Slashdot Mirror

If course voting can change things, for example I'm sure the people of Iraq would have loved to vote a new leader when Saddam Hussein was in power, but couldn't.

That's the point though isn't it? Having the right to vote, is what you get after you have won your freedom. Nobody voted Sadaam out of power.

Women died for the right to vote: is there a significant gender bias in candidate voted for? Usually no; does that mean that women's right to vote is unimportant. Of course not.

Although if people are still shocked by quoting an anarchist-feminist who died over 50 years ago, they haven't woken up.

You might want to have a look at Nick Weaver's Homepage--How to 0wn the Internet in your Spare Time is a pretty good approach to this as well.

Frankly, you're correct in your assumption. However, the author makes a good start in terms of preventing that initial spread. I agree that if you focus too much on 'reaction', dependent on identification of a worm, you're screwed to start out with. But there are several schools of thought related to detecting anomalous traffic and, for example, shutting it off at source, or automatically rate limiting it.

I'll gladly dig out some of our info on this if you're interested, as we're pretty closely involved with exactly this topic right now, but alas, short of time due to having to prepare a presentation on, you guessed it, worm spread in corporate networks :)

Which we do using oil for a net loss in energy. We could not produce the volume of biomass from agriculture that we do without that oil energy.

But I wonder if you have looked at the latest research: hydrogen from algae (press release here). At 10% efficiency, or even 5%, the energy output of even a small pond is substantial. Maybe the really clever could find a way to make this work in plastic bladders on rooftops. It would certainly be cheap, and if a farmer could "grow" his own tractor fuel, nitrogen fertilizer and other needs via aquaculture, it would remove many of the limits to sustainability which plague our current modus operandi.

is here.

Within 24 hours on Windows systems, 72 hours on Macs... but within 4 hours --with NOTHING higher priority-- if patches are announced same-day for both Windows and Mac.

As part of my belt-and-suspenders paranoia, we run two separate parallel-function network backup machines, one OSX based, the other Windows (mumblemumblemumble). I live in terror of the hypothetical multi-platform/multi-mode Warhol worm taking out my systems.

They don't need no stinking arm! (link to video over here. On a serious note... just think what future AIs could come up with, whole new methods of moving chessmen that we've never even begun to thought of.

Ummm... This group's work would be baffled by the introduction of any non-dictionary words, such as random letters, numbers, other characters, symbols, or pictures. As you can see here, they freely admit to basing their attack on a dictionary of the 500 known words that Yahoo! uses. By the time their work ever gets too close, it would be trivial to change the test.

A big problem with CAPTCHAs is that they can be "broken" with some vigilance and know-how, although not 100% of the time. Yahoo!'s has been broken by a UC Berkeley group, they claim a 92% success rate. The UCB algorithm looks at the image then searches through a dictionary to find the most probably matches and spits them out (you can actually see on the site how it chooses and how close it gets when it misses, mistaking 'grip' for 'slip' and so on).

What is really needed for a *good* CAPTCHA is not pure image obscurity, but rather something that combines hard-to-read images with aspect about language that humans know intuitively, while at the same time being very difficult for computers to sort out. Take word associations, for example. You probably learned how words are associated with each other in 1st grade, so for humans it is a very simple task to pick out words that have a common theme. Computers are a different story. Have a CAPTCHA randomly spit out 10 words to the screen and have the user pick the 3 that are associated with one another, say for example HOUSE, LOG, FRONT, CAT, BROWN, DOG, CART, RUNNING, HOUR, MOUSE.

Even if the algorithm was to correctly identify all 10 words, it would still have to figure out what the association is and then correctly identify the words that fit the association. Assuming that it did correctly identify all of the words, at that point random guessing would yeild a success rate of 0.83%, less if it misidentifies even just one of the words. Combine something like this with a slightly smarter word obfuscator and I think it'd be something that would be very hard to beat...unless you're human, of course :)

For those of you from UC Berkeley and/or interested, I will be conducting a Nausicaa manga decal next semester. Also, Nausicaa is playing, among other things, at the PFA Anime showing, part of the IEAS East Asia at Berkeley program on 35mm film, which is likely the highest quality copy you'll ever see!

Thus, a worm that is written as a stealthy time-bomb will be extremely destructive. If I were the bug, I would make a few random copies of myself to prevent extermination (much like the problem T-Cells have with the AIDS virus).

That's not exactly why the immune system has problems with AIDS. Part of it is that the virus actually invades the immune system itself, so the very part of you that's trying to protect you is itself prevented from working properly. ISTR that some viruses already try a similar approach by shutting down virus-check software.

Only a checksum of every single file on the system could completely wipe me out. Once I do that, I would lay dormant for a period of time, using the client to transmit myself to other computers. After my period of dormancy, I would then do something like wipe out the networks, install a phony NIC device driver, try to flash the bios, whatever.

The problem with this approach is that the worm would have to be completely stealthy in order to have maximum effect. If the virus-check companies figured out about it, they'd likely be able to decompile the thing and create a specialized countermeasure. This is one place where the analogy between biological and computer invaders breaks down. The natural immune system has a limited repertoire of possible responses and can only adapt to a novel threat on an evolutionary timescale, while our computers' "immune systems" can actually be intelligently designed to combat a specific threat.

For maximum destructive effect, you'd probably be better off using something like a Warhol Worm- an invader that can spread to most available hosts in 15 minutes. That's enough faster than the possible response of anti-worm software makers that there wouldn't be a reasonable chance of creating a countermeasure in time. The SQL Slammer worm was the closest thing yet to a Warhol Worm, though its unique source of speed probably precludes a seriously damaging payload. Still, a worm that could spread worldwide in a few hours and then did as much as possible to damage its host could wreak some significant havoc without a reasonable chance of stopping it.

Now, check the SETI@home statistics page to get total users at 4,710,399. If each user just donated $35, that would be $164 million. Ok, so their active users average closer to 550,000, but that's still almost $20million/yr spent to help SETI.

I've had my dual processor G5 for more than 10 days. The packing list shows that it shipped on the 9/17/03. Got it 3 days after that (would have been two if it weren't for Isabel). I don't have a 3.2 GHz PC to compare it to, but it's plenty fast. I've been getting 3:12 average CPU time on SETI@home. You can see my stats here

Is it about money, or wasting energy and killing the environment. Seti reports 4,710,399 users * an extra 50 watts each = 235,519,950 EXTRA watts assuming each user is only running one machine... That is 231.52 MW!! for one project!!! FYI a typical nuclear plant produces 1000MW. What do you think the cost to build a nuclear power plant for four dc projects would cost both in the $$ amount and environmental factors? Not to mention the electrical grid is already stressed.

Most modern OS'es use HLT commands to power down inactive parts of the CPU. On such an OS, running a distributed worker like seti, folding, or dnet will make the chip run a little hotter, and probably draw an extra watt or two out of the power supply (depending on the chip and speed). On older OS'es it doesn't make a difference since the chip never really "idles" so to speak.

I'd say go for it. All processors die, but not all processors really live! ;)

Some relevant links:

dnet

folding@home - For this one, if you're on Windows, use the cmdline version. I've found the Windows version to be a little nasty and ALT+TAB you out of games that run full screen.

Seti@home

There's a thousand more, but those are the big ones. Have fun!

Second, if you can afford some slowdown, use -c blowfish. The default is usually 3DES, which is incredibly slow. Blowfish is 11 times faster.

Finally, if you have some control over what applications are installed at each end, look into SafeTP. It encrypts the password, but not the data. Exactly what you asked for.

When I was at Berkeley, a few friends of mine worked off-campus at the Center for Extreme Ultraviolet Astrophysics. This was connected to the campus network via a microwave relay mounted on the roofs of two buildings.

The story I was told by one of the sysadmins was that one day, the thing just stopped working, with no technical explanation. After doing all manner of tracing and debugging, they finally went to go check the campus-side transceiver, and found it turned 180 degrees in the other direction, with a note saying something to the extent of I know what you're doing, this is a CIA mind control device, if you try to keep reading my thoughts and fix this, I will find and kill you.

They fixed it and put a nice laminated piece of paper on it, explaining that, no, it's not part of the Orbital Mind Control Lasers, but rather an innocuous network component used for space research, and please don't mess it up, you could fall off the roof and hurt yourself

It never happened again; I guess they could have just ordered a few aluminum foil deflector beanies for the general public.

Seti@Home already blows away all other supercomputers on the planet

Where did you get this idea? I'd honestly like to know. It's very misinformed.

206 billion isn't enough? I like that graph at the bottom. 10^14 digits by 2010!

(these people actually did the calculation, but don't have much to look at on their site)

There's a page on the BOINC site about this. It looks like the project creator generates a public / private key pair and signs their apps (and updates) with it. When you join a project you're trusting the holder of the private key to run whatever they want on your machine with whatever privileges you give. It'd be a good idea to run this as a very limited user.

All good questions, Harry8.

Does this only send back reports when gnumeric crashes or is it sending back reports on a constant basis?

It sends back a report when the application exits. Crashes include some extra crash information, but successful exits upload a report too. (That way we can look for the differences between good runs and bad.) See the web site for more details on exactly what's in those reports.

There is no continuous reporting while the program runs: it's just one blob sent when the program exits.

How much bandwidth does it use? Can I just leave it on knowing it is trivial usage?

We've worked hard to keep the reports small. The median size for Gnumeric reports received thus far is just over 8KB: about one second across a 56K modem. The single biggest Gnumeric report we've seen is still under 16KB: about two seconds across a 56K modem.

All good questions, Harry8.

Does this only send back reports when gnumeric crashes or is it sending back reports on a constant basis?

It sends back a report when the application exits. Crashes include some extra crash information, but successful exits upload a report too. (That way we can look for the differences between good runs and bad.) See the web site for more details on exactly what's in those reports.

There is no continuous reporting while the program runs: it's just one blob sent when the program exits.

How much bandwidth does it use? Can I just leave it on knowing it is trivial usage?

We've worked hard to keep the reports small. The median size for Gnumeric reports received thus far is just over 8KB: about one second across a 56K modem. The single biggest Gnumeric report we've seen is still under 16KB: about two seconds across a 56K modem.

We would like to support more distros; it's just a matter of prioritizing our limited resources. If there is a specific alternate distro that you want to see, please let us know. I can't make any promises, but we have every motivation to be responsive to the interests of potential users.

We would like to support more distros; it's just a matter of prioritizing our limited resources. If there is a specific alternate distro that you want to see, please let us know. I can't make any promises, but we have every motivation to be responsive to the interests of potential users.

UCR makes us paranoid about cheating. When they catch someone cheating, the person gets an F in the course and the choice of going to a seminar, or getting suspended for a quarter. If the person chooses to fight it, I believe he/she will be suspended for a year if the person can't prove that there wasn't cheating.
To catch cheating, they use MOSS, and an anonymous cheating report form

If you cheat twice, you're likely to get suspended for a year or get expelled.

The policy on academic dishonesty

Imagine if Eolas was "pulling a SCO", they would have been sending out $699 invoices to all IE users; would have been fun to see that play out. Actually, they are hinting to that, the article saying:

Eolas would still permit Microsoft to distribute IE as is, as long as it's being used in conjunction with an application provider or a corporate intranet that has an Eolas plug-in license.

Maybe they can send cease and desist letters to MS' corporate clients now.

On a more serious note, MS was not able to present their prior art case in front of the judge to invalidate the patent. They have appealed and hopefully will get that opportunity. They are also on the right track with Viola browser as prior art. If you read Viola's author's recount:

In April 1992, I made a released of the viola browser. By December 1992, I had embedded objects working in the Viola browser. We at O'Reilly and Associates gave demos to various people here and there. The best documented demo was in May of 1993 -- We gave a demo and code to SUN Microsystems, of the viola browser showing an interactive three dimensional plotting object (mathmatical equation or 3D models) embedded inside a web page. I started releasing this code around fall of 1993 and early 1994. Eolas filed the patent in November 1994.

Now, as you probably know, Michael Doyle (Eolas's CEO and sole formal employee as I understand it), wrote to the net about his technology and eventually intent to patent this. So of course people (including me) wrote back informing him of prior arts. I'm not a lawyer but as I understand it one is supposed to disclose to the PTO any relevant prior art for the PTO examiner to assess. Doyle and I exchange letters, and I told him about this embedded capability in Viola, gave him a paper on viola, which contains pointers leading to more information including even the viola browser source code. Doyle ends up mentioning the browsers Cello and Mosaic, but interestingly not Viola! Now, Viola came before both Cello and Mosaic, and non of those two other browsers had any kind of embedded interactive capability at the core of the discussions.

And he also talks about how he was not allowed to demonstrate his technology (created before Eolas patent was filed) to the jury:

I was not allowed to demonstrate Viola to the jury. It was explained to me that the judge had decided that my demonstration, of the Viola browser from May 1993 showing interactive objects embedded in a web page, would have been too "prejudicial" against Eolas. I was also not allowed to tell the jury that Doyle knew about Viola. This I suppose is understandable but still puzzles me a little and leads to unfortunate effects, as I imagine the Jury ought to know these things.

As you can see, once MS gets a chance to demonstrate these facts, like they should be able to, Eolas can go back to sucking on their thumbs again.

This is a must read, I haven't seen on Slashdot before.

The Viola webbrowser featured plug-ins in 1993. The Eolas patens was filed in November 1994.

Two facts:

1. Eolas knew about Viola, but didn't disclose it in the filed patent.
2. Te jury was not allowed to see Viola demonstrated as prior art.

This stinks. Eolas will probably lose in the next round.

Read it all here:

• Personal Comments on Eolas vs Microsoft, and the Viola Prior Art

From http://www.xcf.berkeley.edu/~wei/viola/aboutEolasM icrosoft.html:

Firstly, I was not allowed to demonstrate Viola to the jury. It was explained to me that the judge had decided that my demonstration, of the Viola browser from May 1993 showing interactive objects embedded in a web page, would have been too "prejudicial" against Eolas. I was also not allowed to tell the jury that Doyle knew about Viola. This I suppose is understandable but still puzzles me a little and leads to unfortunate effects, as I imagine the Jury ought to know these things. Lets not kid ourselves, everything said in court by both sides were certainly aimed at swaying the jury. But facts are facts, especially relevant ones.

Y'all should take a gander at the Viola home page, and the Viola author's take on the Eolas-Microsoft suit.

Y'all should take a gander at the Viola home page, and the Viola author's take on the Eolas-Microsoft suit.

" from my perspective, the patent system seems to be more angled toward granting a patent than not granting a patent"

And this is entirely the problem. Due to the sheer number of patent applications, the patent office doesn't have the resources to fully research every patent claim. The result is that they simply grant the patent and let the lawyers fight out it's validity in the courts. Because of the amount of money involved in patent cases, it usually works out that the patent is thoroughly researched, much more so than the patent office could have done.

Even if the patent office did excellent research, most patents would end up in the courts anyway, simply because of the amount of money involved, on both sides.

500 million is a nice chunk of change for what amounts to an html tag. Even with 40 billion in the bank, that's not just a drop in the bucket for Microsoft. It's more like a 12oz cup.

It's time to start patenting all of the work-arounds of Eolas patent... First up, patent Microsofts own work-around. That will make their heads spin... It's not like the courts look at prior art or anything these days.

I just came accross this wonderful page to get me out of the CAPSLOCK misery under windows. Of course you don't want to swap CAPSLOCK with anything. You just want to get rid of it (that position is the rightful place of CTRL). In other words: CAPSLOCK IS A MISTAKE, really. cheers, mitch

Not exactly p2p as it operates between named entities, but this may be the solution for the problem:
http://www.csua.berkeley.edu/~emin/source_code/dib s/index.html

We need a p2p network for secure, private file storage, not sharing. Anybody know of such a project?

I suggest that you take a look at Oceanstore, which seems to fit your description rather nicely... even the metaphor of an ocean of data.

How about OceanStore? The whole ocean thing even goes along with the "flow" analogy ;)

"OceanStore is a global persistent data store designed to scale to billions of users. It provides a consistent, highly-available, and durable storage utility atop an infrastructure comprised of untrusted servers."

This sounds a little like the OceanStore Project that a friend of mine worked on in grad school.

It looks like Smart Dust

The primary reason Smart Dust wouldn't be a good fit (aside from the relatively high cost of deploying it, compared to using a cheaper, less miniaturized commercial solution) is the power problem. A big challenge for networking researchers involved with this type of sensor net is that each dust "mote" has very limited power reserves, which once consumed are typically not replenishable. (There have been ideas tossed around about recharging by harvesting solar or vibrational energy, but those are just idle speculation at the moment.) This is great for something like a battlefield network, which only needs to be up for the duration of your conflict, but is unsuitable for a persistant network.

None of Netzero or MSN users have been sued by RIAA according to the link provided in the article. (1100 subpoenas) I wonder why?

Anything created with the purpose of being listened to should qualify as "music" - yes I know that this also would include radio broadcasts of news and whatnot that's just ppl talking, but as far as it goes audio is audio.

Whats ironic is that I help process data packets for SETI@Home. Technically all the packets are is radio static, but the intent is to receive the "radio broadcasts" that may be emanating from other galaxies.

From a technical perspective there's not much difference between a SETI data packet and part of a recording off some Earth-based FM radio station. So are the files the SETI Project records considered data, or are they music as well?

It has been theorized that an asteroid impact was responsible for the "K-T extinction", when the dinosaurs vanished en masse. In that light, cutting funding for asteroid tracking programs is more than a little shortsighted.

UC-Berkeley's Chemistry 1A classes also use this same thing. The device is fairly cheap, but has 10-15 response buttons on it.

On an aside, the classes are also webcast via real player, and many of the quizzes and homeworks are done via web based demos. It's a model for future wide-area classrooms, imho.(I took the class and found the model very sucessful)

Check out multivalent. Still in early development, but it is coming along.

This is also a pretty strong indication of just how noteworthy this article is. This kind of stuff has been time and again. Things like OceanStore are far more innovative. But of course that stuff isn't from Google, which is what makes this article noteworthy. ;-)

Tomorrow's slashdot headline: Google proves definitively that 1 + 1 = 2

Obveously he's trying to say the work he did in the EE labs at Berkeley was simple stuff not that he is some sort of brain...

This is the correct interpretation of my comment. The introductory EE43 lab (which many people take, not just those in the EE or CS programs) had you build a tutebot using legos, a breadboard, and stuff like motors and wheels. When it hit a wall, it was to turn back up, turn, and go straight again. Given the wiring diagram and lego blueprints, a monkey could do it.

EE40, which is the I guess "harder" or "for-EE/CS students" version of EE42/43 had you build a similar bot but using a programmable logic chip instead of mechanical logic. Also not very difficult, though it did require more intelligence than arranging wires.

I'm sure some psychiatrist can argue those other posters were simply projecting their own inadequacies onto another. ;P

Obveously he's trying to say the work he did in the EE labs at Berkeley was simple stuff not that he is some sort of brain...

This is the correct interpretation of my comment. The introductory EE43 lab (which many people take, not just those in the EE or CS programs) had you build a tutebot using legos, a breadboard, and stuff like motors and wheels. When it hit a wall, it was to turn back up, turn, and go straight again. Given the wiring diagram and lego blueprints, a monkey could do it.

EE40, which is the I guess "harder" or "for-EE/CS students" version of EE42/43 had you build a similar bot but using a programmable logic chip instead of mechanical logic. Also not very difficult, though it did require more intelligence than arranging wires.

I'm sure some psychiatrist can argue those other posters were simply projecting their own inadequacies onto another. ;P

(Full disclosure: I've been involved with the Win32 Scramdisk project in the past)

Hhhm, this is pretty interesting. I am not aware of any other disk encryption program (Scramdisk, DriveCrypt, LoopAES, PGPDisk, BestCrypt etc) that offers sector remapping. It's useful because it prevents standard disk structures from being exploited in a known plaintext attack (note: with current knowledge, this is only a theoretical weakness with AES anyway).

Apart from that it looks a pretty standard On-The-Fly-Encryption (OTFE) system. It does appear to be slightly more complex than most programs, but this is offset by the peer review from (at least...) two very well respected cryptographers - Dr David Wagner and Lucky Green. I am not aware of any of the other OTFE systems being reviewed by anyone half this competent.

Last paragraph of 6 says "RSA2/512" should read SHA2/512.

I'd personally be worried about the use of a static (zero!) IV. I know the key is random, but.....Oh well, if Dr Wagner has peer reviewed it then this can't be much of an issue.

From the paper: "A truly paranoid setup would leave the computer con- figured to boot the Windows system by default, and locate the GBDE data in such a way that it would be destroyed by the act of doing so."

It's likely this wouldn't work - the first thing a half-competent adversary would do is image all disks in a system before booting....It's forensic 101.

As much as I disagree with the 3-judge panel, they weren't ignoring the law. Their ruling was based on the Constitution, which talks about the right to vote, equal protection, etc.

California is still required, by another ruling, to update their voting machines by Spring 2004. That's a good ruling.

Listen to the arguments of the ACLU--they're laughable. They appeal to the idea that the voters won't have confidence in the results if we use the old voting machines. And since punch card systems are primarily used in minority districts, it will disenfranchise them.

Of course, I had no problem using punch cards as a white male in Santa Clara County (which was one of the most wealthy counties in the state, at least before the dot.bust).

These guys need to read the LRVM paper - a poor attempt by the OS community: PDF (by Satya and Co. at CMU). Of course, as a database researcher I don't think much of Prevlayer .. mainly because the database community went through this in 1990. Great paper to read is Carey and Dewitt's Of Objects and Databases: A decade of turmoil - it won the "Test of Time" award in VLDB 1996.

Parfor text formating
AspellBecause I suck at spelling.

The truly sad part is that the same people who are complaining about unequal bandwidth usage don't seem to care that 1% of people in the US own 34% of the wealth and I've heard varying figures that the top 10% controls 90% of wealth. If they want to our regulate bandwidth, let's regulate their income;)

Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.

I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.

Warhol Worms

Curious Yellow