Slashdot Mirror


User: icebike

icebike's activity in the archive.

Stories
0
Comments
9,473
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 9,473

  1. Method Induced Mono Cultures on Bringing Auto-Graders To Student Essays · · Score: 1

    A grade school teacher who deals with the same 25-30 kids all day teaching a variety of subjects can find time to read 30 papers of the length likely to be written by such students. But in the older grades, the English Comp teacher reading 30 papers from 5 or 6 different class periods simply can not spend that much time on that many papers. Before you get to the post secondary level where teaching assistants are available the job becomes just about impossible.

    The structure of our school system imposes a burden on the available brain power that can be brought to task. Further automation seems unlikely to yield better results, but will probably offer the way to handle more students.

    Machine grading of papers hacked together by students using word processors (which built in spelling correction, sentence structure analysis, and grammar checkers) run the risk of grading Microsoft's (or LibreOffice) work product as much as that of the students.

    In any event, It seems to me that over the years, this can't help but produce a more generic product, and the world is already too full of dense mindless text spewed by dense mindless desk monkeys.

    How do these software programs fare when fed a diet of available published books? Would William Faulkner or Henry James be (properly) encouraged to take up basketball? Or would Hemingway be encouraged toward industrial arts?

  2. Re:hah on Global Online Freedom Act Approved By House Committee · · Score: 2

    When you write the list you have no real obligation to put yourself on it as long as we are just slightly less restricted than the other guys. Short of a total internet blackout the american government will not admit to censoring the internet

    Actually the US DOES admit to censoring the internet, which is exactly why this bill goes nowhere.

    From Childporn (won't someone please think of the children), to domain grabbing (gotta protect those helpless movie companies), to banning internet gambling, and futile blocking of wikileaks, the US is heavily involved in censoring. This active censor ship, when combined by world-wide conspiracy to foist ACTA on every country on earth in total secrecy makes the US one of the biggest offenders. They simply spin it as protection.

    The audacity of naming a bill the GLOBAL online freedom bill is simply amazing.

    Lets face it, this is a "For Show" bill, that either goes nowhere, or has all its teeth pulled before seeing the light of day.

  3. Re:Now this could be potentially game changing.... on Generating Alcohol Fuels From Electrical Current and CO2 · · Score: 1

    On transmission I agree with you, there are minimal losses moving electrical energy. However, storing energy is a whole different issue. Storing electricity as a liquid fuel is a very attractive possibility.

    We lack a good storage capability for electrical power, but I'm not convinced this would be the solution.

    Not when you calculate the losses likely involved in liquid storage. I suspect the CO2-->Butanol-->Combustion-->Kenetic/heat would be much more lossy than simply pumping water up-hill, and releasing it thru generators, something like done at Grand Coulee where the pump generators are used to pump water uphill, and the exact same device us used to create electricity from the release of that water. Pumped hydro is the most efficient method in current use.

    Ultimately, I suspect the storage problem will end up being ameliorated by battery powered Electric Vehicles. After all, once 256 million vehicles are converted to battery or hybrids there is a boatload of storage distributed across the grid. Most of it sitting idle most of the time.

  4. Re:Now this could be potentially game changing.... on Generating Alcohol Fuels From Electrical Current and CO2 · · Score: 3, Insightful

    For mass production it's likely they would just connect to the power grid and use whatever was available. I'd imagine they demonstrated it at this stage with solar to show that the output of that panel was sufficient to drive the reaction, thereby making it a standalone system.

    I suspect they chose solar because virtually any other source of power creates more CO2 than this process would use.
    Solar or Wind, which become available on their own schedule, and not always in sync with mankind's needs could use a good sink, and that makes them the logical choice for this type of project.

    We don't have enough power on anybody's national grid to accommodate all the recharging of electric vehicles planned for the market as it is. So in my mind its doubtful this process would EVER make economic sense, because its a pretty inefficient storage mechanism, and merely a short term sequestration of Carbon.

  5. Re:goodbye common sense on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    I'm not repeating it here for the reading impaired. This is explained quite well down-thread.

    Read up on OpenID.

  6. Re:goodbye common sense on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    If the Google token can only be verified by "the real Google", then Gawker can't tell a fake one from a legit one either.
    Derp! Regardless, the real token is real once the attacker passed your credentials through the normal login routines. The attacker doesn't care about the token, the attacker cares about your username and password.

    Gawker hands the token back to google via statically coded portions of their web and google validates it. This is built into the library. If your putative XSS attacker can compromise a system library they you are far more screwed than you think.

    The tokes are use-once tokens. When a website asks Google’s OpenID provider (IDP) for someone’s email address, Google always sign it in a way that cannot be replaced by an attacker. The website won't be able to log you in.

    True, the attacker may already have your Google password, if they are very very good. But this still won't get them much, because google's two factor authentication will stop them in their tracks, and even if the account doesn't use 2FA, google's IP range checking will. (Got caught by this just the other day when I tried to log in to google from a distant hotel. Had to answer the additional security question).

    And you still danced around the question of why something you claim is so vulnerable is becoming the standard. Could it be its far far harder than you glibly claim? Could it be you have never actually done any such programming in the real world? Pretty good at slinging the insults to cover you lack of knowledge. If its so easy go out and DO it some time.

  7. Re:Are people actually annoyed at this? on Google Using ReCAPTCHA To Decode Street Addresses · · Score: 4, Insightful

    Oh, climb down off that ledge before you get hurt.

    reCAPTCHA is for what ever you want to use it for, Its simply a technique for crowdsourcing guesses.

    In my estimation, Google maps and street view is one of the great accomplishments of our time, easily worth every penny Google monetizes out of it.

  8. Re:I seem to have missed something... on Google Using ReCAPTCHA To Decode Street Addresses · · Score: 2

    Getting around reCAPTCHA logins is usually easy. Just correctly type the easy to read word, and an approximation of the number of characters in the hard to read one. You don't even have to be close.

    Google could have a few thousand house numbers they already know (their own recognition system is probably capable of this), and they can swap these in as well as a hard to read scanned word from a book, and you could never be sure which one was the reCAPTCHA and which was the CAPTCHA.

  9. Re:I'm a Microsoft whore on Google Using ReCAPTCHA To Decode Street Addresses · · Score: -1

    The odd part is most of these numbers and signs are automatically made blurry when you try to look at them to get around the "Address is Approximate" in google streetview.

    The summary says:

    It appears that Google has decided to put the reCAPTCHA system to help clean up Google streetview images,

    Yet Google would have to know what the address numbers really was in order to validate the reCAPTCHA, so that can hardly be why they are doing it. They don't need to crowd source an answer that they already know.

    Using a zoomed house number from some obscure place in the world seems to be a non issue, other than having a virtually unlimited source of images.
    But unless Google is paying a zillion people to validate these images visually, all this says is they trust their algorithm of number extraction enough that they can use it in production. And if they have an algorithm that good, its just one more proof of the fallibility and uselessness of image based reCAPTCHAs.

  10. Re:goodbye common sense on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    Except the real Google hands back a token that can only be verified by the real Google.
    The fake token would trip even Gawker's lax security giving you a clue that you have been duped.

    The login buttons aren't on the area available for people to post. (They are not within the posts themselves). As such, you can't sneak in your own hacker code to do what you propose. The posting engine limits just what you can post.

    Look, if it was this easy to break OpenID NOBODY would use it. Yet its gaining acceptance all the time. The GP was blowing smoke.

  11. Re:Any site doing this needs their head examined.. on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    Exactly why I would never sign up with Facebook.

    People who do, don't care about that.

  12. Re:It does give them more information on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    Try this example.

    Log out of Google if you are logged in.

    Go to CNET.COM

    Click Login (upper right), then the little "Sign in with Google icon.
    Notice you get a HTTPS (Secure) page from Google. Google is the only one that sees your LoginId or your Password.
    It sends a token to Cnet. Maybe sends your Gmail name (real or fake).

    CNET gets nothing more. You control access to this via your Google Dashboard: https://accounts.google.com/b/0/IssuedAuthSubTokens?hl=en

    If you were already signed in to Google when you went to Cnet, clicking Cnet's sign in with google button already knows about you, and may not ask for a password (unless your sign in was many minutes ago).

    So you never actually give Cnet anything. At most they might get an OpenID login and it might contain a name and email, but then they had previously been collecting that (and having it stolen) anyway.

    This is how Gawker will work when they get it established. And no, its not that hard any more, and the problems mentioned in the article you linked were fixed. OpenID4Java has been patched with the fix in version 0.9.6.662 (19th April, 2011)

    Note that I don't consider a gmail account a "social networking" account. Some people have dozens of them.

    Your statement :

    Gawker advertizes on Facebook, this indirectly gives them access to demographics information about the accounts they are advertizing to, which they can now link with Gawker accounts

    is very worrisome (if true), and its part of the reason I refuse to ever open a facebook account. Google does not provide this kind of information, with any degree of specificity. All Gawker would get from Google is your email address and name. They get access to NOTHING more, directly or indirectly.

  13. Re:goodbye common sense on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    Since you're either retarded or willfully obtuse, I'll spell out one XSS scenario for you.

    Go read up on OpenID and then come back and apologize for calling people names.
    See also how Google does this.

    1) Gawker puts a sign in with Gmail account button on the page.
    2) You click that and a NEW HTTPS window shows up, sent to you by GOOGLE. (You do understand HTTPS don't you?)
    3) You enter your Gmail address and password.
    4) GOOGLE sends an encrypted token saying Yes/No and possibly your name back to Gawker.
    5) Gawker waits for this token and validates it directly with Google.

  14. Re:Any site doing this needs their head examined.. on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 2

    Call me naive, but I have no idea why websites like using other social networks for authentication. Is there something so secure that I can trust Facebook with any and all logins and passwords for not just me, but all my users?

    I won't call you naive, just misinformed.

    1) Gawker will not know your Google/FB password.
    2) You won't have a Gawker password any more.
    3) Gawker asks google to authenticate joerandomuser@gmail.com
    4) Google pops up a SECURE web page and gathers your gmail password
    5) Google sends Gawker a YES or a NO, and possibly your name.

    That's it. You have one less password, and you get logged in with what ever gmail account you enter. That gmail account need never be stored on Gawker's server, (unless you ask for notifications of replies or something). Gawker never has any passwords at all.

    This makes Gawker less of a hacking target.
    It frees Gawker of having to maintain any login system of their own.
    It reduces cost.
    You still maintain fine grained control of which sites can use this facility (at least with Google via your dashboard).

    See https://developers.google.com/accounts/docs/OpenID?hl=pl-PL for an explanation of how it works.

    The upshot: You want this. You didn't know how it works, so you rightly mistrusted it. But Its better.

  15. Re:Any site doing this needs their head examined.. on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    Exactly.

    Gawker gets nothing more than your email address (which they already used to require). They ask google if you are who you say, and google logs you in. Gawker never gets your google password, and stores nothing on their own servers (they don't even have to store your gmail address, because your browser will do that for you). At most, Gawker gets a YES or NO, and maybe the name you signed up to Gmail with.

    This makes any site more secure, because you have nothing there for hackers to steal.

  16. Re:Don't have any of those accounts on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    So what about those like me, who don't have an account on those social sites?

    Seriously, how hard is it to set up a Gmail account, even if using a fake name.
    If you got an android device, you already have a google account.

  17. Re:Where's the cash grab tie in? on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 1

    Because you get directed to Google's login page.

    More precisely: A direct to Google SECURE login page. https.

    And you can control what that login will offer on your dashboard: https://accounts.google.com/IssuedAuthSubTokens?hl=en

  18. Re:Issue? What issue? on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 2

    This!

    Too many people posting here have no clue about how this works.

    But its even more restrictive than that. At least in the case of Google.

    Gawker sends an email address to Google, gets a YES or NO from Google. Google pops up its own https page to gather your password. Gawker sees none of this. And Google tells you exactly what Gawker asks for as far as "Real" name (wink wink).

    And you can control this from your Google Dashboard "Websites authorized to the Account". If that page (Direct link) simply has a listing like the following:

        postings.somesite.com — Sign in using your Google account [ Revoke Access ]

    then all they can get from Google is a Yes or NO.

    Other third party authentication services may not be as transparent as Google and may not allow as fine grained control.

  19. Re:goodbye common sense on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 4, Informative

    Nothing like gawker having been hacked before to highlight how bad this is, as appropriately noted.

    How is this "bad"?
    Do you understand what is being discussed here? Gawker is not asking for your password for Google/Twitter/Facebook.
    Rather, the ask Google (for example) to authenticate you, and Google answers YES, or NO, and never lets Gawker see your password.

  20. Where's the cash grab tie in? on Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins · · Score: 4, Insightful

    Just because you let Google handle the login doesn't mean Gawker gets anything more from you than an email address which you were already obligated to provide in the past. And since Gmail is already great at handling spam, there is precious little opportunity for Gawker to profit from this by selling your email address. Spamming Gmail accounts is already a fools errand.

    At least in Google's case, they glean nothing either, other than the fact that you use Gawker, but any advertising revenue that comes to google via that knowledge goes to Google, and not Gawker. All they provide Gawker is a YES or NO answer when you ask to log in.

    Given the rapidity with which one can create gmail/facebook/twitter accounts it won't assure "secure and responsible" posting either. Its easy enough to have an account that is reserved for such postings, even one per web-site if you want.

    All this does is allow Gawker to off-load all user account stuff to some other entity, making them less of a hacking target, because there will be Nothing Much There to Gain. (Some would say this is an attribute of Gawker Media in general.) Having one less web site holding my passwords in an insecure database is a plus as far as I am concerned.

  21. Re:Too expensive on Virginia Approves First Offshore Wind-Energy Turbine For US Waters · · Score: 2

    Twenty years is a long time. And after 20 years, you pull the turbine at the top of the towers and replace it with a new one, and slap the blades back on. The new one will be more efficient, cost less, and probably weigh less too, due to technology improvements over time.

    The hard part is getting it permitted and construction started.
    Keeping them maintained after the fact is just routine.

  22. Not so fast on Virginia Approves First Offshore Wind-Energy Turbine For US Waters · · Score: 5, Informative

    Its now a race to see who can get the first turbine up and spinning before anyone can claim to be first.

    After years of opposition by Ted Kennedy, the Cape Cod wind farm was granted approval and all the law suits have pretty much played out.
    The Cape Wind Farm gained final construction approval about this time last year (April 2011). Held up by yet another appeal due VFR (small plane) flights flying below regulation minimum altitude, it is expected to pass this hurdle as well, just like every other wind farm has. The opposition group has recently been fined for election violations.

    But Approval does not mean construction has started, and both of these projects seem to be at the same point in their development.

  23. Re:CYA by the White House on Solar Power Is Booming — Why Do We Want To Kill It? · · Score: 1

    But if you dig up the definition of dumping (as defined by the US Dept of Commerce), you will find it simply means producing goods "less than fair value", which essentially amounts to a US opinion about what the price should be. The generic definition is:

    Dumping occurs when a foreign producer sells a product in the United States at a price that is below that producer's sales price in the country of origin ("home market"), or at a price that is lower than the cost of production. The difference between the price (or cost) in the foreign market and the price in the U.S. market is called the dumping margin. Unless the conduct falls within the legal definition of dumping as specified in U.S. law, a foreign producer selling imports at prices below those of American products is not necessarily dumping.

    See:http://ia.ita.doc.gov/intro/index.html

    At least that'ts the official line. However, in practice it never works out that way, and ends up being "fair market value:, which amounts to any time something is imported at a lower price than the US could produce it domestically.

  24. Re:CYA by the White House on Solar Power Is Booming — Why Do We Want To Kill It? · · Score: 2

    You can hide corporate earnings forever and you can spend them

    Ok, which is it going to be, hide earnings or spend them? You can't have it both ways.

    Rich Dude has his company buys 4 Limos and a New mansion.

    Cadillac and Lincoln pocket some cash. Most of that goes to pay wages, buy parts.
    Those workers buy their own cars, houses, food.

    Or Rich Dude spends nothing, and it sits in the bank. Which loans it out so someone can build a house, start a business.

    Lets not talk about profound naivety until you demonstrate even a modicum of understanding about how money works.

  25. Re:CYA by the White House on Solar Power Is Booming — Why Do We Want To Kill It? · · Score: 1

    Corporate tax rate drops are a delusional lie.

    The rich simply shift all the personal income into a corporation that they own, they also shift all their personal assets homes, cars, yachts into that corporation.

    So who cares?
    There aren't enough of those people to matter.
    Besides, this is already pretty well covered by our tax code, perks provided solely to you get taxed as income.

    If more jobs stay local and more manufacturing is kept on shore you can siphon ALL the profit down a rat hole
    and still earn more tax revenue taxing the earnings or workers, property, sales, etc, all from the increased
    jobs created.

    You can't hide corporate earnings forever. Sooner or later someone spends the money and some other person
    puts it in his pocket.