Please create an account to participate in the Slashdot moderation system


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Oh please (Score 4, Interesting) 114

Any language where the default equality comparison operator is *true* given two string-type variables with values "0E54321" and "0E12345" is not a cryptographically secure language. In fact there is a nonzero chance of the default equality operator returning true between two different MD5 or SHA256 hashes if they happen to fall into a hexadecimal form that is all digits except for one E or F.

Technically, that (in itself) doesn't necessarily mean that the built-in cryptography nor the language itself are inherently insecure. In theory, that is, provided you understand the language and use it correctly.

And that's the problem. Because in practice, PHP's design philosophy of trying to be clever- often too clever by half- when it comes to comparisons, equality, automatic coercion, data types, etc. etc. too often gives unpredictable and unexpected results from people who weren't aware of that behaviour.

You absolutely do *not* want any risk of this happening when you're designing a system that has to be secure. You want boringly explicit and utterly predictable data and type handling.

My prediction is that far, *far* more security holes will be down to bugs caused by unforeseen subtle aspects- i.e. pitfalls- of PHP's type handling and equality behaviour (etc.) in the apps using it rather than bugs in the cryptographic module itself.

PHP being a language more favoured by inexperienced users, this is likely to be made far worse. Expect lots of newbies with misplaced confidence designing what they think are "secure" apps that are in fact full of holes- either because they've misused or misunderstood the cryptographic module, or because they've overlooked some basic aspect of computer security elsewhere (e.g. failure to parse input securely) that makes the use of cryptography irrelevant.

And those are the sorts of mistakes newbies would make when using any language- with PHP's language design issues on top of that, it has the potential to be far worse.

So, yeah. I trust that the module will be secure. The main problems- I guarantee- will be caused by caused by overlooked (or not known about) aspects of PHP's too-clever-by-half data handling (in client apps using it) leading to exploitable holes, and by the fact that too many of PHP's newbie-skewing userbase will overconfidently assume it makes their apps foolproof while using it incorrectly and ignoring security holes elsewhere that make it redundant.

Comment Re:Horses and barns (Score 1) 32

The horses have run away and you're now opening the barn hoping they come back, but they have long found something better.

If they've found greener pastures, that implies that they were out to pasture in the first place, i.e. not in the stable or barn. But... yeah, I knew what you meant.

I actually found it very witty, sorry to be so cocky.

Your original comment came over as sort of funny, albeit not quite as clever as it was obviously meant to be.

However, if you want to be self-congratulatory, it helps not to undermine things completely...

And yes, I know that the original metaphor requires you to shut the door after the horse ran away instead of opening it. But that part of the metaphor didn't make sense if anything, you would have to OPEN the door when you notice that the horse is gone and hope that the horse comes back home.

That's because you've entirely missed the point of the original metaphor!

Keeping the stable door shut (to stop the horse escaping) represents the thing that was *supposed* to have been done beforehand.

If you fail to do that and "the horse escapes" then... there is no point in trying to remedy things or make amends by shutting the stable door. Of course it doesn't make sense any more... that's the whole point!! The horse is already gone. Shutting the stable door beforehand would have prevented this. Shutting the stable door now is too late to solve the problem.

The point is that doing what you should have done in the first place only *after* the thing it was intended to prevent has already happened makes no sense.

Comment Re:Mobile games too (Score 1) 40

The Wii was a fluke that happened at exactly the right time, hence why Wii U tanked. (removing the Wii, the Wii U had the expected number of buyers from the slowly decaying trend on their total console sales)

I don't know that the original Wii was entirely a fluke; I'd give them the benefit of the doubt and credit them with doing something different to MS and Sony's chasing of the traditional, mainstream "serious" gaming market by going for the casual market (which, to some extent, the DS had already had success in pioneering).

But basically, yes, I agree with you regarding the timing and the fact the casual market had moved on by the point the Wii U came out. I said much the same thing myself a few days back- the Wii U was a contrived attempt to replicate the original Wii's success by doing exactly the same thing (especially its controller, trying too hard to be as original as the Wiimote)... and without recognising that the casual gaming market the DS and original Wii had pioneered had started moving on to tablets and smartphones by then.

The fact that- from what I've heard- a relatively high proportion of the original Wii consoles tended to end up gathering dust in cupboards after the initial burst of enthusiasm and novelty wore off probably didn't help convince the same people to rush out and buy a Wii U. Particularly as the marketing- and name- didn't make clear that it was an entirely new console, and not just a slightly improved Wii.

Comment Re:I Use Mine (Score 1) 59

My daughter prefers to play Wii U single-player games on the GamePad rather than on the television

I have to admit that I've never played the Wii U. However, I remember when it first came out it- and in particular, the screen-based gamepad- struck me as a contrived attempt to replicate the success of the original Wii.

That- of course- enjoyed success because it *didn't* attempt to go down the well-trodden, stereotypical path of reliant-on-graphical-specs hardware and traditional "serious" gamer demographics, but instead targeted the casual gaming market (which had already been opened up by the Nintendo DS which did much the same thing) and used a novel, interesting and more "active" controller- i.e. the Wiimote.

I won't accuse them of wanting lightning to strike twice- since that would imply the original Wii's success was pure luck the first time round, which I don't believe- but it's obvious that they thought they could pull of the same trick again.

Hence, the Wii had a novel controller, so the Wii U had a (contrivedly) novel controller. The Wii got away with being underpowered, so the Wii U would get away with being underpowered. The Wii was a success by targeting the casual market, thus its lack of traditional mainstream arcade games wasn't such an issue- so the Wii U would do the same thing.

One problem as I see it is the "casual" market that the Wii opened up had already moved on by 2012- towards "Farmville"-type Facebook skinner boxes and smartphone and tablet games- and that the Wii U's trying-too-hard controller was pretty expensive and hardly ideal for family and multiplayer games.

But the marketing was also pretty crap- failing to make clear enough that "Wii U" was an entirely new, next generation console rather than a tarted-up Wii or giving people who had a Wii gathering dust in a cupboard any reason to buy a new one. (And that was possibly another issue- the Wii seemed like a good idea to many people at the time, but I gather a lot of them ended up not being used, so they weren't likely to rush out and buy the next Wii).

Comment Re: Zombie Nation (Score 1) 145

Zombie Nation describes the harm sleep deprivation is doing to the United States.

I was going to ask what the hell a bunch of German techno producers would know about it, but I guess they've spent a few late nights in clubs over the years.

(And yeah- I know. I used to think that too, but "Kernkraft 400" was actually the name of the song...)

Comment Re:In other news - in 2062 they will have time tra (Score 1) 114

In other news, in 2062 they will have time travel, otherwise how could you possibly know that just-released 8TB drive would last 45 years?

You know damn well that's unlikely and you're purposefully misunderstanding this.

It's quite obvious to *anyone* with an ounce of common sense that it refers to an 8TB drive they've been running continuously since 1971. Occam's razor, see?

Comment Re:It's a great watch, if a watch is what you want (Score 1) 406

It has failed to do so. So, by Apple's own initial marketing expectations, it's a bit of a flop. Without knowing internal expenses on development, marketing, etc., it's difficult to know how profitable (or not) it may be -- but Apple has moved its own goalposts for success here.

So be it ... it is not a device for everyone, but it is an excellent device for people who want to wear a watch that does more than tell the time.

And that's precisely why in Apple's own terms the device is somewhat of a failure. They wanted to create a large market for smart watches, in the same way that they significantly enlarged the market for smart phones and tablets. But that hasn't happened.

You've said exactly what I was going to say- and to some extent what I'd already said at least once before:-

Whatever its performance in absolute financial terms- or even relative to the pre-existing wearables market- by the standards and expectations Apple clearly had at its launch, this has been an obvious flop so far. I know it has a significant percentage of the smartwatch market, but a significant percentage of bugger all is still bugger all. No-one cares.

It's quite obvious that Apple's original expectation was for it to be in the same mass-market ballpark as the iPad and iPhone. As I acknowledged, it's probably doing okay in absolute terms- in fact, I'd no doubt they would be making a decent profit on it. But relative to their expectations? Flop.

Yeah, I know it dominates the smartwatch market, but that's hardly saying much, except that it's doing better there than the even-more-negligible competition.

Then again, anyone who can say something like "Much like there's no real "tablet market", just an iPad market" when that is transparent bullshit is either beyond partisan or an idiot.

Comment Re: Do the right thing - stand against Trump's big (Score 1) 952

In other words, we ought to continue allowing moslem terrorists to enter the country, because if we don't, we risk angering the existing moslems and they will strike out at us.

The ban wasn't on "moslem terrorists", it was a ban on all people from primarily Muslim countries with a potential exception for Christians. In other words, a ban on Muslims, and your assumption is exactly the "treat all Muslims as terrorists" behaviour they're looking for.

Sure, you could stop "moslem terrorists" entering the country by stopping anyone at all entering the country, of course.

You could also stop mass murderers of American children by locking up anyone with far-right sympathies. (Spoiler; I don't think that's a good idea either).

Or you could better target those known to be a threat. I'm tired of governments using terrorism as an excuse for repression when in- seemingly- the vast majority of cases the people involved were already known as a risk to the intelligence services.

Comment Too many choices are a barrier to adoption (Score 5, Insightful) 353

About a year ago, they changed their offering and split it into so many different plans no one knows exactly what you get.

MSFT needs to immediately limit themselves to four plans:

1. Student

2. Entry-level

3. Power

4. Everything

And they need to make it very clear what these mean, in a single page document which is the same regardless of where you find it on Microsoft's site.

Comment Re: Do the right thing - stand against Trump's big (Score 1) 952

Daesh isn't al-Quaida.

Yeah, I should have been clearer there. My point was that this was a similar- and very up-to-date- example of the sort of leader more concerned with looking macho and pandering to his own ego and voter base at the expense of doing the hard work and effectively (but less showily) destroying them. The sort of thing that plays right into a terrorist group's hands by giving *exactly* the type of response they'd planned for.

They're obviously not the same entity, but the stupidity is similar enough in both cases.

Slashdot Top Deals

"Ahead warp factor 1" - Captain Kirk