Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re: NB: most medical scientists (Score 1) 133

Complex doesn't mean perfect or without flaws. Also, you cannot imagine how many germs coexist with us and we depend our life on them.

Also I'm not a biologist however as far as I understand it's not viruses that kill us, it's our own failing biology due to our DNA: death is programmed deep in our DNA, or otherwise there wouldn't be evolution. I might be totally wrong of course - I'd like to hear what actual biologists would say.

Comment Re:Practical? (Score 2) 9

If Google can do that, NSA can surely do that - maybe not right now but quite soon.

Also don't underestimate various botnets - right now they are mostly used for spamming/DDOS'ing/crypto currency mining (which in itself is ... hashing) but they can be used for finding collisions in SHA-1 as well.

Also don't forget that "practical" in this case means that an attack can be carried out using currently existing availble computational resources, vs. something purely theoretical which requires billions of CPUs/GPUs or quantum computers.

Comment NB: most medical scientists (Score 3, Insightful) 133

The human body is the most complex organism in the known universe so there's nothing to be sneezed at or be surprised by. For instance recent studies have shown that for a lot of people placebo works even when people have a perfect knowledge that they are given placebo.

As another confirmation, the brain has the ability to directly change/affect the chemical processes in the body as demonstrated by Wim Hof who can manage his body's temperature at will.

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Submission + - PHP Is First Language To Add "Modern" Cryptography Library To Its Core (bleepingcomputer.com)

An anonymous reader writes: The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default. Developers approved a proposal with a vote of 37 to 0 and decided that Libsodium will be added to the upcoming PHP 7.2 release that will be launched towards the end of 2017.

Scott Arciszewski, the cryptography expert who made the proposal says that by supporting modern crypto in the PHP core, the PHP team will force the WordPress team to implement better security in its CMS, something they avoided until now. Additionally, it will allow PHP and CMS developers to add advanced cryptography features to their apps that run on shared hosting providers, where until now they weren't able to install custom PHP extensions to support modern cryptography. Other reasons on why he made the proposal are detailed in depth here.

Arciszewski also says that PHP is actually "the first" programming language to support a "modern" cryptography library in its core, despite Erlang and Go including similar libraries, which he claims are not as powerful and up-to-date as PHP's upcoming Libsodium implementation.

Comment Not that easy (Score 3, Interesting) 105

It's almost impossible to eradicate cheaters in CS:GO and similar games for one important reason: CS:GO servers send you full information about all the gamers who're playing the match with you, which means it's quite trivial to intercept this information and modify certain game engine variables to e.g. make other players visible though the walls (wallhack) or to make your bullets always reach the destination (aimbot). Now even if you don't send all the information, the game still has to show other visible nearby players to you, so dealing with aimbots seems like a lost game.

Speaking frankly I've got no idea if this problem can be fixed at all except for controlled LAN matches (but even then we've had reports that certain cheaters made through by bringing their cheat programs inside their mice - the mouse is connected via USB which makes it trivial to extend its internals to include a mass storage device).

To give Valve credit they're now testing an AI to detect cheaters. They do it because it's virtually impossible to detect cheat applications using any sort of matching (like antiviruses do).

Comment Re:Add-ons which will stop working include (Score 1) 2

Here's what a DTA developer, Nils Maier, wrote in response to this policy:

Hi mig[-1], and everybody who also asked and I BCCed, and whomever it
may or should concern too,

First: the "fucks" are directed exclusively at mozilla - the
organization, not you.

If I CC'ed you and you're now thinking: Who are you even? Valid
question: I develop one of the most popular Firefox add-ons (open source
without profit motivation), and am a decade long mozilla enthusiast,
advocate and volunteer contributor.

> I'm just back from a Mozilla event where i was sorry to hear you were
> giving up on DownThemAll. I don't know the whole story, but in my
> opinion, this would be a shame to leave a 1.25M users audience.

The whole story is basically that mozilla folks are fucking up the
add-on space.

The whole story is that DownThemAll! would need a ton of niche APIs that
mozilla has neither the resources nor the will to spec, implement and
maintain[0].

The whole story is that WebExtensions APIs explicitly are supposed to be
high level APIs, while tons of add-ons actually want, nay need low level
APIs to implement their functionality.
The rational here seems to be "Fuck yall, we consider you too stupid
and/or evil to give you low level access, also we're lazy and not good
with money so we couldn't possibly support low level anyway"
The high level API shit is what's killing the platform, not XUL or
(partial) XPCOM deprecation.

The whole story is that I just finally grew tired of the steaming pile
of utter rotten horse manure that is the mozilla decision making process.

I'll evaluate the list of forks that do exist or will exist once mozilla
pulls the WebExtension switch for real, and see if any of them will be
an alternative to the then deliberately-made-retarded mozilla browser.

I gave mozilla a list of what interfaces DTA source code contains
currently (mozI*, nsI*) either way and other feedback, since they asked.

It is my opinion that it's not me who's leaving a 1.25M Active Daily
Users DownThemAll! audience, but mozilla is abandoning them (and me) and
not just them but also the developers and users of tons of other add-ons
with small and large audiences[1].

I'll keep maintaining (most of) my add-ons for the time being, albeit
with far less enthusiasm, in case mozilla wakes up or some viable fork
comes along, tho.

> As far as i can tell, DownThemAll will be able to run on WebExtensions
> once the missing APIs (mainly file writing) will be integrated, and i
> got the confirmation this will happen in due time.

I have no hopes that they will implement proper APIs, not even for file
writing[0 again]. Other than file writing, there are no proper APIs to
do requests, there are no proper APIs for other stuff such as executing
files, other kinds of OS integration, UI integration and so on and etc
and pp.

And that's just DownThemAll!, looking at my other add-ons (public or for
personal use) and also those I use of other devs, most of them will be
dead in the water, or could only be ported with serious, serious
limitations. Some add-ons I use already were abandoned, rightfully so
because WebExtensions offer no way forward for those addons, and for now
I fix them locally for me if something breaks (I cannot take over
maintainership and publish them as I lack the time and motivation to do so)
I have no use for crappy webrequest/toolbar button APIs alone. At least
the Adblockers will survive I guess... hurray!

Dismantling the add-on system just because mozilla doesn't like the
maintenance burden all of a sudden?

"B-but we want away from XUL and a lot of XPCOM".
So what? Neither is this going to happen anytime soon realistically, nor
is that any reason not to give add-on developers access to whatever
replaces it.

"B-but add-ons will break less if ever if they are WebExtensions".
Sure, and tons of add-ons should and will go the WebExtensions route.
Doesn't mean you have to fuck over the add-ons not fitting in the
WebExtensions space. There are tons of dedicated add-on developers who
have been dealing with breaking changes in Firefox since it first got
add-ons, for better or for worse. Most of the time, we managed in a
timely fashion.

Even those add-ons which can be reasonably ported need to be ported in
the first place. Somebody will have to do the actual work, which is on
entirely different scale than a "few" "let's move this shit into a
framescript so it works with e10s" fixes.

Frankly, it's add-ons which contributed a lot to Firefox' success, and
it's add-on which eased Firefox bleeding users to Chrome, and once the
add-ons that go beyond WebExtensions stuff are gone, the bleeding will
only increase again.

> To tell the truth, i have been myself very frustrated just a few weeks
> ago, and considered giving up VDH on Firefox. Now i can see a clear
> future (even if there is a lot of development work to be done).

Quite honestly, I'm over the frustrated stage and arrived at the furious
anger stage. And I grow only more hopeless about mozilla as time progresses.

WebExtensions are far off from feature parity, let alone bug parity for
even the Chrome extension APIs, yet announce EOL for new add-ons in 53
and EOL for all add-ons in 57 [0 again]?
What the fuck are they thinking?
Whoever was involved in that decision with actual say: Please do us all
a favor and just step down from any leadership position you might have.
Or better yet, apply for a leadership position in the Google Chrome
team; Firefox can use some help from you eventually ending up
inadvertently sabotaging Chrome sooner than later.

What's even more discouraging is that mozilla will be using their
"signing required" Walled Garden they installed because "reasons, not of
them actually sane or good" that they swore they will not use to fuck
with add-ons[2] - just to do exactly that, and fuck with add-ons,
stopping to sign new non-WE add-ons with the Firefox 53 release.
THANK YOU VERY MUCH! I TOTALLY TRUST EVERYTHING YOU SAY NOW MORE THAN EVER!

Does the Walled Garden help make Firefox more secure? Nope.
Is it abused to force unrelated policy changes instead? Yep!

mozilla has been a huge clusterfuck for years now, not just in the
add-on space; lacking proper (tech) leadership, lacking vision, focusing
on the wrong things at large more often than not, fucking with their
core users for no apparent reason other than "but we have to do
*something* to stay relevant". And even stupid stunts like force
bundling crapware (pocket) isn't too goddamn stupid to do these days.
"1 million mozillians!", yeah, you will certainly achieve this by
alienating everybody on many fronts at once.

I've been part of the mozilla universe for almost one and a half decades
(or almost 15 years in "metric") now. I'm doing DownThemAll! and other
extensions since about a decade now. I've seen tons of fuckups in that
time, and produced a few myself; but that was OK because none of those
were deliberate and we always worked together on fixing things.
Not ever before did I think mozilla is hopelessly fucked at a
fundamental level. But the last one or maybe two years changed that.

I have to admit that I failed to see this for a quite some time,
deluding myself into thinking "it's not that bad", "they'll will do it",
"temporary setback", "they will recover", "I can learn to live with
that"... Tried to rationalize all this away...
But that's ended.

I'm fed up as an add-on developer, I'm fed up as a mozilla advocate, I'm
fed up as somebody who used to help the other add-on devs, I'm fed up as
somebody who contributed an enormous amount of volunteer time directly
in many different ways, I'm fed up as a Firefox user.

In conclusion, let me end with two quotes from[3] (second one quoting
myself)

"Itâ(TM)s fascinating how Mozilla manages to always find the exactly right
words â" to make their most avid browser enthusiasts feel absolutely
miserable!"

"I honestly hate you [mozilla] right now."
"Bye"

Nils

PS: If anybody feels the inexplicable urge to reply and wants me to know
about it or even respond, make sure to CC me.

[-1] who is on BCC because publicly posting his email address might be rude.
[0] I'm explicitly not dumping on the team that actually implements the
WebExtensions support and APIs, they seem to be doing a fine job with
the resources they got from mozilla. And I am not opposed to
WebExtensions, quite the opposite. But I am opposed to WebExtensions-only!
[1] Well, unless you're NoScript and get special treatment. Well again,
DTA is probably large enough to beg and get special treatment, but I
don't actually want better treatment than others.
[2] And that's still a large legal gray area; e.g. can mozilla legally
sign add-ons of devs from countries with US sanctions/embargoes
[3]
https://blog.mozilla.org/addon...

Comment Add-ons which will stop working include (Score 2) 2

* FindBar Tweak, Beyond Australis, OmniSidebar and Puzzle Bars ( http://fasezero.com/ )
* NoScript ( http://noscript.net/ )
* Pentadactyl ( https://addons.mozilla.org/en-... )
* Vimperator ( https://addons.mozilla.org/en-... )
* DownThemAll ( http://www.downthemall.net/ )
* Classic Theme Restorer ( https://addons.mozilla.org/en-... )

After that we'll have something akin to Chrome's web store with thousands useless add ons with ads and no privacy whatsoever.

I fail to understand why anyone would want to run Firefox from then on, since it will basically become a Google Chrome clone with a slightly different rendering engine.

Submission + - Mozilla will deprecate XUL add-ons before the end of 2017 2

Artem Tashkinov writes: Mozilla has published a plan of add-ons deprecation in future Firefox releases. Firefox 53 will run in multi process mode by default for all users with some exceptions. Most add ons will continue to function, however certain add ons have already ceased to function because they don't expect multi user mode under the hood. Firefox 54-56 will introduce even more changes which will ultimately break even more addons. Firefox 57, which will be preliminarily released on the 28th of Novermber, 2017, will only run WebExtensions: which means no XUL (overlay) add ons, no bootstrapped extensions, no SDK extensions and no Embedded WebExtensions. In other words by this date the chromification of Firefox will have been completed. If you depend on XUL add ons your only choice past this date will be Pale Moon.

Comment My take (Score 2) 197

What exactly is the role of tech conferences?

To establish new business connections. To discover new trends/solutions/ideas which you might have missed due to being busy. To talk to your purveyors and discuss the things in person which are difficult to discuss over the phone/e-mail.

And then what's in it for my employer, who's paying to send me there?

Likewise.

Comment Maybe because (Score 1) 97

No one needs singing idiots in the IT industry. Their vocal talents are indisputable however it's what not people are seeking for when they're choosing new tech toys to buy.

Another confirmation of my statement is the fact that no one has offered a similar position to Brian May, who's a rare scientist in the pop sphere.

Comment My rejected more informative news (Score 5, Informative) 113

Subject: Microsoft disables p2p Skype protocol starting March 1, 2017

In a recent update of Skype for Windows Microsoft has announced that starting March 1, 2017 older, p2p versions of Skype will cease to work. This affects Skype for Windows versions 7.16 and below, Skype for Mac version 7.0 to 7.18 and the native Linux client (its only functional version 4.3). This news is especially unpleasant for Linux users of Skype, since the new "cloud ready" version of Skype for Linux is nothing more than a packaged Google Chromium web browser with Node.js running a web version of Skype, which means its memory consumption is huge and it's unable to store your conversation history locally indefinitely like the native client did.

P.S. One can only wonder why ./ editors choose less informative posts over more informative ones.

Submission + - Microsoft disables p2p Skype protocol starting March 1, 2017

Artem Tashkinov writes: In a recent update of Skype for Windows Microsoft has announced that starting March 1, 2017 older, p2p versions of Skype will cease to work. This affects Skype for Windows versions 7.16 and below, Skype for Mac version 7.0 to 7.18 and the native Linux client (its only functional version 4.3). This news is especially unpleasant for Linux users of Skype, since the new "cloud ready" version of Skype for Linux is nothing more than a packaged Google Chromium web browser with Node.js running a web version of Skype, which means its memory consumption is huge and it's unable to store your conversation history locally indefinitely like the native client did.

Slashdot Top Deals

"Just think of a computer as hardware you can program." -- Nigel de la Tierre

Working...