Slashdot Mirror

alphadogg writes "Leslie Lamport, a Microsoft Research principal, has been named the winner of the 2013 ACM A.M. Turing Award, frequently called the 'Nobel Prize in Computing.' The computer scientist was recognized by the Association for Computing Machinery for 'imposing clear, well-defined coherence on the seemingly chaotic behavior of distributed computing systems, in which several autonomous computers communicate with each other by passing messages.' His algorithms, models and verification systems have enabled distributed computer systems to play the key roles they're used in throughout the data center, security and cloud computing landscapes."

alphadogg writes "Leslie Lamport, a Microsoft Research principal, has been named the winner of the 2013 ACM A.M. Turing Award, frequently called the 'Nobel Prize in Computing.' The computer scientist was recognized by the Association for Computing Machinery for 'imposing clear, well-defined coherence on the seemingly chaotic behavior of distributed computing systems, in which several autonomous computers communicate with each other by passing messages.' His algorithms, models and verification systems have enabled distributed computer systems to play the key roles they're used in throughout the data center, security and cloud computing landscapes."

CowboyRobot writes "Writing for ACM's Queue magazine, Paul Vixie argues, "The edge of the Internet is an unruly place." By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills and budgets that something the size of the Internet deserves. Furthermore, the resiliency of the Internet means that a device or program that gets something importantly wrong about Internet communication stands a pretty good chance of working "well enough" in spite of this. Witness the endless stream of patches and vulnerability announcements from the vendors of literally every smartphone, laptop, or desktop operating system and application. Bad guys have the time, skills, and motivation to study edge devices for weaknesses, and they are finding as many weaknesses as they need to inject malicious code into our precious devices where they can then copy our data, modify our installed software, spy on us, and steal our identities."

theodp writes "In July, the Association for Computing Machinery announced it was partnering with Code.org, with ACM contributing funding and its Director of Public Policy to Code.org in a push to 'ensure that every K-12 student in the US has the opportunity to study computer science.' Interestingly, joining others questioning the conventional Presidential wisdom that everybody-must-get-code is the Communications of the ACM, which asks in its February issue, Should Everybody Learn to Code? By the way, Code.org is bringing its Hour of Code show to the UK in March. The new National Curriculum for England that is to be taught in all primary and secondary schools beginning in September includes a new emphasis on Computer Science curricula, said to have been sparked by a speech given by Google Chairman Eric Schmidt in 2011."

theodp writes "At first glance, the headline in The Salt Lake Tribune — Very Few Utah Girls, Minorities Take Computer Science AP Tests — appears to be pretty alarming. As does the headline No Girls, Blacks, or Hispanics Take AP Computer Science Exam in Some States over at Education Week. Not One Girl Took The AP Computer Science Test In Some States warns a Business Insider headline. And so on and so on and so on. So how could one quibble with tech-giant backed Code.org's decision to pay teachers a $250 "Female Student Bonus", or Google's declaration that 'the ultimate goal of CS First is to provide proven teaching materials, screencasts, and curricula for after-school programs that will ignite the interest and confidence of underrepresented minorities and girls in CS,' right? But the thing is, CollegeBoard AP CS exam records indicate that no Wyoming students at all took an AP CS exam (xls) in 2013, and only a total of 103 Utah students (xls) had reported scores. Let's not forget about the girls and underrepresented minorities, but since AP CS Exam Stats are being spun as a measure of CS education participation (pdf) and equity, let's not forget that pretty much everyone has been underrepresented if we look at the big AP CS picture. If only 29,555 AP CS scores were reported (xls) in 2013 for a HS population of about 16 million students, shouldn't the goal at this stage of the game really be CS education for all?"

davecb writes "The Obamacare sign-up site was a classic example of managers saying 'not invented here' and doing everything wrong, as described in Poul-Henning Kamp's Center Wheel for Success, at ACM Queue." It's not just a knock on the health-care finance site, though: "We are quick to dismiss these types of failures as politicians asking for the wrong systems and incompetent and/or greedy companies being happy to oblige. While that may be part of the explanation, it is hardly sufficient. ... [New technologies] allow us to make much bigger projects, but the actual success/failure rate seems to be pretty much the same."

CowboyRobot writes "The Software Inferno is a tale that parallels The Inferno, Part One of The Divine Comedy written by Dante Alighieri in the early 1300s. That literary masterpiece describes the condemnation and punishment faced by a variety of sinners in their hell-spent afterlives as recompense for atrocities committed during their earthly existences. The Software Inferno is a similar account, describing a journey where 'sinners against software' are encountered amidst their torment, within their assigned areas of eternal condemnation, and paying their penance. Quoting: 'CANTO 6 - HERESY: ...The countess explained that these chaotically traveling souls were strongly at variance with well-established beliefs and laws of software engineering developed by experts on the subject. Their unabashed contempt for universally accepted truths spawned decision making that wrought great damage upon software projects in their charge. Some challenged Fred Brooks' sacred counsel in futile attempts to rise above their failings by adding new people with woefully insufficient qualifications to rescue already-late projects. Others flaunted their derision by disregarding software design patterns sanctified by the Gang of Four, instead opting for inelegance of their own in attempts to solve problems whose solutions were already proven, well known, and time-honored.'"

New submitter fierman writes "In a work to be presented at the Network and Distributed System Security Symposium (ISOC NDSS'14), INRIA researchers show the privacy risks of Real-Time Bidding (PDF) and High-Frequency Trading for selling advertisement spaces. Combining Real-Time Bidding and Cookie Matching, advertisers can significantly improve their tracking and profiling capabilities. Both technologies are already prevalent on the Web. The research discusses the value of users' private data (browsing history) retrieved directly from the advertisers, leveraging an exposed information leak in RTB systems. Advertisers will pay about $0.0005 to display a targeted ad to a single user, while at the same time acquiring information about them. The research also shows evidence of price variation with users' profiles, physical location, time of day and content of visited sites."

CowboyRobot writes "David Chisnall of the University of Cambridge describes how interfacing between languages is increasingly important. You can no longer expect a nontrivial application to be written in a single language. High-level languages typically call code written in lower-level languages as part of their standard libraries (for example, GUI rendering), but adding calls can be difficult. In particular, interfaces between two languages that are not C are often difficult to construct. Even relatively simple examples, such as bridging between C++ and Java, are not typically handled automatically and require a C interface. The problem of interfacing between languages is going to become increasingly important to compiler writers over the coming years."

alphadogg writes "With memory, as with real estate, location matters. A group of researchers from AMD and the Department of Energy's Los Alamos National Laboratory have found that the altitude at which SRAM resides can influence how many random errors the memory produces. In a field study of two high-performance computers, the researchers found that L2 and L3 caches had more transient errors on the supercomputer located at a higher altitude, compared with the one closer to sea level. They attributed the disparity largely to lower air pressure and higher cosmic ray-induced neutron strikes. Strangely, higher elevation even led to more errors within a rack of servers, the researchers found. Their tests showed that memory modules on the top of a server rack had 20 percent more transient errors than those closer to the bottom of the rack. However, it's not clear what causes this smaller-scale effect."

Nerval's Lobster writes "Researchers have demonstrated a technique that produces inexpensive, functional electrical circuits that can be printed using about $300 worth of materials and equipment, including generic inkjet printers. The technique, developed by researchers from Georgia Tech, the University of Tokyo and Microsoft Research, allows circuits to be printed onto irregularly-shaped materials or almost anything able to go through the paper feed on a printer designed for consumers. The chief advantage of the technique is the ability to print circuits using silver nanoparticle ink rather than relying on the thermal-bonding technique called sintering, which is time-consuming and can destroy delicate base materials. Researchers were able to print new circuits in about 60 seconds on almost any material that could go through the printer, though resin-covered paper, PET film and glossy photo paper worked best, while sheets of canvas cloth and anything magnetic were ineffective. Once printed using silver ink on flexible base material, the circuits can be attached to existing hardware by simply laying or taping them in place and making connections using conductive tape or conductive glue. (Soldering would destroy the underlying material.)"

CowboyRobot writes "Former high-frequency trader Jacob Loveless gives an in-depth description of the math and technology involved in HFT. From the article: 'The first step in HFT is to place the systems where the exchanges are. Light passing through fiber takes 49 microseconds to travel 10,000 meters, and that's all the time available in many cases. In New York, there are at least six data centers you need to collocate in to be competitive in equities. In other assets (foreign exchange, for example), you need only one or two in New York, but you also need one in London and probably one in Chicago. The problem of collocation seems straightforward: 1. Contact data center. 2. Negotiate contract. 3. Profit. The details, however, are where the first systems problem arises. The real estate is extremely expensive, and the cost of power is an ever-crushing force on the bottom line. A 17.3-kilowatt cabinet will run $14,000 per month. Assuming a modest HFT draw of 750 watts per server, 17 kilowatts can be taken by 23 servers. It's also important to ensure you get the right collocation. In many markets, the length of the cable within the same building is a competitive advantage. Some facilities such as the Mahwah, New Jersey, NYSE (New York Stock Exchange) data center have rolls of fiber so that every cage has exactly the same length of fiber running to the exchange cages.'"

An anonymous reader writes "MIT is claiming they can make the Internet faster if we let computers redesign TCP/IP instead of coding it by hand. They used machine learning to design a version of TCP that's twice the speed and causes half the delay, even with modern bufferbloated networks. They also claim it's more 'fair.' The researchers have put up a lengthy FAQ and source code where they admit they don't know why the system works, only that it goes faster than normal TCP."

CowboyRobot writes "ACM has an article about how Netflix conducts its resilience testing. Instead of the GameDays used by sites such as Amazon and Google, Netflix uses what they call The Simian Army, based on the philosophy that 'Resilience can be improved by increasing the frequency and variety of failure and evolving the system to deal better with each new-found failure, thereby increasing anti-fragility.' While GameDay exercises are like a fire-drill, with scheduled exercises where failure is manually introduced or simulated, the Simian Army relies on failure in the live environment induced by autonomous agents known as 'monkeys.' Chaos Monkey randomly terminates virtual instances in a production environment that are serving live customer traffic. Chaos Gorilla causes an entire Amazon Availability Zone to fail. And Chaos Kong will take down an entire region of zones. 'What doesn't kill you makes you stronger' and Netflix hopes that by constantly protecting itself from internal onslaught, they will become increasingly 'anti-fragile — growing stronger from each successive stressor, disturbance, and failure.'"

Contributor Tom Geller writes: "I recently wrote an article about Bitcoin and the law for Communications of the Association for Computing Machinery. In researching it I ran into plenty of wishful thinkers, ridiculous greedheads, and out-and-out nutbags promising a rosy future. I also found the expected blowback from vehement naysayers who think the best way to combat crazy is with more crazy. But despite that, I walked away believing that Bitcoin — or a decentralized cryptocurrency like it (let's call it "Coin") — is here to stay. As an interested outsider to the Coin economy, and a long-time technology commentator, here's what I think its future holds." Read on for Tom's predictions. Coin's primary use will continue to be in international transactions.

While people wonder "When will I be able to pay for groceries and utilities with Bitcoin?", that use might never come. But Coin already shines in international transactions, where it provides a clear advantage over current systems, which are expensive and complicated hassles. That's why PayPal has become the go-to solution: it just works, albeit with typical fees around 3-5%.

Coin reduces that fee to a small fraction of 1% (when sent directly), and is available in places where PayPal fears to tread (Zimbabwe, Pakistan, etc.). Coin transactions occur instantly, with no intermediary, and — for better or worse — without recourse.

That leads to Coin's second primary use: to store liquid value in places where other stores (such as national currency) are unreliable. For all the cries that Bitcoin is "unstable", it seems to have settled quite nicely after its April spike. Certainly it looks appealing to anyone in an unstable country, and it's even tempting for those in places where the currency's been on a long, slow slide, like Argentina.

Coin's big vulnerability is its interface with national currencies ("real money").

None of this matters if you can't get your money out again. And that's where governments are taking a close look at Coin — with good reason. First, Coin exchanges have a terrible track record; second, such points of exchange are bottlenecks through which financial crimes often flow.

In the U.S., the government's Financial Crimes Enforcement Network (FinCEN) issued guidance asserting its right to regulate "Money Services Businesses", and defining exchanges dealing in virtual currencies (including Bitcoin) as such. That's a problem for many existing Coin exchanges, as the costs for complying with regulations are high. But if there's not a stable and reliable way to get national currency in and out of Coin, its value will plummet.

Conversely, Coin's value is likely to shoot up if this interface gets easier. Right now, it's surprisingly hard to buy Bitcoin (et al.) directly with U.S. dollars. Most methods require bank wires, tricky multi-step workarounds, and high fees. (I found Coinbase to be the most accessible, albeit with long delays and a bank verification procedure similar to PayPal's.) If Coin becomes as easy to buy as a gift card and redeemable at every bank, its practical utility will soar for everyday people.

No government will make Coin illegal.

Despite bloviation by a few politicians and baseless statements in the press, Coin is not per se illegal, and there have been no serious attempts to make it so. The FinCEN guidance mentioned earlier explicitly says that ordinary users — those who buy and sell using Coin — are "not subject to FinCEN's... regulations for MSBs". It's possible that other government agencies will continue to claim authority, but there doesn't seem to be much support for it.

A lot of noise has been made about Coin's use in illegal business, for example on Silk Road (where it's the only currency). But law enforcement is realizing that the currency isn't to blame, much as they've started to say that Craigslist isn't responsible for crimes organized through its ads. I predict that that distraction will continue to surface from time to time, but will essentially die soon.

Even if governments attempt to illegalize Coin, there's only so much they could do to criminalize ordinary users. Again, Coin's real vulnerabilities are higher up the chain. However....

If Coin succeeds, governments will get involved — for the better.

"Noooo!!!" scream the cryptoanarchists who are Coin's pioneers. "Keep the government out of this! Coin can't be controlled! Nobody can take away our freedoms!" What they don't realize is that this attitude doesn't reflect the values of Coin's future users. The benefits of "freedom" matter to the innovators; convenience and safety matter to those who follow.

"Government" in this case could also be a government-size corporation, syndicate, or other entity. The important thing is that it's big enough to administer, back, and enforce initiatives to protect the Coin economy. Whatever that "bully entity" is, Coin adopters will welcome it because of two major flaws currently in (Bit)Coin's design.

First, Coin is ridiculously easy to destroy by accident. If you lose the private cryptographic key that identifies your coin, it's gone. Not just stolen, but removed entirely from the economy, so nobody will ever own it again. Consider these stories on Bitcointalk.org, where within a few messages the cumulative total tops 10,000 BTC — currently valued around a million dollars. A central authority could address this in several ways such as tracking, restitution, etc.. People don't care that their cash is anonymous when the rent money disappears.

Second, the entire system is vulnerable to a brute-force attack. Without getting into the specifics, Coin (well, Bitcoin) works because it assumes that at least 50% of the computer power on the network is held by honest players. But a recent 51% attack on Feathercoin (a Coin with much lower capitalization) showed that it's possible for a single party (or syndicate) to trump that.

Let's do the math for Bitcoin, the Coin with by far the highest capitalization, at just north of USD$1 billion (1 x 10^9). To reliably overwhelm the network, you'd need computing power delivering about 100,000 gigahashes per second. Computers optimized for Bitcoin processing are currently available for about $1,000/gigahash, so sufficient computing power can be bought for $100 million. Electricity cost for the deed would be about $200,000/day.

O.K., it's not something a basement hacker could whip up. But there are over 400 people, and thousands of syndicates with a billion dollars in the U.S. alone. Perhaps at least one of them is crazy enough to drop 1% of the wealth to partially control (or completely destroy) a billion-dollar system. (Hell, one of them recently spent 1/10th of that price tag on his wedding.)

Those are only the two biggest technical concerns. Then there's the galaxy of financial services (such as insurance) that's available for fiat money, but which would be hard or impossible to provision for Coin without a central authority. Time could overcome these barriers; a bully entity would overcome them faster, and with greater public buy-in.

Bitcoin is not the end game.

Along those lines, I don't believe that Bitcoin will be the ultimate winner in this game. It's the 1.0, and a brilliant first effort at that. But it's not perfect, and several pretenders to the throne already claim to fix some of its bugs. In fact, shifting conditions may require periodic issuance of new Coin as a matter of course. (As I said before, I believe such issuances will involve a central authority.)

These predictions all assume that Coin will grow, and there are many reasons it might not. However, I'm bullish on it for the long-term. It's already proven its value in use; the public is used to handling Coin-like money (viz. Square Wallet); and its first major hurdles are in the past. Now it's ready to enter a fascinating future.



- - - - -
Tom Geller (tomgeller.com) writes about technology and business. He's best known for Drupal-related work that includes eight video courses for lynda.com, a book for Peachpit Press, and corporate work for Acquia, Commerce Guys, and others. He first became involved in computers as a grade-school student in 1976, playing "Hunt the Wumpus" on a 100-pound monster that spewed tractor-feed paper onto the floor. He lives in Oberlin, Ohio.

Contributor Tom Geller writes: "I recently wrote an article about Bitcoin and the law for Communications of the Association for Computing Machinery. In researching it I ran into plenty of wishful thinkers, ridiculous greedheads, and out-and-out nutbags promising a rosy future. I also found the expected blowback from vehement naysayers who think the best way to combat crazy is with more crazy. But despite that, I walked away believing that Bitcoin — or a decentralized cryptocurrency like it (let's call it "Coin") — is here to stay. As an interested outsider to the Coin economy, and a long-time technology commentator, here's what I think its future holds." Read on for Tom's predictions. Coin's primary use will continue to be in international transactions.

While people wonder "When will I be able to pay for groceries and utilities with Bitcoin?", that use might never come. But Coin already shines in international transactions, where it provides a clear advantage over current systems, which are expensive and complicated hassles. That's why PayPal has become the go-to solution: it just works, albeit with typical fees around 3-5%.

Coin reduces that fee to a small fraction of 1% (when sent directly), and is available in places where PayPal fears to tread (Zimbabwe, Pakistan, etc.). Coin transactions occur instantly, with no intermediary, and — for better or worse — without recourse.

That leads to Coin's second primary use: to store liquid value in places where other stores (such as national currency) are unreliable. For all the cries that Bitcoin is "unstable", it seems to have settled quite nicely after its April spike. Certainly it looks appealing to anyone in an unstable country, and it's even tempting for those in places where the currency's been on a long, slow slide, like Argentina.

Coin's big vulnerability is its interface with national currencies ("real money").

None of this matters if you can't get your money out again. And that's where governments are taking a close look at Coin — with good reason. First, Coin exchanges have a terrible track record; second, such points of exchange are bottlenecks through which financial crimes often flow.

In the U.S., the government's Financial Crimes Enforcement Network (FinCEN) issued guidance asserting its right to regulate "Money Services Businesses", and defining exchanges dealing in virtual currencies (including Bitcoin) as such. That's a problem for many existing Coin exchanges, as the costs for complying with regulations are high. But if there's not a stable and reliable way to get national currency in and out of Coin, its value will plummet.

Conversely, Coin's value is likely to shoot up if this interface gets easier. Right now, it's surprisingly hard to buy Bitcoin (et al.) directly with U.S. dollars. Most methods require bank wires, tricky multi-step workarounds, and high fees. (I found Coinbase to be the most accessible, albeit with long delays and a bank verification procedure similar to PayPal's.) If Coin becomes as easy to buy as a gift card and redeemable at every bank, its practical utility will soar for everyday people.

No government will make Coin illegal.

Despite bloviation by a few politicians and baseless statements in the press, Coin is not per se illegal, and there have been no serious attempts to make it so. The FinCEN guidance mentioned earlier explicitly says that ordinary users — those who buy and sell using Coin — are "not subject to FinCEN's... regulations for MSBs". It's possible that other government agencies will continue to claim authority, but there doesn't seem to be much support for it.

A lot of noise has been made about Coin's use in illegal business, for example on Silk Road (where it's the only currency). But law enforcement is realizing that the currency isn't to blame, much as they've started to say that Craigslist isn't responsible for crimes organized through its ads. I predict that that distraction will continue to surface from time to time, but will essentially die soon.

Even if governments attempt to illegalize Coin, there's only so much they could do to criminalize ordinary users. Again, Coin's real vulnerabilities are higher up the chain. However....

If Coin succeeds, governments will get involved — for the better.

"Noooo!!!" scream the cryptoanarchists who are Coin's pioneers. "Keep the government out of this! Coin can't be controlled! Nobody can take away our freedoms!" What they don't realize is that this attitude doesn't reflect the values of Coin's future users. The benefits of "freedom" matter to the innovators; convenience and safety matter to those who follow.

"Government" in this case could also be a government-size corporation, syndicate, or other entity. The important thing is that it's big enough to administer, back, and enforce initiatives to protect the Coin economy. Whatever that "bully entity" is, Coin adopters will welcome it because of two major flaws currently in (Bit)Coin's design.

First, Coin is ridiculously easy to destroy by accident. If you lose the private cryptographic key that identifies your coin, it's gone. Not just stolen, but removed entirely from the economy, so nobody will ever own it again. Consider these stories on Bitcointalk.org, where within a few messages the cumulative total tops 10,000 BTC — currently valued around a million dollars. A central authority could address this in several ways such as tracking, restitution, etc.. People don't care that their cash is anonymous when the rent money disappears.

Second, the entire system is vulnerable to a brute-force attack. Without getting into the specifics, Coin (well, Bitcoin) works because it assumes that at least 50% of the computer power on the network is held by honest players. But a recent 51% attack on Feathercoin (a Coin with much lower capitalization) showed that it's possible for a single party (or syndicate) to trump that.

Let's do the math for Bitcoin, the Coin with by far the highest capitalization, at just north of USD$1 billion (1 x 10^9). To reliably overwhelm the network, you'd need computing power delivering about 100,000 gigahashes per second. Computers optimized for Bitcoin processing are currently available for about $1,000/gigahash, so sufficient computing power can be bought for $100 million. Electricity cost for the deed would be about $200,000/day.

O.K., it's not something a basement hacker could whip up. But there are over 400 people, and thousands of syndicates with a billion dollars in the U.S. alone. Perhaps at least one of them is crazy enough to drop 1% of the wealth to partially control (or completely destroy) a billion-dollar system. (Hell, one of them recently spent 1/10th of that price tag on his wedding.)

Those are only the two biggest technical concerns. Then there's the galaxy of financial services (such as insurance) that's available for fiat money, but which would be hard or impossible to provision for Coin without a central authority. Time could overcome these barriers; a bully entity would overcome them faster, and with greater public buy-in.

Bitcoin is not the end game.

Along those lines, I don't believe that Bitcoin will be the ultimate winner in this game. It's the 1.0, and a brilliant first effort at that. But it's not perfect, and several pretenders to the throne already claim to fix some of its bugs. In fact, shifting conditions may require periodic issuance of new Coin as a matter of course. (As I said before, I believe such issuances will involve a central authority.)

These predictions all assume that Coin will grow, and there are many reasons it might not. However, I'm bullish on it for the long-term. It's already proven its value in use; the public is used to handling Coin-like money (viz. Square Wallet); and its first major hurdles are in the past. Now it's ready to enter a fascinating future.



- - - - -
Tom Geller (tomgeller.com) writes about technology and business. He's best known for Drupal-related work that includes eight video courses for lynda.com, a book for Peachpit Press, and corporate work for Acquia, Commerce Guys, and others. He first became involved in computers as a grade-school student in 1976, playing "Hunt the Wumpus" on a 100-pound monster that spewed tractor-feed paper onto the floor. He lives in Oberlin, Ohio.

davecb writes "Paul E. McKenney, one of the Linux RCU implementors, addresses the problem of synchronization using structured deferral on, what else, Mr Schrödinger's famous cat. Courtesy of deferral/procrastination, the cat can be both alive and dead at the same time. 'In this example, Schrödinger would like to construct an in-memory database to keep track of the animals in his zoo. Births would of course result in insertions into this database, while deaths would result in deletions. The database is also queried by those interested in the health and welfare of Schrödinger's animals. Schrödinger has numerous short-lived animals such as mice, resulting in high update rates. In addition, there is a surprising level of interest in the health of Schrödinger's cat, so much so that Schrödinger sometimes wonders whether his mice are responsible for most of these queries. Regardless of their source, the database must handle the large volume of cat-related queries without suffering from excessive levels of contention. Both accesses and updates are typically quite short, involving accessing or mutating an in-memory data structure, and therefore synchronization overhead cannot be ignored.'"

CowboyRobot writes "Two researchers at San Francisco State University has successfully implemented hardware acceleration for realtime audio using graphics processing units (GPUs). 'Suppose you are simulating a metallic plate to generate gong or cymbal-like sounds. By changing the surface area for the same object, you can generate sound corresponding to cymbals or gongs of different sizes. Using the same model, you may also vary the way in which you excite the metallic plate — to generate sounds that result from hitting the plate with a soft mallet, a hard drumstick, or from bowing. By changing these parameters, you may even simulate nonexistent materials or physically impossible geometries or excitation methods. There are various approaches to physical modeling sound synthesis. One such approach, studied extensively by Stefan Bilbao, uses the finite difference approximation to simulate the vibrations of plates and membranes. The finite difference simulation produces realistic and dynamic sounds (examples can be found here). Realtime finite difference-based simulations of large models are typically too computationally-intensive to run on CPUs. In our work, we have implemented finite difference simulations in realtime on GPUs.'"

alphadogg writes "A pair of MIT professors and security researchers whose work paved the way for modern cryptography have been named winners of the 2012 A.M. Turing Award, also known as the 'Nobel Prize in Computing.' Shafi Goldwasser, the RSA Professor of Electrical Engineering and Computer Science at MIT and a professor at the Weizmann Institute of Science in Israel, and Silvio Micali, the MIT Ford Professor of Engineering, are recipients of the award, which will be formally presented by the Association for Computing Machinery on June 15 in San Francisco. According to the ACM: 'By formalizing the concept that cryptographic security had to be computational rather than absolute, they created mathematical structures that turned cryptography from an art into a science.' Goldwasser and Micali will split a $250K prize."

call -151 writes "An editorial appearing in the ACM notices complains about the effects of the Elsevier boycott particularly with respect to academics refusing to do unpaid review for for-profit journals, particularly the extortionate Elsevier journals. Mathematician Tim Gowers's post gave energy to this about a year ago and recently he reflected on progress in several directions, including developing new arXIv overlay journals. Not disclosed in the ACM editorial is that the author serves on three Elsevier editorial boards; I take it that his complaining about the difficulty of finding referees is an indication that the boycott is having some good effect. Open access issues in academic publishing have been discussed on Slashdot before and it's a good sign that the broader issue has been getting good exposure, including a reasonable White House directive in response to a strong petition effort."

An anonymous reader writes "In a February 2013 ACM Queue / Communications of the ACM article, A decade of OS access-control extensibility, Robert Watson at the University of Cambridge credits 2000s-era DARPA security research, distributed via FreeBSD, for the success of sandboxing in desktop, mobile, and embedded systems such as Mac OS X, iOS, and Juniper's Junos router OS. His blog post about the article argues that OS security extensibility is just as important as more traditional file system (VFS) and device driver extensibility features in kernels — especially in embedded environments where UNIX multi-user security makes little sense, and where tradeoffs between performance, power use, functionality, and security are very different. This seems to fly in the face of NSA's recent argument argument that one-size-fits-all SELinux-style Type Enforcement is the solution for Android security problems. He also suggests that military and academic security researchers overlooked the importance of app-store style security models, in which signed application identity is just as important as 'end users' in access control."

CowboyRobot writes "The ACM has an article describing the history and present of the Great Firewall of China (GFW). 'Essentially, GFW is a government-controlled attacking system, launching attacks that interfere with legitimate communications and affecting many more victims than malicious actors. Using special techniques, it successfully blocks the majority of Chinese Internet users from accessing most of the Web sites or information that the government doesn't like. GFW is not perfect, however. Some Chinese technical professionals can bypass it with a variety of methods and/or tools. An arms race between censorship and circumvention has been going on for years, and GFW has caused collateral damage along the way.'"

theodp writes "Online education has had a fifty-year road to 'overnight' success. MIT Technology Review calls the emergence of free online education, particularly massive open online courses (MOOCs), The Most Important Education Technology in 200 Years. 'If you were asked to name the most important innovation in transportation over the last 200 years,' writes Antonio Regalado, 'you might say the combustion engine, air travel, Henry Ford's Model-T production line, or even the bicycle. The list goes on. Now answer this one: what's been the single biggest innovation in education? Don't worry if you come up blank. You're supposed to.' Writing about MOOC Mania in the Communications of the ACM, Moshe Y. Vardi worries that 'the enormous buzz about MOOCs is not due to the technology's intrinsic educational value, but due to the seductive possibilities of lower costs.' And in MOOCs Will Eat Academia, Vivek Haldar writes, 'MOOCs will almost certainly hollow out the teaching component of universities as it stands today...But all is not lost, because the other thing universities do is research, and that is arguably as important, if not more, than teaching.' So, are MOOCs the best thing since sliced bread, or merely the second coming of 1920s Postal Course Mania?"

CowboyRobot writes "Jeremiah Grossman of Whitehat Security has an article at the ACM in which he outlines the current state of browser security, specifically drive-by downloads. 'These attacks are primarily written with HTML, CSS, and JavaScript, so they are not identifiable as malware by antivirus software in the classic sense. They take advantage of the flawed way in which the Internet was designed to work.' Grossman's proposed solution is to make the desktop browser more like its mobile cousins. 'By adopting a similar application model on the desktop using custom-configured Web browsers (let's call them DesktopApps), we could address the Internet's inherent security flaws. These DesktopApps could be branded appropriately and designed to launch automatically to Bank of America's or Facebook's Web site, for example, and go no further. Like their mobile application cousins, these DesktopApps would not present an URL bar or anything else making them look like the Web browsers they are on the surface, and of course they would be isolated from one another.'"

CowboyRobot writes "Jeremiah Grossman of Whitehat Security has an article at the ACM in which he outlines the current state of browser security, specifically drive-by downloads. 'These attacks are primarily written with HTML, CSS, and JavaScript, so they are not identifiable as malware by antivirus software in the classic sense. They take advantage of the flawed way in which the Internet was designed to work.' Grossman's proposed solution is to make the desktop browser more like its mobile cousins. 'By adopting a similar application model on the desktop using custom-configured Web browsers (let's call them DesktopApps), we could address the Internet's inherent security flaws. These DesktopApps could be branded appropriately and designed to launch automatically to Bank of America's or Facebook's Web site, for example, and go no further. Like their mobile application cousins, these DesktopApps would not present an URL bar or anything else making them look like the Web browsers they are on the surface, and of course they would be isolated from one another.'"

An anonymous reader writes "ACM Queue interviews Cambridge researcher (and FreeBSD developer) Robert Watson on why processor designs need to change in order to better support security features like Capsicum — and how they change all the time (RISC, GPUs, etc). He also talks about the challenge of building a research team at Cambridge that could actually work with all levels of the stack: CPU design, operating systems, compilers, applications, and formal methods. The DARPA-sponsored SRI and Cambridge CTSRD project is building a new open source processor that can support orders of magnitude greater sandboxing than current designs."

another random user tips this quote from the BBC: "A wrist-worn sensor that creates 3D-models of the user's hand movements in real-time has been built by Microsoft. The Digits prototype is part of an effort to create a mobile device that would allow its owner to control a range of equipment using hand gestures. The firm said it could be used as a virtual TV control, a way to operate a smartphone while it is in the user's pocket, and to play video games. It is designed to be less cumbersome and uncomfortable than sensor gloves. However, some experts question whether consumers would want to wear such a device during their day-to-day activities." ACM has the research paper (PDF) describing this device and its use.

davecb writes "Pity the poor filesystem designer: they just want to know when their data is safe, but the disks and drivers try so hard to make I/O 'easy' that it ends up being stupidly hard. Marshall Kirk McKusick writes about the difficulties in making the systems work nicely together: 'In the real world, many of the drives targeted to the desktop market do not implement the NCQ specification. To ensure reliability, the system must either disable the write cache on the disk or issue a cache-flush request after every metadata update, log update (for journaling file systems), or fsync system call. Both of these techniques lead to noticeable performance degradation, so they are often disabled, putting file systems at risk if the power fails. Systems for which both speed and reliability are important should not use ATA disks. Rather, they should use drives that implement Fibre Channel, SCSI, or SATA with support for NCQ.'"

An anonymous reader writes with an excerpt from an article at Geek.com "A team of computer scientists at Harvard University have developed a piece of software that allows anyone to 3D print their own action figures at home. Not only will the models carry the likeness of the character, they will also be fully articulated. The software can take an animated 3D character and figure out where best to place its joints. In what is referred to as reverse rendering, the software first looks at an animated character's shape and movement and identifies the best joint points (original paper, paywalled). It then adjusts the size of the different parts of the model so as to allow a real joint to work once printed. Optimizations are then carried out to produce a model as close as possible to the on-screen version, but at the same time workable as an actual real-world, articulated 3D model." The bad news: Harvard is patenting everything and wants to commercialize it on a proprietary basis. The good news: An anonymous reader pointed toward the paper in full.

CowboyRobot writes "Following yesterday's post about Poul-Henning Kamp no longer supporting md5crypt, the author has a new column at the ACM where he details all the ways that LinkedIn failed, specifically related to how they failed to 'salt' their passwords, making them that much easier to crack. 'On a system with many users, the chances that some of them have chosen the same password are pretty good. Humans are notoriously lousy at selecting good passwords. For the evil attacker, that means all users who have the same hashed password in the database have chosen the same password, so it is probably not a very good one, and the attacker can target that with a brute force attempt.'"

CowboyRobot writes "Two researchers have created a system that aggregates thousands of photos from around the Web and integrates them into single images. One application is creating maps by taking the GPS coordinates of photos taken from a collection. Another is creating 3D models of historical buildings by automatically pasting together tourists' photos taken from different angles. 'The challenge is that online data sets are largely unstructured and thus require sophisticated algorithms that can organize and extract meaning from noisy data. In our case, this involves developing automated techniques that can find patterns across millions of images.'"

CowboyRobot writes "We all can see that the Internet is getting slower. According to researchers, the cause is persistently full buffers, and the problem is only made worse by the increasing availability of cheap memory, which is then immediately filled with buffered data. The metaphor is grocery store checkout lines: a cramped system where one individual task can block many other tasks waiting in line. But you can avoid the worst problems by having someone actively managing the checkout queues, and this is the solution for bufferbloat as well: AQM (Active Queue Management). However, AQM (and the metaphor) break down in the modern age when Queues are long and implementation is not quite so straightforward. Kathleen Nichols at Pollere and Van Jacobson at Parc have a new solution that they call CoDel (Controlled Delay), which has several features that distinguish it from other AQM systems. 'A modern AQM is just one piece of the solution to bufferbloat. Concatenated queues are common in packet communications with the bottleneck queue often invisible to users and many network engineers. A full solution has to include raising awareness so that the relevant vendors are both empowered and given incentive to market devices with buffer management.'"

CowboyRobot writes "Stanford's CPU DB project (cpudb.stanford.edu) is like an open IMDB for microprocessors. Processors have come a long way from the Intel 4004 in 1971, with a clock speed of 740KHz, and CPU DB shows the details of where and when the gains have occured. More importantly, by looking at hundreds of processors over decades, researchers are able to separate the effect of technology scaling from improvements in say, software. The public is encouraged to contribute to the project."

CowboyRobot writes "The ACM's Queue magazine has a new, comprehensive taxonomy of visualization techniques, drawing from the theories of Edward Tufte and citing examples from academia, government, and the excellent NYT visualization team. This list contains 12 steps for turning data into a compelling visualization: Visualize, Filter, Sort, Derive, Select, Navigate, Coordinate, Organize, Record, Annotate, Share, & Guide. 'For developers, the taxonomy can function as a checklist of elements to consider when creating new analysis tools.' The citations alone make this an article worth bookmarking."

An anonymous reader writes "Communications of the ACM is carrying two articles promoting the Capsicum security model developed by Robert Watson (FreeBSD — Cambridge) and Ben Laurie (Apache/OpenSSL, ChromeOS — Google) for thin-client operating systems such as ChromeOS. They demonstrate how Chrome web browser sandboxing using Capsicum is not only stronger, but also requires only 100 lines of code, vs 22,000 lines of code on Windows! FreeBSD 9.0 shipped with experimental Capsicum support, OpenBSD has patches, and Google has developed a Linux prototype." While the ACM's stories are both paywalled, the Capsicum project itself has quite a bit of information online in the form of various papers and a video, as well as links to (BSD-licensed) code and to various subprojects.

An anonymous reader writes "Communications of the ACM is carrying two articles promoting the Capsicum security model developed by Robert Watson (FreeBSD — Cambridge) and Ben Laurie (Apache/OpenSSL, ChromeOS — Google) for thin-client operating systems such as ChromeOS. They demonstrate how Chrome web browser sandboxing using Capsicum is not only stronger, but also requires only 100 lines of code, vs 22,000 lines of code on Windows! FreeBSD 9.0 shipped with experimental Capsicum support, OpenBSD has patches, and Google has developed a Linux prototype." While the ACM's stories are both paywalled, the Capsicum project itself has quite a bit of information online in the form of various papers and a video, as well as links to (BSD-licensed) code and to various subprojects.

New submitter mwehle writes with this bit from Ars Technica: "Google's Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid after one of the company's top engineers compared it to seat belts that break when they are needed most. The browser will stop querying CRL, or certificate revocation lists, and databases that rely on OCSP, or online certificate status protocol, Google researcher Adam Langley said in a blog post published on Sunday. He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don't make end users safer because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with."

cswilly writes with the news that China's satellite navigation system, called Beidou, has been successfully activated. "With ten satellites now, 16 in 2012, and 35 in 2020, China is making damn sure they are independent of the U.S. military's lock on GPS. According to the article, 'Beidou, or 'Big Dipper,' would cover most parts of the Asia Pacific by next year and then the world by 2020.'" The BBC also has slightly more detailed coverage.

Expanding on earlier work from Jim Gettys of Bell Labs with a new article in the ACM Queue, CowboyRobot writes that Gettys "makes the case that the Internet is in danger of collapse due to 'bufferbloat,' 'the existence of excessively large and frequently full buffers inside the network.' Part of the blame is due to overbuffering; in an effort to protect ourselves we make things worse. But the problem runs deeper than that. Gettys' solution is AQM (active queue management) which is not deployed as widely as it should be. 'We are flying on an Internet airplane in which we are constantly swapping the wings, the engines, and the fuselage, with most of the cockpit instruments removed but only a few new instruments reinstalled. It crashed before; will it crash again?'"

CowboyRobot writes "Yaron Minsky of Jane Street argues that the time has come for statically-typed functional languages like OCaml and Haskell. He cites many reasons and illustrates what he says is the most important, concision: 'The importance of concision is clear: other things being equal, shorter code is easier to read, easier to write, and easier to maintain.'"

CowboyRobot writes with this piece at the ACM Queue, in which "Poul-Henning Kamp makes the argument for software liability laws. 'We have to do something that actually works, as opposed to accepting a security circus in the form of virus or malware scanners and other mathematically proven insufficient and inefficient efforts. We are approaching the point where people and organizations are falling back to pen and paper for keeping important secrets, because they no longer trust their computers to keep them safe.'"

AlejoHausner writes "In 1972, Ed Catmull, then at the University of Utah, put together a film showcasing many of the 3D computer graphics techniques he and others had developed while working as students in Ivan Sutherland's lab. That film has been digitized and is available. All kinds of modern techniques like Gouraud shading, deformed meshes, and z-buffering are shown in the film. There is a segment showing Catmull digitizing a plaster model of his hand. Catmull later founded Pixar, but at the time the Utah lab pioneered many of the graphics techniques we take for granted today." I'm just sorry I missed when this film was first made available online earlier this year.

An anonymous reader writes "Poul-Henning Kamp looks back at some of the bad decisions made in language design, specifically the C/Unix/Posix use of NUL-terminated text strings. 'The choice was really simple: Should the C language represent strings as an address + length tuple or just as the address with a magic character (NUL) marking the end? ... Using an address + length format would cost one more byte of overhead than an address + magic_marker format, and their PDP computer had limited core memory. In other words, this could have been a perfectly typical and rational IT or CS decision, like the many similar decisions we all make every day; but this one had quite atypical economic consequences.'"

CowboyRobot writes "In Paul Vixie's latest essay, he argues that the alternative to the Whois registry model is flawed and that we should be learning from the mistakes of the history of proposed alternatives to the DNS. 'Any proposal for a competing Whois registry model is as doomed by design and destiny as every alternative DNS system. Even if it succeeds at first, it would fail after copycatting occurred.'"

ChelleChelle writes "While classic systems could offer crisp answers due to the relatively small amount of data they contained, today's systems hold humongous amounts of data content — thus, the data quality and meaning is often fuzzy. In this article, Microsoft's Pat Helland examines the ways in which today's answers differ from what we used to expect, before moving on to state the criteria for a new theory and taxonomy of data."

CowboyRobot writes "The creators of the Lua language describe the process of designing a new language and the constraints that certain parameters, specifically embeddability, place on the process. 'Many languages (not necessarily scripting languages) support extending through an FFI (foreign function interface). An FFI is not enough to allow a function in the system language to do all that a function in the script can do. Nevertheless, in practice FFI covers most common needs for extending, such as access to external libraries and system calls. Embedding, on the other hand, is harder to support, because it usually demands closer integration between the host program and the script, and an FFI alone does not suffice.'"

An anonymous reader writes "In the afternoon of May 4, 1971, at the Stouffer's Somerset Inn in Shaker Heights, Ohio, Steve Cook presented his STOC paper proving that Satisfiability is NP-complete and Tautology is NP-hard. 'The theorems suggest that Tautology is a good candidate for an interesting set not in [P] and I feel it is worth spending considerable effort trying to prove this conjecture. Such a proof would be a major breakthrough in complexity theory.' And thus Cook formulated what was soon to be called the P versus NP problem. The rest is history. Here's the 1971 STOC Program (there were 143 attendees) and what that sacred ground looks like today."

An anonymous reader writes "NoSQL databases have become a hot topic with their promise to solve the problem of distilling valuable information and business insight from big data in a scalable and programmer-friendly way. Microsoft researchers Erik Meijer and Gavin Bierman ... present a mathematical model and standardized query language that could be used to unify SQL and NoSQL data models." Unify is not quite correct; the article shows that relational SQL and key-value NoSQL models are mathematically dual, and provides a monadic query language for what they have coined coSQL.

Der_Yak writes "Researchers from MIT, Google, UNC Chapel Hill, and Johns Hopkins published a recent paper that presents a method for detecting spoken phrases in encrypted VoIP traffic that has been encoded using variable bitrate codecs. They claim an average accuracy of 50% and as high as 90% for specific phrases."

theodp writes "Worried that his love-hate relationship with math might force him to give up the pursuit of computer science, CS student Dean Chen finds comfort from an unlikely source — the postings of CS professors on the SIGSE mailing list. 'I understand that discussing the role of math in CS is one of those religious war type issues,' writes Brad Vander Zanden. 'After 30 years in the field, I still fail to see how calculus and continuous math correlate with one's ability to succeed in many areas of computer science...I have seen many outstanding programmers who struggled with calculus and never really got it.' Dennis Frailey makes a distinction between CS research and applied CS: 'For too long, we have taught computer science as an academic discipline (as though all of our students will go on to get PhDs and then become CS faculty members) even though for most of us, our students are overwhelmingly seeking careers in which they apply computer science.' Frailey adds that part of the problem may be that some CS Profs — math gods that they may be — are ill-equipped to teach CS in a non-mathematical manner: 'Let's be honest about another aspect of the problem — what can the faculty teach? For a variety of reasons, a typical CS faculty consists mainly of individuals who specialize in CS as a discipline, often with strong mathematical backgrounds. How many of them could teach a good course in cloud computing or multi-core systems or software engineering or any of the many other topics that the graduates will find useful when they graduate? Are such courses always relegated to instructors or adjuncts or other non-tenure-track faculty?' So, how does this jibe with Slashdotters' experience?"