworkable, but it's still a good example of an appropriate application of fingerprint scanning.
Another appropriate application is as an authenticator in high-security environments where security does matter, enough that someone is there to watch you scan your finger, and to ensure that you're not playing any fake finger tricks.
If your security needs are somewhere in between, then fingerprint authentication is not the solution you're looking for. For many iPhone users, this is a perfectly reasonable compromise between no security (which is what they would otherwise choose) and convenience. For anyone who would otherwise feel the need to put a passcode on their phone, the fingerprint authentication is probably not a good choice.
I assumed that was the case, that those old interfaces generated interrupts, but your statement made me wonder if perhaps they used a different approach -- which would have been weird back then.
Valid point.
What about the older 5-pin DIN connector that predated the PS/2?
I had a keyboard once with a dedicated start/shutdown key.
After shutting down my system a few times accidentally I threw that keyboard away.
Apple keyboards have a power button on the keyboard. It's not the location or difficulty of hitting the key that matters, it's how it's handled. The approach currently used by Apple (but not invented by Apple, BTW) of "tap = request to shutdown, requires confirmation" and "press and hold means forcible power off" works just fine.
Perhaps, in the past.I seriously doubt that is still true. Modern USB keyboards have no special handling for C-A-D.
Neither did old keyboards, but that's not the point. The point is that the operating system's low-level keyboard drivers have special handling for it, at a level that can't be modified by trojans unless they can muck with the deepest parts of the system internals -- and if they can do that then they already completely own the machine anyway.
As any technically minded person, I am sceptical it even can work but we techies tend towards unhealthy amounts of cynicism and lack of understanding business models so it wouldn't surprise me if it turned out to be possible.
If you define the scope of the right to be forgotten to include only information that you put out there on sites with which you have a relationship (e.g. Facebook, Google+, Twitter, etc.), then it's not only possible, it's easy. If you expand it to information posted by other people on the same sorts of sites that explicitly references you, then it's still possible and technically easy, but it gets to be a little sticky from a content ownership perspective. Do I have the right to delete something you wrote just because it mentions me?
If you expand it to include all information on-line everywhere then it becomes darned near impossible. Even deciding whether or not a particular piece of content refers to or is about a given person is really hard -- and may be fundamentally ambiguous, perhaps even intentionally so -- and then there's the problem of tracking down someone who is capable of removing the data, on top of questions about ownership.
once they have a US presence they're subject to all the same laws that allow the NSA to spy on you in the first place
The laws make the NSA less free to spy on organizations in the US. Given a completely non-US Internet, the NSA wouldn't have to concern itself with legal restrictions, other than not being seen to violate international law, at all.
Inside the US, the NSA is supposed to be constrained to acting within the constraints of due process. Granted that it appears that due process is less constraining than we thought it was, and that the NSA doesn't seem to have been complying even with that. But on balance, I suspect an organization like the NSA would trade the ability to issue National Security Letters through the FISA court for having all constraints removed in a heartbeat.
If they let minors do this, why not everyone?
You mean, like the way you can delete your Twitter, Facebook and Google+ posts today? Assuming this is about social media like the summary implies, this law irrelevant, because you can already do it. I suppose it might prevent the social sites from taking the ability to delete stuff away, but it's not clear why they'd ever do that anyway.
If I made some approximation or used an algorithm that may fall apart in some limits, that is worth mentioning.
Uh, huh. And what if you don't realize that your code has subtle failings that may have significantly altered your results? Anyone trying to reproduce your results but doing it right will fail, but be unable to explain why their results differed. Without your code peer review of your work is both harder and less valuable.
Unless deterring review is the researcher's intent, of course.
All of which are great if code is to be maintained, which this type of code rarely is.
Or if it is re-used, which is one of the potential benefits of publishing it alongside the paper.
Also, since the purpose of research papers is to transmit ideas, clear, readable code serves readers much better than functional but opaque code... and that assumes the code is actually functional. Ugly code tends to be buggier, precisely because it's harder to understand.
$40k http://www.nissan.com.au/Cars-Vehicles/LEAF/Overview for $85/week
Yes, they're available in the US, too.
Mine is the one on the right in this photo. :-)
I actually didn't buy, though. Given the rapid pace of change in EV technology I opted for a two-year lease instead. I pay just over $200 per month to lease it, and virtually nothing else, since there's basically no maintenance other than new tires every couple of years and I do nearly all of my charging at work. I figure my net cost, after factoring in fuel savings, is about $70 per month.
so what happens if Tesla decides to cap each models production to 199,999 vehicals, then just comes out with a slightly different model? It's a reality with a small car company
I re-checked the IRS site and I was mistaken. It's not 200,000 per model, it's 200,000 qualifying vehicles per manufacturer. So they'd actually have to spin up a new company.
Not sure why you're picking on the Volt as your example vs. any of the other EVs. GM has nothing to do with this lawsuit, or any control over the California dealer association.
If the dealer association were also complaining about GM's web site, you'd have a point.
The Tesla website has no such explanation.
I suppose there may be someone, somewhere, who would buy a $70K car but not have enough federal income tax liability to recover the full $7500, but I doubt it. The Volt is fairly pricey, but in a different class, one in which it may be more of an issue.
The maximum tax credit is $7,500.00, but it adjusts on a sliding scale inversely proportional to your gross taxable earnings. In reality, anyone who can afford a $70,000.00 car will get a significantly smaller credit, like $1,500.00 or less.
This isn't true. The tax credit is a pure credit, no sliding scale based on income. It's not a refundable credit, meaning that if your net federal income tax liability is less than $7500 then you'll only get a credit equal to the amount of your liability, but that's unlikely to be a problem for anyone who is buying a $70K car.
There is a phase-out of the credit that begins to kick in once a manufacturer has sold at least 200,000 of the qualifying model, and the amount of the credit depends on vehicle battery capacity ($2500 for 5 kWh of capacity, plus $417 for each additional kWh, up to $7500), but the Tesla qualifies for the full amount, and Tesla hasn't yet sold 200K cars, so neither of those are an issue.
Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity.
What would encryption do when the NSA has access to the servers?
Nothing, if they have access to the servers, which Google denies giving them, and which none of Snowden's documents have claimed. The documents only said that they were getting Google data, not how, and they say the take started back before Google went SSL for nearly everything, which may be a clue as to how they were getting the data. Or maybe the NSA managed to sneak some hardware in to get it on the sly; that possibility is why Google has accelerated their plans to encrypt all internal traffic as well.
Given what I know about the incredibly flexible and dynamic nature of servers in Google's data centers (I work for Google), I think it would be virtually impossible to snoop at the machine level without actual support being built into the system, and given what I know about Google employees, that is virtually impossible. I think any data the NSA is getting (without legal due process) has to be network traffic, and encrypting all of the traffic will shut that off.
As others have said, the NSA documents say they have access to Google's servers.
No, they don't. The PRISM slides were extremely vague about how the data was collected; the idea that they have direct access is speculation which Google has consistently and clearly denied. And it's worth noting that they claimed they started getting data from Google back before Google went SSL for nearly everything.
Even if Google wanted to tell you that the NSA has access to their servers, knowing full well it would kill their bottom line (assuming it would), they'd be forbidden from telling you the truth anyways.
True... but I'm not so certain that they could be compelled to lie. When I look at the pattern of public statements and later revisions from all of the big players (telcos and tech companies), I don't see a single case of anyone actually contradicting an earlier statement. It seems to me that they've all been careful to tell the truth, though they've often been careful about how much truth they've told. Government agencies have been caught lying, but they don't have the same legal requirements to citizens as publicly-traded companies have to shareholders.
Based on that, and on my viewpoint as a Google employee who builds some of the internal security systems that the NSA would have to compromise to snoop, I am completely convinced that Google is telling the truth when it says that it has not given the NSA any sort of direct or indirect access. I'm not certain that the NSA hasn't managed to insert snooping equipment into Google data centers or on Google fiber lines without Google's knowledge. But that's why Google is making a push to get everything encrypted, internally and externally.
Just to quiet the obvious retort: Yes, I know that won't prevent the government from serving Google with warrants and NSLs and obtaining user data that way. But if they have to do it through the front door, with a request that satisfies Google's attorneys with respect to its propriety and narrow scope, then I think we (as a society) have a much more manageable problem. Still a problem, but one that can be addressed with legislation and better oversight. If the NSA is silently devouring the whole Google data stream... that's an entirely different kettle of fish.
The Microsoft goal is to flush so much money down the drain it will become plugged up.
Unfortunately, unlike galvanized copper pipes money pipes readily expand to accept just as much as you want to put in them.
LOL... You were going along fine until you said "develop an app for GNU/Linux". Yeah, right - like any web developer is going to create an app specially for that 1.3% market...
Unlike the blockbuster that is Windows RT.
Then he becomes a god of the gaps.
Only if you insist on asking religion to explain physical phenomena, which makes about as much sense as studying mechanics in order to understand atonement.
There's nothing logically inconsistent or brittle about believing that God created the universe for the spiritual progression of his creations, and that what matters is the spiritual. No need to speculate about exact mechanisms of the creation, which are probably unknowable from the inside, anyway. There's also no problem with trying to understand as much as possible about the universe, either.
Yes, many people throughout history have looked to religious beliefs in an attempt to understand the nature of the physical world, and their assumptions and interpretations have been turned on their head time and again as our understanding increases. You are trying to imply that that casts doubt upon God and religion. It actually just points out the fallacy of trying to learn physics, chemistry and biology from religious texts. You wouldn't use a math book to learn chemistry, nor a book on C programming to learn mathematics, even though you might actually find useful bits and pieces of information -- though you may also find some misleading information.
Science and religion address entirely different spheres of human experience and needs. Trying use one where you should use the other will lead to trouble, but there is no fundamental conflict between them. Neither is there any way to prove one with the tools of the other.
Most of slashdot tends to fall into the extremely distorted american political spectrum since most slashdot commenters/moderators are american.
How is the American political spectrum any more or less distorted than any other? It is what it is. It is different than the range of political ideas in other places, but you could just as easily argue that those are "distorted", and make just as much sense (i.e. none).
I think what you mean to say is that slashdot discussion tends to gravitate towards major elements of the American political spectrum, which may be very different from what people from other countries are accustomed to.
why not just let the modding be unbounded and then you can set your threshold to +10, +50, +100 or whatever you need to get rid of all the noise?
I think that would exacerbate the early post effect, making good posts that come later even less chance of becoming visible.
Fingerprints are good because they replace ZERO security. Most people don't PIN lock their phones. Finger Print lock is too convenient not to use.
This is correct.
I've been explaining on /. (and elsewhere) for years that fingerprint authentication is useless except in high-security applications where someone validates the scan is done properly... but that it's highly useful for identification applications, where all you need is a very low assurance that the person being scanned is who they appear to be.
The key is to make sure that users understand that the fingerprint scanner is a security upgrade for those who would use NO security, but significantly less secure than using a passcode. So people who would use a passcode should probably continue. People who just swipe to unlock should consider using the fingerprint scanner.
It's a capacitative scanner. Whether you like it or not, that's not imaging the surface layer of skin, but the complexity of what's behind it.
You're correct that it doesn't image the surface layer, but wrong about it getting what's behind the skin. Capacitive sensors obtain an image of, essentially, the back side of the skin. The ridges are there, but no other subdermal structure is visible, and the ridges are the same ones visible on the surface, so a surface image (e.g. a skin-oil negative), provides a fine panel from which to construct a usable fake finger.
FWIW, I used to build biometric authentication systems, especially fingerprint stuff. I did security analyses of fingerprint scanners (optical and capacitive) for Visa, wrote the Linux kernel driver for the AuthenTec scanner, and a bunch of other stuff over 10-year period. I've never designed them and don't claim to fully understand the physics (though I've consulted extensively with people who do), but I've worked with them, a lot, and I know very well what they do and do not do.
Apple's little toy is just another fingerprint sensor (albeit a more attractive one than the usual little stripe-thing)
The little stripe thing would actually have been a little more secure. It's fairly hard to make latex or gummi fingers that can be slid across a stripe sensor without being either too stiff to present the ridges properly, or so flexible that the friction deforms the patterns. It's still possible, just a little harder.
In general, unattended fingerprint validation should never be viewed as a security measure. It's a good fast and easy identification tool where you want to tell the device who you are (from among a smallish set of candidates), but don't need security. A good example (that I actually worked on) is nurse access to patient records. All of the nurses working the floor have access, and security comes from not allowing unauthorized people access to the machine, not from authentication, but for HIPAA compliance it's necessary to record who accesses the record. For practical reasons access needs to be fast. For practical reasons, it also has to work when the nurse is wearing gloves, so the system is unworkable, but it's still a good example of an appropriate application of fingerprint scanning.
Another appropriate application is as an authenticator in high-security environments where security does matter, enough that someone is there to watch you scan your finger, and to ensure that you're not playing any fake finger tricks.
If your security needs are somewhere in between, then fingerprint authentication is not the solution you're looking for. For many iPhone users, this is a perfectly reasonable compromise between no security (which is what they would otherwise choose) and convenience. For anyone who would otherwise feel the need to put a passcode on their phone, the fingerprint authentication is probably not a good choice.