Slashdot Mirror

The archive has the patch in .exe and .ips versions. If you have a Mac, you'll need an IPS patcher app to apply the patch. I found one at:

http://www.csua.berkeley.edu/~cwright/ips/

and it seems to work fine for me.

Avi

The future of the Internet is in what I call "rational programming" derived from a revival of Bertrand Russell's Relation Arithmetic. Rational programming is a classically applicable branch of relation arithmetic's sub theory of quantum software (as opposed to the hardware-oriented technology of quantum computing). By classically applicable I mean it is applies to conventional computing systems -- not just quantum information systems. Rational programming will subsume what Tim Berners Lee calls the semantic web. The basic problem Tim (and just about everyone back through Bertrand Russell) fails to perceive is that logic is irrational. John McCarthy's signature line says it all about this kind of approach: "He who refuses to do arithmetic is doomed to talk nonsense." More on this a bit later, but first some history, because he who fails to learn from history is doomed to repeat its nonsense:

When I invented the precursor to Postscript (an audacious claim that I can back up -- it started as a replacement for NAPLPS which I proposed while Manager of Interactive Architectures for Viewdata Corp of America back in November of 1981 -- the Xerox PARC guys found my approach of what they called a "tokenized Forth" communication protocol to be an intriguing way to encode text and graphics), I was interested in having a Forth virtual machine migrate into silicon (ala Novix) so it could evolve from mere graphics rendering into a distributed Smalltalk VM environment (ala Squeak) as videotex terminal/personal computer capacities increased. But I was _not_ interested in object-oriented programming as the long-term semantics of distributed programming environments. (I still have some of the hardcopy of the communiques with Xerox PARC and others from this period.)

Rather, relational semantics were what I saw as the ultimate direction for distributed programming. I had a bit of a go at Tony Hoare's "communicating sequential processes" paradigm and its Transputer realization because he was, at least, starting with the hard problem of parallelism rather than making like the drunk looking for his keys under the light post the way everyone else seemed to be doing (and still are, save for Mozart, since threads, etc. are always an afterthought). But, because there were other hard problems like abstraction, transactions and persistence that he ignored, I christened his approach "Occam's Chainsaw Massacre" in my communiques (in honor of his distributed programming language "Occam") and dropped it in favor of relational programming, which has inherent parallelism resulting from both dependency and indeterminacy. (BTW: Dr. Hoare seems to have finally come to his senses about this issue.)

Unfortunately, the only researcher doing hardcore work on relational programming (meaning, getting to the root of relational semantics in a way that Codd had failed to do) at the time was Bruce MacLennan, then, of The Naval Postgraduate School, and he just didn't have the glamour of Alan Kay at places like Xerox PARC to attract the attention of guys like Steve Jobs. Bruce had a bit of a blind-spot, too, when it came to transactions and persistence, which I attempted to remedy by bringing David P. Reed's work on distributed transactions for the ARPAnet to him, but although he wrote a white paper on a predicate calculus (close to a relational) implementation of Reed's thesis (MIT/LCS/TR-205), he didn't really "get it", IMHO. Reed and MacLennan abandoned their work for other pursuits (ironically, Reed was chief scientist at Lotus while Notes was being developed but did not contribute his ideas on distributed synchronization to that development despite the fact that we had a mutual acquaintance from my Plato days by the name of Ray Ozzie -- so, I share some of the blame for this failure) even as Steve Jobs botched the embryonic object oriented world by abandoning Smalltalk and giving us, instead, a lineage consisting of Object Pascal on the Lisa/Mac which begat Objective C on Jobs's NeXT which begat Java at Sun via Naughton and Gosling's experience with NeXT.

This brings us to the present -- a world in which Javascript-based technologies like Tibet promise to not only salvage the object oriented aspect of the Internet from the birth defects of Jobs's spawn, but actually provide an advance over Smalltalk in the same lineage as CLOS and Self. But it is also a world in which there is growing confusion over the proper role of "metadata" in the form of XML -- particularly when it comes to speech acts and distributed inference. I would call Tibet "the next major Internet advance" except for the fact that the basic idea for a Tibet-like system has been around and well understood since the early 1980's. When it is finally released, Tibet (or a system like it) will put the Internet back on track. I call that a "recovery", not an "advance".

We are now poised to move forward with type inference based on full blown inference engines, thereby dispensing with the nonterminating arguments over statically vs dynamically typed languages that allowed Steve Jobs's spawn to get its nose in the tent. If you want to declare a "type" in a declarative language, just make another declaration and let the inference engine figure out what it can do with that information prior to run time. See how easy that was? Well, there is more to it than that, but not that much: Assertions have implications and assertions made prior to run time have implications prior to run time. Live with it and don't repeat the mistakes of the past.

The confusion over semantic webs, and the reason Berners Lee et al will fail, is essentially the same as the confusion that has beleaguered all inferential systems such as logic programming and "artificial intelligence" over the years: logic is irrational and the real world demands rationality -- otherwise nothing makes sense. By "rationality" I mean that reasoning must literally incorporate "ratios" -- or, as John McCarthy would put it, doing arithmetic so things make sense. By making sense, I mean there is a sense in which one interprets the sea of assertions that clearly dominates for a particular purpose. With logic not only are you limited to 0 and 1 as effective quantities; you have no adequate theoretic basis from which to derive more accurate quantities with which to make sense by taking ratios and determining which inferences are dominant.

Fuzzy logic and expert systems incorporating probabilities have typically failed because they are not based in the first principles of probability and statistics. As Gauss, the premiere probability theorist put it, "Mathematics is the study of relations." He didn't say, "Mathematics is the study of multisets." There are good reasons that relational databases, and not set manipulation languages, have come to dominate business applications -- and Gauss was aware of these differences when he began to derive his laws of probability. Subsequent axiomatizations of mathematics based on set theory were similarly misguided and have led to the idea that "fuzzy sets" are the way to introduce rationality into programming. Rather than sets, relations are the foundation, not just of mathematics but of rationality in the same sense that Gauss realized when he derived his theory of probability from the study of relations.

Rationality allows for judgment which is recognized as inherently fallible -- but which allows one to procede without exponentiating all possible paths of inference. Judgment also allows various identities to limit sharing of information to that needed -- thereby creating speech acts and a basis for rational measures of credibility associated with those identities. Since credit-rating is a degeneration of credibility, it should come as no shock that the invention of negative numbers, originating as they did with the Arabic invention of double entry account keeping, has its analog in something that might be called "logical debt" with which negative probabilities are associated.

And now we have come to the "quantum" aspect of rational programming. It is precisely the "credibility debt" aspect of rational programming that corresponds, in mathematical detail, to the various equations of quantum mechanics and their negative probability amplitudes. (Von Neumann's quantum logic failed to properly incorporate logical debt which has led to much confusion.) Logical debt is important to distributed programming for the same reason debt is important to financial networks. Logical debt is a way of handling poor synchronization of information flow in the same way that financial debt is a way of handling poor synchronization of cash flow. As in any rational system, there are both limits to credit and limits to credibilty that influence one's judgments and actions, including speech acts.

The object oriented folks may, in a sense, have the last laugh here because when we divide up inference into identities that engage in speech acts, we are reintroducing the notion of objects that hide information via exchange of speech act messages that can be thought of as "setters" (assertions) and "getters" (queries). However, I believe it is only fair to recognize that the excellent intuitions of Johan Dahl and Kristen Nygaard did need the added insights and rigor of philosophers like J. L. Austin and T. Etter.

There is research going on at UC Berkeley for UI development for the blind.
Check out the IC2D project.

Yeah, that would be:

#include <sdtio.h>
void main(} {
printf("Hello, wrold\n)
return 0;
)

then?
Seriously though, as I understand it, software errors have been the cause of a number of aeroplane crashes and near-crashes. Wasn't the Paris airbus crash software related? In fact I just did a quick Yahoo search and came up with Airbus 320 crash at the Paris Airshow, 1988.

The most preposterous thing about high-priced journals is that the "value-added" part of a journal is the peer review, which is done almost always for free. When an article is submitted it is sent out for review to someone whose research is close enough to understand the work. Getting an article to review is a chore; it can take many months to thoroughly review an article, many are poorly written and have annoying minor mistakes, and there is no recognition or pay associated to it. When it turns out that the journals are priced outrageously, that is the final straw for many. In general, reviewing articles is considered a nescessary public service, and since the editors of the highest-priced journals tend to be the super-big shots, it is not easy to refuse to review something. Hopefully, things will improve! The xxx archive is great for preprints but the reviewing process is an important part of disseminating research so it will take more than that for things to get much better.

The most preposterous thing about high-priced journals is that the "value-added" part of a journal is the peer review, which is done almost always for free. When an article is submitted it is sent out for review to someone whose research is close enough to understand the work. Getting an article to review is a chore; it can take many months to thoroughly review an article, many are poorly written and have annoying minor mistakes, and there is no recognition or pay associated to it. When it turns out that the journals are priced outrageously, that is the final straw for many. In general, reviewing articles is considered a nescessary public service, and since the editors of the highest-priced journals tend to be the super-big shots, it is not easy to refuse to review something. Hopefully, things will improve! The xxx archive is great for preprints but the reviewing process is an important part of disseminating research so it will take more than that for things to get much better.

The most preposterous thing about high-priced journals is that the "value-added" part of a journal is the peer review, which is done almost always for free. When an article is submitted it is sent out for review to someone whose research is close enough to understand the work. Getting an article to review is a chore; it can take many months to thoroughly review an article, many are poorly written and have annoying minor mistakes, and there is no recognition or pay associated to it. When it turns out that the journals are priced outrageously, that is the final straw for many. In general, reviewing articles is considered a nescessary public service, and since the editors of the highest-priced journals tend to be the super-big shots, it is not easy to refuse to review something. Hopefully, things will improve! The xxx archive is great for preprints but the reviewing process is an important part of disseminating research so it will take more than that for things to get much better.

Other A320 problems have generally involved having flight deck systems in the wrong mode. This is a recurring problem with complex aircraft.

The Osprey problem, though, may be an out and out bug. That's different.

Dave Wagner at Berkeley published info about weaknesses in 802.11 several months earlier.

An analysis of the WEP algorithm can be found here. The document points out a lot of the flaws in the algorithm and what attacks it is vulnurable to.

I think Cliff Stoll (hey whaddya know - I just found his homepage heheh [http://www.ocf.berkeley.edu/~stoll/]) was the first proponent I'd heard of of the idea that most of what we're dealing with these days (specifically on computers and the Internet) is not actually "information", but merely "data" - useless, random bits of garbage that don't serve a purpose until they're organized into useful information =)

If this is such a silly question, why does SETI@Home boast about 2.9 million users?

Here's an su command for NT.
http://bmrc.berkeley.edu/people/chaffee/winntutil. html
---

Just like the airport. O'Hare used to be the 'busiest' until Atlanta's Hartsfield surpassed it in number of flights. That doesn't stop Chicago from still claiming it is the busiest, as long as you measure number of people who pass though each year instead of number of flights in and out. (although I thought Alanta passed Chicago for that too now).

---

It is nice to see it in Scientific American, but I think EUVL has been brought up in discussions of other NGLs here on /. The article does take a good broad perspective on the issues as they stand.

Intel has a paper on their website (if you can find it) that describes the process pretty straightforward as well (it might help the read to have a little bit of background).

Here is that and some other URLs:

http://www.llnl.gov/str/Sweeney.html

http://developer.intel.com/technology/itj/q31998/a rticles/art_4.htm

http://lithonet.eecs.berkeley.edu/network/backgrou nd.html

http://lasers.llnl.gov/IST/euvl.html

http://www.lbl.gov/Science-Articles/Research-Revie w/Highlights/1998/ALS_chips.html

http://chomsky.stanford.edu/~kevbert/neha_poster/s ld001.htm

http://www.cr.org/publications/MSM2000/html/W3202. html

http://www.google.com/search?client=googlet&q=EUV% 20lithography

-nicole

Just have a look at this image from the construction of the Superkamiokande Neutrino Detector. The photomultiplier tubes ("mushrooms") used there are very much similar to those used for the AMANDA detector. You can see two of the AMANDA sensors here, together with the glass pressure globes they're put in before deployment.

I know this - have been working for the AMANDA group once, when we were calibrating the first PMT's for AMANDA back in 1995. It's done at Desy Zeuthen near Berlin. And we were using Linux boxes in the lab for data aquisition purposes ;-)

The nifty thing about AMANDA aren't the PMT tubes but the pressure globes they are put in (1500m of solid ice do exert some force ...). I've got one of the predecessors (used for the BAIKAL experiment) at home, it's cool telling people at a party that the salad bowl has once been at 1500m depth in Lake Baikal.

By the way, did someone notice that the AMANDA logo is a Penguin ?

Just have a look at this image from the construction of the Superkamiokande Neutrino Detector. The photomultiplier tubes ("mushrooms") used there are very much similar to those used for the AMANDA detector. You can see two of the AMANDA sensors here, together with the glass pressure globes they're put in before deployment.

I know this - have been working for the AMANDA group once, when we were calibrating the first PMT's for AMANDA back in 1995. It's done at Desy Zeuthen near Berlin. And we were using Linux boxes in the lab for data aquisition purposes ;-)

The nifty thing about AMANDA aren't the PMT tubes but the pressure globes they are put in (1500m of solid ice do exert some force ...). I've got one of the predecessors (used for the BAIKAL experiment) at home, it's cool telling people at a party that the salad bowl has once been at 1500m depth in Lake Baikal.

By the way, did someone notice that the AMANDA logo is a Penguin ?

For those who may be interested in some additional technical details, please check out the AMANDA home page at: http://amanda.berkeley.edu/amanda/amanda.html.

It provides info on the history of the project (AMANDA-A, -B, and -II) as well as lots of links to many other resources and references.

Here is a good intro to the pliocene, with photographs(!)

It was 5.4 - 2.4 million years ago, and is the cooling period before the ice ages.

http://www.ucmp.berkeley.edu/tertiary/pli.html

It is an enjoyable read, a light quick read in the genre which might be described as "group biography". Similiar to Hackers.

I would describe it as a light-weight version of a book that picks up where The Codebreakers by David Kahn left off. Following the events myself since the early 90's I found I learnt a pleasant amount about the people, making the topic more humane as opposited to a technical or flamewar discussion.

I'm much more interested in enhanced cache ideas like IRAM that seek to enhance performance by putting a very large L2$ on chip by combining the discrete logic circuits of the CPU and static L1$ with the capacitor cell circuits of DRAM.

Crispin
----
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution

there are cypherpunks meetings in/near DC...I seem to recall hearing of them as recently as january 2001 -- try subscribing to the cypherpunks list (use a remailer other than toad.com, though. trust me) and lurking for a bit.

http://www.csua.berkeley.edu/cypherpunks/Home.html

Although I wouldn't wish a legal battle on anyone, it's troubling to think that good software might not see the light of day, (or be included in the source tree) just because it might violate bad legislation.

Maybe I'm just a little too libertarian, or maybe I just agree with Thoreau that there is a duty of civil disobedience, but it seems to me that the coding and dissemnination of proof-of-concept 'circumvention devices' needs to occur until the DMCA is abolished.

I think this goes along the need for source code to be considered protected speech. Maybe by including comments in the code that state that you are writing it just to protest the DMCA... who knows, maybe our editors will soon have automatic DMCA-protest C and C++/Java comment blocks just like the GPL comment blocks available in many (open-source) editors now.

The important thing is for at least some software to be seen as being political-- that's in many ways the gauge, as 'poltitical speech' is often seen as having the most vital need of protection.

We'll never win fights by tucking our tails and running.

1. It could open their eyes to the sensationalism that is the media (as if the supposed "storm of the century" didn't already do so for most north-easterers >:)). Or
2. It's just get a reaction of "awesome!" and the next day the viewers will be telling their friends to go see it because of the gory scenes.

I agree that the second is worse than the first, but I don't think the first is that great either. Most of the time, we subject ourselves to violent and disgusting images in the media for entertainment value, but it doesn't change our opinions or push us to action. It just makes us less sensitive to violence, and it takes more extreme images to get a reaction, which the media is happy to give us.

One of the best examples of conscience raising was Upton Lewis's The Jungle, a book about the meatpacking industry in the US, was very graphic, and led to government regulation of the industry. People were exposed to the nastiness of the real world, and were spurred to action.

By comparision, Hollywood movies may never do this. I've heard a lot of praise for "Traffic". I don't see any new bills for ending the drug war. It seems that the only ones who found it truly convincing were those opposed to the drug war, and those for it may have had their "eyes openned", but that won't translate to action.

Did the multi-billion dollar "How the Grinch Stole Christmas" convince you that the true meaning of Christmas was not money and material possessions? Jim Carrey and Ron Howard probably didn't get paid in millions of heart-warmings. IMHO. the book was much more effective.

Same thing with this one. What public action do the producers desire? Government regulation of violence in prime time? Probably not. Government regulation of violence in movies? Probably not. Mass Boycotts of trash TV? Probably not. All those things would hurt them financially. Any possible action by the people would hurt them financially, and would be completely unintended.

What they want is for people who criticize Jerry Springer and TV Violence to feel good about themselves, while they enjoy the same trash.

To think otherwise is to say that you should surf over to the Stile Project to gain an appreciation for all varients of sexual practices.

This is a very smart idea, although it is not dissimilar to PRT (personal rapid transit), a sort of fringe and relatively unimplemented technology. As a public sector planner, I see three things to think about with this sort of 'personalized rail' approach:

(1) Capacity - These personal rail car concepts tend to fail when it comes to extremely dense corridors. As you can imagine, heavy rail can push many more people through a single rail corridor than this sort of technology. Right now you can push about 2K cars/lane/hour, compared to densities of nearly 10K for heavy rail systems. With this technology, you could decrease headways and maybe squeeze another few K through, but:

(2) Cost - these rail systems still cost on the order of $5M US/km to build, while each highway lane only costs about $200K to build. So, you are still getting less for your tax money with this stuff. Not that I am totally against this, though. Essen (Germany) has a clever system that does this, except the cars are busses that turn into light rail. I can see these applied intelligently for mid-range suburban corridors where other forms of transit are not applicable, but this brings us to the final issue:

(3) Consumer Adoption - when you are trying to get customers to change modes and you are asking them to make large capital outlays to do so, you are asking for trouble. This is the main issue with automated highways (like those prototyped at Berkeley). You can build the public infrastructure, but without private investment on a large scale, it does not fly.

For these reasons, I think that this might be a great transit technology, but will have a hard climb to become an accepted mode in urban areas. I guess that we will have to wait for the super-magical-mysterious panacea that is IT!

The specific failings of WEP are documented here. If your boss is concerned about WEP security, he/she should read this document, and make an assessment as to whether adding WEP to your network significantly increases the security risk.

Assuming you use 128-bit WEP, you have a reasonable chance of blocking attackers. While you could be compromised, it's important to compare the risk vs. the risk of your wired LAN being compromised. For example, do you allow visitors to plug in their computers into your LAN? If so, 802.11b is not going to increase your security risk.

Even if 802.11b would increase the security risk, you need to asses if it's a good trade-off in return for your benefits. Finally, if you can't accept the risk, then just run IPSec (or the poor-man's IPSec: SSH ;-) for communications over 802.11b. Indeed, you could have an IPSec gateway on whatever is plugged in to your 802.11b access point. Sure, it's a bit more work to setup, but the benefits would be substancial.

If I read about these new features I am remembered on the time I found out about Linux and the different group permissions. I was astonished and tried to set up the highly securest system possible.

Then came the time I started to more use application (then setting up my OS) and the problem that I had to decide to use the unclean written application in a unsecure manner (as root) or not to have the desired feature.

What I need is a system like Janus with a management frontend, which does not require me to spent 4 hours of trying, which are the least privileges possible. Or maybe a standard all programmers keep, so that I know what rights my application needs before downloading it.


---- "What would you try, if you knew you would not fail ?" Unknown

Neutrino experiments have indeed measured a lot of good stuff, say from the sun, reactors and accelerators, and cosmic rays.

However, since neutrinos are so hard to measure, these measurements are not nearly as precise as you would like. Compared to the accelerator measurements, they are orders of magnitude less precise! The better nu measurements we make, the better information on how leptons behave the theorists can use in building their models of how everything is put together.

Also, the only neutrinos from stars that have been measured are from the Sun and a few from Supernova 1987A. We would dearly love to see neutrinos from other astrophysical sources, but being far away really kills the signal when the Sun (which is right next door) only gives you a dozen or so nu interactions per day. We need to wait for another nearby supernova (check out our Supernova Early Warning System SNEWS!) or build a Really Big neutrino telescope like AMANDA.

Finally, here's a great place to find a lot of neutrino links: The Ultimate Neutrino Page.

Well after living in St. Genis for a summer, I came back to Madison, WI, where the neutrino beam from the MINOS experiment is passing right below us! The beam goes from Fermilab (Batavia, IL) to somewhere in minnesota, and goes right under us in Madison! If anyone has the opportunity to take a tour of the NuTeV experiment at Fermilab, you can walk right through the neutrino beamline, which is kinda fun.

I haven't seen anyone mention the Amanda Experiment, which is just plain cool because it's in Antarctica. They're putting their detector in the antarctic ice, again at a depth of about 2km (they use hot water drills).

--Bob

The experement you link to is a smaller scale version of the one in the main article.

Uh, no, it's not. SNO is a sphere with a 6 meter radius, and SuperKamiokande is a cylinder with a 20 meter radius and 40 meter height. SNO is the small one.

The experiments aren't really comparable, though. The detectors use different targets. SuperK uses ordinary water, and SNO uses heavy water. They're designed to measure different energy ranges. In short, they see different neutrinos.

several facillities have measure the neutrino mass (actually, the mass difference between two types of neutrinos),

Actually, the difference in the squares of the the masses of two types of neutrinos.

no two experements agree

This is not true either. First of all, there are at least three types of neutrinos. If you take three types of neutrinos, and pair them, you can arrange them in three different pairs so you can measure three different mass differences which are all different but that's not a disagreement, you've just measured different things. Second of all, not all experiments disagree!

Also, the experemental methods have had several shortcommings, such as the inability of the detectors to see tau neutrinos, and low efficiency.

Low efficiency is not a shortcomming. There's no shortage of neutrinos flying around, so the fact that you miss most of them is a blessing, not a curse.

And some detectors can see tau neutrinos, such as AMANDA.

This experement, if successful should detect a large percentage of the solar neutrinos, and more importantly, all three types.

All solar neutrinos are electron type, so your statement makes little sense. SNO has no ability to distinguish neutrino flavor. It was designed and optimized to measure electron type solar neutrinos, and that's pretty much all it does.

There is not much that could stand up to the standards of proof demanded by hard Science

No offense, but this is silly. Thomas Szasz published "The Myth of Mental Illness" in 1974, and the whole "therapy doesn't work" school of thought has been discredited for years. Ironically (given the comment above), it was based largely on Eysenck's biased and selective reading of the literature, and when statisticians developed meta-analyisis as a "harder" scientific approach to synthesizing multiple studies, psychotherapy was clearly to be quite effective. (I've got a couple refs on my course website if you're curious; check out the psychotherapy overheads).

And psychotherapy isn't the only place where social scientists have made real contributions. Consider the role of Kenneth and Mamie Clark's research in overturning "separate but equal" in Brown vs. Board of Education, and more recent research on the psychology of race relations.

Frankly, the fact that people might think of Szasz and Eysenck as the state of the art in mental health research is the best evidence that we need social scientists advising courts.

The faculty advisor has written several papers on his previous experiences doing similar projects at high schools.

The faculty advisor has written several papers on his previous experiences doing similar projects at high schools.

IBM had a distributed database project going on back in the System-R days, and they never really got it working. I worked on the Mariposa project at U.C. Berkeley which attempted to solve some of this problem, and it didn't really get that far beyond a data warehousing context. The problem of ensuring that replication along with ownership and transactional semantics were preserved just became too difficult to solve in a purely generic way.

If you're just interested in high availability query processing, the Mariposa work is probably pretty relevant (a company called Cohera tried to commercialize it). If you're interested in distributed transactions, you've walked into the realm of Tuxedo (by BEA systems, caveat, a former employer). While specific instances of the problem CAN be solved, one general purpose system is going to have significant problems, so it's best to categorize what you're interested in solving.

I highly recommend that you dive into the big Stonebraker/Hellerstein book on database system implementation research papers and start reading up. It's a VERY difficult problem. Hellerstein is part of a new project which is also trying to solve some of the problems in a different way.

IBM had a distributed database project going on back in the System-R days, and they never really got it working. I worked on the Mariposa project at U.C. Berkeley which attempted to solve some of this problem, and it didn't really get that far beyond a data warehousing context. The problem of ensuring that replication along with ownership and transactional semantics were preserved just became too difficult to solve in a purely generic way.

If you're just interested in high availability query processing, the Mariposa work is probably pretty relevant (a company called Cohera tried to commercialize it). If you're interested in distributed transactions, you've walked into the realm of Tuxedo (by BEA systems, caveat, a former employer). While specific instances of the problem CAN be solved, one general purpose system is going to have significant problems, so it's best to categorize what you're interested in solving.

I highly recommend that you dive into the big Stonebraker/Hellerstein book on database system implementation research papers and start reading up. It's a VERY difficult problem. Hellerstein is part of a new project which is also trying to solve some of the problems in a different way.

The Berkeley group presented a mathematical explanation of how WEP could be attacked, but as far as I could tell they never actually went out and did it against a real live network.

Their description said it would require sitting there and recording all packets sent for an entire day or so. Then you still have to play cryptographic games and make guesses about what plaintext corresponds to what data. Are there downloadable kits to do this?

meanwhile, I ran across this site: http://www.r1edu.org run out of MIT that organizes what I am looking for.

The best options seem to be this certificate program from the University of Washington (note, the course descriptions actually suggest Linux rather than DOS or windows for your C programs; how far is this place from Redmond?). Or one of these courses from one of my alma maters, Cal Berkeley.

Anyone know anything of these programs. Good schools at least.

Many of the issues are obvious, like

No extra cost for beautiful color charts and images

Quicker distribution, particularly internationally.

Generally wider distrubution

Easier to search from one's desk, instead of tromping around from library to library or ordering obscure journals.

Some electronic-only journals are free or much less expensive than print ones.

Rob Kirby, a prominent mathematician, has an excellent summary of the ridiculousness journal pricing (profit margins on the order of 40%) and it is great to see experts working to try and straighten things out.

Many of the issues are obvious, like

No extra cost for beautiful color charts and images

Quicker distribution, particularly internationally.

Generally wider distrubution

Easier to search from one's desk, instead of tromping around from library to library or ordering obscure journals.

Some electronic-only journals are free or much less expensive than print ones.

Rob Kirby, a prominent mathematician, has an excellent summary of the ridiculousness journal pricing (profit margins on the order of 40%) and it is great to see experts working to try and straighten things out.

Actually the concept of combining Unix-style pipes and a GUI is not new:

• Visual programming languages, of which there are hundreds, are based on the same idea.
  
  
• Dataflow architectures are also based on the same idea and have been around for many years.
  
  
• A good example is the visual programming environment Khoros Cantata designed in the 1990s for image processing research. Programs are represented by a directed graph whose nodes are data sources, parameterised procedures, or outputs, and whose arcs are data flow paths (aka pipes).

  Here is an example Khoros program with "pipes" and GUI.

There's a certain amount of error inherent in GPS location, even now that the government isn't deliberately introducing it. But aside from that, what's to stop highway departments from sending GPS-equipped cars down the major roads to produce more accurate maps? Or maybe I'm not completely understanding the problem.

Even during times when SA is turned on, you can get an accurate GPS reading by making your own custom GPS devices, and forcing them both to use the same satellites. This is probably as simple as a software tweak. One of them is at a fixed location on the ground at which you know the precise map coordinates. Then you just tweak your results.

There are bigger problems, though. First of all, with civilian GPS, even if you stand still for fifteen minutes, you're not getting an accurate reading, and not because of SA; They just don't use the same techniques as the military stuff. When the military comes up with something better, we'll get a higher level of precision as a hand-me-down.

In any case, the plow uses triangulation for a fixed radar source, which they know the location of. Then they can solve the issue with the lack of accuracy on the GPS. Even this doesn't solve the problem one poster brought up about the GIS road maps being inaccurate, but I don't think that's such an issue. You can solve that problem by snapping to the road. In other words, you have an inertial tracker (three sensitive gyros would work here) and you keep track of where you're going. You use the GPS as a sanity check, and in conjunction with the radar tracking added on, you can find out where you are within a couple feet. Then you simply keep track of what road you're on, what turns you're probably making, and you snap to the nearest road which you're probably on. The odds of the system thinking you're on some other road are fairly slim (though not insignificant) which is why you need to keep a human driver in the cab.

I personally think that they should be using short-wave radar to find the borders of the tarmac, though, and adding that to the data they collect. With a seriously short wave radar, you could even home in on the Botts' Dots (I'd have linked to Caltrans (California DOT), but their site is "Destination Net Unreachable" at the moment) and make a more educated guess as to where the lines on the road are supposed to be. Of course, those are most common in California, and (as the document notes) are not usually used in places where you remove snow from the road. Still, it's an idea.

--
ALL YOUR KARMA ARE BELONG TO US

SETI@home works in client-server fashion: your desktop computer asks the main server for a chunk of data, then chews on the data and talks to the server again. This is massively parallel computation, but it isn't peer-to-peer, it's client/server.

When you put data on this fiber ring, within a very short time all the computers on the ring have seen the data. So if you want a bunch of computers to cooperate on a job, this would be a great way for them to update each other on what they are doing. If you did it right, you would have massively parallel distributed processing: all the computers in Canada tied into a single InterComputer. And just as Napster can spread popular songs around where a single FTP server would be hammered, an InterComputer potentially could handle truly large computations that any single computer (or even Beowulf cluster) couldn't.

Multicast data packets aren't new; that's why they said it takes only a few changes to try out their ideas. Multicast packets are currently designed to die fairly quickly so they can't clog a network up too much; these guys want the packets to go all the way around the ring.

P.S. That joke about the backhoe chopping the fiber was only a little bit funny, and then only the first time. When a backhoe hits a cable today, half of Canada does not lose Internet service! It isn't a trivial ring; it has some redundancy redundancy.

steveha

"rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License."

"Xdelta is released under a BSD-style license" and features a "delta-compression algorithm, including diff- and patch-like utilities. Xdelta uses a fast, linear-time, and linear-space algorithm that works well on both binary and text files." Newer versions support "XDFS", the "Xdelta File System", "making it a reliable solution for delta-compressed file storage".

module FA(s,cout,a,b,cin);
output s,cout;
input a,b,cin;
NAND2 n1(na1,a,b), n2(na2,xr1, cin), n3(cout,na1,na2);
XOR2 x1(xr1,a,b), x2(s,cin,xr1);
endmodule

This is so far from actual hardware. You would never even use nand and xor gates for adders, you'd design it at transistor level. A mirror adder, for example, uses something like 28 CMOS transistors.

But that is still so far from actual hardware, you have to do layout. Sizing, routing, it's a lot of work. And verilog code has next to no correlation with it. (Quick google search turns up this guys assignment, which is a good example.)

God does not play dice with the universe. Albert Einstein

Just found this link: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.htm l

For purposes of sensing/surveillance, I see a more interesting (and ominous) technology: Smart Dust. The eventual goal is to miniaturize things so much that the 'robot' (if one can call something that has no ability to move itself a robot) is the size of dust motes. You'd release a cloud of this stuff into the air, with the expectation that some of it will end up somewhere interesting to you. They'd network with each other optically, so large amounts of power wouldn't be needed for comms. Shades of a Neal Stephenson novel.

we have been able to successfully intercept WEP-encrypted transmissions by changing the configuration of the drivers. We were able to confuse the firmware enough that the ciphertext (encrypted form) of unrecognized packets was returned to us

."During the design process, the crypto community wasn't invited to participate," says Goldberg, now chief scientist at Zero Knowledge Systems Inc., a privacy-software firm in Montreal.

I took another look at the link to the paper provided in cid #13 (thanks!) and here are some observations.

The first attack follows directly from the above observation. A passive eavesdropper can intercept all wireless traffic, until an IV collision occurs.

"IV" is "initialization vector" and is the same as what is elsewhere called a "salt". The IV is 24 bits; in a previous paragraph the authors had calculated that for a access point an IV is likely to get reused after about five hours. From this we're apparently supposed to conclude that it's a trivial matter to store every packet until an IV collision occurs, and then use the contents of both packets to recover plaintext. They even seem to be aware that two packets often won't be enough, but fail to mention that you need to save and search another five hours' worth of peak-bandwidth traffic to get anywhere in that case.

To be fair, they do point out a pretty serious flaw in a particular implementation of 802.11b, specifically Lucent's, which sets the IV to zero when the card is initialized and merely increments it for each packet. That does indeed make life way too easy for crackers.

we have been able to successfully intercept WEP-encrypted transmissions by changing the configuration of the drivers. We were able to confuse the firmware enough that the ciphertext (encrypted form) of unrecognized packets was returned to us

I would say that this is likely to be well beyond the capabilities of most script kiddies, and is probably pretty easy for 802.11b equipment vendors to address.

Many 802.11 products come with programmable firmware, which can be reverse-engineered and modified to provide the ability to inject traffic to attackers. Granted, such reverse-engineering is a significant time investment (we have not done this ourselves)

Damn right they haven't. Writing drivers is enough of a pain when the hardware engineer is sitting right next to you. It's harder when you have no access to hardware docs, and harder still when the hardware vendor might actively be attempting to thwart your efforts.

The real problem is not in the paper itself, though, but in the way it was reported. Consider this conclusion, from the paper:

The protocol's problems is a result of misunderstanding of some cryptographic primitives and therefore combining them in insecure ways. These attacks point to the improtance of inviting public review from people with expertise in cryptographic protocol design; had this been done, the problems stated here would have surely been avoided.

Yeah, like there have never been any problems discovered in crypto products from the self-appointed experts. Uh huh. But I'll let that slide. Now, for contrast, here's an excerpt from the ZDnet article:

."During the design process, the crypto community wasn't invited to participate," says Goldberg, now chief scientist at Zero Knowledge Systems Inc., a privacy-software firm in Montreal.

That's a pretty inflammatory statement, and apparently not far from being an outright lie. It was irresponsible (or possibly venal) of Ian Goldberg to make such a statement, and doubly so for WSJ's Jared Sandberg. As I said before, there is a matter for serious concern here, but the scaremongering from these people is not helping. The right thing to do would have been to alert the equipment manufacturers, discreetly, and let them decide how they want to alert their customers.

This Flawhoo story points to www.isaac.cs.berkeley.edu. Where they have appearanlty contrived a way/used the 802.11 standards to sniff on a 802.11 network. Pretty neat schtuff for all you NetworkAdmins who have put that into place already. no we can 0Wn3 j00.

if you look at the actual research page you'll get much more in-depth information about this, far more than the article.

The researchers say that all of the following are possible using off-the-shelf hardware:

• Passive attacks to decrypt traffic based on statistical
  analysis.
• Active attack to inject new traffic from unauthorized mobile
  stations, based on known plaintext.
• Active attacks to decrypt traffic, based on tricking the access point.
• Dictionary-building attack that, after analysis of about a day's
  worth of traffic, allows real-time automated decryption of all traffic.

It only takes 5 hours to collect enough information to mount a statistical attack! They also describe both passive and active attacks that are possible in some detail. This isnt something to shrug off - even a passive attack is potentially very damaging. And it's not exotic hardware - you can get a lot of mileage just out of your consumer hardware.

There's also a draft of the paper available from the research group.