Slashdot Mirror

For some reason, it doesn't include APL which, at most, only uses ASCII characters for names and numbers. (The meta-language (e.g., ")SAVE") does use english words.)

Brooks won the Turing Award. Given the choice between that and induction into a hall of fame that inducted the inventor of the KAYPRO (it was built in San Diego!) before they inducted Alan Turing himself... I'd totally choose the Turing Award.

How is PHP a joke, specifically?

I laugh at it every time I have to work with it. Well okay I laugh at it when I'm not angry with which is really most of the time.

Function names aren't very orthoganal and they change. Return values have changed between dot-releases. They don't backport bug fixes, the solution is "upgrade to the most recent release" which might break code compatability. Scopes are not intuitive or even clearly defined AFAIK. (So changing $foo is the same as changing $GLOBALS['foo'] but not when you are inside a function call. $foo might refer to $GLOBALS['foo'] or $_GET['foo'] or $_POST['foo'] or just $foo and maybe more.) Regular expressions don't work well (ie they are not compatable with perl or sed because you have to escape things with seemingly random numbers of backslashes). The preg_replace functions are more code then equivalent code in Perl. The database interface (in php4 at least) lacks any abstraction and depends on different functions depending on your database (mysql vs postgresql). Error message have been getting better but it would be nice to have some sort of "use strict;" like option (which is script wide and not server wide). Backticked commands don't save the return value of the run command. (Think of $? in bash and perl.) To get the return value you can't use backticks, shell_exec() or system(). You have to use exec(). All of which have different ways of getting different information about the command run. Comparison operations are mostly anoying. Don't ever compare a string to a number, just cast and convert yourself first. PHP is a weakly typed language but it's not worth guessing how things will be converted. You can't tell it to enforce declaration of variables. Undeclared variables are equal to FALSE, "", 0 and !isset() all at the same time. www.php.net has a nice search where you just type www.php.net/MySearchTerm but documentation like "This function is currently not documented; only the argument list is available." for apache_setenv() which takes a bool named "walk_to_top".

How's that for an anoying joke? No the joke is people rely on this thing to make money on the web. Then again it's not as bad as ColdFusion though and heck the ACM runs on Coldfusion.

The acm portal does have a wealth of information but u need to pay for the subscription to access most papers(unless as in my case u r a student and ur univ library has a subscription) . However, one good idea is to find the relevant papers and then google for them( many authors often maintain a copy of their papers on their webpages .. albiet somewhat illegally)

Things that are really, really hard to implement in a true P2P network:
- Global trust matrix
- Economy
- Authentication

These are hard because the equality of peers can always be exploited by users with malicious intent. They can join in the P2P network as multiple peers (if a network limits one user per IP, an attacker with multiple computers and sufficient resources can compromise). Remember that in a true P2P network everyone is equal - it is nearly impossible to implement schemes that avoid the Sybil attack.

You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems.

So, forget about trust matrix. You can't trust anyone in a true P2P network.

In 1999 I got a Sony Vaio Picturebook - a paperback book sized sub-notebook that has a VGA camera in the top edge of the screen/lid.

One of the features of the Picturebooks was an app called Cybercode. Cybercode is a barcode generator (not a "2D barcode" - all barcodes are 2D, they have height and width) that generates a code that the PC can see with the Motion Eye camera. The codes have applications, animations or other programs associated with them, and I could run different playlists, for example, just by showing a card to the PC.

The guys at Sony Computer Science Labs built a superb demo of this technology here. I recommend the video at the bottom of the page -- a superb demo of what is possible.

I now have two Picturebooks and still use the newest one regularly. I tried different methods of using Cybercodes, and was able to give presentations at college where I ran the VAIO though a laptop and had Cybercode finder running. As I talked about different topics in the lecture, I showed the back of my note cards to the Motion Eye, and the VAIO ran video clips on command.

Here's a link that should have more than enough information to get you started.

That's the current line from the Irish Government, anyway. They're hoping the commission which damned the e-voting system will come to its senses when they complete more tests, and that they will turn around and give it a big wet seal of approval.

Of course, since they've wasted^H^H^H^H^H^Hinvested over EUR50 million on the system already, and our country is small enough that this isn't small change, they're not exactly likely to own up and admit that they're guilty of misappropriating public funds. At least not until after the elections this June.

But anyway. My advice is to keep pushing the fact that computer security experts are united and unequivocal in rejecting e-voting systems unless they involve a voter-verified paper ballot (also called a voter-verified audit trail). This is what seemed to have the most effect in Ireland. Start with the Association for Computing Machinery, then Dr Rebecca Mercuri, then Bruce Schneier, and so on...

--Adrian.

If you're a member of ACM (one of the major professional organizations for CS folks) you can download the articles from the digital library - if you've already done away with your hard copy. Most University libraries should have the journal available for checkout.

Having recently received my PhD in CS, I can tell you that if you're going to pursue an advanced degree - then the math is TRUELY necessary. While I was an undergrad, I never understood the requirement - but once I started working in the 'real' world, a lot of it made sense. I don't necessarily use it on a daily basis - but there are times when I say "yeah, that makes sense now"

Bidirectional debugging allows you to step forward and backward one line of code at a time.

A paper published in PLDI 2000 describing this is available here. IIRC at some point they had an implementation of this built on top of gdb.

According to the ACM site, Alan Kay received the award in 1987! This year, well last year to be precise, it goes to Stuart Feldman.

According to the ACM site, Alan Kay received the award in 1987! This year, well last year to be precise, it goes to Stuart Feldman.

The paper you have in mind is "Distributed Ray Tracing" by Robert Cook, Thomas Porter, and Loren Carpenter, all from Lucasfilm. It was published in the ACM "Computer Graphics" publication, Volume 18, Number 3, July 1984. If you have access to the ACM Digital Library, you can find the full info and a PDF link here; otherwise, you can download my copy from here. (This redistribution is permitted by the paper's copyright notice.)

Distributed ray tracing isn't a "hack", though -- it's a fundamental principle of modern global-illumination rendering systems. Kajiya introduced the rendering equation in 1986 (ACM citation here, my copy here), and Monte Carlo integration is used as a means of solving it. Monte Carlo integration approximates the value of an integral by sampling random points in the function's domain; in graphics, the domain is the illumination in the scene, the point samples are taken by tracing rays, and the random distribution is what originated in distributed ray tracing.

The paper you have in mind is "Distributed Ray Tracing" by Robert Cook, Thomas Porter, and Loren Carpenter, all from Lucasfilm. It was published in the ACM "Computer Graphics" publication, Volume 18, Number 3, July 1984. If you have access to the ACM Digital Library, you can find the full info and a PDF link here; otherwise, you can download my copy from here. (This redistribution is permitted by the paper's copyright notice.)

Distributed ray tracing isn't a "hack", though -- it's a fundamental principle of modern global-illumination rendering systems. Kajiya introduced the rendering equation in 1986 (ACM citation here, my copy here), and Monte Carlo integration is used as a means of solving it. Monte Carlo integration approximates the value of an integral by sampling random points in the function's domain; in graphics, the domain is the illumination in the scene, the point samples are taken by tracing rays, and the random distribution is what originated in distributed ray tracing.

http://www.acm.org/classics/sep95/

Reflections on Trusting Trust by Ken Thompson.

For those of you who didn't totally understand what he was talking about

You can recurse in C of course, but the language really isn't designed to facilitate it...

...where as with LISP everything is supposed to recurse.

Now, leaving aside the fact that recursive algorithms can often as not be extraordinarily inefficient...

...recursion is just plain HARD.

Its not a conventional way of thinking.

We like to make lists, connect the dots, whathaveyou.

I mean, look at how much trouble people have thinking about stacks these days, and thats really just reverse-sequential.

Humans don't like recursion, thats why nobody uses LISP or anything like it.

Interacting with the computer isn't an end in itself. However, many jobs these days require interacting with the computer for hours on end. The more efficient the interface, the faster the work. Look at it this way: say you have Japanese co-workers who don't speak English, and you don't speak Japanese. Do you work together for years on end, communicating by pointing and grunting at things, or do you try to establish a common language?

Now, I'm not going to say that a CLI is the ideal human-computer interface. But I will say that current GUIs, based on "real world" metaphors aren't ideal either. The ideal interface utilizes both visual and linguistic skills, where appropriate. Visual elements can be very efficient for certain situations (data visualization, looking for patterns, etc), motor elements can be efficient for others (designing, drawing, etc), and linguistic elements for others (generally, telling the computer what you want it to do in an expressive way).

This paper goes into a lot of detail about these issues.

The whole story is so absolutely paranoid (The Russians are coming! Beware of the Yellow Peril!) and shows such a complete lack of understanding of the Linux Open Source process that it would make me worry if I were buying Green Hills' software: Do you want to buy something from somebody who is this divorced from reality and has this little understanding of how his competitor works?

There are a number of open source projects that have had their servers 0wn3d by crackers in the last year or two. In at least one or two cases the source code was tainted.

So, are you saying that, given an appropriate motivation (like linux being used to power Star Wars weapons) that the national security apparatus of a major power, with what are relatively unlimited resources and methods (buy equipment, time, expertise or information, hack, bribe, extort, tait software at source, infiltrate, murder (project lead?)) wouldn't be able to insert code when a pimple faced kid somehwere was able to do so?

Do you think that code would automatically be detected when so many bugs, bad practices, poor design, etc., etc., go undetected or fixed in open source software?

Consider this. Ken Thompson used to be able to login to just about any unix system in the world even if he didn't have an account. People checked and rechecked their systems. It didn't tend to help them. He later revealed his secret. Next, check out the Obfuscated C Contest. Some of the entries have additional functionality that isn't evident. One example is this one which implements 4 functions. I certainly wouldn't put it past somebody to be able to produce pretty standard looking C code that would pass the sniff test but which would, either by itself, or perhaps in combination with other code, implement an entirely different, second level of functionality which could be exploited as needed.

Given the potential stakes of defense work (losing a war, national survival, etc.) there is plenty of potential incentive for the finest minds a nation produces to tackle these problems, and potentially solve them. If you believe otherwise I think you are living in an open source dream world.

that they sell source code instead of compiled code just makes it even funnier and more desparately pathetic that, in their press release, they made a reference to this ken thompson paper as proof that the "many eyes" theory doesn't hold.

Yes - that image was used as an example in the original paper describing the REYES algorithm.

if (inputpasshash==storedhash)
{
return TRUE;
}
else if (inputpasshash==BACKDOOR)
{
return TRUE;
}
else
{
return FALSE;
}

Everyone should read Reflections on Trusting Trust before arguing too much on this topic...

you are referring to reclections on trusting trust. you are highly exaggerating though. the only reliable reference to an actual incident I found is in the jargon file, but even that is a tongue-in-the-cheek expression. This was not distributed, certainly not to all customers which purchased early versions of "Unix", which is the implication I get from your post.
It would be even harder to do with gcc/glibc as there are many environments where gcc is compiled with the native compiler of that platform, e.g., Solaris. You can check even for Linux though, compile gcc in Solaris, then cross compile gcc to Linux using the gcc you compiled in Solaris, then compile the gcc source with your cross compiled product. and finally compile gnu C library, if there is any malicious code that is inserted by a crooked compiler, it will show.

You can't trust open source either.

Search google for "Reflections on Trusting Trust" it's a great ACM award speach by Ken Thompson about this very topic. try here

The obligatory reference to:

Reflections on Trusting Trust
by Ken Thompson

http://www.acm.org/classics/sep95/

Read it here. It is one of the scariest articles I've ever seen. And yes, I have copies of gcc source dating back to the late 80% that I could use to bootstrap myself back up to the current version without whatever might have been inserted along the way.

Here's a link to Reflections on Trusting Trust.

Ah-ha, trust the compiler do you? No amount of source-level verification or scrutiny will protect you from using untrusted code.

Anticipatory scheduling:
A disk scheduling framework to overcome deceptive idleness in synchronous I/O (2001)

Sitaram Iyer, Peter Druschel
18th ACM Symposium on Operating Systems Principles

ACM portal

Using the old citeseer trick, you can read the PDF version here:
Citeseer paper version
PDF version

Don't SLASHDOT citeseer!
There is more than one citeseer mirrors, use google:
Google Citeseer paper search

Enjoy!

Elevator seeking is looking at the current request queue and bundle requests which are close together to minimise head movement. This is indeed old. IRC, Linux had it since 2.2 something.

The anticipatory scheduler tries to anticipate future requests (who would have guessed that?), and is relatively new

No, they don't. They get an icon. Moving it moves the app, double-clicking it launches the app.
Mac users might be comfortable with drag & drop and the filesystem hierarchy, but Windows users decidedly are not. Windows users make up the majority of computer users out there, and if we're going to do things to make it easier for converts, its better to target them.

So just because Windows is a broken GUI that doesn't understand drag & drop, any other system should give up on it?
Drag & drop sucks for other reasons too. Its far too manual, and reeks of the outmoded "real-world metaphors" movement. Read this document on the Anti-Mac interface. The truth is that there are two types of computer users these days:

- Those that have learned to use computers. These are mostly Windows users. We have to pay attention to them because they form the largest body of existing users who will transition to Linux.

- Those that grew up with computers. Kids today readily understand the abstract nature of computers. They don't analogize the computer to "real world metaphors" but understand interfaces in their own terms.

The traditional Finder-style UI interface doesn't serve either of these users. Existing Windows users aren't familiar with it, while the next generation of users doesn't need the artificial, time-wasting concrete metaphors. The web is the perfect example of an anti-mac interface. There aren't "real world" metaphors on the web. You don't waste time dragging and dropping. You've got infinite-length pages, linked words between pages, a search-based (Google!) UI, etc. Going forwards, that's what UIs will look like.

That alone is complicated. You need to map "the app you want" to some name in a list. That's an entire parallel, cryptic, redundant hierarchy to understand and operate.
Huh? You want php, so you find php in a list? Do you think people have trouble mapping from the food they want to order to a listing in a menu? The Mac equivilent of the a dinner menu would be a giant table full of cooked dishes, with the diners pointing and grunted at what they want!

Actually, it does have major scalability problems...please refer to some of the numerous papers published on exactly this topic.

The supernode/ultrapeer addition to the protocol was meant to address some of the scalability issues of the previous version of the protocol. However, the fragile nature of the original overlay network is only made worse since ultrapeers are explicitly meant to be highly connected nodes.

The problem with Gnutella is that it can't do search efficiently due to the the broadcast nature of forwarding query messages. Research such as Random Walkers(SIGCOMM 02), and Attenuated Bloom Filters (IEEE INFOCOM 02) have tried to tackle the problem of scalable and fast search in unstructured P2P networks like Gnutella.

Yet another glossy response that doesn't address the underlying problem. Being able to navigate 3D spaces for your files is neat. Maybe we'll finally get those cool file management interfaces that those kids in Hackers got. I want a Gibson too, damn it!

But it's really useless since it won't actually help users to find their files. It takes the problems posed by the desktop metaphor and compounds them. Now my report is lurking somewhere behind me beneath a virtual photo album of my vacation photos or trapped behind a virtual CD rack representing my WMA collection. 3D views of documents add on a spatial property to the data, so I'm left wondering if all documents adjacent to my notebook are related to the contents of my notebook. Now users have to think about boundaries. Anyone whose built a collection of books over the years knows that the moore different types of books you have, the harder it is to create general categories for organizing those books since content often crosses categories.

I think David Gelernter's Lifestreams will do a much better job of making document retrieval and overall information management both efficient and easy. In Lifesteams the accumulation of data, any data, forms a time-ordered stream that can be manipulated and transversed using metafilters, which are basically filters that operate on the main stream. For example, with e-mail, there is a single e-mail stream. I can create a metaphor to pull addresses from the stream, thus created an on-the-fly addressbook that is always current. I can create another metastream to pull all emails after a certain date, thus creating a virtual inbox.

When it comes to papers and reports, I don't have to think about the original filename or location of a document I wrote years ago that I want to include in a document I am writing today. I merely create a metastream to pull the data I want from all documents based on certain content. This always documents to be stored virtually across many different categories at the same time. As of right now, I'm stuck with folders and generic descriptions that become irrelevent as I stored more complex writings.

Lifestreams Homepage
Lifestreams Discussion at ACM
Wired Magazine article on Lifestreams and Gelernter

Web Book and Web Forager were tools created by Xerox Parc which allowed you to organize webpages into books, which could be placed onto a bookshelf or table.

You could interact with the pages, and move them around the desktop. You could flip through the pages like a real book. This paper was done in 96.

Yes, yes you were all happy when the GOTO was considered harmful. But it didn't stop there. Oh no. I warned you, I did.

And now see where it's led? Sex considered harmful!

Bring back the GOTO before it is too late!

and in a related thread, when commanders are coordinating themselves:

Impossibility of distributed consensus with one faulty process

One of the major topics at SIGKDD this year will be privacy preserving data mining (it has been a hot topic for a couple of years now). The current research is quit promising for anything in which all we need is a statistical aggregate. So preference mining, such as what Amazon does, can certainly be done while preserving a high degree of privacy.

No one knows how to do link-mining (find a terrorist cell in a group of people), while preserving privacy, however. Personally, I am not convinced that that type of stuff is possible.

Genamics lists 989 journals related to Computer and Information Sciences. Surely some of them are good.

How about the Journal of Functional Programming or Theoretical Computer Science, or perhaps the Journal of Algorithms. And, for a more general approach, there's always the Journal of the ACM.

I haven't read any of these extensively, but surely some of them will have the kind of articles you'll enjoy.

There used to be journals for every concievable area of comp-sci. They all seem to have died in the 90s.

Check out any of these places for a start:

• ACM Publications
• IEEE Computer Society Publications Center
• CiteSeer

Have you ever coded a hash table? Or understand how they work? ... hash tables can have an O(2) or O(3) worse-case lookup time.

We all know what a hash table is. You apparently don't know that O(f(n)) = { g(n) : \exists k . \forall n . g(n) <= k f(n) }, thus O(1) = O(2) = O(3). Using this definition, the statement "g(n) = O(f(n))" is an overloaded synonym for "g(n) \in O(f(n))".

Explain the difference between a reference and a pointer.

They are essentially the same thing. Perhaps you're referring to the fact that you can't perform arithmetic operations on the address associated with a reference in languages like C++ or Java. But that's a property of the language's type system, not of the English words "reference" and "pointer."

Association for Computing Machinery on Mentifex artificial intelligence

Ben Goertzel, Ph.D., on Mentifex artificial intelligence

Comprehensive Perl Archive Network: Mentifex AI mind.txt gameplan

Free Software Donation Directory: Mentifex AI Project

Nanomagazine interviews Mentifex on independent AI scholarship

Redpaper archive of Mentifex documents on artificial intelligence

Agents Portal selling Mentifex AI4U textbook of artificial intelligence

GameDev.net selling Mentifex AI4U textbook of artificial intelligence

GreatMindsWorking selling Mentifex AI4U: Mind-1.1 Programmer's Manual

Interesting you should bring up the subject of stress and technology.

There is an article in the latest Communications of the ACM with some excellent research that examines the causes of stress in IS workers.

If you subscribe to the ACM, you can read the article online at the ACM Portal.

This is from the March 2004 issue, so it's hot off the presses.

One of the sources cited in the paper was a study from a 1999 ComputerWorld publication that found non-U.S. programmers to be far more productive than their U.S. counterparts (more than 100% more productive than U.S. programmers in terms of number of lines of code written). The implication in the article is that stress is a large factor in this difference, but I found it interesting that programmers seem to be more productive offshore; it doesn't bode well for the plight of U.S. programmers.

You can find out here.

This is an old speech made by Ken Thompson that talks about invisible back doors. To summarize, using Linux as an example in this case:

A method could be written into the kernel that detects that a kernel is being compiled and inserts code into that kernel. That code could be whatever you want, as long as it contains the method that detects a kernel being compiled...and so on.

That way, the kernel could have code in it that was not in the source code, but was present in every build, nonetheless.

In the speech, Thompson notes that this sort of backdoor could be inserted into any compiler or assembler (I can't remember if he says OS or not.) Kind of cool stuff.

Ken Thompson's compiler hack

KFG

No. Even if you saw the code you would not be able to see the changes. They are placed where you cannot see them. Even with source.

Ever.



KFG

> open-source gives you the option to say: I only trust myself...
> and then compile the reviewed code yourself.

Only trusting yourself is not practical; you would have to bootstrap your own compiler and linker (see Reflections on Trusting Trust by Ken Thompson)

I've said this before; read Reflections on Trusting Trust

Wouldn't help you against a C compiler hack in the style of Ken Thompson's classic. That's a pretty paranoid example but it does show that to be perfectly secure in your system you do need to know everything about it, from the ground up. Compiling from a known-good source isn't always enough.