Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Stupid (Score 1) 1042

If the universe is a simulation, it is a pretty complex one

Ok, first off I'll say right up front this is all fanciful, more faith based rather than scientific. It's like debating which 'religion' is right.

But for the sake of entertainment, I'll discuss. How do we know the simulation is a pretty complex one? Comlpexity is a relative term.

So for one, there could be facets of a 'truer' reality we can't even conceive. Imagine Super Mario Brothers was a 'reality'. A third dimension would be an unthinkable exotic thing. In a very modern game, the concept of something having any smell or taste or touch are things that would not even occur to a hypothetical entity in one of those simulations. Similarly, we have quantized time and matter, meaning we effectively have a 'resolution' that may be coarse by a higher order existence standards.

For another, we don't know how much is *really* being simulated in this hypothetical. In a game, they don't simulate the other side of an object you are looking at. Similarly, there's nothing to prove that something that is not actively being observed truly exists at all times, rather than 'popping in' when observed.

Lastly, we don't know the depth to which things are really being simulated that we observe. For example, let's consider Half Life. To simulate that game, they didn't *really* have to model some weird physics thing that tears a hole between dimensions. However one could posit a being in such a world *believing* that a simulation would necessarily have to successfully model their *belief* in how things work. Many complex phenomenon and mechanisms could be in fact be glorified props, and the world written so that we believe/see in detail when it matters.

It's not a falsifiable claim, so it's not the realm of science, so we can debate this all day long with no real objective 'winner', but still it's fun...

Comment Re:Everything Working As Planned (Score 1) 254

In the automotive world, there are proving grounds to work out the kinks, not shared with the general populace or pedestrians and what not. If over a ton of equipment makes potentially unsafe maneuvers, it's hard to ever consider it 'minor'. It's only minor because another car wasn't going down that street or a pedestrian didn't step out at the wrong time because they failed to expect a car coming from where it shouldn't (yes a pedestrian should always be vigilant, but in practice particularly in well walked areas, folks get used to not paying attention).

It's worrisome to see these companies be overly aggressive (Tesla exaggerating the autonomy of their adaptive cruise control, Uber jumping straight to testing on real streets accepting pretty much whatever Uber driver to test it). There's unmanned autonous testing, but it's on proving grounds closed off to public. Google's been doing autonomous vehicle testing on real roads, but with specifically hired and specifically trained drivers.

Basically, this really *has* to be perfect and there's a long history of how to evaluate big changes in this field that is too boring for some of these newer companies to concern themselves with, and that is the crux of the problem.

Comment Re: We called it (Score 1) 125

Still, I doubt in one's own home that fear of putting on a headset due to obscuring vision is not high on the list.

High on the list would be expensive and lots of folks making it sound like a big involved mess as they make well-meaning statements that make people think they need a dedicated room just for VR and/or an exotic treadmill to enjoy.. 'Room scale' is cool and all, but right now people are making it sound like it is a non negotiable part of the experience, which is a big ask. Things that need that much real estate have never lasted.

Comment Re:Limitations of VR (Score 1) 125

I enjoy VR, but it's really only going to be a high end gaming accessory for now.

There's a lot of possibilites, but many of those possibilities have had room for improvement for a long time even without VR, and those improvements have never materialized. VR increases the potential of what is possible, but if it were that compelling we'd have 3D environments of hotel rooms and cars to play with already, rather than generally photographs. Photographs seem to be 'good enough'. You may say photosphere type stuff could be nice, but those don't feel cool, they feel like sitting in a big room with what you want wallpapered on the walls.

Comment Re:There is no magic (Score 1) 125

Hololens can impose a relatively tiny field of view on the surroundings, mitigating challenges that exist with headaches in a low quality VR context (enough of the real world is always visible to anchor you). When there are interactions with real life structures, there is noticable stutter as it tries to keep up.

Comment Re:This sounds like more of an excuse than a plan. (Score 1) 125

Higher resolution isn't going to overcome the uncanny valley.

Also, the uncanny valley is not a requirement to be overcome with VR. Most games are not photorealistic. No one is going to mistake it. The key in VR is things seem to have *substance*. They may look more like toy figurines on a playset (e.g. Lucky's Tale) or life sized mannequins coming at you (Half Life VR felt like mannequins walking around to me), and that is compelling enough. Compare this to a monitor. No one mistakes a computer game graphics for real life, but it's still compelling.

Comment Re: VR is the new 3D TV (Score 1) 125

I disagree that a 10k display is required. It'd be nice and the GPU to drive it would be nice too. However even with a 1080 panel, things are really nice and substantial.

Getting costs down is key. Also, Samsung may very well be right to give up on mobile. The GPU is so weak and the loss of situational awareness makes it not a very viable thing to enjoy on a bus ride or similar. This is going to be a desktop gaming accessory by and large.

Comment Re:VR isn't where it needs to be yet. (Score 1) 125

I'd agree that it is expensive for a desktop accessory. For a phone, it really isn't an obscene cost adder. I'll say that VR titles are a chicken and egg challenge. I'll say the technology is not really flaky anymore, and VR sickness is an overblown concern. In my experience, exactly one person felt unwell after a VR demo, and that person would get sick just *watching* a 3d game on a monitor. In her case, she only got sick in a demo where her avatar moved. She was not sick in the face of an environment that only moved with her.

Comment Re: We called it (Score 1) 125

One could say the same thing about headphones, and yet people don't mind that.

I think people more mind the cost, than the prospect of wearing headset. Of course in public is another issue, loss of situational awareness in situations like riding a bus is far greater with a headset than headphones.

Comment Re:VR will remain a (cool) niche (Score 1) 125

I'd say for gaming it makes for a logical evolution of displays. Hell I'd love it for working in cubeland (so long as putting it on and taking it off is as easy as headphones).

The fixation on things like mobility, real or fake (omni directional treadmills) only hurts the chances for general adoption, perpetuating the notion that there's no value until you do some very intrusive things that most folks don't have the patience for. In reality, it need not be significantly more intrusive than a pair of headphones. For those of us who do not need to see our keyboards or controllers, it's no big deal now.

However, the prospect of having the world surround you instead of just on a desktop monitor is really nice. Of course, getting into it costs twice as much as a 27" 4k monitor, and current display density means you are making a tradeoff of high resolution for immersion.

AR in theory would be a strict superset. In practice either the virtual or the real portion is going to suffer horribly as the technology stands, and not a lot of reason to be optimistic for that changing. Wearable AR is just not in the cards yet.

Comment Re:Not as big an issue as poor password POLICIES (Score 1) 210

I'm saying that *if* a site is competent enough to consider what you propose, it would be competent enough to do server side hashing. Hence a user should take ownership of how this is done to assure themselves, and *not* expect to audit every websites javascript implementation of their particular hashing scheme. So if you have a website, doing the right thing in the server is important. Doing additional things in the client doesn't really help if you've done the right backend stuff.

I think that's where we are deviating. I'm saying solutions like password managers and hashpass where the user *independently* has total control of the scheme make sense as a means of enforcing their sensibilities above and beyond what unknown methods the site is using. Solutions relying upon the javascript sent down by the site do not make sense as *those* guys have every reason to be able to do things right on the backend.

Comment Re:Not as big an issue as poor password POLICIES (Score 1) 210

Client hashing would prevent collateral damage in such cases

No, it wouldn't. If the traffic is intercepted, then the fact that the data is the password straight or the result of a one-way hash is of little consequence to the attacker, since the target system takes the value verbatim. The server does not *know* that the user is using the blessed javascript implementation or html form. They are only able to take the submitted data at face value. If you use the result of a one-way hash as a password, then either way the password is known.

If you want to protect against interception in the event of defeating TLS, there must be some pre shared key component to it. Using the password as a pre-shared key is considered bad form as the frequent occurance of a leaked password database would cause cries of storing the password in plain text. Server side hash and salt is the only recognized strategy and deviating from that risks being crucified in the security world (trying to explain the subtleties of going off that is going to be a very uphill battle). So something like RSA, U2F, TOTP or similar supplementing a password in a two factor scheme is the generally accepted way to get both the benefit of an ultimately shared secret based approach and password protection.

Ultimately, as far as the *site* is concerned, server side is the most widely accepted strategy, and there's no value in terms of the security they provide in doing it both places. If you want to protect yourself, then HashPass will do that job, though a much more comprehensive approach is a master store of site unique passwords with no actual relationship between your passwords, and *that* would completely divorce your password in any sort of way from the site unique password, truly compartmentalizing an attack against one of your services.

Comment Re:Not as big an issue as poor password POLICIES (Score 1) 210

So there exists a browser extension to implement what you desire, it is called HashPass.

However, if you use such a strategy, you *still* must have a password resilient to dictionary attacks. The attack scenario it provides *some* protection against is if you use a site that has poor security storage policies, without your knowledge (e.g. stored in clear text). The idea is that if such a crappy site gets compromised, it's view of plain text password is the end result of your client side salt, which now can be run against a dictionary attack. It basically is ensuring that *someone* is doing a secure hashing strategy that would reasonably protect a strong password in the manner the server side *should* be doing anyway.

If an otherwise secure site adds what you describe, it would do nothing to enhance security. If your password is *truly* strong and they employ proper salting and one way hash strategy (scrypt, PBKDF with adequate passes, what have you), then a leak of their password database is not actually that big a risk. If your password is weak, then the salting strategy client side doesn't add anything, as they could modify their brute force attack to do the client transform in a trivial fashion, and they can work their way back to the password you *really* use.

Comment Re:Not as big an issue as poor password POLICIES (Score 1) 210

Note I *think* he's saying that whatever string the client ultimately sends to the server should still be one-way crypted and salted in the usual way. Meaning a compromise of the database still has reasonable protection.

He wants something to automagically take his password and make it unique per site so he doesn't have to remember them all. Note that this is what things like the extension Hashpass do, generate a site specific password derived from your master password and transformed for the site.

Of course, all this said, the dictionary attack required involves just adding that transform, hence that strategy only helps if you are afraid the site has a plaintext password database or unsalted crypts, and your password would be secure against dictionary attacks offline. It makes zero sense as part of a websites arsenal against attacks.

Slashdot Top Deals

If a train station is a place where a train stops, what's a workstation?