Slashdot Mirror

So, a private company has been helping 400 open source projects with code quality (usually considered important) for quite some time now using their tools which find many different code defects. It had been started with government money, but now they take it out of hide. And do you shed any light on it? Provide more information? No, you just make uninformed comments about things that have easy to find answers and whine. What a waste.

Some of the better-known projects scanned include Apache, Firefox, GIMP and a number of forms of Linux and BSD.

Open Source Is Better Than the Closed Stuff (Until You Hit 1 Million Lines)

A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World

Here is the data sheet (.pdf) that should help you understand.

Here is some addition detail on the common problems (.pdf) it looks for.

Here is a background article: A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World

Maybe you should link to the actual ACM Copyright Transfer and ACM Publishing License, as they are the parts that actually talk about what and where you can post versions of your article.

(oops, just posted this as an AC. I thought I was logged in) Your submission, "" was accepted for publication in CCS'13 conference proceedings. You must assign publishing rights to ACM before ACM can proceed to production. There are several ways you may now assign publishing rights to ACM. You may ask ACM to manage your rights for you (including pursuit of plagiarism and clearance of third-party re-use permissions) by transferring the requested rights to ACM using either the traditional ACM Copyright Transfer Agreement or the ACM Publishing License. The community has also asked ACM to offer up-front OA fees should authors wish to make their works permanently open access (OA) in the ACM Digital Library. Should you choose to pay the article fee guaranteeing permanent open access, you may still ask ACM to manage your publishing rights for you by copyright or license. But you will also have a third option: you may choose to manage all rights yourself, by selecting the Permission Form, granting ACM a non-exclusive permission to publish your work. As of April 2013, ACM is offering authors the option of paying an Article Processing Charge in exchange for permanent OA (open access) for your article in the ACM Digital Library. Should you choose to pay the article fee guaranteeing permanent open access, you may still ask ACM to manage your publishing rights for you (including pursuit of plagiarism and allowing ACM to grant re-use permissions) by transferring the requested rights to ACM using either the traditional ACM Copyright Transfer Agreement or the ACM Publishing License. But you also have a third option: you may choose to manage all rights yourself, by selecting the Permission Form, granting ACM a non-exclusive permission to publish your work. The Open Access option requires the payment of the APC (Article Processing Charge). The fee is $1,500 if you are not a member of ACM or $1,100 if you or any of your co-authors are ACM members. If you choose the Open Access option, ACM will invoice you separately. If you are not already a member of ACM, consider joining ACM now to take advantage of the member discount rate http://campus.acm.org/public/qj/quickjoin/interim.cfm?promo=PROSOA. If you do not want to pay the OA fee, you will need to transfer publishing rights to ACM either by using the traditional ACM Copyright Transfer Agreement or choosing the new ACM Publishing License. Please click on the following link to access and complete the required process of choosing publishing rights for your submission. Please take a moment to review the form above for errors in the title and author listing. If corrections are needed, please PROCEED to the selected FORM and use the EDIT/tool function located at top of the form and make any necessary changes before submitting the form. The changes will automatically be sent to the PC or proceedings coordinator upon completion. We request that you attend to and complete the form above within 72 hours of the sending of this email. If the link above does not contain your paper's information, please contact me at your earliest convenience. Deborah Cotton ACM Publications rightsreview@acm.org

http://queue.acm.org/detail.cfm?id=2508864

It would be super cool if there was some kind of technology that allowed you to provide a link to the source material for discussion...

http://queue.acm.org/detail.cfm?id=2508864

This often happens when the simulation results are influenced by variations in the accuracy of the built-in functions. Every floating point unit (FPU) returns an approximation of the correct result to an arbitrary level of accuracy, and the accuracy level of these results varies considerably when built-in functions like sqrt(), sin(), cos(), ln(), and exp() are considered. Normally, the accuracy of these results is pretty high. However, the initial 8087 FPU hardware from Intel was pretty old, and it necessarily made approximations.

Floating point arithmetic is in itself a bunch of approximations. It's the least precise computation you can do, and if you're not careful, errors accumulate rather rapidly.

In fact, most people using floating point probably don't realize that they order in which they do computations matter, nor despite having a standard, most hardware floating point units are NOT fully compliant.

This is probably a lot harder on the sciences (whether it's computer, weather, climate, whatever) who assume their computation hardware is "perfect" because understanding the low level is more an implementation concern.

A must-read article is What every computer scientist should know about floating point arithmetic (paywalled). A nice edited reprint is available as HTML (and PDF if you Google it - but Oracle seems to have it in HTML). This is one of those leaky abstractions - the hardware doing floating point is not precise at all and if you're not careful, you can lose significant figures very easily (you may think you're keeping 4 sigfigs throughout, but one error and you can be reduced to 1 due to approximations even when you really should have 4).

Is it possible to read slashdot without keeping my account active? And keep the name calling to a minimum, please. I thought you had some semblance of ethics when you brought this article to slashdot? Here is a hand: http://www.acm.org/about/code-of-ethics Lad? Do you know what they say about assumptions? Interesting tacks... let's count them up: Post to slashdot with a barely coherent conspiracy theory on losing the possibility of invention through unanticipated use. Gasp! Respond by thinking everyone else is wrong, because, after all, there is no way anyone else could possibly be right. Respond by claiming others are ignorant, despite the foreign nature of this conversation. Oh, let's wrap comments in what they meant to say! Lastly, since you don't understand, then others must be trolls. Who needs people that can help?

JavaScript is a nice little scripting language that’s got some nice functional programming features. When you need to need to write heavy applications that require performance, low memory usage, and multithreading, it’s the wrong choice.

Multithreading? Problem solved: Daniele Bonetta, Walter Binder, and Cesare Pautasso. 2013. TigerQuoll: parallel event-based JavaScript. In Proceedings of the 18th ACM SIGPLAN symposium on Principles and practice of parallel programming (PPoPP '13). ACM, New York, NY, USA, 251-260. DOI=10.1145/2442516.2442541

Wrong.

No, it's true. Inheritance breaks encapsulation. This is a indisputable fact. It's VERY well established in the literature. The problem, it seems, is that you simply don't understand what that means. Do you have an ACM DL subscription? If not, get one. You'll find plenty has been written about that very subject.

That's exactly the point, just as with Javascript they don't slog through them, they're just not even aware of them and as a result they write wrong code, buggy code, vulnerable code.

Have any evidence? Because I don't think you do. (I think you're making this up as you go along.) Where's the research? Make use of your ACM DL subscription.

That's not fair. I know you can't actually produce anything like that. How about some specific examples like I asked for in an earlier post? Surely, you have something specific in mind?

Now, I will agree that people don't use JavaScript correctly. That was the point of my first post. The problem isn't the language, of course, but people trying to use the language like it's a class-based, not prototype-based. Once you learn the language, you'll find that there's nothing wrong with it. There are no "quirks", as you like to say, it's just different. Give Scheme and Forth a go and you'll find they're just as different, but not poorly designed in any way. (The difference? You can't pretend that Scheme and Forth are just like Java and C# like you can with JavaScript. If there's any problem with JavaScript, it's that the familiar syntax makes naive developers think that there's nothing new to learn.)

More buggy than an equivalently skilled developer would produce with better designed languages

Again, what makes a language poorly designed? What makes a language "better designed"? Is there some ultimate ideal language design? I still don't think you've thought this through.

instead quoting lines from books that are now nearly 20 years old

I did no such thing! (I actually had a much older paper in mind when I told you that inheritance breaks encapsulation.) You had never heard of such a thing and did a google search (as I asked), landing on Wikipedia, where you learned that the subject was mentioned in the GoF book.

you're obviously not willing to learn enough about this topic to have a rational conversation

I'm not willing to learn?!

How about answering the very basic questions about your assertions? Asking questions shows a willingness to learn, doesn't it? I've not asked any difficult questions, after all. If you want me to learn, surely you could take the time to answer them, or at least direct me to the relevant research from which I'm sure you've formed your opinions?

You're not just repeating empty platitudes, right?

The execution was amteurish, but today's news proves that the principle is worth exlporing further.

We could force the NSA to monitor covert channels in spam (whether they do exist or not), so they may have to dedicate even more resources on hardware and electricity. The more they scan spams, looking for a message that may or may not be there, the less resources they have left to spy on ordinary citizens.

You know, if the NSA fucktards lifted a finger to remove or kill Spammer machines (or spammers themselves) all this shit would go away over night.

NSA: "We killed spam forever."

Populace: "How?"

Nerds: "Who the fuck cares how! Let's go back to farting around with bash scripts!"

The execution was amteurish, but today's news proves that the principle is worth exlporing further.

We could force the NSA to monitor covert channels in spam (whether they do exist or not), so they may have to dedicate even more resources on hardware and electricity. The more they scan spams, looking for a message that may or may not be there, the less resources they have left to spy on ordinary citizens.

Well, it's definitely for nerds, but the Tesselation paper was published in 2009, so hardly news. For those that don't have ACM DL access, the paper is interesting, but suffers from many of the same problems as LibOS / Exokernel approaches.

I highly recommend joining the Association for Computing Machinery, which is the preeminent computing society for software engineers (hardware engineers can play too). It's $200/year and worth every penny. You get access to a large online course library, a huge subset of O'Reilly's Safari Online books, and the entire history of all ACM computing journals, which often have landmark articles available nowhere else.

It's also worth seeing if a local ACM chapter is near you. You can connect at one of their meetings to any number of subject matter experts, who may well be willing to mentor you.

Note: I am a co-author of the coming paper to appear in PADS 2013.

I clicked hoping to read the paper, but the actual paper doesn't seem to be posted, only the abstract. The ACM copyright policy explicitly allows authors to "Post the Accepted Version of the Work on ... the Author's home page", so there is no legal barrier to the authors putting a PDF online. Doing so would of course increase readership of the paper, so ought to benefit everyone.

The question is whether young software developers can learn old stuff that has been ignored for decades and rediscovered only recently.

College textbooks are largely irrelevant in the age of Internet. They only exist to keep publishers and bought teachers rich.

This is really not the case at all. Your class may "require" stupid irrelevant textbooks; I had many like this myself. However, textbooks, i.e., field-specific moderately expensive ($50-80+) texts are often the only useful place to find information. Yes, you can find probably all the information on Java you care about on the web. However, you will have a much harder time finding information on compiler optimization, writing garbage collectors, or other "real" CS topics on the web, beyond very rudimentary hand-wavy descriptions.

You can find a lot of this information on the internet, usually in the form of papers behind a paywall (e.g., the ACM). However even then, it's usually not condensed into a useful form such that you can easily evaluate the pros and cons of various approaches. If you have to deal with these things, $100 for the textbook suddenly seems very reasonable.

Building your professional library as a student can be nice; however it would also be nice if professors focused on books that will have a long useful life.

Print:
1) The Economist. Very informative. Their politics are not hidden, and socially, they're definitely left of center. Financially, they're the "Voice of the Plutonomy." But, it works. The articles are typically quite informative.

Online magazines:
1) IEEE Spectrum
2) Communications of the ACM
3) Dr. Dobbs
4) Infoworld
5) Linux Journal
6) Machine Design

And a variety of online information sources for current events. Typically, Google and Google News are good starting points.

Here too, but I like dead trees.

I'm going to add a couple of articles I liked for your consideration. The articles and some of the technology are old, but the ideas are probably still sound.

http://highscalability.com/amazon-architecture

http://highscalability.com/scaling-twitter-making-twitter-10000-percent-faster

http://queue.acm.org/detail.cfm?id=1142065

http://www.webperformancematters.com/journal/2007/8/21/asynchronous-architectures-4.html

I'd be curious to see responses to these since these articles are old. I haven't been to these websites in a while, so maybe they have some other interesting and more up to date articles.

As for PostgreSQL, I'd recommend this book. The first few chapters apply to any database. The next relate to PostgreSQL specifically. If you're a code head (like me), this book may be better suited for the DBA, but we don't know your specific needs.

I wrote up an article in Communications of the ACM about a year ago summarizing the state of phishing attacks.

My colleagues and I have also studied phishing extensively and have the most comprehensive peer-reviewed body of work in this area. Our studies include understanding why people fall for phishing attacks (PDF), evaluating how well simulated phishing attacks work (PDF) (the short answer is quite well, based on a study of 500 people), designing and evaluating a micro game teaching people about URLs works (PDF) (empirically tested with several thousand people), and more.

We've also commercialized our work, in terms of a service for simulated phishing attacks, the micro game for anti-phishing, and more.

Also, to anyone saying "people are stupid" or "they deserve to get malware", you really are part of the problem. It's our job to protect people, to reduce complexity, and to ensure the safety of our systems and networks. Arrogantly dismissing others as being inferior or stupid is one reason why computer security, user interfaces, and software in general is in the state it is.

Interesting - failure of user space in this way is exactly why we have zero-days.

Operating system kernels are no less vulnerable to attacks than user-space applications. I believe attackers don't usually attack the kernel because plenty of easier-to-exploit user-space applications exist with vulnerabilities in them.

I would like to see this happen - but several things make it improbable:

1. Von Neuman architecture. As long as data and instructions exist in the same space - poorly written apps will allow abuse of it.

Machines with separate code and data memories may be more difficult to exploit, but exploitation is still possible. This paper describes one such attack.

2. Complexity of current software. The more complex the software, the more likely a bug will exist in it that allows #1. Given how programmers stitch together preexisting modules without understanding what is being done on the underlying system - I only expect that to continue expanding.

It should be instructive that Java was supposed to be that sandboxed layer...and it has so many zero-days it looks like swiss cheese.

Now - how would we avoid that and make an unhackable userspace?

For memory safety errors (buffer overflows and their ilk), there are a number of solutions to the problem coming out of the research community. Control-flow integrity looks extremely promising with less than 10% overhead on average (although the number of programs tested is still too small). Other techniques can handle non-control data attacks, but they incur more overhead. I think the question going forward is how can we reduce the overhead of automated defenses, and which set of defenses give us the right performance/protection tradeoff.

For a list of papers on the subject, you might want to check out my memory safety menagerie.

Well, to solve complex problems computer must be programmable. And since it's personal, programmable by its owner. Now, how many tablets (especially Apple tablets) are capable of executing programs written on them?

Specious and irrelevant.

Back in the days you needed paper tape or punch cards, the code wasn't "written on them", and most software people will ever run wasn't written by them or on that computer. So it's not a computer until you write code on it? So by that definition most secretaries don't have computers then? I don't follow this non-logic.

Seriously, why is everybody trying to make up their own convenient definitions of "personal", "computer", and "personal computer"??

According to any definition which would be accepted by the ACM, both a smart phone and a tablet are computers. Has Slashdot suddenly gotten stupid?? If you could port Java to the or any other programming language to it .. it is by definition a computer.

And since I know iOS stuff is written in Objective C, any argument that a tablet isn't a computer is a self-serving argument based on really annoying semantics.

"To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security .. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization"

To mention Unix and Windows NT security in the one sentence, just begs credulity ...

"Windows NT and its successors .. were not initially designed with Internet security in mind"

I think you're confusing Windows NT the operating system (NT3, NT4, 2000, XP, etc.) with NT the kernel and security model, which was designed to be POSIX compliant, which implies lining up with "unix multi-user security" and is also done in such a way as to be tweakable to mimic many of the SELinux advancements. The OS I could do without; the security model as originally baked in (and then ignored in preference of interoperability with DOS/9x -- but it's still there) is actually pretty network-savvy. It's not the architecture team's fault that the OS team dumped a sieve on top of their nicely designed core and taped over some of the main security features on which the architecture hinges.

Not meant to sound like an apologist; it's just that I'm really impressed with a lot of the work that early team did. They did it well enough that you can, even now, modify the commercial OSes that Microsoft releases to run in a manner that reflects the original network-savvy security architecture, without resorting to Active Directory etc. Of course, a lot of "Made for Windows" software won't run on it in that configuration, but we've learned to expect that with every MS OS after XP anyway.

"To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security .. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization"

To mention Unix and Windows NT security in the one sentence, just begs credulity ...

"Windows NT and its successors .. were not initially designed with Internet security in mind"

Citeseer and google scholar contain a large amount of scientific papers freely accessible. Many journals have open access policies. Many researchers publish their result on arxiv before sending it anywhere else. IEEE and ACM let their members access papers (IEEE policy at http://www.ieee.org/publications_standards/publications/subscriptions/prod/mdl/mdl_overview.html . ACM's policy at https://campus.acm.org/public/qj/profqj/qjprof_control.cfm?form_type=Professional . SIAM's policy http://www.siam.org/membership/individual/benefits.php ). So ok, it is not free, but that's not really expensive either if you are actually interested. Most researchers publish preprint on their website. If they don't, drop them an email they'll send you a preprint (if I had not put it on my website, I would send a preprint.)

Assuming you could not find it. And the author is a jerk. And you don't want to pay for it. You can still stop by a university libray where you will be able to download it using university subscription or photocopy it if the library has a paper edition.

Finally, we are not looking to send our papers to the most expensive journal. To the most prestigious certainly, but the price has nothing to do with it. Arguably, one of the most prestigious journal in CS is ACM Computing Surveys. It is an ACM journal, so all ACM members can read it online for the price of their subscription. Hardly the most expensive journal.

That being said, I'd rather we only publish in openaccess journal et we ditch the publishers out. But that's not realistically going to happen anytime soon.

That's a fixable problem. For example, you could read this article by phk in ACM: https://queue.acm.org/detail.cfm?id=2030258

In particular note:

Clause 1. If you deliver software with complete and buildable source code and a license that allows disabling any functionality or code by the licensee, then your liability is limited to a refund.

What they are teaching is that it is unethical to run penetration testing against a system without permission. This philosophy is embodied in the ACM Code of Ethics, in section 2.8:

2.8 Access computing and communication resources only when authorized to do so.

Theft or destruction of tangible and electronic property is prohibited by imperative 1.2 - "Avoid harm to others." Trespassing and unauthorized use of a computer or communication system is addressed by this imperative. Trespassing includes accessing communication networks and computer systems, or accounts and/or files associated with those systems, without explicit authorization to do so. Individuals and organizations have the right to restrict access to their systems so long as they do not violate the discrimination principle (see 1.4). No one should enter or use another's computer system, software, or data files without permission. One must always have appropriate approval before using system resources, including communication ports, file space, other system peripherals, and computer time.

He got thanked for finding the flaw. He got expelled for pen testing someone else's system. Two different acts, two different issues.

The major evolution that is still going on for me is towards a more functional programming style, which involves unlearning a lot of old habits, and backing away from some OOP directions.

One might suggest that every good programmer, if they spend enough time improving, eventually moves toward a more functional programming style.

That is more or less the same conclusion/train of thought Epic Games' Tim Sweeny had in 2005: http://dl.acm.org/citation.cfm?id=1111037.1111061 (note: slides of the talk can be found on the internet).

I have a couple of more references that I could dig up again but here is one about generating Sokoban levels: http://dl.acm.org/citation.cfm?id=646964.759857 Notice the year: 1996. This is a little dated.

Protien folding simulation is such a large and basic need globally there ought to be enough large scale interest to make development of specialized ASICs to deal with these problems cost effective and exceedingly useful for all who need to do these simulations. A quick check of google shows such chips do in fact exist with unbelivable performance figures which kick the snot out countless tens of thousands of CPU/GPUs. There is no shortage of funding for medical research so it begs the question why waste CPU/GPU resources on folding simulations?

I still do seti and milkyway at home because there are no resources allocated for seti and milkyway at home is interesting to me personally.

First of all, protein folding is not the only thing they do, the Folding@HOME infrastructure is used by many for a variety of bio-molecular studies.

Secondly, custom ASIC-based machines like Anton and MDGRAPE (which are AFAIK the only such machines around these days) consist of much more than a custom-chip, they use specialized interconnects, memory, software, etc. and cost a lot. The MDGRAPRE-4, the coming version of the Riken-developed custom molecular simulation machine costs $10M + $4M (development + manufacturing) which poses serious financial limitations to it. Moreover, these specialized machines are only able to run a handful of molecular dynamics algorithms and while fast, they are nowhere near as versatile as general-purpose codes like AMBER, GROMACS, NAMD, etc. Although it is true that these specialized machines are a few orders of magnitude faster in terms of absolute performance (i.e time to solution and not Flops), due to their limitations and the way they are used, some researchers argue that they employ a "brute force" approach to molecular simulations which is not cost-effective from the point of view of science/$ delivered. I personally wouldn't call machines like Anton and MDGRAPE a complete waste, they achieve impressive advances in hardware, software, and science results in a specific direction: pushing the limits of how fast can one run a single simulation. There are certainly other (some would say better) ways to get amazing results with general-purpose (super)-computers be it using massive clusters or cycles donated to folding Foldging@HOME.

Finally, let me explain why is there compute-resource shortage in the (bio-)molecular simulation filed which will remain for the foreseeable future no matter how much money do various governamental and non-governamental agencies pour into it. Molecular dynamics is extremely compute-intensive, a single iteration of the MD algorithm requires 10^8-10^10 Flops (not LINPACK Flops!), repeated for millions of times during a single simulation of a bio-molecular system (and such a simulation can take weeks even on a big machine). And that's still a few orders of magnitude short of what would be needed to simulate timescales at which biological processes take place. Therefore, any compute-resource available can be harnessed for molecular simulation research and Folding@HOME does a decent job at utilizing donated cycles. Admittedly, there are some in the community who think that Folding@HOME is wasteful, but that's a topic for another discussion.

Disclaimer: I am involved in the development of the GROMACS open-source molecular simulation package which is in fact on of the computational engines used by Folding@HOME. Still, I believe I have not been biased in the way I presented Folding@HOME and molecular dynamics in general.

Now we have a distributed sensor net to pinpoint where things go "boom". Also this. (WTF, ACM, you want people to pay for that?!!!)

That is the sorry reality of the bazaar Raymond praised in his book: a pile of old festering hacks, endlessly copied and pasted by a clueless generation of IT "professionals" who wouldn't recognize sound IT architecture if you hit them over the head with it. It is hard to believe today, but under this embarrassing mess lies the ruins of the beautiful cathedral of Unix, deservedly famous for its simplicity of design, its economy of features, and its elegance of execution. (Sic transit gloria mundi, etc.)

Does Kamp have a point? How do you refute his example and his drawn conclusion from it? Have you issued a rebuttal yet?

30 years later, perhaps, finally, something can be done with IPv6.

Software engineering is taught but not required by most CS curricula (at least from what I have seen),

It is part of the ACM curricula recommendations.

So, if you were reviewing the code for an app and found some sneaky logic, you'd just remove it and proceed to use the app anyway?

Yes. We wouldn't have had Unix without its C compiler...

FTJF

Historically, back doors have often lurked in systems longer than anyone expected or planned, and a few have become widely known. Ken Thompson's 1983 Turing Award lecture to the ACM admitted the existence of a back door in early Unix versions that may have qualified as the most fiendishly clever security hack of all time. In this scheme, the C compiler contained code that would recognize when the login command was being recompiled and insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.

Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler — so Thompson also arranged that the compiler would recognize when it was compiling a version of itself, and insert into the recompiled compiler the code to insert into the recompiled login the code to allow Thompson entry — and, of course, the code to recognize itself and do the whole thing again the next time around! And having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources.

The Turing lecture that reported this truly moby hack was later published as “Reflections on Trusting Trust”, Communications of the ACM 27, 8 (August 1984), pp. 761--763 (text available at http://www.acm.org/classics/).

You see, the behavior of which you speak is in the very definition of "back door". With the source code available, it's actually possible to compare the expected compiled binary to the resulting binary. If you're talking about some cleverly hidden in plain sight vulnerability we just call those "bugs", and carry on. Deliberate bug infested additions rarely persist beyond refactoring and further contributions. Eg: Only about 2% of Linus' original code remains in the Linux kernel due to code churn. Not that I suspect such foul play, but it would be pretty hard to coordinate a persistent threat in open source code unless the code rarely changes.

Communications of the ACM: Teaching Programming To A Highly Motivated Beginner

Security Systems: http://www.zoneminder.com/
http://www.linuxjournal.com/article/8513
http://linas.org/linux/secure.html

Alarm Systems: http://www.voip-info.org/wiki/view/How+to+implement+an+alarm+system+with+Asterisk+and+a+webcam
http://www.linux-support.com/cms/diy-burglar-alarm-system/
http://www.linuxjournal.com/content/interfacing-disparate-systems

CCTV: http://www.tuxradar.com/content/build-your-own-surveillance-zoneminder
http://www.seattlesurveillance.com/

Building Automation: http://www.sciencedirect.com/science/article/pii/S092658050500097X
http://dl.acm.org/citation.cfm?id=1029022

Engineering Apps: http://loll.sourceforge.net/linux/links/Software_Applications/Science_-_Engineering/index.html

You get the idea I hope. So what can't run on Linux?

.

Why couldn't they get the winner to provide a text, or LaTeX, or PDF, or even HTML version of their talk/speech, and make it easier to visually scan and re-read, rather than worry about lame encoder/video/flash/html5 issues and plug-ins?

.

You'd think a society like the ACM could know and use computing machinery, wouldn't you, or is that expecting too much in this world? And you'd think that people on /. would be all over this topic, whereas there are NO comments rated over (or even AT) 2 points currently (9:40 PM PDT, 2012-10-20 Saturday in California).

.

.

Why couldn't they get the winner to provide a text, or LaTeX, or PDF, or even HTML version of their talk/speech, and make it easier to visually scan and re-read, rather than worry about lame encoder/video/flash/html5 issues and plug-ins?

.

You'd think a society like the ACM could know and use computing machinery, wouldn't you, or is that expecting too much in this world? And you'd think that people on /. would be all over this topic, whereas there are NO comments rated over (or even AT) 2 points currently (9:40 PM PDT, 2012-10-20 Saturday in California).

.

Have a look at video included in this ACM article describing the use of AgentSheets and AgentCubes as part of the Scalable Game Design project: http://cacm.acm.org/magazines/2012/5/148567-programming-goes-back-to-school/fulltext You can see other 9 years olds.

itself.

There was an experiment. They would measure the Dopamine level, give the animal a sweet drink, then measure it again. as expect, after the drink, the Dopamine would rise up.
After time, the Dopamine would increase when the animal heard the door open. then when they heard foots steps, then all by itself at the specific time of, even if no one was coming.
So that's what we see. The answer is not to give the kids fast food and break the expectation.

Citations:
http://dl.acm.org/citation.cfm?id=1120460

Great radiolab episode on this subject:
http://www.radiolab.org/2009/jun/15/seeking-patterns/

The crypto stuff is kinda obvious... see for instance gnunet. For the actual p2p, take a look at this http://dl.acm.org/citation.cfm?id=1170257
I know the author, he started doing this more than a decade ago.

Yeah, it's frustrating, you (we) have some good idea, just to find out a lot of people already had it way before. Sometimes centuries ago (for math stuff).
On the other hand, we live in a world of awesome possibilities... ;)

Meanwhile, Apple was granted a number of new patents on Tuesday, including one for changing settings on a wireless device depending on its location (#8,254,902). For example, sound and light from the device could be disabled when entering a movie theater, or communications with other devices could be disabled in a science laboratory.

Sorry Apple, I got there first (ad this is just one paper, I began disseminating the work 2003).

Dodd, R., Green, S., and Pearson, E. 2009. User capability in an adaptive world. In Proceedings of the 1st ACM SIGMM international Workshop on Media Studies and Implementations that Help Improving Access To Disabled Users. Beijing, China, October 23 - 23, 2009 pp. 79-88. DOI= http://doi.acm.org/10.1145/1631097.1631110 New York, NY: ACM Press.

Abstract

General computing devices are becoming increasingly ubiquitous, personal, and mobile; and bring expectations of multimedia delivery with them that are traditionally the domain of desktop computing. Given their small form factors with restricted interaction modalities, optimizing interaction between user and device becomes critical to the usability and accessibility of the device. To this end, we present simple but powerful models of user capability, capacity, and preference that allow for a wholly adaptive and optimized user experience, with the models driving selection and configuration of appropriate interaction modalities, and themselves adapting their settings in order to reflect both changes in the environment, and the history of user behaviour . In order to achieve this, user profiles are no longer collections of purely static values, but may also contain functionally dependent properties that are changeable in response to external events. The models themselves do not perform any adaptation, but aim to drive the adaptation process.

Is just your common sense, or do you have any research to cite?

There's actually been a lot of actual scholarly research into pairing; enough for a meta-analysis. http://dl.acm.org/citation.cfm?id=1309094 -- it's not even that new.

The meta-analysis finds that pairing results in much higher quality, slightly shorter timeframes, and a slight increase in overall effort.

What it doesn't take into account is the effect of that higher quality on future maintenance costs. So it's likely that slight increase in effort results in large savings of effort during the later lifecycle of the software.

We had this same discussion last year, after PHK had an article on acm.org arguing for software liability laws: http://yro.slashdot.org/story/11/09/29/2045232/outlining-a-world-where-software-makers-are-liable-for-flaws .
The article is to be found at http://cacm.acm.org/magazines/2011/11/138202-the-software-industry-is-the-problem/fulltext

Garbage Collection, which kills User Experience due to unpredictable freezing of the whole program

Note that this is a product of a crappy garbage collector in the Java runtime, not intrinsic to garbage collection per se--there are plenty of well-known real time GCs that allow you to set a maximum latency on the collector.

See, for instance:
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.39.4550
http://web.media.mit.edu/~lieber/Lieberary/GC/Realtime/Realtime.html
http://portal.acm.org/citation.cfm?id=604155

Judging by the program for the meatspace event next week, it looks like no. Not even the abstract for the "Turing the Man" panel, which is probably the only one it'd really fit in, mentions his persecution by the British government. The description of what precisely the panel will discuss about his life is vague enough that it might be mentioned at the actual event, though.

Oh my! You are a father?

And you don't even bother with a quick search to double check if maybe your initial statements might be false.

Two minutes of web search:

http://www.apa.org/research/action/protect.aspx

http://www.apa.org/news/press/releases/2003/03/media-violence.aspx

http://onlinelibrary.wiley.com/doi/10.1111/j.1540-4560.1986.tb00246.x/abstract

http://mediasmarts.ca/backgrounder/kids-net-seven-and-eight-year-olds

http://www.psychologicalscience.org/media/releases/pr040527.cfm

BTW I am not concerned about simple nudity or a normal sex act, it is very specifically the mixture of aggression and sex that is most concerning. That is why I repeatedly cited "Fisting" and "Ball Torture".

Your comment has certainly ruined my day and is very depressing. I originally chalked this nonsense up to teenage immaturity. If you are in fact a parent and yet so proudly display your ignorance on this topic, then this is disturbing on many levels.

And yes, you are also entirely wrong about learning. You are essentially negating decades of neurological, psychological, AI and educational research. The key here is how category learning works and the path towards more abstract thought processes.

Don't think though that any of this will penetrate you pre-conceived notion.

http://www.encyclopedia.com/doc/1G2-3403200097.html

http://dl.acm.org/citation.cfm?id=1641285

http://web.cs.dal.ca/~sraza/papers/Malay_journal.pdf

Is this not a fancy latency-based algorithm? http://queue.acm.org/detail.cfm?id=2209336

What do you propose that solves the problem better than that algorithm? And what is "right" by your definition?

As for my proposal, it's more of an approach - since it seemed to me that a lot of people were not using the "time/age in router"[1] of a packet to help determine whether to discard it or not. To back that up, just look at all the RED papers, and all the talk about "bufferbloat" ( where bloat=size of buffers). Not using "time/age in router" to help solve the latency problem seems silly.

In my original post I did say:

If you really want to address latency what routers should do is keep track of how long packets have been in the router (in clock ticks, milliseconds or even microseconds) and use that with QoS stuff (and maybe some heuristics) to figure out which packets to send first, or to drop.

The simple/naive example was just for example... I'm well aware that you can't keep all packets. Some approaches are worse than others. If latency is a big issue then an approach that takes into account packet latency in the router is more likely to give better results than approaches that don't.

[1] There's TTL but that's total age of packet.