Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Here's the answer (Score 2) 132

We've almost reached the limits of physics and there's basically no viable competition because modern technologies require capex in an order of billions of dollars. What's there to marvel at or be happy about when, for instance, we've had a stagnation in the x86 CPU market since the introduction of Sandy Bridge (don't remind me of Ryzen: AMD has just reached IPC parity with two years old Intel CPUs)? Also GPUs don't grow as fast as they used to in the past, and even then in the past GPUs required passive cooling while certain modern GPUs have three slots cooling solutions with over 200 watts of power dissipation and have billions of transistors (NVIDIA Pascal Titan X has 12 billion transistors working at roughly 1500MHz).

However in my opinion it's astonishing what we've reached so far: certain modern computer games are just breathtakingly beautiful while not being too far off from being photo realistic: Deus Ex: Mankind Divided, Battlefield 1, The Division, Quantum Break and others. Recently, I just gave up on playing in The Division for two hours and just roamed NYC and enjoyed the scenery.

Just look at this and compare to this.

Comment Re:PDF is a major malware vector (Score 1) 103

True! As for me I usually run downloaded PDFs though and then all scripting features in my Acrobat Reader are completely disabled.

Speaking of ISO's: most Ubuntu mirrors (and their official servers as well) distribute Ubuntu ISO's via ... HTTP and FTP. That's so "lovely" considering that any ISP can easily replace your HTTP traffic. Yes, they have PGP signatures but 99% of people out there have no idea how to verify them. And those PGP signatures are distributed from the same ... insecure channels.

Comment Re:Are two hashes better than one? (Score 1) 103

Perhaps I was completely wrong - skip to the Mysid's comment. My sincere apologies then. But this explanation just doesn't work/compute in my head - even today finding MD5 collisions is extremely computationally expensive, yet the person says SHA1 + MD5 is only slightly more computationally expensive.

Let's put it in layman's terms: let's say your cluster made of a thousand GPUs finds MD5 collisions for given data every second. Now finding an SHA1 collision in Google's case required 9,223,372,036,854,775,808 computations based either on purely random data or data which needed to be fed to the SHA1 algorithm in succession both of which you cannot get using your already found MD5 collisions, because they are not random. I cannot see how your non random MD5 data could be used as a basis for cracking SHA-1 simultaneously. Again, maybe I'm totally wrong about that.

I'd also love to hear someone with a good cryptography background rather than believe a random person on the net or my amateurish logic.

Comment Re: NB: most medical scientists (Score 1) 247

Complex doesn't mean perfect or without flaws. Also, you cannot imagine how many germs coexist with us and we depend our life on them.

Also I'm not a biologist however as far as I understand it's not viruses that kill us, it's our own failing biology due to our DNA: death is programmed deep in our DNA, or otherwise there wouldn't be evolution. I might be totally wrong of course - I'd like to hear what actual biologists would say.

Comment Re:Practical? (Score 2) 103

If Google can do that, NSA can surely do that - maybe not right now but quite soon.

Also don't underestimate various botnets - right now they are mostly used for spamming/DDOS'ing/crypto currency mining (which in itself is ... hashing) but they can be used for finding collisions in SHA-1 as well.

Also don't forget that "practical" in this case means that an attack can be carried out using currently existing availble computational resources, vs. something purely theoretical which requires billions of CPUs/GPUs or quantum computers.

Comment NB: most medical scientists (Score 3, Insightful) 247

The human body is the most complex organism in the known universe so there's nothing to be sneezed at or be surprised by. For instance recent studies have shown that for a lot of people placebo works even when people have a perfect knowledge that they are given placebo.

As another confirmation, the brain has the ability to directly change/affect the chemical processes in the body as demonstrated by Wim Hof who can manage his body's temperature at will.

Submission + - Google has demonstrated a successful practical attack against SHA-1 (

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Submission + - PHP Is First Language To Add "Modern" Cryptography Library To Its Core (

An anonymous reader writes: The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default. Developers approved a proposal with a vote of 37 to 0 and decided that Libsodium will be added to the upcoming PHP 7.2 release that will be launched towards the end of 2017.

Scott Arciszewski, the cryptography expert who made the proposal says that by supporting modern crypto in the PHP core, the PHP team will force the WordPress team to implement better security in its CMS, something they avoided until now. Additionally, it will allow PHP and CMS developers to add advanced cryptography features to their apps that run on shared hosting providers, where until now they weren't able to install custom PHP extensions to support modern cryptography. Other reasons on why he made the proposal are detailed in depth here.

Arciszewski also says that PHP is actually "the first" programming language to support a "modern" cryptography library in its core, despite Erlang and Go including similar libraries, which he claims are not as powerful and up-to-date as PHP's upcoming Libsodium implementation.

Comment Not that easy (Score 3, Interesting) 105

It's almost impossible to eradicate cheaters in CS:GO and similar games for one important reason: CS:GO servers send you full information about all the gamers who're playing the match with you, which means it's quite trivial to intercept this information and modify certain game engine variables to e.g. make other players visible though the walls (wallhack) or to make your bullets always reach the destination (aimbot). Now even if you don't send all the information, the game still has to show other visible nearby players to you, so dealing with aimbots seems like a lost game.

Speaking frankly I've got no idea if this problem can be fixed at all except for controlled LAN matches (but even then we've had reports that certain cheaters made through by bringing their cheat programs inside their mice - the mouse is connected via USB which makes it trivial to extend its internals to include a mass storage device).

To give Valve credit they're now testing an AI to detect cheaters. They do it because it's virtually impossible to detect cheat applications using any sort of matching (like antiviruses do).

Comment Re:Add-ons which will stop working include (Score 1) 2

Here's what a DTA developer, Nils Maier, wrote in response to this policy:

Hi mig[-1], and everybody who also asked and I BCCed, and whomever it
may or should concern too,

First: the "fucks" are directed exclusively at mozilla - the
organization, not you.

If I CC'ed you and you're now thinking: Who are you even? Valid
question: I develop one of the most popular Firefox add-ons (open source
without profit motivation), and am a decade long mozilla enthusiast,
advocate and volunteer contributor.

> I'm just back from a Mozilla event where i was sorry to hear you were
> giving up on DownThemAll. I don't know the whole story, but in my
> opinion, this would be a shame to leave a 1.25M users audience.

The whole story is basically that mozilla folks are fucking up the
add-on space.

The whole story is that DownThemAll! would need a ton of niche APIs that
mozilla has neither the resources nor the will to spec, implement and

The whole story is that WebExtensions APIs explicitly are supposed to be
high level APIs, while tons of add-ons actually want, nay need low level
APIs to implement their functionality.
The rational here seems to be "Fuck yall, we consider you too stupid
and/or evil to give you low level access, also we're lazy and not good
with money so we couldn't possibly support low level anyway"
The high level API shit is what's killing the platform, not XUL or
(partial) XPCOM deprecation.

The whole story is that I just finally grew tired of the steaming pile
of utter rotten horse manure that is the mozilla decision making process.

I'll evaluate the list of forks that do exist or will exist once mozilla
pulls the WebExtension switch for real, and see if any of them will be
an alternative to the then deliberately-made-retarded mozilla browser.

I gave mozilla a list of what interfaces DTA source code contains
currently (mozI*, nsI*) either way and other feedback, since they asked.

It is my opinion that it's not me who's leaving a 1.25M Active Daily
Users DownThemAll! audience, but mozilla is abandoning them (and me) and
not just them but also the developers and users of tons of other add-ons
with small and large audiences[1].

I'll keep maintaining (most of) my add-ons for the time being, albeit
with far less enthusiasm, in case mozilla wakes up or some viable fork
comes along, tho.

> As far as i can tell, DownThemAll will be able to run on WebExtensions
> once the missing APIs (mainly file writing) will be integrated, and i
> got the confirmation this will happen in due time.

I have no hopes that they will implement proper APIs, not even for file
writing[0 again]. Other than file writing, there are no proper APIs to
do requests, there are no proper APIs for other stuff such as executing
files, other kinds of OS integration, UI integration and so on and etc
and pp.

And that's just DownThemAll!, looking at my other add-ons (public or for
personal use) and also those I use of other devs, most of them will be
dead in the water, or could only be ported with serious, serious
limitations. Some add-ons I use already were abandoned, rightfully so
because WebExtensions offer no way forward for those addons, and for now
I fix them locally for me if something breaks (I cannot take over
maintainership and publish them as I lack the time and motivation to do so)
I have no use for crappy webrequest/toolbar button APIs alone. At least
the Adblockers will survive I guess... hurray!

Dismantling the add-on system just because mozilla doesn't like the
maintenance burden all of a sudden?

"B-but we want away from XUL and a lot of XPCOM".
So what? Neither is this going to happen anytime soon realistically, nor
is that any reason not to give add-on developers access to whatever
replaces it.

"B-but add-ons will break less if ever if they are WebExtensions".
Sure, and tons of add-ons should and will go the WebExtensions route.
Doesn't mean you have to fuck over the add-ons not fitting in the
WebExtensions space. There are tons of dedicated add-on developers who
have been dealing with breaking changes in Firefox since it first got
add-ons, for better or for worse. Most of the time, we managed in a
timely fashion.

Even those add-ons which can be reasonably ported need to be ported in
the first place. Somebody will have to do the actual work, which is on
entirely different scale than a "few" "let's move this shit into a
framescript so it works with e10s" fixes.

Frankly, it's add-ons which contributed a lot to Firefox' success, and
it's add-on which eased Firefox bleeding users to Chrome, and once the
add-ons that go beyond WebExtensions stuff are gone, the bleeding will
only increase again.

> To tell the truth, i have been myself very frustrated just a few weeks
> ago, and considered giving up VDH on Firefox. Now i can see a clear
> future (even if there is a lot of development work to be done).

Quite honestly, I'm over the frustrated stage and arrived at the furious
anger stage. And I grow only more hopeless about mozilla as time progresses.

WebExtensions are far off from feature parity, let alone bug parity for
even the Chrome extension APIs, yet announce EOL for new add-ons in 53
and EOL for all add-ons in 57 [0 again]?
What the fuck are they thinking?
Whoever was involved in that decision with actual say: Please do us all
a favor and just step down from any leadership position you might have.
Or better yet, apply for a leadership position in the Google Chrome
team; Firefox can use some help from you eventually ending up
inadvertently sabotaging Chrome sooner than later.

What's even more discouraging is that mozilla will be using their
"signing required" Walled Garden they installed because "reasons, not of
them actually sane or good" that they swore they will not use to fuck
with add-ons[2] - just to do exactly that, and fuck with add-ons,
stopping to sign new non-WE add-ons with the Firefox 53 release.

Does the Walled Garden help make Firefox more secure? Nope.
Is it abused to force unrelated policy changes instead? Yep!

mozilla has been a huge clusterfuck for years now, not just in the
add-on space; lacking proper (tech) leadership, lacking vision, focusing
on the wrong things at large more often than not, fucking with their
core users for no apparent reason other than "but we have to do
*something* to stay relevant". And even stupid stunts like force
bundling crapware (pocket) isn't too goddamn stupid to do these days.
"1 million mozillians!", yeah, you will certainly achieve this by
alienating everybody on many fronts at once.

I've been part of the mozilla universe for almost one and a half decades
(or almost 15 years in "metric") now. I'm doing DownThemAll! and other
extensions since about a decade now. I've seen tons of fuckups in that
time, and produced a few myself; but that was OK because none of those
were deliberate and we always worked together on fixing things.
Not ever before did I think mozilla is hopelessly fucked at a
fundamental level. But the last one or maybe two years changed that.

I have to admit that I failed to see this for a quite some time,
deluding myself into thinking "it's not that bad", "they'll will do it",
"temporary setback", "they will recover", "I can learn to live with
that"... Tried to rationalize all this away...
But that's ended.

I'm fed up as an add-on developer, I'm fed up as a mozilla advocate, I'm
fed up as somebody who used to help the other add-on devs, I'm fed up as
somebody who contributed an enormous amount of volunteer time directly
in many different ways, I'm fed up as a Firefox user.

In conclusion, let me end with two quotes from[3] (second one quoting

"Itâ(TM)s fascinating how Mozilla manages to always find the exactly right
words â" to make their most avid browser enthusiasts feel absolutely

"I honestly hate you [mozilla] right now."


PS: If anybody feels the inexplicable urge to reply and wants me to know
about it or even respond, make sure to CC me.

[-1] who is on BCC because publicly posting his email address might be rude.
[0] I'm explicitly not dumping on the team that actually implements the
WebExtensions support and APIs, they seem to be doing a fine job with
the resources they got from mozilla. And I am not opposed to
WebExtensions, quite the opposite. But I am opposed to WebExtensions-only!
[1] Well, unless you're NoScript and get special treatment. Well again,
DTA is probably large enough to beg and get special treatment, but I
don't actually want better treatment than others.
[2] And that's still a large legal gray area; e.g. can mozilla legally
sign add-ons of devs from countries with US sanctions/embargoes

Comment Add-ons which will stop working include (Score 2) 2

* FindBar Tweak, Beyond Australis, OmniSidebar and Puzzle Bars ( )
* NoScript ( )
* Pentadactyl ( )
* Vimperator ( )
* DownThemAll ( )
* Classic Theme Restorer ( )

After that we'll have something akin to Chrome's web store with thousands useless add ons with ads and no privacy whatsoever.

I fail to understand why anyone would want to run Firefox from then on, since it will basically become a Google Chrome clone with a slightly different rendering engine.

Submission + - Mozilla will deprecate XUL add-ons before the end of 2017 2

Artem Tashkinov writes: Mozilla has published a plan of add-ons deprecation in future Firefox releases. Firefox 53 will run in multi process mode by default for all users with some exceptions. Most add ons will continue to function, however certain add ons have already ceased to function because they don't expect multi user mode under the hood. Firefox 54-56 will introduce even more changes which will ultimately break even more addons. Firefox 57, which will be preliminarily released on the 28th of Novermber, 2017, will only run WebExtensions: which means no XUL (overlay) add ons, no bootstrapped extensions, no SDK extensions and no Embedded WebExtensions. In other words by this date the chromification of Firefox will have been completed. If you depend on XUL add ons your only choice past this date will be Pale Moon.

Comment My take (Score 2) 197

What exactly is the role of tech conferences?

To establish new business connections. To discover new trends/solutions/ideas which you might have missed due to being busy. To talk to your purveyors and discuss the things in person which are difficult to discuss over the phone/e-mail.

And then what's in it for my employer, who's paying to send me there?


Slashdot Top Deals

FORTUNE'S FUN FACTS TO KNOW AND TELL: A guinea pig is not from Guinea but a rodent from South America.