Syndicate content
Updated: 13 min 35 sec ago

Here's A New Way To Step Into A Virtual World

Fri, 03/27/2015 - 4:38pm

When you strap on an Oculus Rift virtual-reality headset, you're free to look up, down and around. But as soon as you try to explore the virtual world further, you're stuck. You can't interact with your surroundings or walk across the room.

New controllers and sensors hitting the market are built to solve this problem, whether by tracking the precise location of your fingers so you can grab that virtual gun or giving you a simple joystick so you can "walk" from place to place. The HTC Vive, one of the highest-profile new headsets, lets you move around a real room and incorporates your motion into VR.

See also: 6 Ways The HTC Vive Will Freak Out Virtual-Reality Geeks

The startup Occipital thinks there's a simpler way. Up until today, its candy-bar-shaped Structure Sensor, an accessory for mobile devices, has mostly been used for 3D scanning of physical objects—for instance, in order to create 3D-printable virtual models. Now, though, Occipital wants to expand into virtual and augmented reality by giving its sensor the ability to map entire rooms and incorporate a user's actual movement onto a screen, and thus into a virtual world.

Mixing Virtual Reality And Reality Reality

At the Occipital office in San Francisco's Mission Bay neighborhood, I recently rambled around with an Pad in my hands and a Structure Sensor strapped to its back. On its screen, I explored a Portal-esque room in hopes of opening a door to move on to the next level. I noticed a laser crossing the room; blocking it would open the door. But to do so I needed a few of the cubes circulating on a line by the ceiling.

I walked over to a coffee machine in the game, which is called S.T.A.R. Ops, by actually walking down the long row of desks in the Occipital office. I moved through the virtual room in much the same way. I tapped one corner of the screen to grab a coffee cup and moved the tablet away from my body as if I was sticking the cup into the machine. Coffee poured in.

I powered up a nearby gun by tipping the iPad to pour the coffee into a grate. I shot down some cubes and then stacked them in front of the laser, the iPad once again serving as a physical representation of the blocks. The door opened.

It's a funny mix of the virtual and real worlds. Most virtual reality experiences are seated and don't incorporate the tipping and reaching motions calls S.T.A.R. Ops calls for. While the movements are fairly intuitive, it takes a while to get used to them. But the learning curve is quick—on my second run through the level, I cut my time by two thirds.

Positional Tracking Gone Wild

The Structure Sensor works by projecting infrared dots across everything in a room. It can sense depth and motion based on the dots' behavior and build a map of them that updates at 30 frames per second. Occipital calls it "unbounded positional tracking."

There are lots of sensor systems already available in the virtual reality space. Many, like Leap Motion, are more focused on hand tracking—an area with which Occipital is not currently concerned. CEO Jeff Powers related it more to the Kinect sensor, which VR companies have been hacking to incorporate into their demos, except that the Structure Sensor doesn't need any tricky setup to be used with iPads, iPhones and Android devices.

Powers noted that high-end VR headsets like the HTC Vive and Oculus Rift also use sensors to incorporate movement, and said he believes sensors incorporated directly into the VR device are the only way to go. Though the Structure Sensor doesn't currently deliver the precise hand tracking that Vive does, it allows users to move beyond a predetermined area if they want to walk around in a virtual world.

See also: Google's Project Tango: What You Need To Know

Eventually, Powers sees Sensor-like systems being incorporated into our mobile devices. Google's Project Tango phone will be an early example. But beyond that, he said the ultimate form will be wearable devices that constantly read and make sense of our surroundings. That's the vision of augmented reality at which Google Glass hinted. 

True augmented reality is years, if not decades away. But beginning today, Structure Sensor owners can play S.T.A.R. Ops and think about the virtual-reality experiences they would like to see built in the near-term.

Lead photo courtesy of Occipital

Categories: Technology

Your "Strong" Password May Be Weaker Than You Think

Fri, 03/27/2015 - 10:00am

If you've been relying on password meters to determine how strong your passwords are, we've got some bad news. Their strength measurements are highly inconsistent and may even be leading you astray, according to a new study from researchers at Concordia University:

In our large-scale empirical analysis, it is evident that the commonly-used meters are highly inconsistent, fail to provide coherent feedback, and sometimes provide strength measurements that are blatantly misleading.

Researchers Xavier de Carné de Carnavalet and Mohammad Mannan evaluated the password strength meters used by a selection of popular websites and password managers. The sites surveyed included Apple, Dropbox, Drupal, Google, eBay, Microsoft, PayPal, Skype, Tencent QQ, Twitter, Yahoo and the Russian-based email provider Yandex Mail; the researchers also looked at popular password managers including LastPass, 1Password, and KeePass. They added FedEx and the China Railway customer-service center site for diversity.

De Carné de Carnavalet and Mannan then assembled a list of close to 9.5 million passwords from publicly available dictionaries, including lists from real-life password leaks, and ran them through those services to what kind of job their password-strength meters were doing.

Ineffective Rules

Password strength meters typically looked for length, a variety of character sets (such as upper and lower case letters, numbers, and symbols). Some tried to detect common words or weak patterns.

However, the strength meters that looked at password composition often ignored other easy-to-crack patterns, and didn't take "Leet" transformations—which replace the letter l with the number 1, for example—into account. Hackers, of course, often try these variations when trying to crack passwords.

Inconsistent Results

Confusingly enough, nearly identical passwords provided very different outcomes. For example, Paypal01 was considered poor by Skype’s standards, but strong by PayPal’s. Password1 was considered very weak by Dropbox but very strong by Yahoo!, and received three different scores by three Microsoft checkers (strong, weak, and medium). The password #football1 was also considered to be very weak by Dropbox, but Twitter rated it perfect.

In some cases, minor variations changed the assessment as well due to an overemphasis on minimum requirements: password$1 was correctly assigned very weak by FedEx, but it considered Password$1  very strong. Yahoo considered qwerty to be a weak password, but qwerty1 was strong.

Similar problems emerged with Google, which found password0 weak, but password0+ strong. False negatives turned up as well—FedEx considered +ˆv16#5{]( a very weak password, apparently because it contains no capital letters.

"Some meters are so weak and incoherent (e.g., Yahoo! and Yandex) that one may wonder what purpose they may serve," the researchers wrote.

Black Boxes, Black Boxes

De Carné de Carnavalet and Mannan argue that the opacity of password checkers works to their detriment. That could also be a problem for users confused by oddly inconsistent password-strength results.

“Except Dropbox, and KeePass (to some extent), no other meters in our test set provide any publicly-available explanation of their design choices, or the logic behind their strength assignment techniques," the researchers wrote.

With the exception of Dropbox and KeePass, the password meters appeared to be designed in an ad hoc manner, and often rated weak passwords as strong. As the researchers wrote: “Dropbox’s rather simple checker is quite effective in analyzing passwords, and is possibly a step towards the right direction (KeePass also adopts a similar algorithm).”

De Carné de Carnavalet and Mannan recommend that popular web services adopt a commonly shared algorithm for their password strength meters. In particular, they suggest using or extending the zxcvbn algorithm used by Dropbox or the KeePass open-source implementation of it.

Lead image by nikcname

Categories: Technology