Slashdot Mirror

> What is the point?
The point is easy interoperability between *nix and Windows OSs. See my post at OSNews.com http://www.osnews.com/comment.php?news_id=9163#313 438 of it's ease of use.

You can also find more info from from a paper published for the SIGUCCS of the ACM titled: Easy access to remote graphical UNIX applications for windows users Listed below is the publicly available abstract:
ABSTRACT
A barrier deters Windows users from evaluating graphical scientific software that runs only on remote UNIX systems. Graphical UNIX applications are based on X Windows. To make use of X applications, Windows users must install an X server, install communications software for connecting to remote UNIX systems, and configure their systems to display graphics from remote systems. This barrier can be removed by making use of an X server and communications software that run live from CD-ROM. This poster presents such a CD-ROM known as XLiveCD.

XLiveCD appears to users as an application that provides a command-prompt that allows them to log in to remote computers. Windows XP/NT/ 2000 users insert the CD into a drive and click twice in response to a wizard. A terminal window appears on the screen and provides a command prompt. From the command prompt users run the secure shell (ssh) to connect to a remote computer and launch applications. X graphics windows are forwarded automatically.

XLiveCD is based entirely on open source software and is available free for download. It is a Cygwin environment (from Red Hat, Inc.), including the X.org X server and openssh installed and modified to be run from CD-ROM. The home page is http://xlivecd.indiana.edu/.

From the ACM paper "bugs as deviant behavior", we find
"We demonstrate that the approach works well on complex, real code by using it to find hundreds of errors in the Linux and OpenBSD operating systems. Many of our bugs have resulted in kernel patches."
This paper appeared in 2001 and represents the work of several researchers, some of whom were PhD students in CS. Some of them went on to form a private company (Coverity ) which plans to offer (for pay, of course) the use of their software to companies. It would be possible for Sun to use this software to look for errors in Solaris. However, the fact that the source codes for Linux and BSD were freely available allowed these researchers to test their prototype code and to submit bug reports years before Sun or MS had the option of using the tools developed by this group. Who knows what other groups of CS students or faculty are doing the same type of exercise right now; they may develop tools which will help private companies someday while using OSS to test their code now. (By the way, you might ask why such a group might help OSS projects. The answer is illustrated in the quote above; this company can already claim credit for finding bugs for which kernel patches have been released. You cannot buy better PR than this.)

I've been using CiteSeer for years in my research, and still prefer it over Google Scholar.

For computing research CiteSeer and the ACM DL are the two places to go. Scholar may obviate the need for going to both places, someday, but for now it needs to mature a bit.

Do appear not to understand the difference between random access machines and random access memory

First, the title is a reference to a famous computer science paper by Edsger Dijkstra, Goto Statement Considered Harmful.

Second, this MD5 weakness is not yet actually harmful, because no-one has yet devised a successful attack which exploits it. However, it could be considered harmful someday.

the old "my special login has a backdoor, and my gcc detects when I'm compiling login, and puts the exploit it, and my gcc detects when gcc is compiling, and puts the exploit into gcc" trick

Ah, yes - the classic "Reflections on Trusting Trust" trick. Scary how often that never gets mentioned when it should be - so kudos to you for bringing it up.

APL, a very terse language that required a special keyboard: sigAPL

First off, let me establish my credentials: I'm a part-time licensed Life, Health, and Accident Agent in the state of Indiana. You can check here to learn about the Ray Wall and Associates agency, ID 1954880 where I work as a 1099 independent contractor: https://secure.in.gov/apps/idoi/search/servlet/age ncyCriteria

I've seen lots of good feedback about experiences with various life, health insurance, and Errors & Omissions (E&O). Here are some observations:

Do not skip buying insurance unless you have a lot of personal or 100% reliable family reserves to back you. The statistics -- 50% of bankruptcies are due to medical bills and 50% of divorces due to financial issues -- are against you; you're better off sharing your risks across a large pool of folks.

Insurance is cheapest when purchased through a group affiliation, either a pass-through like PACE or professional society. You may be best served by getting your insurance through a professional society group affiliation, such as the IEEE http://www.ieeeinsurance.com/USA2.asp or ACM http://www.acm.org/membership/insurance/. For the cost of ~$120 USD per year, they let you buy life, health, and E&O at drastically reduced rates and automatic qualification. IEEE's health insurance is comparable to a Fortune 500 firms, both in benefits and cost per month. Only downside is you must be a member for a two years to get the IEEE health, by far the best deal!

Cover all the bases. I personally place health and disability first for Get health insurance with a High Deductible (2600 indiv / 5200 family) and Health Savings Account (HSA) unless you have expensive health conditions such as Attention Deficit Disorder (ADD) or diabetes. Nutshell is the money you would pay first due to the deductible is yours to keep over the years in in the HSA, earning interest and/or dividends, if you don't spend it. It's like a mini 401K if you are reasonably healthy!

Buy a limited amount of whole life insurance to permanently cover you, then get the rest in term to be less expensive. Insurance never gets cheaper, so you'll want the whole life to make sure you always qualify and can be buried when you die at a ripe old age :). Whole life also accumalates a kitty that you could use in extremis for money or note as an asset for collateral.

I'm not an investment advisor, but I do suggest getting into an Individual Retirement Account now while time and compounding interest are on your side.

Hope this is helpful!

To your other point, open source and full documentation is a great idea, but someone still has to compile the code and load it on to the machine. At the end of the day, it still comes down to a small group of people, in whom you have to place your trust to ensure the election is conducted fairly. To turn it around a little, if it transpired that one of those people was corrupt, how would you know ?

This reminds me of Ken Thompson's argument about the Trojan Horse. Sure you've got the source right there, but how can you say for sure that this is the actual code the machine will be executing ? Thompson points out that you can't trust code which you did not entirely create yourself.

This is why I think open source in voting machines is still a red herring. You could say that I'm being completely paranoid - sure, and in 99% of other cases involving computers you'd be right. But the trouble is that in a democratic system, people in opposition will (should!) sling all the mud they can to try to undermine the election of their opponent. Electronic voting systems can't be defended from this type of attack, and as a result people start to question it, thereby losing confidence in the democratic system. A hand count where the opposing candidate was free to attend and "put up or shut up" if you like about the conduct of the count, is disarmed from undermining the vote in this way.

The ACM disagrees, and I am inclined to take their word over yours. From their statement on E-voting:

voting systems should enable each voter to inspect a physical (e.g., paper) record to verify that his or her vote has been accurately cast and to serve as an independent check on the result produced and stored by the system.

A paper receipt is a simple low-tech fix to a problem that is otherwise very difficult to solve. As for open source and verification of code, that only goes so far. Read Trusting trust and see how Ken Thompson describes a situation in which having the source code will do you no good.

Before, I had to write a meta-search engine for research papers (papersearch), but maybe now all we'll need is google.

UPE is the one I hear of the most.

If you really are doing research in computer science or IT, a subscription to the ACM portal is well worth the expense. There is an astounding amount of information available through the portal and I've gotten quite a bit of use out of it. A quick search with Google Scholar shows that at least some of the portal content is indexed by this new tool but I don't know how much and if it is all available for free (I would hope not - at least not for another year when most of the current ACM portal subscriptions expire!).

ACM

Unless you meant fraternities that are in the Greek system, in which case I have no idea. Fraternities are about social networking and getting drunk at wild parties, not coding and playing HL2. :)

Pixar loses the Disney marketing muscle. They also lose Disney's corporate arrogance and inertia, so that may be a net gain. The challenge for Pixar is to maintain their goodwill with the MOPS crowd while also doing projects that appeal to the rest of us.

Disney loses the creative talent behind the films. It will take them a while to become competitive, if they indeed can. There's a certain feel to a place like Pixar that finds its way into their work, and you can't manufacture that.

Whether Pixar can maintain a family-friendly line or not remains to be seen. I think they know where their bread is buttered, but who could blame them for wanting to branch out a little?

Some would argue that the process of refinement by iterative design, which is the subject of many texts in the field ...

Program Development by Stepwise Refinement
Niklaus Wirth
Communications of the ACM
Vol. 14, No. 4, April 1971, pp. 221-227.

What is the year now, please ?

CC.

I won't use Bluetooth, and I won't use wireless keyboards, and I'm very leary of wireless speakers and sound. Why? Security.

I have not seen one single wireless standard that actually took security seriously enough to for the protocol to be reasonably secure. They've all had glaring flaws. I have not seen one implementation of The Resurrecting Duckling Protocol for personal wireless devices, despite that being a decent choice that's not at all hard to set up or for lay people to understand. The state of wireless security is abysmal, and I see no signs that it's getting better.

Heck, most digital cell phones aren't even encrypted.

I hope, that it is not as bad as Graffiti 2.

Ivan Sutherland discussed this topic in his Turing Award lecture (he called it Micropipelines) in 1989, using clock transitions to trigger state changes. One problem with high clock rates is that clocks are now so fast that they may not propagate to the entire chip in a single cycle. While I'm not sure that a purely clockless arcihtecture is at hand (since handshaking is not entirely free of cost), clocking could be used within regions on the chips (to reduce gate count and propagation distance) and clockless coordination could be used between regions.

These asyncronous computers are implementations of data flow computers.
The problem is that the first implementations were very slow.

Ahh the classic, "I've done nothing wrong, so what do I have to be afraid of?" Naive in the extreme, and completely against the principles your country was founded upon. Maybe your should go and re-read them, 'cause you obviously don't have a clue what they mean.

I suggest you go read up the Watergate affair if you think that all these laws being passed won't be abused; if there aren't checks and balances then sooner or later it's GUARANTEED that they will be abused!

Besides, I wonder if you'd be saying the same thing when travelling if your name happened to correspond with someone on the TSA's Do-Not-Fly list? It's all "baseless ... fear-mongering" until it happens to you, right?
http://www.acm.org/ubiquity/views/v5i34_kabay.html

Ask yourself this:
You have a carton of six eggs. You break open one and it is rotten, so most likely the rest are, too. What would you do? Most people would just throw the lot out.

Now, imagine they are PEOPLE, and one of them is a TERRORIST. Would you lock them all up? Guilt by association? What happens if YOU were one of the other five? Please enjoy your stay in Guantanamo without access to any legal representation or the right to a swift trial.

That is an example of the balance of civil liberty. As Ben Franklin said, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." That man, surprisingly enough, knew what he was talking about. Wake up and realise that these issues are IMPORTANT, and your inaction is complicity.

Snitch-cam conference proceedings are available here.

It's not that software patents are, in principle, bad. It's that the idiots in the USPTO are letting trivial ones through the syste. Some software patents are completely legitimate. Take, for example, this patent on the "Marching Cubes" computer graphics algorithm. The paper describing this algorithm made it into SIGGRAPH's Seminal Graphics collection of most important papers in computer graphics. Not all software patents are trivial and obvious.

This was the very issue that touchscreen voting was supposed to have solved, the sole redeeming virtue of touchscreen to counterbalance all the negativities.

The user interface problems, I trust, will eventually get solved on their own. But the underlying problems with electronic voting that we are all familiar with -- the most pressing issue -- will not be solved unless the public is made aware not only of the problem ("eat your vote", as the InfoWorld article blithely leads off with), but also the solutions.

So often I hear in social and political gatherings that "paper trails" are bad because paper shouldn't follow voters home lest their be voter intimidation. No one is familiar with printouts behind a glass window until I tell them about it.

That doesn't even get into secure paperless schemes, such as the one invented by David Chaum, the first inventor of digital cash (secure, anonymous, digital) and founder of DigiCash (another underreported technology that could solve all sorts of privacy issues such as with automated road tolling). Chaum's new voting technology is discussed in the October, 2004 Communications of the ACM, which is dedicated toward voting technology issues. ITAA should follow the lead of its academic counterpart ACM rather than propagating ignorance, and by extension, tyranny.

So this is standard practice in this day and age. Diffuse focus away from the real issue.

By now any advocate with money tries to cloak their position in an "infotainment" package that is ready-made, not requiring any expensive or embarrassing reporter leg-work to dig out all the details of an issue like ACM's position on e-voting, and is sure not to upset any sponsors of the media-outlet.

The unfortunate fact is that U.S. Constitutional protections against government suppression of free speech are insufficient to prevent the development of a lapdog press that relies on money and ratings.

There is absolutely no reason why the press must be factual, truthful, unbiased, complete, or even relevent to the issues of the day.

Computer programming students invariably fall into more than one bad habit. It can be extremely difficult to eradicate them (and many lecturers and professional programmers keep succumbing to them time and again). I wrote this when, in the days leading up to an assignment deadline, I saw these things happening so often that I couldnt help but recall my classmates and I a decade earlier doing exactly the same things as my students.

This article is an attempt to show these irrational attitudes in an ironical way, intending to make our students aware of bad habits without admonishing them.

NOTE: This text was published by ACM's SIGCSE in the June 2004 issue of Inroads, the SIGCSE bulletin.

• All about programming, in the strictest sense of the word
• • Ignore messages
  • Dont stop to think
  • I don't want any trouble
• If only I could find the words
• • Reading
  • Writing
• Your relationship with your lecturer
• • Don't ask for help
  • Challenge your lecturer
  • Be clever using electronic mail
• And, of course...
• • Leave it all for the last minute
  • Cheat with your assignment

All about programming, in the strictest sense of the word Ignore messages

Compilers, operating systems, etc. generate error messages designed only to be read by their creators (maybe to justify their salaries). Precious time is wasted reading these messages; time that could be better spent writing code, of course! Error messages make us less productive. Dont fall into the trap. Ignore them.

As for warning messages, ignoring them makes you feel like a professional programmer whos not scared of computers. What better way of showing ones experience as a programmer than delivering a program that generates dozens, no, hundreds of warning messages when it compiles without its author feeling the slightest bit concerned? Everyone can see that youre an experienced, laid-back programmer who is too busy to waste time on drivel.

Dont stop to think

Lets not kid ourselves here. What are we building? A program. What is the only thing that really matters in a program? Code. What really works? Code. Why use outdated resources like pencils, pens or paper? You are a paid-up member of the SMS generation; you dont make a fool of yourself writing time-consuming syllables, right? Then, stop messing around thinking about nothing when theres so much code to write.

You should never stop coding. We all know that error messages are an unacceptable interruption, a pointless obstacle as we go about our work. So what do you do if you get a compiler error message? As you should know by now, reading and understanding it is just not an option.

You can try making some random change to the source code. You never know, you might pull the wool over the compilers eyes. But if this doesnt work, dont waste any more time. NO, dont be tempted by trying to read the message or understanding it. Just keep churning out code - thats the only way of finishing off this horrendous assignment. Youll get to sort the error out later on. And as we all know, errors tend to disappear by themselves if theyre ignored. At the end of the day youll compile, youll

...I first read about it in this CACM article (v33#12, Dec 90). The authors generated random text strings and fed it into UNIX utilities, producing a variety of entertaining crashes and lockups.

"A good portion of the paper discusses common mistakes made by programmers that caused the utilities to fail..." want to bet they mention buffer overruns? (sadly, full text requires ACM membership)

Software patents are just pathetic.

That's a gross overgeneralization. Take, for example this patent on the "Marching Cubes" computer graphics algorithm. The paper describing this algorithm made it into SIGGRAPH's Seminal Graphics collection of most important papers in computer graphics. Not all software patents are trivial and obvious.

Rob's opinion of OO is well known; one of my favorite quotes by him is: "object-oriented design is the roman numerals of computing."

As for building on Unix and C, his(and Bell Labs') answers are well known:

- Plan 9
- Limbo
- Inferno
- [New]Squeak

http://www.acm.org/usacm/weblog/index.php?p=73

"The problems and potentials of voting systems" is the lead story of this month's Communications of the ACM. Unfortunately, the content is not available online unless you are an ACM Portal subscriber or have access through a library. I've read a couple of the articles since my copy of CACM arrived earlier today, and it is very important stuff indeed.

Here's a short excerpt from one article, "Small vote manipulations can swing elections":

[Considering the 2000 Florida election,] an adversary capable of changing one vote per voting machine could have swung 25 electoral votes from Bush to Gore. This would have made the final electoral college totals 246 votes for Bush versus 291 votes for Gore, rather than the actual 271 votes for Bush versus 266 votes for Gore. Thus, an adversary with the ability to manipulate one vote per machine could have changed the outcome of the 2000 U.S. Presidential election.

In my mind, ACM should be trying a lot harder to get the information in this issue of CACM into the public eye. Not only the article I've excerpted, but all of them.

cbd.

"The problems and potentials of voting systems" is the lead story of this month's Communications of the ACM. Unfortunately, the content is not available online unless you are an ACM Portal subscriber or have access through a library. I've read a couple of the articles since my copy of CACM arrived earlier today, and it is very important stuff indeed.

Here's a short excerpt from one article, "Small vote manipulations can swing elections":

[Considering the 2000 Florida election,] an adversary capable of changing one vote per voting machine could have swung 25 electoral votes from Bush to Gore. This would have made the final electoral college totals 246 votes for Bush versus 291 votes for Gore, rather than the actual 271 votes for Bush versus 266 votes for Gore. Thus, an adversary with the ability to manipulate one vote per machine could have changed the outcome of the 2000 U.S. Presidential election.

In my mind, ACM should be trying a lot harder to get the information in this issue of CACM into the public eye. Not only the article I've excerpted, but all of them.

cbd.

Anyone heard of Robert Wilensky and Tom Phelps and their work on solving the broken link problem? How about my work?? :)

Anyone heard of Robert Wilensky and Tom Phelps and their work on solving the broken link problem? How about my work?? :)

Trojans can still be introduced by evil compilers. See Ken Thompson's Turing Award Lecture.

Why don't we revisit computer architecture and use a system that maintains a distinction between instructions and data... thus preventing this entire set of problems from happening? Just be aware that's not my idea.

Of course, if you have a monitor that can be updated faster, you'll need a faster CPU to process the data.

Seriously, there are advantages for animation and 3D. Faster frame updates can provide higher virtual resolution, as each successive fram matches slightly different edge locations for objects. (That's badly put, sorry.) Higher frame rates can also improve the visual smoothness of rapidly moving objects. If you film a person moving their eyes rapidly, you'll see that they don't move smoothly - they jerk through the motion, stopping every few milliseconds to catch a frame. The higher your frame rate, the more likely your scene is to be "correct" for the eye location at that moment. Intuitively, we've all experienced the jerkiness of movies when things are moving fast. It can be disruptive to the experience.

The advantage of higher frame rates was demonstrated with the first cheap 3D head-mounted display Virtual Reality system (to my knowledge) was built by Dr. Michael McGreevy, at NASA's Ames Research Center at Moffett Field near San Jose CA. (See this 1989 paper, this 1993 overview, and McGreevy's 1989 talk.) He used two Citizen 2" handheld TV monitors with only 128x128 resolution, IIRC. Because of the small number of pixels for which to process data, his system was able to update the 3D display data at high frame rates.

He had an interesting and surprising discovery. Our eyes have a small "jitter" - they move back and forth a very small amount, quickly (I don't recall why). He found that his system updated so fast that it altered the display as the eyes jittered. The result was a virtual (perceived) resolution higher than 128x128 would be expected to provide. I think this was in a Scientific American article in about 1988.

If the author of the software had simply deleted the software itself, or disabled it in some way, this could be acceptable, but deleting a user's home directory goes WAAAAY over the line.

A good general guideline for ethical behavior in CS is theACM Code of ethics. This violates several points, including:

1.2 Avoid harm to others.

1.3 Be honest and trustworthy.

1.7 Respect the privacy of others.

(1.2 is the most applicable here, I think)

That's because the ACM copyright notice explicitly allows authors "the right to post author-prepared versions of the work covered by ACM copyright in a personal collection on their own Home Page and on a publicly accessible server of their employer. Such posting is limited to noncommercial access and personal use by others, and must include this notice both embedded within the full text file and in the accompanying citation display as well"

If that was not allowed you would not be able to get access to most CS publications either.

I dont know, however if you are interested in the details then I would start with a search of the ACM transactions papers on the subject. They contain many of the recent research results in these areas:

ACM

If you subscribe to CACM, there is a good read in this month's issue on P2P security issues, including what you mentioned.

If you subscribe to CACM, there is a good read in this month's issue on P2P security issues, including what you mentioned.

Don't just lock it, deadbolt it. Many college freshmen (myself included) learned how to card a door in a matter of seconds. Also, consider taking up some activites or intermurals. Not only will you get in better shape, but you can make friends that you normally wouldn't. Join a club, any club, and participate! Most college campusus have a million clubs. There is always the ACM too...

...it's not as if you'd have a way to detect when you'd achieved it even if it was achievable.

Actually, some of the more experimental (i.e., with big budgets and in labs, not the sort you'll be able to play with online) machine translation systems are showing interesting success rates using statistical models rather than any sort of conceptual processing. Instead of trying to imitate a human's range of knowledge and responses, the teams building these systems are coming at the problem from the point of view of, given X in language A, what is the most likely X in language B? And rather than approaching the text at the level of words (painfully failure-prone, requiring unwieldy grammatical modelling and extensive dictionaries), the models approach the text at the level of segment (usually sentences, but configurable). What some of the more successful systems have used is a set corpus of source texts, which the team then outsources to a number of different translators. These translations (target texts) are all fed into the memory system, with the relevant segments linked to the appropriate segments in the source corpus. Though now six years old, one such effort is outlined here.

However, ultimately, your comment of "narrow, carefully bounded areas of discourse" is perfectly apt -- the statistical model itself might be applicable to general discourse, but the amount of work needed to generate such a linked corpus precludes its creation for any but the most specific and clearly useful applications. Industrial language is a great area for machine and/or machine-assisted translation, in that the volume is high enough humans alone can't handle it without exorbitant cost, yet the language itself is constrained to the point that machine translation becomes feasible, even desirable in that humans would often be bored (the writers of such documentation also have my sympathies). Furthermore, new documentation is often only an update of what came before, meaning that most of it has likely been translated in the past, and the prior target-language text(s) can thus be reused. As I mentioned in another post in this thread, deliberately constrained writing can simplify the process even further. "Controlled writing" is much like a well-internationalized coding project, in that it is much more easily localized to other target languages.

I do tend to ramble on, but then translation is my livelihood. :) Cheers!

Even where such terms are well-defined among all human cultures (and many of them are not), how the #@&%! are we supposed to program an AI to recognize what they mean?

Actually, if I understood the patent correctly (and I'm not sure it's even possible to understand this complicated patent correctly, so go easy on me), it doesn't say it will recognize these terms, it says it will prefer to express its goals in these terms. That is, it will not express its goals in terms of wanting to optimize a "level of vengeance" or "level of malice", but instead will choose goals that attempt to optimize the corresponding virtues (according to his table).

The problem even with the claim that this has been implemented is that the programmer, not the program has made these choices. Correct me if you have read more thoroughly than I and see otherwise, but, as it seems to me, these robots are not introspective in the sense of things like a Reflective Lisp, capable of pondering its own internals and modifying them. There is no introspection phase I saw where the robot has a chance to introspect and audit its own rules to make sure that the human-coded goals are in fact implementing what they say they are.

The reason this matters is that the robotic laws are expressed in terms of "I" and what "I will express". But the Robot, in point of fact, does not appear to have a choice of how it does and doesn't express its goals because there are parts of it hard-wired and apparently unchangeable by non-robots. Even if the goals are, in part, derived through linguistic interaction, I seriously doubt that the rules for interpreting the linguistic interaction can be themselves modified in all possible ways through introspection and interaction. And if they can, I think the halting problem is very quickly going to get involved in allowing you to continue to prove much of anything about the implications of the mess that results.

Well, you're right, actually. For example, in 1993 there were already a slew of tools for POV-Ray. I should have said "10th anniversary of the official site", but didn't want to get too long-winded.

Bloom filters have been around since 1970 (link to acm digital library - you probably need a subscription to get in), and can be based on any crytographic hash function, such as sha-1.

Bloom filters tell you if something is (probably) a member of a set. If you know an email address, you can ask "is this email address in this address book?", but you can't ask "what are all the email addresses in this address book?" without guessing every address. Essentially, if a spammer already has you email addrees, he can verify that it's actually in use, but if he doesn't already have it, guessing it is likely to be fairly hard (unless it's something like bob@hotmail.com, or if loaf uses a weak cryptographic hash function).

In other words, loaf is as difficult to break as reversing a hash of your email address. The longer your email address is, the safer you are.

-jim

I'll throw in the usual note here, since no-one else seems to have:

http://www.acm.org/classics/sep95/

Community audited source code may be 'safer', sure, but that's not to say you can really trust it, either.

-mis