Slashdot Mirror

I'm rather new with programming and stumbled across the article Go To Statement Considered Harmful from 1968. I tried some of the examples in this article, and noted that some of those issue reported no longer seem valid whereas quite a few still very much are around. What has been improved since the article was written? Will the new 64-bit architectures finally fix all the problems with Go To Statements, or is this something that the hardware designers still need to work on?

Using accurate arithmetics to improve numerical reproducibility and stability in parallel applications, also available here if you're one of the unwashed masses. It has algorithms to see if your app is facing floating point trouble.

But - that's only part of the goal. Ultimately, I believe that the goal of Planetlab is to help transition these research technologies into deployed, useful services; so the network becomes more than just a research platform, it becomes the next DNS infrastructure, or the next Akamai, or the next Napster (ok, ok, don't sue!).

So, some of the examples the article cited are pretty illustrative. For example, the MIT Chord project is a Distributed Hash Table. DHTs are a peer-to-peer storage/retrieval system that allow completely decentralized resource sharing between cooperating hosts. And so on, and so on. The hope of the PlanetLab folk is that some of these projects will become the foundation for the next Internet architecture, or internet middleware, or whatever it is you want to call it -- the next set of critical services that change the way we use the 'net.

But even before that, Planetlab is one heck of a useful research tool. There are several papers at this year's Sigcomm conference (big computer networking conference) that took their measurements using Planetlab. There are a number of other papers and projects in the pipeline that're using planetlab as their research testbed. The cool thing about planetlab is that it's now considerably larger than most prior testbeds, and has a lot more momentum for future growth. Full disclosure: I spend a part of my time working on planetlab, but this post is not any kind of official view, it's just my interpretation.-

Early this year, I saw some fairly sophisticated interaction using a flexible input device called ShapeTape, made by Canada's Measurand. While the company is marketing it as a motion-capture and 3D modeling technology, Tovi Grossman at the University of Toronto's Dynamic Graphics Project has been working under Ravin Balakrishnan to explore other applications for ShapeTape, including as a general input device. For example, you can use it in computer-assisted design or animation to make and perform some fairly complex 3D curves and manipulations in far less time than it would take with keyboards, mice or drawing tablets.

The Association of Computing Machinery's computer-human interaction publication CHI Letters' latest edition includes their paper on the use of ShapeTape (2 MB PDF), which was presented at the ACM CHI 2003 conference on human factors in computing systems along with MPEG demonstration videos. (3 min. basic - 15 MB | 15 min. complete - 190 MB)

Grossman's Web page includes links to other videos and previous papers.

Computer graphics and animation tool-maker Alias|Wavefront also has several videos that featured former chief scientist Bill Buxton demonstrating ShapeTape in use:

• 3D Tapedrawing On The Wall 4:33 min. - 11MB
• Digital Tape Drawing 2:33 min. - 8.2MB
• Modeling With Shapetape 1:14 min. 3.9MB

And, of course, ShapeTape maker Measurand also has further information and videos.

Early this year, I saw some fairly sophisticated interaction using a flexible input device called ShapeTape, made by Canada's Measurand. While the company is marketing it as a motion-capture and 3D modeling technology, Tovi Grossman at the University of Toronto's Dynamic Graphics Project has been working under Ravin Balakrishnan to explore other applications for ShapeTape, including as a general input device. For example, you can use it in computer-assisted design or animation to make and perform some fairly complex 3D curves and manipulations in far less time than it would take with keyboards, mice or drawing tablets.

The Association of Computing Machinery's computer-human interaction publication CHI Letters' latest edition includes their paper on the use of ShapeTape (2 MB PDF), which was presented at the ACM CHI 2003 conference on human factors in computing systems along with MPEG demonstration videos. (3 min. basic - 15 MB | 15 min. complete - 190 MB)

Grossman's Web page includes links to other videos and previous papers.

Computer graphics and animation tool-maker Alias|Wavefront also has several videos that featured former chief scientist Bill Buxton demonstrating ShapeTape in use:

• 3D Tapedrawing On The Wall 4:33 min. - 11MB
• Digital Tape Drawing 2:33 min. - 8.2MB
• Modeling With Shapetape 1:14 min. 3.9MB

And, of course, ShapeTape maker Measurand also has further information and videos.

What? Why would you be reccomending the teaching of Goto? Teach Sub routines or functions. They aren't much more complicated and get you closer to better programming. We've known that GOTO was a bad idea for over 25 years. Yikes!

I don't want to hear about Knuth supporting GOTO. It was a specialized case and still questionable.

Companies today don't give a rat's ass about you. All they want is a bunch of robots paying them as little as possible. Everyone is replaceable. If you understand that and embrace it, you can always have the last laugh. Before you leave make sure you have something lined up to go to. As soon as you start at your new job, decide how long you want to stay there (3,4,5 years), and what kind of position you would want at that time. Never stay at a company for more than 6 years. During the time you're at the new job, study,read, and learn what it takes to be able to perform that new position. If the company offers training, great, but don't rely on them 100%. It's your responsibility to improve yourself. Once the time limit has been reached, if you haven't been promoted to the position you've been planning , go on a job hunt again. I once made the mistake of staying 8 years with a company. In the end, the company screwed me over, and I had to take a pay cut and a lower position just to get a new job.

Also, become more active politically. Write to your congressman about getting these excemptions to the labor laws reversed.Join organizations like (http://www.cdt.org/),(http://www.acm.org),(http:/ /www.cpsr.org),(http://www.eff.org) . Laws against us have been passed because we aren't political enough. Look at UCITA. Vendors tried to screw us over one more time. We became organized, and now we are in a stalemate. It's not dead yet, but its certaintly not being enacted on a grand scale.

Unions are not an answer. They have their own adgendas and they kill and calcify whole industries once they take hold.

Yes, given that...

• the NSA do not want to get caught doing it
• the NSA knows that many people will be looking for such a backdoor, because finding it will mean instant fame
• the code has been available for inspection quite some time now...

Now, granted, a backdoor could exist, but it could equally well exist in any other distribution. If you want to be a conspiracy-theorist, there is little reason to believe they haven't already forced Linus or anyone else to accept some patches, or even installed them in gcc, as explained Ken Thompson's excellent article.

2) What other security-patched distro's can people recommend?

I have no idea. My guess would be that there are a lot more people writing security patches for linux, then there are people reviewing them, so I doubt anyone else knows much about this either. Everyone will probably recommend their own patches... :-)

The moral is obvious.

You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

While I understand your point, this is unfortunately not entirely accurate. I suggest reading Ken Thompson's Turing Award Lecture for an explanation of exactly why having the source code is not necessarily enough. I don't think the scenario he describes is a likely one, but it's worth looking at and thinking about in any case.

Hmm. You're quite correct. That is a standard way of implementing an infinite loop. That is not to say that breaking out of infinite loops is good practice however.

You may want to read up on a paradigm that's sweeping the software industry ;) It's called structured programming: see Dijkstras Go To Statement Considered Harmful

A thick cable (that I have never seen)...

Oh hey, found a Commmunications of the ACM article by Metcalf and Boggs about their early work on Ethernet. Good read.

Before 1993 or so and the advent of Switched Ethernet, Ethernet would melt down under the weight of its own traffic. 40% traffic for Ethernet is an emergency situation.

No, you're kidding me, right?

I can't believe this FUD is still out there after 30 years. Contrary to popular and mis-guided belief, an Ethernet will NOT saturate itself at 37% utilization. Period. Anyone that honestly believes that should give the token ring and ATM salesdroids and spin doctors a great big pat on the back because that's exactly what it is: sales doubletalk and spin from vendors of competing technologies. For christ's sake, this myth was laid to rest in September of 1988 . This FUD relies on over-simplifications of assumptions in the theory and inadequacies in the testing procedures.

I can't believe you'd honestly bring it up. Anyone with even a marginal amount of actual networking experience knows this to be FUD. Next time think before you speak about something you know nothing about.

IBM Almaden has a group that works on privacy-preserving data management. Intelligent Information Systems Research research group. (Note that Srikant Ramakrishnan of the group was awarded the 2002 Grace Murray Hopper award on association rules and data mining.

it should be easy for them to decypher the naming conventions used by ATT, Sprint, Verio, Teleglobe, Global Crossing, C&W, etc.

Despite the challenge, research projects do decode these names to recover router locations, including Subramanian and Padmanabhan's Geotrack and UW's Rocketfuel. The tsunamii folks may be able to reuse these schemes to redraw their map with a better approximation to real network paths.

it should be easy for them to decypher the naming conventions used by ATT, Sprint, Verio, Teleglobe, Global Crossing, C&W, etc.

Despite the challenge, research projects do decode these names to recover router locations, including Subramanian and Padmanabhan's Geotrack and UW's Rocketfuel. The tsunamii folks may be able to reuse these schemes to redraw their map with a better approximation to real network paths.

Likewise: 2003-04-21 03:01:12 Inventor of the RDBMS Dies (articles,news) (rejected)

I found the news on alt.folklore.computers where they actually care about the history of computing.

My submission linked to the San Jose Mercury News obituary and Codd's original paper on the relational model.

Huh? There are thousands of researchers working dilligently every day to figure out how "computer space" works. Computer science is a very young field, and at present, we are unable to answer even the most basic of questions concerning the nature of computation and its relation to time, space, information, randomness, and the universe.

You want extreme programs? Look at Nisan's pseudorandom generator, the PCP theorem, Shor's quantum factoring algorithm, etc. These are all efficient programs that changed the way people thought about the world.

There is however a very nice approach called shader metaprogramming that makes it possible to write shaders directly in C++ syntax and call them as if they were functions. The basic idea is to build up a parse tree through clever operator overloading, and then compile that into a shader to bind before using it. Clever approach.

ACM is a wonderful organization to belong to,
and there is a women's division that supports student chapters.
Here's the details on setting this up.

It's not that hard, really. And, if you think it is some great deep programming secret, you're going to be disappointed when you actually go look at a quine and see how it's done. A certain classic Turing Award acceptance speech starts off the speech with probably one of the easiest-to-understand quines there is.

Now go away and do it yourself, in some language. The end of this post is going to contain a quine-like construct, and I'd hate to give the secret away to someone who still wanted to discover it themselves.

Quines, or rather quine-like logic, do have actual current applications, though I can't think of one off the top of my head that isn't malicious.

Assuming this'll get past the lameness filter, here's a short piece of code that you should never, ever, ever execute on a lambda-derived moo. Ever. It's essentially a one-line fork bomb. The only way I know of killing it is by temporarily disabling $string_utils:print. It's technically not a quine, though its core is certianly quine-like.

;for i in ({1}) pre="for i in ({1}) pre="; a="; a = pre + $string_utils:print(pre) + \"; a= \" + $string_utils:print(a) + a; for d in ({1, 2}) fork foo (5) eval(a); endfork endfor endfor"; a = pre + $string_utils:print(pre) + "; a= " + $string_utils:print(a) + a; fork foo (5) me:notify("first: a is " + a); me:notify($string_utils:print(eval(a)));endfork; endfor

He is an ACM Fellow, whose citation reads

For his fundamental work in various areas of theoretical science, his invention of the visual language of statecharts for specifying reactive systems, and his expository contributions, especially via the widely acclaimed 1987 book "Algorithmics, the Spirit of Computing".

I attended a talk today by Roger B. Marks, a member of the IEEE 802.16 standards committee where he described the standard in detail. Many people say just add a pringles can to 802.11 to extend the range, but there are many other issues beyond range. 802.11 and 802.16 are designed for different purposes.

Among other things, Mr. Marks described that 802.11's MAC uses CSMA/CA (carrier sense multiple access with collision avoidance). The carrier sense means that it listens (or tries to listen) for other devices broadcasting and only sends when it detects silence since the receiver can only handle one transmission at a time. This is fine for wireless LAN's where for the most part, all of the devices can "hear" each others transmissions and figure out when its ok to send. In an 802.16 MAN (metropolitan area network), the users' devices can't receive each others transmissions so the base station assigns each device a time slot in which to send & receive its data. (For more information on IEEE802.16, see their website: http://WirelessMAN.org.)

How about the ACM Code of Ethics and Professional Conduct as a start?

The UC Berkeley Computer Science Department teaches a somewhat similar class - CS 195: Social Implications of Computing. You might find some interesting reading material in the publications mentioned in their Fall 2002 Syllabus.

There's sure to be some fodder for discussion on the web pages of the Computer Professionals for Social Responsibility, Electronic Frontier Foundation, ACM SIGCAS: Special Interest Group on Computers and Society, ACM Computing & Public Policy, Computers, Freedom, & Privacy Conference, and The IEEE Society on Social Implications of Technology, to name just a few.

The UC Berkeley Computer Science Department teaches a somewhat similar class - CS 195: Social Implications of Computing. You might find some interesting reading material in the publications mentioned in their Fall 2002 Syllabus.

There's sure to be some fodder for discussion on the web pages of the Computer Professionals for Social Responsibility, Electronic Frontier Foundation, ACM SIGCAS: Special Interest Group on Computers and Society, ACM Computing & Public Policy, Computers, Freedom, & Privacy Conference, and The IEEE Society on Social Implications of Technology, to name just a few.

And Real Admins dissassemble the generated machine code looking for backdoors!

ACM has already decided not to premote the licensing of Software Engineers. Although Software Engineering may be a perfectly valid discipline (and I believe it is), I can't really disagree with them. Actually I disagree with their reasons but I've got my own reasons for reaching the same conclusion.

One of the other replies to this is actually quite valid, but since the poster was an AC it'll likely not been seen.

The ACM has this paper from 1997 regarding accreditation. A short extract:

2.1 The Computing Sciences Accreditation Board

In 1982 the Association for Computing Machinery (ACM) and the Computer Society of the Institute of Electrical and Electronics Engineers (IEEE-CS) formed a joint task force to plan an accreditation process for the computing sciences. Two years later draft documents for creation of the Computing Sciences Accreditation Board (CSAB) were completed, and the two societies appointed a group of provisional representative directors from the two societies to the newly incorporated CSAB.

CSAB's scope includes post-secondary baccalaureate programs that prepare students for entry into the computing sciences professions. Programs may be found in the fifty states of the United States, the Commonwealth of Puerto Rico, U.S. trust territories, and U.S. management areas. The Computer Science Accreditation Commission (C SAC) of the CSAB accredits programs in computer science.

The main purpose (from the ACM's viewpoint of 1997) is to provide recruiters with a way to be confident that an applicant is well-qualified to operate in a position that requires a Computer Science graduate. You could think of it as a certification in "well-roundedness" - the person has some knowledge about algorithms, processes, procedures, and is able to write far-better-than average code.

I myself am not in favor of the ACM becoming the Software Engineering Accreditation Body (and I graduated from one of the first ACM-accredited schools). They have a strong lean towards the academic side of software, and don't really address the issues encountered when writing shrink-wrap software that will be sold to end-users. Which is why I'm no longer a member.

I don't think that the various industry certifications are the answer either -- I've seen too many "Paper CNEs" (and MCSE's, Cisco certified, etc) being flaunted by people who merely had good short-term-memory skills.

Right now, I think the software industry is too immature for accreditation. The traditional engineering areas have had centuries of standards, procedures and customs to draw on. If mechanical engineering were like software, a 2" steel pipe would change it's diameter every 6 months.

Chip H.

In situations like these, the actual facts play only a modest role in shaping public opinion,

True, but public opinion has relatively little to do with whether your computers are secure or not. If it did, then nobody would bother with engineering approaches to security; they'd just set aside a large PR budget to create the public perception of security, and that would make their software secure.

The main irony here is the old observation by many security people: If you want computer security, you never, ever allow any software to be run unless you have all the source and you've compiled it yourself. Otherwise, you have no idea what may have been hidden inside that binary by the people who sold it to you.

It would be interesting to see whether Microsoft's teachers bring out this rule. Will they even mention the topic? If so, will they teach the course the second time?

Granted, this isn't nearly the whole story. You must not just have the source. You must also have competent, trustworthy people on your staff who have the time to thoroughly take the software apart and understand it all. And even then, Ken Thompson's famous paper shows how subtle the problems can be.

Still, as a baseline argument, any such course on computer security should start with the observation that if you allow binary software to be installed, you are utterly defenseless against the people who compiled and packaged it for you. This is really the main thing that needs to be said about security and Microsoft.

If the Intel or gcc compiler has a smart 'exploit', (1) they can backdoor specific or general programs without an exploit in source, and (2) this exploit can self-propagate in the compiler, as the backdoor compiler compiles the new compiler, so once written the source for the self-propagating compiler exploit can be deleted. Donald Knuth did this with gcc(?), iirc.

Not quite.

What you're probably thinking of is Ken Thompson's (fairly famous) presentation to the ACM, "Reflections on Trusting Trust", given in 1983 when he and Dennis Ritchie received the Turing Award.

The text of the original presentation, along with some handy illustrations from the printed version, can be found at the ACM:

"ACM Classic: Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/

Way offtopic here now, but it was Ken Thompson, not Donald Knuth. Here's the discussion in question: Reflections on Trusting Trust.

Also a summary entry in the Jargon File, for those who don't want to read the paper: http://www.catb.org/~esr/jargon/html/entry/back-do or.html

Donald Knuth did this with gcc(?), iirc

Actually, it was Ken Thompson, in reflections on trusting trust. See it here. Pretty cool.

And no, not with GCC, gcc is way too complicated, and it would be hard to make an exploit that can fool the bootstrap process. I.e., when you build gcc from source, it gets compiled with your current compiler, with no opitmizations. Then the result is used to recompile gcc with full otptimizations, and then this is done again, and the last two versions are compared to check they got the same result. This is done to check for miscompilations. If anyone makes an exploit that can get throught this, I'd be very surprised.

The talk was co-run by Interface (the VUW Computer Club and ACM Student Chapter) and the School of Mathematical and Computing Sciences.

If you're a VUW student and want us (Interface) to do more stuff like this, you should join us .

• The Internet
  
• BSD Unix (and variations)
  
• Linux
  
• The GNU project
  
• Object Oriented Programming (and, by extension, anything built using OOP principles, like Microsoft Windows)
  
• The World Wide Web

• Joining your local student ACM chapter. Better yet, run for office - I know they need the person power. If it doesn't exist, charter it!
• Want to attend a technical conference? Both USENIX and the IETF have programs designed to get students involved by providing stipends. Often, these programs are applied to by few students.
• If you prefer getting involved with a .com than a .org, consider that Apple gives away about 300 scholarships to their annual develpers conference in San Jose, WWDC.
• If you are an uber programmer, perhaps you should try registering as a student or evan as a competitor or presenter at MacHack.
• The Government is always hiring, and don't let anyone tell you that you have to get a security clearance to work on something cool.
• An earlier posted mentioned that the University IT department is a good place to work, and for the most part I agree - there are few other places with the budget and deployed network size of Univsersities that will teach you as you go.

Tcl may be the only "pure scripting" language" which has won the ACM/SS. By a "pure scripting language" I mean a language which is limited for the most part to scripting and often not used for much else. In contrast, Smalltalk, a language which can be used for scripting, embedding, as well as full-blown client and server side application development has also won the award. (not to dis Tcl, it definately has its uses!)

Tcl's C source code is some of the most beautiful I have ever seen.

I'm afraid you are on crack. I am a NOC, literally. Loss depends on the technology used in a link. You can use a full duplex connection to it's virtual entirety on almost any medium. For example, a 100Base-TFD can use virtually all of it's link. It's cheap ASICs that can't full reach the potential of 100Base-TFD, not the technology. A good ASIC can handle at least 90% of the maximum. Excellent ASICs will handle the virtual 100%. You're probably also one of those people that have been clued in by the media (and vendors of competing technology) that believe half duplex Ethernet can only be used to a maximum of 36%. If so you should read Measured capacity of an Ethernet: myths and reality . Even 10Base-THD can reach the theoretical limits of an Ethernet, 100%. Even wireless can reach 100% utilzation and it's and extremely lossy medium. I'm not even going to waste my time discussing ATM, FDDI, or any other networking medium as it simply won't matter. Your comment is pretty much worseless and you should do your very best to not give network administrators bad names by spreading your garbage.

Although slightly offtopic, tabs should really be a feature of the window manager, not any one program. Check out this paper for some cool ideas. Why cant I glue together a web browser, by terminal and a text editor into one tabbed bundle? Why shouldnt I be able to tear off tabs and turn them into real windows? etc. If tabs were part of the window manager and not the application this type of thing would be easy.

For those who may be members of the ACM, the new issue of the ACM magazine Communications has an excellent issue regarding Attentive user interfaces.

For those who may be members of the ACM, the new issue of the ACM magazine Communications has an excellent issue regarding Attentive user interfaces.

For an interesting take on this, read Ken Thompson's lecture on Trusting Trust.
Don't blame me if you're paranoid afterwards :)

and the one to which "kt" refers is described here. Truly ingenious. Even looking at every part of the source yourself can't protect you in a case like that.

They certainly wouldn't approve of manually adding hooks everyplace, which is what AOP tries to avoid (while still giving the programmer the power as if that had been done)

How far would AOP meet with his approval? Good enough, it seems. Dijkstra's criteria for allowing a feature into a language was how much it complicated the description of the "cursor position" ("textual index point") of a program at a certain time. Gotos are bad, because they make the size required to describe that position unbounded (the full history of all previous goto jumps). Structured programming, with nested blocks and function calls, keeps the size limited, because the position-descriptor shrinks when you leave a block. (As long as there's no infinite recursion, but even that can sometimes be handled)

AOP's effect on the execution graph is the same as function calls. It's just the calling of functions, but the calls themselves are implicit and invisible. The textual index size is only increased by a small constant factor per aspect called, and that size is recovered when it's done.

This is just silly. Read-only access to source doesn't demonstrate the lack of backdoors. Even if they *could* compile, that still wouldn't protect them from this classic "Reflections on Trusting Trust" attack.

The article is Reflections on Trusting Trust by Ken Thompson.
Of course, everyone knows Microsoft is trustworthy.

Avoid Maryland! It is a UCITA state!

http://www.acm.org/usacm/IP/ucita.states.htm


Virginia is also a UCITA state.

UCITA is bad news for anyone remotely connected to the software industry, if you haven't already heard.

California is great but it has high taxes and its legal climate is anti-business, not to mention the huge cost of living. I currently live in San Jose, and if worse comes to worst, I will move to probably Nevada, Arizona, or New Mexico. I'd prefer Vermont, for many things including getting to vote for Senator Leahy, but my partner hates the snow :)

The most believable link I've come across is one that points to some ACM proceedings where the attribution is footnote #25.

25 Unknown. "Interview with Bill Gates". FOCUS, (43):206-212, October 23 1995.