Slashdot Mirror

If they're snooping, they're not professionals.

If they're members of the ACM, they may have acted in contradiction with the Association's Code of Ethics. If such actions rise to the level of "gross misconduct", their membership could be terminated.

1. http://citeseer.ist.psu.edu/
2. If you have an ACM membership:
http://portal.acm.org/portal.cfm
3. If your university gives you access to engineering village:
http://www.engineeringvillage2.org/controller/servlet/Controller
IEEE transactions on software engineering
4. http://csdl2.computer.org/persagen/DLPublication.jsp?pubtype=t&acronym=ts
5. Google:
http://www.google.com/
Beyond this, its upto you to do your own research.

Easy. Start by reviewing the state-of-the-art in Software Design. A quick search on ACM's Digital Library can yield interesting results.Try looking particularly to the proceedings of the OOPSLA and ESEC/FSE conferences. Furthermore, don't forget to check SIGSOFT's Website for other conferences in the area.

And, last but not least, read seminal papers on the topic, check references/citations. It'll probably take you one entire year to have the feeling about the entire (relevant) state-of-the-art in your PhD topic. Trust me, it took me that long too. But it's worth it.

Easy. Start by reviewing the state-of-the-art in Software Design. A quick search on ACM's Digital Library can yield interesting results.Try looking particularly to the proceedings of the OOPSLA and ESEC/FSE conferences. Furthermore, don't forget to check SIGSOFT's Website for other conferences in the area.

And, last but not least, read seminal papers on the topic, check references/citations. It'll probably take you one entire year to have the feeling about the entire (relevant) state-of-the-art in your PhD topic. Trust me, it took me that long too. But it's worth it.

Easy. Start by reviewing the state-of-the-art in Software Design. A quick search on ACM's Digital Library can yield interesting results.Try looking particularly to the proceedings of the OOPSLA and ESEC/FSE conferences. Furthermore, don't forget to check SIGSOFT's Website for other conferences in the area.

And, last but not least, read seminal papers on the topic, check references/citations. It'll probably take you one entire year to have the feeling about the entire (relevant) state-of-the-art in your PhD topic. Trust me, it took me that long too. But it's worth it.

This is very similar to traffic analysis attacks on SSH (like this one) where packet sizes and inter-arrival times can indicate which keys you are typing.
Effective, practical counter-measures against good traffic analysis techniques are very difficult - especially if the attacked has enough traffic to work with (i.e. many conversations, many sessions, etc.).

The PhD student who was in my room one year ago (Cyril Rousseau) already worked on context adaptation of devices communication modalities.

See:
http://portal.acm.org/citation.cfm?id=1148558
http://www.limsi.fr/Individu/rousseau/most/index

He wrote a phone-like prototype and used his software in an industrial project.

Where is Microsoft innovation ?

Refcounting is not actually garbage collection.

You should read A unified theory of garbage collection by Bacon, Cheng, and Rajan.

The full text is available on the ACM digital library for subscribers.

University and ACM members ought to be able to download it from here.

The real problem with program verification is the C programming language. In C, the compiler has no clue what's going on with arrays, because of the "pointer=array" mistake. You can't even talk about the size of a non-fixed array in the language.

This is the cause of most of the buffer overflows in the world. Every day, millions of computers crash and millions are penetrated by hostile code from this single bad design decision.

That's why I got out of program verification when C replaced Pascal. I used to do this stuff.

Good program verification systems have been written for Modula 3, Java, C#, and Verilog. For C, though, there just isn't enough information in the source to do it right. Commercial tools exist, but they all have holes in them.

Several posters have cited the "halting problem" as an issue. It's not.

First, the halting problem does not apply to deterministic systems with finite memory. In a deterministic system with finite memory, eventually you must repeat a state, or halt. So that disposes of the theoretical objection.

In practice, deciding halting isn't that hard. The general idea is that you have to find some "measure" of each loop which is an integer, gets smaller with each loop iteration, and never goes negative. If you can come up with a measure expression for which all those properties are true, you have proved termination. If you can't, the program is probably broken anyway. Yes, it's possible to write loops for which proof of termination is very hard. Few such programs are useful. I've actually encountered only one in a long career, the termination condition for the GJK algorithm for collision detection of convex polyhedra. That took months of work and consulting with a professor at Oxford.

The real problem with program verification is the C programming language. In C, the compiler has no clue what's going on with arrays, because of the "pointer=array" mistake. You can't even talk about the size of a non-fixed array in the language. This is the cause of most of the buffer overflows in the world. Every day, millions of computers crash and millions are penetrated by hostile code from this single bad design decision.

That's why I got out of program verification when C replaced Pascal. I used to do this stuff.

Good program verification systems have been written for Modula 3, Java, C#, and Verilog. For C, though, there just isn't enough information in the source to do it right. Commercial tools exist, but they all have holes in them.

So long as it has a valid ACM accreditation, it doesn't matter that much on a resume basis. What can matter a LOT are referrals, so if you have a particular company in mind, you may want to go to a school that has a lot of it's alumni working at that company.

This presumes of course you come out of your collegiate experience competent and can make it past the phone screens and interview loops. Theory is wonderful, and honestly, you shouldn't be taking classes to learn particular languages, you generally need to be able to pick those up on your own (and quickly), after you have been introduced to the art and have one or two intro languages under your belt.

O rly?

http://pouet.net/prod.php?which=9461
http://pouet.net/prod.php?which=2228
http://pouet.net/prod.php?which=688 (DOS)
http://pouet.net/prod.php?which=5
http://pouet.net/prod.php?which=3845

Some more info
http://tog.acm.org/resources/RTNews/demos/overview.htm

Too bad the trend died off, but I think we'll see some more demos in the realtime ray tracing area in the next couple of years.

Reports of CS AP's death have been greatly exaggerated.

Only the harder AB is being eliminated. The easy A (no pun intended) will remain.

When I took CS AP 21 years ago, there was only one CS AP test, and it had Pascal.

There were two Calculus tests, AB and BC. This CS change would be analogous to eliminating the harder Calculus BC, but keeping the AB.

It represents a dumbing down.

Aza Raskin thinks that Bookmarks and History are not the best way to access previous sites, and the address bar is.

This project started a couple of years back when Narendra Karmarkar (yes, him ) got a grant from the Tata group to try out his ideas in this 1991 paper. Prior to that he had tried getting funds from Tata Institute of Fundamental Research ( TIFR) while he was still employed with them (he had joined TIFR after leaving the US, though was still with Bell Labs in some way). TIFR was in no position to fund his project as their overall budget for all their activities was less than Karmarkar's requirements. The project started well enough and about 40 people joining CRL. From the grapevine it is heard that Karmarkar never gave any details (that what is contained in the paper referred above) to even people working closely with him. Basically he seemed interested in working all alone to meet his own targets. With not much tangible seen by the Tatas (a business house) and their need to have some clear road-map the relationship grew cold and at a certain stage Karmarkar left the organization. The remaining team put together what is called EKA. So, it is just another parallel machine built with enough money to buy all the components. Nothing innovative there.

Although I can't find the original anymore, this same concept was presented in 1999.

http://portal.acm.org/citation.cfm?id=1268359

"But it won't be for long because the time will come when good creators of books and film will not be hamstrung by those who demand DRM. That is if the recent digital "experiments" by known musicians are of any indication."

Ahem! I suggest you read the section on DRM. The issue isn't black and white.

As I said earlier, you can find impartial experts to review impartial software. There is no such thing, however, as an impartial ballot, since somebody has already used it to vote one way or the other.

"Impartial software?" "Impartial ballot?" That doesn't make sense. The issue is the partiality of people, not of inanimate objects.

If impartial people (or teams of people with balanced biases) can be found to review software, then impartial people (or teams of people) can be found to review ballots.

you have two candidates, and representatives for one side raise objections on a ballot that the other side thinks should count as a vote for them... That's way harder to resolve than the similar dispute over a voting machine.

You need three reviewers for contested ballots. One from Party A, one from Party B, one from a pool of people approved by both parties (unaffiliated voters, or community leaders of unimpeccable honesty).

Regardless, you could have checks from all the interested parties to at least get consensus [on voting machines]

You can also get consensus on methods and rules for counting paper ballots ahead of time.

Multiple recounts typically return an array of unique values.

Only if there's ambiguity in the ballot marking, or errors in counting. The latter can be eliminated by multiple rounds and by improved methodology - if Las Vegas casinos can count all that cash, we can find ways to count unambiguous ballots. The former problem should be very very rare in machine-printed voter receipts, or indeed in any sensible ballot design.

They trust ATMs and Credit Card processing machines...

Which give paper receipts, and whose results I can review and challenge. I've had erroneous or fraudulent charges against ATM cards and credit cards, but I could catch them because the bank sends me statements. I don't get a paper from Baltimore County saying "Here's how we recorded your vote. Call 1-800-SCREWUP if you wish to contest it."

a "back-door that effects all electronic machines by a manufacturer"...is still exactly equivalent to a mechanical voting machine.

Not at all. A mechanical voting machine can't do logic like "if (candidate.party == 'GREEN') then (candidate.votes += 100)". (Not unless your mechanical voting machine was designed by Charles Babbage...)

something like that should be caught in the independent review of the code

Bugs get through reviewed code. Deliberately obfuscated backdoors could too. Then there's the problem of trusting trust. If Ken Thompson says "You can't trust code that you did not totally create yourself...No amount of source-level verification or scrutiny will protect you from using untrusted code," maybe we ought to listen to him, instead of call him a Luddite.

Writing trusted systems is much harder than you seem to understand it to be.

You are taking the traditional luddite position, because you seem to be incapable of understanding how electronic voting could work securely.

My position is pretty much that of the ACM: "voting systems should enable each voter to inspect a physical (e.g., paper) record to verify that his or her vote has been accurately cast, and to serve as an independent check on the result produced and stored by the system." It's also pretty much the position of computer security experts like Avi Rubin and

Interestingly enough, Dave Patterson http://www.eecs.berkeley.edu/Faculty/Homepages/patterson.html, once president of ACM http://membernet.acm.org/public/membernet/storypage_2.cfm?ci=June_2006&announcement=1&CFID=1668767&CFTOKEN=37941036 was once on a project to do that http://iram.cs.berkeley.edu/. Now he's working on ParLab http://parlab.eecs.berkeley.edu/. I don't always agree with him (and vice versa) but he's nobody's fool.

Faith, young grasshopper...

If you want a more technical reason DRAM and CPU's don't go together, spend an informative hour looking up the IC fab process for CMOS logic (CPUs) and DRAM. They're VERY VERY different. DRAM needs capacitory density to get the price-per-bit down so they use their own custom fabs optimized for that. This makes it really hard to fit lots of logic and DRAM on to one chip.

This was already proposed by Bindal et al in ICDCS 2006 and evaluated in simulation by Aggarwal et al in SIGCOMM CCR (July 2007). Besides, there is already software out there for the Azureus BitTorrent client (called Ono) that does similar things without relying on the ISPs and without restricting what you download.

As John mentioned in his post here, these are not new ideas. I remember playing around with raytracing/casting of sparse-octree voxels for fun almost ten years ago, and as a quick
search of the literature shows, I was quite late to the game :) What is cool is that he thinks that the gaming world is ready for them, and that he is going to try and push the hardware folks to make it happen.

One of the most fundamental properties of voxmaps is that the geometry and texture are defined hand-in-hand - they have the same resolution, and every point in the geometry has a unique texture. If you want this, then there are data structures like sparse octrees that store the data quite efficiently.

However, decoupling the geometry and texture opens the door for all sorts of tricks usefull in limited memory situations. It was these tricks that made realtime polygon graphics possible in the past. Things like low resolution polygons with high resolution texture maps, tiled/reused texture maps and layered decals, are all ways to cut down on the amount of data needed while still creating a decent looking scene.

However, as the amount of memory increases, these tricks are less necessary and less desirable. Artists want to be able to paint any part of a scene any way they want - and this is exactly what John has done in id Tech 5, their newest engine. After doing so he did some experimentation and found that storing this data in a sparse octree is even more memory efficient than the way he is doing it now, using pixmaps and polygons. If this approach were to work, artists would then have the same freedom in editing the geometry of the world as they do now with textures - the entire world would have geometry at the resolution of current texture maps with zero additional memory costs. That would be awesome.

For this to work though, you need to be able to render the data efficiently. Raycasting of sparse octrees is one of those embarrassingly parallel problems, and thus hardware acceleration for it is relatively easy. But they don't exist due to lack of market, and unfortunately graphics cards are not well suited for this, IIRC because GPUs mostly accelerate floating point calculations, while descending the sparse-octree uses a lot of integer bit-twiddling (I might be wrong about the reasons here). But with the memory-usage tradeoffs shifting in favor of voxmaps, GPU vendors looking to make their products better suited for general purpose High Performace Computing, and John Carmack pushing for it, this may be an idea whose time has come.

There's more truth in that than you'd think. As a raytracing "fanboy" (wrote several of these), I find comments to stories like this almost unbearable to read.

Everyone seems to think they are an expert on the subject yet there's cluelessness on so many different levels that I can't even dream of correcting all that bullshit. So I'll just shut up.

This article is referring to AMD's Charles R. "Chuck" Moore, who worked on the POWER4 and PowerPC 601, not the language and chip designer Charles H. "Chuck" Moore who invented Forth, ColorForth, et al. and was interviewed on slashdot.

"Unfortunately we're not as clever as those Intel chaps, how will we make it work?"
"Hmmm....."
(long pause)
"What about rendering really small scenes on a big stonking server and then using some sort of 'Network' to make the images appear?"
"That sounds like some kind of magic!"

Fantastic research.

The sequence of phases is: euphoric, productive, irreplaceable, resentful, bored, and unproductive. Overall productivity is characterized by an initial six month period of intense interest, at which time productivity rates are often an order of magnitude higher than the oft-quoted 500 LOC/month average. After a short period of volatility, the programmer then enters a prolonged phase of steadily dwindling interest, resulting in productivity rates that mimic the average.

This may be an answer: Inverted Turing logic and optical illusion: http://portal.acm.org/citation.cfm?id=1080441&dl=GUIDE&coll=GUIDE/
Where it says: As a failing peculiar to human, or animate, visual systems, visual illusions might be also employed to distinguish humans from robots, "computer bots", or any other artificial intelligence empowered with a visual capacity. Any such artificial entity is unlikely to suffer the same visual illusions as our own, unless, of course, it has been specifically engineered to do so. The approach here inverts, and complements, the logic of the Turing test (Turing 50) since it does not require evidence of an intelligent capacity equivalent to that of human beings, but rather evidence of a characteristic human failing - to err is human....

Here is a bunch of links about Computer Ethics from when I was researching about it. The google video link (last one on this list) is particularly interesting. Computer ethics is actually a university research topic! http://www.brook.edu/its/cei/cei_hp.htm http://ethics.csc.ncsu.edu/ http://www.southernct.edu/organizations/rccs/resources/teaching/teaching_mono/moor/moor_definition.html http://plato.stanford.edu/entries/ethics-computer/ http://www.cs.sunysb.edu/ProfessionalEthics.html http://www.cs.berkeley.edu/~bh/hackers.html http://cat.inist.fr/?aModele=afficheN&cpsidt=4279094 http://cyberethics.cbi.msstate.edu/ http://www.oekonux.org/texts/copykillsmusic.html http://www.progilibre.com/Open-Source-Alternative-ou-fausse-route-_a350.html http://www.osalt.com/ http://en.wikipedia.org/wiki/FOSS http://en.wikipedia.org/wiki/Richard_Stallman http://en.wikipedia.org/wiki/Copyleft http://en.wikipedia.org/wiki/GNU_General_Public_License http://creativecommons.org/ http://www.dwheeler.com/oss_fs_why.html http://www.itc.virginia.edu/policy/ethics.html http://www.brook.edu/its/cei/overview/Ten_Commanments_of_Computer_Ethics.htm http://www.acm.org/serving/se/code.htm http://www.ieee.org/portal/site http://video.google.fr/videoplay?docid=-3088012854941915784&q=computer+ethics

Ethics is an interesting concept - first thing that may come a person's mind :

"good and bad"
"wrong or right"
"black and white"

Personally, when one finds themselves in IT related predicaments, I'm guessing it's not that usual to land in a black or white situation, but one of a million shades of gray.

A few more:

"the way one lives"
"actions that land you on the right (good?) side of the fence"
"oath"
"creed"
etc . . .

What is a creed? One definition in an online dictionary defines it as ( http://dictionary.reference.com/browse/creed ) : " . . .any system or codification of belief or of opinion. . ."

eek . . . the entertainment industry (I'm guessing a person can come up with centuries or more worth of examples there) would have us believe in "good" creeds or "bad" creeds - religions, knights, assassins and more.

One might also ask - will your ethics lead you to copy chunks of the comments to the slashdot article above? Ethics in research and writing papers - that's a fought over issue as well. (people often hate to look in this mirror :)

Several professional groups have published "ethics" . . .

American Chemical Society ( http://pubs.acs.org/meetingpreprints/ethics.html )
American Institute of Aeronautics and Astronautics ( http://www.aiaa.org/content.cfm?pageid=198 )
American Institute of Architects ( http://www.aia.org/about_ethics )
American Institute of Chemical Engineers ( http://www.aiche.org/About/Code.aspx )
American Society of Landscape Architects ( http://www.asla.org/about/codepro.htm )
Instutute of Electronics and Electrical Engineers ( http://www.ieee.org/portal/pages/iportals/aboutus/ethics/code.html )

To pick a few. Look kind of like science/fantasy fans might see as guild rules :)

IT is no different.

People who strive for SANS/GIAC certification agree to their ethics as part of completing the certification process. ( http://www.giac.org/overview/ethics.php )

SAGE, LOPSA & USNIX share the same code of ethics - http://lopsa.org/CodeOfEthics

ACM - http://www.acm.org/about/se-code

CISA, CISM, CGEIT - ( http://www.isaca.org/Template.cfm?Section=Code_of_Professional_Ethics&Template=/ContentManagement/ContentDisplay.cfm&ContentID=20454
)

SSCP, CAP & CISSP (certification) ethics - ( https://www.isc2.org/cgi-bin/content.cgi?category=12 )

I'm sure there are plenty more.

I'm guessing there are very few if any CS or IT related courses that don't include some kind of ethics class or section.

Personally - when I was growing up - with a lot of computer enthusiasts in the neighborhood - some slided one way or the other (ethics wise) and some stood fairly firmly on one side or the other (usually the "old guys").

I've been in the professional IT industry for several years - and doing semi-professional IT stuff on and off years before that. Seeing I'm still there - I hope I'm on the an acceptable side of the fence :)

I've been involved in a few ethics dust-ups over the years . . . never got a horrible

http://www.acm.org/about/code-of-ethics

The Association for Computer Machinery (ACM) has a Code of Ethics. Have a look at it. It gives quite a lot of guidance converning professional conduct in IT.

The Association for Computer Machinery (ACM) has a Code of Ethics. Have a look at it. It gives quite a lot of guidance converning professional conduct in IT.

but it did help drive what is now a thriving industry.

Or at a minimum, it helped package it.

"A Quarter Century of UNIX" is a really cool book. I doubt if there will ever be a similar book for Open Source even remotely as interesting to read.

Several of the Software Engineering professors at McMaster University (where Dr. Parnas founded a Software Engineering program) were directly involved in the design, implementation and verification of the shutdown system for the Darlington Nuclear Generating station just outside of Toronto. I believe Dr. Parnas was one of them.

http://portal.acm.org/citation.cfm?id=187123.187126&dl=portal&dl=ACM

At least DDJ isn't somebody's blog, but why not link directly to ACM's press release?

This sounds like it would be great for 3D animators, either as live performance (ala Elmo's World) or as a virtual stop-motion rig. The only thing that would be better is if there was some way for the pose to be communicated not only from the device to the computer but also from the computer to the device. This would let stop-motion artists do key-framing and in-betweens, which are currently difficult in the real world.

In the mid-90's, there was an existing animator's rig that did much the same thing as this, marketed as the Monkey (SIGGRAPH paper). It was apparently reconfigurable to different body configurations, but probably not as easily as the CMU device. Like the CMU device, it, too, had a one-way communication path from the device to the computer. It's currently discontinued, which suggests that CMU had better work hard on bringing down the price. :)

Segmentation and intersecting arcs can be difficult for automated attacks: http://portal.acm.org/citation.cfm?id=1054972.1055070

You know those annoying flash advertisement games (shoot the monkey for a free iPod)? Well, they could potentially be adapted for CAPTCHAs as well: http://cups.cs.cmu.edu/soups/2006/posters/misra-poster_abstract.pdf

Residual failure

Well here's a little question I ask to the person saying this is gonna take off. What happens when I send some modified data to the your server farm to process and it's actually a replicating virus. I say thanks for the DOS headquarters, guys. And don't anyone dare say "oh, well they'll 100% protect it so only their code can run" cuz that's not gonna happen.

Let's say MS Office 2010 lets you process your huge customer excel sheet mail merges and someone at the server place decides hmmm I'm gonna record everyone's data and sell it to spammers!

I can think of like 10 other ideas why this is the stupidest software idea on Earth but I'm sick of typing.

Funding for (computer) science research also got the shaft this year, in the budget for FY 2008, despite a prior commitment to double the budget over the next 10 years.

USACM has a nice perspective: http://usacm.acm.org/usacm/weblog/index.php?p=558 and so does the Computing Research Association: http://www.cra.org/govaffairs/blog/archives/000646.html

Unfortunately, pork $$$ in the near-term wins over long-term benefits for the entire country...

Actually, there is a dialect of C++ called CC++. I remember stumbling across it on the web 10 years ago or so...looks like it hasn't gone too far since then.

That is the best rebuttal to the parent's argument I've seen in a long time. I don't know if you've seen this, but last month's issue of Communications of the ACM was on developing a culture of experimentation in CS. Interesting read.

Yes, Safari is still going.

eBooks are also a benefit of membership to the ACM.

then I would be inclined to agree with Mr. Ranum's points. But the fact is that there are lots of people out there working on Real Security. Let's see, there's OpenBSD's work to integrate cryptography as a system service, there's Neils Provos' work on systrace, there's GCC's ProPolice stack-smashing protection, there's OpenBSD's write XOR execute protection (which, BTW, Windows now has to some small extent), there are phishing mitigation features in Firefox, there are Free implementations of good authentication systems (e.g., MIT Kerberos, Heimdal), lots of programs now ship with sane defaults (ala Postfix and qmail), there are safe-string libraries of all license stripes, and on and on and on! The fact that Microsoft apparently does not use their own safe-string implementation is indicative of the problem here. Microsoft writes crap. If you want systems where security is a real concern, it's easy to find it. That's not to say that those systems are "secure"-- security is always a work in progress-- but to say that "our responses to those problems also remain the same" is disingenuous. Projects like OpenBSD (among many others mentioned above) have attempted to identify entire classes of problems, and solve them on the big-picture level instead of doing the patch-a-week thing.

Here is the original article on the ACM.

Very brief summary of article
Each process has their own instance of the generator, and the refresh of the internal state is done after 128 kbs of output from the generator (roughly 600-1200 SSL connections with IE). Not only that, it is run in the userspace so it is not a security violation to examine the internal state of the generator. The function used is not one-way which provides a means looking at past transactions of a user (within the 128 kbs of data).