Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:SubjectsSuck (Score 2) 204

What are the best alternatives to NACL for cryptographic primitives?

I think the point is "first" is a weird word to use when you are talking about "modern" as "modern" changes with time.

OpenSSL or mcrypt or whatever else you might point to were "modern" when they were "first" used, even if they aren't "modern" any more.

"Only" might be a better choice if you are talking about the current time.

Comment Re: EBCDIC (Score 1) 615

One of the (external) interfaces I work with involves sending ASCII encoded EBCDIC encoded data as post data to a UTF8 web server. (Ie where I need to send the digit "1", we send the hex bytes 46 31, ASCII encoded chars for F9, the EBCDIC character code for the "1" character) This stuff does live on and on and typically gets wrapped inside something else....

Comment Re: This actually makes sense (Score 1) 136

They certainly used to: used to
I think the formula may have opened up a little since then and other manufacturers are involved.
The McLaren Applied Technologies part of the company make a fair few parts used in different racing series.
I think a lot of McLaren's technical and design capabilities would be a good fit for Apple. Whether the racing and even supercar parts are is another question.

Comment Re:How dare you lump XP together with vista! (Score 1) 599

I agree, but for a different reason: Windows 7 is essentially Windows Vista SP1. They are still ~98% equivalent, just as 8 and 8.1 are 98% equivalent.

Yes, Vista had a lot of issues at the start, but so did Windows 8. It was a big jump, but had the edges smoothed off a year or so later.

Comment Re:Er (Score 1) 623

my point is how can you call this an "autopilot"

In the same sense that a plane autopilot is an autopilot? Ie it keeps you on the course and speed you set it at but doesn't do much else. It's perhaps odd that people interpret "autopilot" as meaning "self driving", it's probably called autopilot precisely because it isn't self driving.

Comment Re:Collision avoidance, not autopilot (Score 1) 219

Tesla's Autopilot isn't auto-pilot either. It's collision avoidance, radar cruise control and lane-keep-assist.

That seems broadly analogous to what Autopilot in a airplane does (though I'm not sure airplanes actively avoid collsions, autopilot typically just manages air speed and heading).

What do you expect "Autopilot" to do?

Comment Re: Mind bogglingly complecated co-processing (Score 4, Interesting) 205

Doing any sort of large-scale computational fluid dynamics or finite element simulations may require a great many cores. For example, you might want to conduct a very detailed simulation of the air flow around a vehicle, airplane, structure, etc. to have a basic understanding of its aerodynamics before spending time and money testing an actual prototype in a wind tunnel. You might also want to look at how very complicated, soft-body structures deform due to a variety of external stimuli. Such information would be crucial for certain materials science applications. Chemical reaction and acoustic simulations may also require a great deal of computing power, especially if you want to have a high spatio-temporal resolution.

Essentially, there are plenty of physical and theoretical science applications that can benefit from massive processing capabilities. There is a lot of fundamental science that is also performed in simulation before any actual tests occur.

Comment Low quality ports seem overstated (Score 1) 142

These aren't two radically different pieces of hardware like the PS3 and PS4, it mostly looks like a bump in graphics capabilities. It seems fairly plausible that games will run well on the PS4 in HD and on the new machine at 4K. I have a PS 4 and am not particularly worried about this. Maybe if the VR is better with this on or if I decide to get a 4KTV at some point it might be worth the upgrade. Otherwise I expect to be happy with my PS4 and expect a lot of people will still continue to buy the cheaper PS4 because they only have an HD TV which will keep the PS4 as the most common PS4 platform (and therefore the one game makers consider the primary target) for quite a while.

Comment Re:People don't need supersonic anymore... (Score 1) 132

No one like being in a plane for a long time, even if they have movies to watch or can check their email.

Probably of more relevance is cost efficiency. Not much else matters to Airlines. Airlines get paid for taking someone from point A to point B. It's difficult to imagine it not being expensive, but if a single aircraft can make 5 trips round the world a day compared to 1 then it might be cost effective.

Comment Re:joek (Score 1) 101

The payment card industry needs to fix its crappy, insecure payment cards first before accusing businesses,

It's not entirely clear what you mean by "payment card industry". The "payment card industry" is everybody, including "businesses" and there's an awful lot of existing infrastructure all that has to keep working. It sounds like you are complaining about card schemes (Visa, MasterCard, Amex) but the Tokenisation stuff they've come up with via EMVco is pretty good, it's just there's an awful lot of infrastructure (including at "businesses") that needs to be updated to work with it. (Indeed EMV one time payment tokens appear to be one of the modes supported by ApplePay, so it's probable that people are doing such payments today, but probably only in cases where the cardholder's bank supports it, the merchant supports it in their app, and the merchant's payment gateway supports it, etc etc etc).

But saying the payment industry should do X "before" trying to improve security at businesses is ludicrous, security is about dealing with the real world and trying to make what is already there better, not doing nothing until some ideal solution becomes available.

Comment Re:joek (Score 1) 101

I did not cheat the test. The test was a fraudulent, claiming to identify flaws in my network that were not present.

Well, you did "cheat" the test. A scan is just a scan, it isn't 'fraudulently' doing anything, it's just reporting a possible problem. It's up to you to justify any listening port with a business reason and demonstrate appropriate controls for the service.

Of course it's not immediately clear what sort of compliancy tests you are doing. If it's just Tier 3 then you probably not paying much for your ASV and they are geared (and priced) for scenarios where scans show very little is in scope and not much manual appraisal is done. If it's a higher tier then you should be dealing with people who take the time (and are being paid to) to understand your system and make an informed assessment.

PCI isn't perfect but isn't awful as a set of minimum standards and guidelines.

Comment Re:Choice of words? (Score 1) 86

for why they need SHA-1 certs? Old POS terminals using public CA roots, and still without SHA-256 support. Welcome to the embedded world. And yes, I'm sure they have lots of other vulnerabilities.

What I don't understand (and maybe because I haven't looked too hard) is what "Old POS terminals" have to do with Mozilla. I can understand why Worldpay might need to support SHA1 for their own stuff, I don't quite get why that means a general browser should.

Indeed, perhaps it's nothing to do with the browser at all, and it just means that Symantec can issue these certs without being considered by Mozilla (the group) in breach of some agreed to policy, but that these certs still won't we accepted (if they were seen) by Mozilla (the browser).

If that is the case, then really this isn't a big deal at all. Mozilla's response just gives Worldpay a little more time to get their shit together within the current framework (the alternative, cutting them off, could be less secure, as it would probably mean Worldpay would end up rolling their own SHA1 CA and distributing that root authority to their POS terminals, perpetuating the problem indefinitely rather than giving them a short grace period to catch up)

Slashdot Top Deals

The only perfect science is hind-sight.