Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Real 3D vs Fake 3D (Score 1) 70

How can anyone compare VR with the failure of 3D TV?

3D TV "failed" (though I see there are still 3D showings of any big movie to this day) because it's not really 3D at all. Just because you can tell some things are closer is nothing like 3D. It's maybe 2.5D at best - you can't lean over to look at something behind something in front, for example...

The reason why VR (really the AR/VR spectrum) will succeed is that it's fully 3D. You can look around something You can look under something. You can move around something.

What will be truly amazing to experience is when someone gets around to recording a fully 3D video (where perspective can be changed within some limited space). That will make the 360 video of today look like cave paintings.

Comment Hololens CAN be VR (Score 1) 70

What has Microsoft done with VR? Hololens is not VR.

The beauty of any AR systems is that they can also be VR, they simply block out the entirety of the outside world, or otherwise re-skin it (a better approach so you don't bump into real objects).

Now it's true that the Hololens cannot block out your whole FOV presently, but that's why they have extended out the timeline for delivering a consumer product. As it is the 360 videos they offer still work pretty well, even in the smallish field of view they cover today...

Currently as primitive as it is Microsoft has the best platform for the future of any VR use that is public. I'm sure there's better stuff the public does not know about yet...

Comment Re:Oh please (Score 4, Interesting) 141

Any language where the default equality comparison operator is *true* given two string-type variables with values "0E54321" and "0E12345" is not a cryptographically secure language. In fact there is a nonzero chance of the default equality operator returning true between two different MD5 or SHA256 hashes if they happen to fall into a hexadecimal form that is all digits except for one E or F.

Technically, that (in itself) doesn't necessarily mean that the built-in cryptography nor the language itself are inherently insecure. In theory, that is, provided you understand the language and use it correctly.

And that's the problem. Because in practice, PHP's design philosophy of trying to be clever- often too clever by half- when it comes to comparisons, equality, automatic coercion, data types, etc. etc. too often gives unpredictable and unexpected results from people who weren't aware of that behaviour.

You absolutely do *not* want any risk of this happening when you're designing a system that has to be secure. You want boringly explicit and utterly predictable data and type handling.

My prediction is that far, *far* more security holes will be down to bugs caused by unforeseen subtle aspects- i.e. pitfalls- of PHP's type handling and equality behaviour (etc.) in the apps using it rather than bugs in the cryptographic module itself.

PHP being a language more favoured by inexperienced users, this is likely to be made far worse. Expect lots of newbies with misplaced confidence designing what they think are "secure" apps that are in fact full of holes- either because they've misused or misunderstood the cryptographic module, or because they've overlooked some basic aspect of computer security elsewhere (e.g. failure to parse input securely) that makes the use of cryptography irrelevant.

And those are the sorts of mistakes newbies would make when using any language- with PHP's language design issues on top of that, it has the potential to be far worse.

So, yeah. I trust that the module will be secure. The main problems- I guarantee- will be caused by caused by overlooked (or not known about) aspects of PHP's too-clever-by-half data handling (in client apps using it) leading to exploitable holes, and by the fact that too many of PHP's newbie-skewing userbase will overconfidently assume it makes their apps foolproof while using it incorrectly and ignoring security holes elsewhere that make it redundant.

Comment Gotta love PHP ... (Score 3, Funny) 141

I'm smiling while I read this.

Every single bit of this news is sooo PHP and one of the reasons this awkward mess of a PL is so successful.

They find something new or something they need and bolt it on. Just like that. End of story. A vote on the core team, a little coding and *BAM* PHP has a new inner API function with what has to be the most over-the-top all-out-PHP-style name for an inner API function ever - sodium_crypto_box_keypair_from_secretkey_and_publickey($ecdh_secret, $ecdh_public); (seriously, this is no joke).

Totally LOL. Takes the cake for inner function names ten times over, even by PHP standards, which is quite a stunt. And right away PHP has up-to-date hard crypto that even a simpleton can use.

You have to hand it to the PHP crew - they actually get shit done, no matter what. :-)

Comment Thanks for helping but I prefer the original (Score 1) 160

Its more like 100 Billion in debt.

Yes I know that (with long term factored in) but I was trying to present the worst possible number or my argument....

If you factor in your debt estimate to my original numbers, then the percentage the EU is asking for is more like 14%, not 7.5%, making the EU's request even more absurd and unreasonable...

I think you for the support but really like I said, I prefer to show that even the worst case is still too high a percentage, rather than showing a more accurate number that is more open to debate.

Comment Errrm, ... because they're freakin' Astronauts? (Score 1) 151

What kind of a question is that?

They are ASTRONAUTS. Flying and operating insanely expensive equipment on massive insanely expensive missions where just about every move has critical consequences. It's the same reason you can't have angry outbursts on the Spaceshuttle. These people a cool. Like, seriously and certified cool.

Of *course* they're not allowed to get drunk.

Yes, russian cosmonauts were/are allowed to have a shot of Vodka after long tricky EVAs and similar big events. They're russians, what do you expect?
The closest to getting drunk in space was when the crew on the Mir decided to access their Vodka supplies of schedule. Vodka supplies being two or three smaller flasks. There are reports of some smaller "parties" on the Mir towards its EOL. But that's about it.

Comment Re: Great idea... But there is a problem... (Score 1) 298

They didn't die after a few minutes - they lasted for 1-2 hours. And they didn't cost a billion dollars, they were built on the cheap. The Soviets launched almost all of their Venus missions in pairs because they considered it likely that something would blow up or fail at some point along the way - not a rare situation, a number of their Venus missions never even left Earth orbit, and some didn't even get that far ;). But of missions that actually got to Venus, they had great success, and even had one mission "rescued" by Venus (they designed it to parachute down, but the parachute broke - but the atmosphere slowed the fall so much that it survived the impact anyway).

For exploring Venus, if you're wanting PR, the Vega approach is the right one - aerobots, optionally paired with sondes. Aerial vehicles can fly for long periods of time studying the planet, and there's a number of exciting missions related to this being worked on (just waiting for funding). As for surface lifespans, they don't have to be limited. There's work on probes designed to "run hot" so that they don't need any (or only minimal) cooling, and there's also work on probes designed to lift off (bellows balloon) to a cooler layer of the atmosphere (to have any length of time to examine / process samples, cool down, etc) before re-descending any number of times. If you're only talking something with a ~2 hour lifespan on the surface and nothing else, you're talking something cheap, Discovery or at most New Frontiers class - not Flagship.

The main thing that's held everything back is that NASA almost never funds anything related to Venus. The last dedicated NASA mission to Venus (not counting flybies to other destinations that used Venus as a gravitational assist) was the Magellan probe, nearly three decades ago. And that came a decade after the previous NASA mission to Venus. Easiest planet to get to, and they almost never fund missions to study it. It's embarrassing.

Comment Re:Echo-chamber fake news (Score 2) 375

There were a lot of contributing factors, but yes, this sadly was one. The Thiokol engineers were against launch, but they failed to make a sufficient case as to why exactly they felt the O-rings were unsafe (there actually was a Thiokol document showing that not only was O-ring failure high at low temperatures but that the second O-ring ceased to be redundant - but they didn't have the document available to them). The Shuttle program managers were getting mad at them for insisting on delays due to the low temperatures without being able to back it up (one of them said something along the lines of "My god, Thiokol - when do you want me to launch, April?") and eventually the Thiokol management dropped their objections (even though the engineers were still strongly against launch). The engineers all gathered round to watch the launch on TV, thinking it was going to explode on the pad. When it lifted off they all breathed a sigh of relief, only to have it dashed during the explosion.

Comment Re:Echo-chamber fake news (Score 5, Informative) 375

Really, I have to give them credit where credit is due: by repeatedly pointing out errors (however trivial) out of the tens of thousands of news stories that are published every day, they've managed to get their supporters to the point where they'll trust a new story on www.siteiveneverheardofbefore.com/newishstuff/hillaryclintonpedophilering.html more than they will an actual newspaper. It's a real masterstroke in terms of controlling the narrative. "Anything negative you hear about me, it's fake, because there exist cases where newspapers have made errors, and we've selectively presented you only with those cases to create a narrative for you that newspapers are packed full of fakery." Not just newspapers - fact checkers, peer-reviewed articles, even official government statistics - all fake, because they've been presented with every case people can get their hands of of error, without the balancing context of the 10000x more that wasn't in error.

In the words of XKCD: "Dear God, I would like to file a bug report". ;)

It's the same thing that contributed to the Challenger explosion. They had a nice clean graph in front of them that plotted O-ring failures vs. temperature. There was no clear trend visible on the graph. The problem was that they omitted the successes, the cases where there were no O-ring failures. Here's what it looked like with that added in. All of the sudden there's a very clear trend of failure increasing at low temperatures - in fact, every low temperature launch had had O-ring failures, while very few high-temperature launches had. By being selective in what data you present (accidentally in that case, on purpose in the present case), you can get people to believe precisely the opposite of what is true.

Slashdot Top Deals

UNIX is hot. It's more than hot. It's steaming. It's quicksilver lightning with a laserbeam kicker. -- Michael Jay Tucker

Working...