Good high schools have offered stats courses for ages. And for college-bound students, AP Statistics has been offered for almost 30 years now.

Not even jokingly, no. Denuevo is self-contained at the executable level: it runs entirely in ring 3. It's not like, say, StarForce, which needed a ring 0 driver installed.

Similar but reversed. My credit unions aren't part of Zelle, but some people don't use or won't use Venmo or Paypal FF. This removes one of the few free ways to transfer funds.

Ditto. This change means I won't be able to pay Zelle users. There are other services, so it's not the end of the world, but it makes Zelle all but impossible for me to use.

I remember when the Beeb was still experimenting with various forms of radio streaming. They were one of the first groups to try out OGG Vorbis, and even though they didn't stick with it, their R&D efforts contributed a lot to the development and success of Vorbis overall.

More importantly, I didn't think there would be a day where you wouldn't be able to stream BBC Radio online. Even 25 years later, I still enjoy poking the Radio 1 stream now and then just to see what weird and hip stuff they're running overnight. It's still an insightful look into what's going on nearly half-way around the world.

So that sucks.

Isn't most of the cost the probe, followed by the energy and machinery needed to get out of Earth's immediate gravity well?

Being that close to us is more convenient. But if it reduces the cost of a mission from $500m to $450m, that's not the kind of significant improvement needed to make more missions viable.

Did slashdot suddenly stop working with certain scripts disabled? Site load normally, then changes into a massive notice that JavaScript needs to be enabled.

For the last few months, Slashdot's owners have been toying with an anti-adblocking service called Ad-Shield.

Ad-Shield is a very thorough and very heavy-handed service that has multiple layers of checks to ensure that ads are loading. And a lot of those checks require JavaScript to run. So Ad-Shield makes the site unusable without JS in order to make it harder to block its checks.

But if Nvidia is removing PhysX entirely, then ANY game using Physx, be it 32bit or 64bit, is dead. The game will not work.

To clarify, the PhysX middleware is bundled with the game. It's usually statically compiled in, but there are also some instances where it's shipped as part of a DLL.

The issue is that the API PhysX uses to access the GPU to execute GPU-accelerated effects is CUDA. And NVIDIA is dropping 32-bit CUDA support. That means there's no way for the PhysX middleware to talk to the GPU. As you correctly note, PhysX itself doesn't stop working - the CPU effects still work just fine - but all of the optional GPU effects will stop working.

And 64-bit CUDA support isn't going away. So 64-bit binaries that use PhysX GPU effects will continue to work just fine.

Indeed. Alongside RAM, NAND is the other classic cyclical (boom & bust) technology market.

The long-term trend is always down, but inside of a two year period it's going to behave like a sine wave, with prices cresting and busting out as production reacts to market prices and the onlining of new facilities.

There are a surprising number of businesses that (still) don't accept anything above a $20. They'd really rather you pay with a card - and if you aren't going to do that, they want you using bills that are too small to be worth counterfeiting.

Note that MD5 is not that bad. It is still competent at protecting files against corruption or third party tampering, because a collision attack is not currently possible.

Are you sure about that? This is getting outside of my specialty here, but Wikipedia notes that the Flame malware was able to counterfeit a Microsoft MD5 signing certificate in 2012. That seems like exactly the kind of collision attack that warrants retiring it for signing certificates.

I do agree that it still seems fine as a basic file hashing algorithm, though.

Yes and no.

Cryptography is one of the areas where a lot of leeway is needed. As computers get faster and algorithms get weakened by attacks, it is critical that old algorithms are retired and replaced with new ones that can stand up to attacks for the coming decades. Otherwise we'd still be using the now trivially broken MD5.

Frankly, I'm surprised it has taken Apple this long to implement SHA-2 everywhere. The NIST stopped allowing it for digital signatures in government services over a decade ago, and web browsers stopped accepting it in 2017. Even Microsoft stopped signing binaries with it in 2020.

As the old adage goes, if you want a program to last forever, don't give it networking capabilities. The moment that it needs to communicate with other programs in order to function, you've committed to having to maintain the program to keep up with the times. Conversely, if Square Enix hadn't used IAPs, then the game could have run fully stand-alone.

It's not a bug. It's because Square Enix doesn't want to update the game to handle purchase receipts signed with SHA-256.

Crystal Chronicles was released in 2020. The game is essentially one giant collection of free demos, with IAPs to unlock the specific games inside. Square opted to do on-device verification of IAPs (which is generally a good thing), which means the app relies on purchase receipts sent over by the App Store.

Up until 2023, these receipts were signed with an SHA-1 certificate, at which time Apple started a process to migrate over to a much stronger SHA-256 certificate. Between then and the end of last month, both certificates were available. But on January 24th, Apple moved to the last phase of the migration as the SHA-1 certificate expired.

As a result, the current build of Crystal Chronicles cannot read Apple's modern receipts. It would need to be updated to handle the SHA-256 receipts. In fact, Square can't even submit a new build of the game to the App Store without SHA-256 support, as that has been a requirement since August of 2023.

There are a few other ways around this as well, though all would take more effort on Square's part. Apps that rely on server-side verification weren't affected by the certificate change (that's all handled by Apple's servers). And there are now functions in the StoreKit API such as Transaction that fully offload the cryptographic process to the OS, abstracting away these kinds of changes. Though I don't believe this was available in 2020 when the game was first released.

Dev-wise, there may be other things that Square would need to do to bring the game into compliance with current App Store rules as well. The minimum SDK version Apple accepts right now is iOS 17, for example. So the project would need ported from what I'd wager is the iOS 13 SDK. That shouldn't be a big deal for a well-written app. But a poorly-written, minimum-effort port - especially one making heavy use of external libraries - could definitely have issues.

Ultimately, Square kind of tried to have their cake and eat it too, and it backfired on them. Had they not relied on IAPs, this issue would have been avoided. Alternatively, if they had gone fully in the other direction and used server-side verification, this issue would have been avoided. But the on-device route, while noble in some respects, also comes with the most maintenance work, which they are now opting out of doing.

What you're missing here is that the provisioning of these devices happens via a cloud service. The sale point of something "smart" is that you are able to access it remotely. That means your devices ultimately connect to some remote server. The way they do that presents a risk.

Sure, it presents a risk. But I've also not heard of any major TV vendors getting their cloud service compromised and all of their TVs getting compromised in turn. Especially with these devices increasingly using certificate pinning, which is making it difficult for even the owner to do much to the device, let alone outsiders.

It's entirely possible I'm just out of the loop here. But I'd expect a TV vendor getting hacked to make the news. So while I agree that TVs behaving like a 10 year old and wanting unfettered internet access is not a good thing - on a theoretical basis alone, it should be stopped - in practice I'm not seeing evidence of that leading to widespread compromise?

That's before you consider some stupid backdoored devices punching holes in your router via UPNP to open up to any idiot out there.

Now that is definitely a lot more plausible. But what are TVs even requesting UPnP IGD port punching for? Of all the TVs I've been dragged into supporting over the years, none of them have seemed to use port punching. Presumably, precisely because they just initiate outbound server requests instead. It's certainly a potential issue, but I'd expect to see UPnP IGD used more for home security cameras and the like - which have services to offer the end user - than I would TVs and related gear.

If firewalls were enough to keep bad guys out we wouldn't have malware.

Ain't that the truth!

Going by PC world at least, where OSes have well-defined support schedules and built-in firewalls, the usual weak point for the last 20 years hasn't been the systems, it's been the users. They're the ones who are accessing hostile webpages (with code exploiting browser vulns) and installing malware-infected applications. It's mostly all pulling, with very little pushing going on.

Which to get back to the subject at hand, it makes me wonder if the TV problem isn't a networking vulnerability problem, but rather a user problem. With so many of these TVs running flavors of Android, side-loading apps is very doable. And people are certainly (still) dumb enough to install compromised apps in order to get stuff for free - there's a whole industry built around it with questionable, piracy-focused Android-based STBs.

But if that's where most of these TVs are getting compromised, then the whole software support aspect of CR's argument is a red herring when it comes to TVs. Even with updates, this is all privileged code blessed by the user. So we'd still have the same problem.

To quote TFA:

Cloudflare documented that the largest source of traffic used in DDoS attacks appears to come from compromised smart TVs and digital set-top boxes.

Very few articles, TFA included, do a good job of explaining how zombie devices are getting enrolled in botnets. While CR is right to call out a general lack of software support - and more importantly, a lack of notice for when software support is ending - most devices should not be internet accessible by default.

Even the most basic consumer routers have inbound firewalls that would prevent attackers from connecting to and taking over a vulnerable device. And while outbound connectivity is less than ideal in some cases, that has historically not been a significant threat vector.

So what am I missing here? Have we given up on firewalls? There shouldn't be scourge of TVs that are getting pwned.

ltsc Windows 10 is also not ending on that day. So is Microsoft also abandoning their corporate customers? Doubt it.

Keep in mind that Windows LTSC is a wholly different beast. It's meant to go on isolated, task specific devices. Think CNC mills, MRI machines, POS terminals, and the like. Places where you'll never (or almost never) update the software, and are equally unlikely to ever install anything new. In other words, systems just one step beyond frozen, but will still need security updates because they're networked.

That's very different from Office LTSC, which is meant to go on regular desktops in corporate environments where the admins don't want the churn of Microsoft's rolling development and release strategy. In fact, if you're installing Office on a machine, Microsoft considers that strong evidence that the machine isn't a good candidate for Windows LTSC: As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it's better suited for the General Availability channel.

In practice, Windows LTSC is off doing its own thing. Even though support for that isn't ending in October (for obvious reasons), no one running that is going to be running a non-LTSC version of Office (if they're running Office at all).