Slashdot Mirror

Search for RealTimeIsUniversal.

http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html

Though, the registry setting is still not officially supported.

Using the network is a good way to monitor it: "The ability to route over the anonymous communication network, that anyone has, can be used to estimate the traffic load on specific Tor nodes accurately enough to perform traffic-analysis."

Why does Windows not run UTC on the CMOS clock? Doing so would solve all of this "The computer has changed the clock" twice a year. The clock wouldn't be changed, just synced every now and then, but the displayed time would automatically be adjusted. POSIX and MacOS does this correctly, and 99.99% of Mac users don't even realize their CMOS clock runs UTC. Changing Daylight Time would be updating a single file, even in a closed OS like windows.

I've heard all sorts of dumb reasons against running UTC on the CMOS, like "who cares about UTC, My time is local" and "why should I keep two different times on my computer".
But, the OS will hide the UTC from you, and besides, when was the last time you used the BIOS time as your clock?

Forcing UTC on the CMOS clock is surprising since WindowsNT has used UTC for all their internal time tracking for some time. But they *calculate* it from local time, which changes twice a year, _even though_ Windows uses NTP time servers. Doh. It's gotta be *the* dumbest backward compatibility "feature". See here: http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html

From a theoretical standpoint this is true, and actually even worse. Arrow's theorem shows that there might not be any transitive social ranking of alternatives out there. It isn't just that the order can be gamed, there might not be any way to aggregate people's preferences into a single ordering fairly (See http://en.wikipedia.org/wiki/Arrow's_theorem for a definition of "fairly"). On the other hand, voting cycles seem to be relatively uncommon in the real world when enough voters are involved (http://www.cup.cam.ac.uk/us/catalogue/catalogue.a sp?isbn=0521536669), so maybe this isn't a hopeless cause after all, at least for the top n results returned (I'm pretty sure that things get uglier as the number of results->infinity even in real data).

The answer they would give you to that is that, ideally, you won't have access to the hardware. Think of next-generation TPM computers as a titanium black box with internal sensors that detect anything attempting to access the inside and destroying the contents upon detection. Not to mention that the TPM chip itself will be hidden inside the CPU, which will have its own access controls. Check out the TCPA FAQ for details (rather old, but still relevant to the basic points).

BTW, I don't think this sort of paranoid computing will actually take off. I have a little more faith in the free market than that.

you won't be able to get to them without delaminating the IC -- which nobody but a chipmaker has the facilities to do.

This: Tamper Resistance - a Cautionary Note, is specifically about smartcards, but it has interesting examples of non-invasive and invasive chip analysis. Sample:

Functional tests with pay-TV and prepaid phone smartcards have shown that EEPROM content is not affected by hot nitric acid. No knowledge beyond school chemistry is necessary; the materials are easily available in any chemistry lab, and several undergraduate students have recently reported the successful application of this method on an Internet mailing list dedicated to amateur smartcard hacking. Fuming nitric acid is an aggressive oxidant and should be handled carefully (especially when using flammable liquids such as acetone), but it does not affect silicon, silicon oxide, silicon nitride, or gold as used on the chip and its contacts. The aluminium used in the metal layer of the chip is covered at once with a thin oxide layer and is also unaffected. Nitric acid is commonly used anyway to clean chip surfaces during manufacture.

In the UAE border-crossing deployment, nearly 2 trillion (2 million-million) iris comparisons have been performed to date, as all foreign nationals visiting the Emirates have their irises compared against all the IrisCodes (mathematical descriptions of registered iris patterns) stored in a central database. Some 40,000 persons have thereby been caught trying to re-enter the UAE with false travel documents since this deployment began. The Abu Dhabi Directorate of Police report that so far there have been no False Matches.

Each exchange is one challenge bit and one response bit, so the timing is accurate, but this is repeated many times to give a high assurance that the real card is present (128 in the prototype). See the draft paper for the details.

Here's the news: EULAs are bullshit. They always have been (except in a few benighted countries)... they were always meant to muddy the legal waters rather than enforce their ridiculous conditions.

Microsoft's dream has always been to enforce EULA restrictions by *technical *means. This means no need to deal with legal matters... want to change things, or enforce patently bullshit restrictions, then they just change them. This is why they started the TCPA, subsequently the TCG (Trusted Computing Group), and spent time designing their dream hardware along with the likes of IBM, Sun, HP etc etc: they call it Trusted Computing, and the hardware is a "TPM"... which will now be installed in every PC (and is already in the Apple Mac). The hardware gives Microsoft (and Apple) the ability to actually enforce the EULA by technical mans... read your EULA, read the specs, and criticisms, and be afraid.

The only way DRM could work is if the publisher controlled both the hardware and the software environment. Ever heard of Trusted Computing and the Fritz chip? The idea is that they goop up the board with epoxy and/or lock the keys into a tamper-resistant CPU. Any attempts to get them would destroy the hardware. Once they do this, it is within the realm of possibility that they'd have their dream DRM that could only be broken by the most well-funded labs, which, in the United States, would probably be very illegal.

Of course, here, we're getting into 1984 type stuff that people would never buy into. Right? Well... hopefully. Read the FAQ linked above if you haven't before; like everything else, they're selling this under the guise of "security", even though it has very little tangible benefit to the end user.

I am sure they considered the approach, but just saying it was due to "cost" doesn't even begin to describe it. Really, I don't think it would even be possible. Even a high resolution 10-foot wide plot of a digital chip looks like a jumbled mess. Those things are automatically synthesized and routed. I've seen them and it's not pretty -- even the designer probably couldn't find the key by looking at the layout. If you think you'll see anything useful with an electron microscope, you are deluding yourself.

The direct approach of decapping the MCPX southbridge ASIC was rejected be-cause this ASIC appears to be manufactured in a 0.13 process with perhaps 6 or 7 metal layers (gure 2). Extracting the bootblock from this ASIC would require a de-
layering facility and access to an electron microscope. While there are companies such as Chipworks that specialize in these kinds of services, it is a difcult, expensive, and time-consuming task

I fail to see the basis for your assumptions. There is no reason for anyone to crack satellite or cable receivers and not tell anyone about it.

I am sure they considered the approach, but just saying it was due to "cost" doesn't even begin to describe it. Really, I don't think it would even be possible. Even a high resolution 10-foot wide plot of a digital chip looks like a jumbled mess. Those things are automatically synthesized and routed. I've seen them and it's not pretty -- even the designer probably couldn't find the key by looking at the layout. If you think you'll see anything useful with an electron microscope, you are deluding yourself.

The direct approach of decapping the MCPX southbridge ASIC was rejected be-cause this ASIC appears to be manufactured in a 0.13 process with perhaps 6 or 7 metal layers (gure 2). Extracting the bootblock from this ASIC would require a de-
layering facility and access to an electron microscope. While there are companies such as Chipworks that specialize in these kinds of services, it is a difcult, expensive, and time-consuming task

I fail to see the basis for your assumptions. There is no reason for anyone to crack satellite or cable receivers and not tell anyone about it.

That should have said: Read this

However, in a few years, the Fritz chip may disappear inside the main processor - let's call it the `Hexium' - and things will get a lot harder. Really serious, well funded opponents will still be able to crack it. But it's likely to go on getting more difficult and expensive.

The operating system security kernel (the `Nexus') bridges the gap between the Fritz chip and the application security components (the `NCAs')... Finally, the Nexus works together with new `curtained memory' features in the CPU to stop any TC app from reading or writing another TC app's data. These new features are called `Lagrande Technology' (LT) for the Intel CPUs and `TrustZone' for the ARM.

Virtualisation does not save us from trusted computing - as the parent says, TCPA was designed with virtualisation in mind.

Every time a thread about DRM comes up, TCPA is mentioned, and a whole bunch of people get modded +5 Insightful for saying that they'll circumvent it using VMware or similar. But to do that, you have to make your own TCPA keys, which won't be signed by a trusted third party. Online services that require remote attestation will require you to use a key that has been signed in that way.

The key in your TCPA module will have been signed, but you can't get at that key by design. You can't use it to sign programs in your VM. That's the idea. They know that virtualisation is a hole. They are as smart as you.

However, perhaps we can get at the key in the TCPA module by getting the module to repeatedly sign something while monitoring its power consumption. This technique, differential power analysis, is apparently very hard to defeat. You can use it to get keys out of smart cards, given enough time: perhaps you can use it to get keys out of your own processor. The price of freedom in the future?

Get informed about TCPA here. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Right! You can build your own network of trust, using whatever keys you want. This is the good side of TCPA.

But TCPA includes "remote attestation", in which an online service is able to validate the state of your machine before, for example, sending you a DRM'ed music file. Now, that service could choose to trust the key you made yourself, but it doesn't have to. It will probably only trust keys that have been signed by the TCPA consortium. If you don't have one of those keys, you're not "trusted" - you could be using your own TC module with the intention of defeating the DRM.

The whole thing is really, really nasty. See http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html if you haven't already.

Most hard disks have for some years had a thin layer of similar material as the top layer above the magnetically active layer(s). In this application the diamond-like carbon's usefulness comes from a combination of several properties, primarily that it is very hard but at the same time presents a very low-friction surface. Diamond-like carbon comes in many different forms, but can inherit properties from both diamond (hardest material, high refractive index, high electrical resistance, massive thermal conductivity, etc) and graphite (very soft, good lubricant, metallic, non-transparent).

Dimanond like carbon covers a wide range of materials. Most have a disordered or "amorphous" structure in which the carbon atoms do not form - even locally - regular arrays (analogies are usually made to 'frozen liquid' or glass, neither of which are quite right but you get the flavour). These materials become more 'diamond like' as the proportion of carbon atoms which bond tetrahedrally to 4 other carbons (as in diamond) increases compared to the number of carbons that bond to 3 carbons (as in graphite). This is further complicated by the presence of hydrogen which encourages tetrahedral bonding but in other ways can make the material less diamond like (eg softer).

http://www-g.eng.cam.ac.uk/edm/research/carbon/car bon.html
http://en.wikipedia.org/wiki/Diamond-like_carbon

http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html

To tell Win2K that the hardware clock is UTC,
Set:
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInfo rmation\RealTimeIsUniversal

Assuming that the hardware clock is local time is plainly a bad idea, and this bug is
unfixed in all versions of Windows.

"2006-07-04: Various Microsoft Windows Vista beta testers have told me that this next-generation operating system still is not capable of running the CMOS clock in UTC. If you are a Microsoft Vista beta tester, please use the opportunity to report this problem to Microsoft. Urge them to at least fully support the RealTimeIsUniversal=1 registry setting that is already partially implemented."

The timezone should only affect clock display, not the machine behavior.

Yes there is!

> As for erasing solid state media, I'd feel perfectly safe
> simply overwriting it with zeroes, one time over.

For most purposes, this might be perfectly enough.

Certainly an "all-zero" overwrite is far better than a "all-one" overwrite (flash erase operation). But then again it also depends on the controller, because what ends up in the floating gates is what really counts.

See link (below) for some techniques to recover erased or overwritten flash memory. The basic idea is to measure the trapped charge in each cell with higher resolution than just 1/0. In other words: as analog voltage. Since you can't just connect a voltmeter to each gate, you have to trick the read-out circuitry to forward (reveal) this information to you. The document is about how this can be done with some popular chips.

At first these techniques seem to require very invasive access to the memory. But once working, many attacks can be vastly simplified (see TV card scene).

http://www.cl.cam.ac.uk/~sps32/DataRem_CHES2005.pd f

Regards,
Marc

This paper is actually a few months old. It was presented to the ACM in October and linked from Light Blue Touchpaper in September. Here is a link to the summary along with links to the actual paper and slides to Murdoch's talk:

http://www.lightbluetouchpaper.org/2006/09/04/hot- or-not-revealing-hidden-services-by-their-clock-sk ew/
http://www.cl.cam.ac.uk/~sjm217/#talk-ccc06hotorno t

I believe many of the mitigation techniques mentioned in previous comments have been discussed elsewhere and some of them do not work nearly as well as you would expect.

The article is very low on information on how he proposes to locate a computer.

The 1kHz clock driving the TCP timestamps in Linux is not NTP corrected. You should probably read his paper.

Actually, this is incorrect. Go back 3-4 years and read about Microsoft's "Palladium" effort, now called Trusted Computing. Here's a FAQ:
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

"The Trusted Computing Group (TCG) is an alliance of Microsoft, Intel, IBM, HP and AMD".

Microsoft has been leading the charge on the software side. It's a remarkable effort, and Apple as of yet has nothing like it. In Palladium, the hardware validates the OS before booting it, the OS can then validate programs such as media players (refusing to run third-party players), and the players validate the content. If fully turned on it will be very difficult to crack. It will also make programming essentially illegal, as some essays have pointed out.

It's like the nuclear bomb of computing. If they use it, they could control *everything*, but the backlash would also be huge. They potentially have big supporters - Hollywood, the Christian right (who could use it to eliminate porn), dictators, CEOs, etc. Read the bits about documents that can only be read by their target audience, and that refuse to open after a designated period.

I suspect that much of Microsoft's strategic thought over the past 5 years has been devoted to puzzling over how (far) to deploy this. If they don't go all the way (bios validates the OS, etc.), it will be easy to crack. If they do, will they be able to keep people from fleeing their now total control of the computing environment?

As for Apple, I don't know. If TC is a success Apple will be forced by Hollywood to adopt it (at best), or simply excluded from playing major media (a scenario that Microsoft has considered no doubt, though they're probably thinking more of killing Linux with this...). With Intel supplying the hardware, Apple is at least in a position to respond by implementing this if they need to.

But several facts make be believe that Apple does not actually want this:
1) They didn't implement the software side yet. They could have. Microsoft has.
2) The iTunes DRM, which is rather unrestrictive insofar as DRM goes. Plus, iTunes itself lets you RIP DRM-free Mp3s (or Mp4/aac or flac) from CDs, and you can put these mp3s on any non-Apple player you like (contrary to earlier assertions in this discussion).

Plus, why would they (Apple) want this? Microsoft has a lot to gain by preventing competing O/Ss from playing media. Apple (at this point) will only gain by getting more marketshare.

Why can't they use something akin to T9 on mobile phones or an interface similar to Dasher?
A virtual keyboard is easy to adapt to, but it's not the optimal input method considering the hardware.

Oops. I started writing a "thank you", but a search on the net shows that RealTimeIsUniversal might not be so great.

Look here; http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html

I'll quote;

2001-07-09: I got a reply from someone in Microsoft's Base Kernel Team who got interested in RealTimeIsUniversal and they had a look at the relevant parts of the NT kernel source code. The RealTimeIsUniversal flag is there (a leftover from the days when NT still ran on RISC machines with UTC RTCs), but its implementation seems now incomplete and it is currently not covered by Microsoft's documentation and regression test suite, therefore using it is not recommended at this time. A couple of potential RealTimeIsUniversal bugs have been identified over the past few days, there might be more. For instance, the kernel debugger assumes that the CMOS time is local time and will get the time wrong when RealTimeIsUniversal=1. There might be a similar problem in the code that resumes processing after the CPU was suspended or in the code that calculates DST change times. I hope they will look into fixing these problems, but they haven't made any promise yet that RealTimeIsUniversal=1 will be officially supported. In any case, it is unfortunately too late at this stage for a fix to get into the forthcoming Windows XP release. Perhaps RealTimeIsUniversal=1 can be established as the default for new platforms such as IA64 where there is no DOS-compatibility requirement, and then it would be fully supported again.

2006-07-04: Various Microsoft Windows Vista beta testers have told me that this next-generation operating system still is not capable of running the CMOS clock in UTC. If you are a Microsoft Vista beta tester, please use the opportunity to report this problem to Microsoft. Urge them to at least fully support the RealTimeIsUniversal=1 registry setting that is already partially implemented. (Vista beta program members can also view and vote on Aaron Kelley's feedback on this issue.)

2006-11-02: Microsoft and Novell announce broad collaboration on Windows and Linux interoperability and support - full support for RealTimeIsUniversal=1 would seem like something that ought to be high on their list ...

Again, it's not true that your old software "is worthless". Your old copy of Office 95 didn't stop working when Office 97, Office 2000 or Office XP came out. They didn't become worthless. You volunteered to stop using it.

Microsoft is a corporation that lives almost entirely on churn. Think about their cash flow, and where it comes from. Sales of new products is the bulk of their money, with a relative trickle from their professional services. Microsoft.com isn't a pay-as-you-go web site. They're not like IBM who licenses mainframe software on an annual basis. Your copy of XP stopped generating them revenue the moment after you bought it; you don't pay a subscription fee for it. Same with Office. Think about Word -- what features did they add to Word to make you need to buy the latest version? I promise you that "Now with advanced Tabs and Rulers!" isn't a slogan designed to drive Office fanbois into the stores.

Microsoft is somewhat afraid of the near future because their biggest cash cow, Office, doesn't require upgrades at the same rate as their operating systems do. The only reason I upgraded my home version of Office 97 was I needed to add Powerpoint, not because I needed "adjustable margins" or whatever they had added to Word in the previous 8 years. And that's why their long term plan is .net and Vista. With Trusted Computing, they'll be able to move you to a subscription model. Just think of it: an OS that can enforce licensing. No more selling Office licenses that are good forever. With no new features, they can "give" the software away, but cripple things like printing or saving unless you pay them per month, or even on a by-usage basis. Want to create a Powerpoint slideshow? That'll be $10, please. Now there's a revenue stream to bet your future on.

Eventually Microsoft will encourage people to not run unsigned code. "Ooo, it might contain a virus, don't run it or your Windows Warranty will be voided!" How much do you think Microsoft will charge to sign a copy of Open Office or Ghostscript? And do you honestly think they'd ever sign Exact Audio Copy? Hell, they'll probably put it in their "Pirate Tools" list of binaries that will never run.

• John Walker
  
• Ross Anderson
  
• FSF
  

Thank you, israeli researchers, but it seems you missed the 2003 paper of Cambridge, UK researchers, which describes exactly the same kind of attack:
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-560 .pdf

... argue based on freedom ...

and security.

I still find it a little surprising that any large non-US organization, particularly governments, run non-open software. It's basically just baring their throat to Uncle Sam and M$. A stupid thing to do, particularly when national security is involved.

Those billions that non-US organization might spend on military hardware and/or competing commercially could easily be hobbled if the US government or M$ decided to sniff, corrupt or shutdown the computers that the non-US organization thought they controlled. With history like ECHELON and SIGINT in general, and the US' general "we are powerful, therefore we must be right" attitude, it's not a leap to assume the US has covert operations going on. This is just too easy and too cheap.

Even if the M$ didn't want to cooperate the US government could force them secretly to do so. M$ being a good US corporate citizen they'd probably be happy to cooperate though.

It would not surprise me if this is one of the drivers for TC, making sure the "owner" of the PC doesn't actually have control, even theoretically. The proliferation of botnets and viruses would be convenient cover too.

You can be damn sure that in the name of anti-terrorism and/or anti-pedophilia the US government and M$ have a deniable backdoor in every network connected M$Windows computer on earth. Possibly in the common Linux distributions that are not third party audited too.

They probably don't use the back door much because of the danger of being network sniffed but encrypted and embedded in Microsoft Update on selected PC's there'd be no problem. How sure are you that your computer isn't phoning home with everything you type?

---

Open source software is everything that closed source software is. Plus the source is available.

There is also the sticky issue of enforcing that liability, tracking who opened up their computer. And to be fair, you would have to go up the chain as well, and make software companies legally responsible. And who would take responsibility for linux?

You don't seem to understand. There won't BE any Linux if this TCPA thing comes off. If you want to interact with services and applications in the TCPA ecosystem, you'll have to run a fully trusted software stack. That means your kernel, your libraries and your applications must all be signed by an authority that the service or application trusts. You can't modify or even recompile your kernel or programs - that will break the digital signature. In this environment, you have to deliberately choose to live as an electronic hermit, outside the ecosystem, if you want to run Linux.

How can you not understand why this is bad? TCPA is *designed* to lock you in to "trusted" software.. trusted not by you, but by the corporation that developed it. It is *designed* to prevent interoperability between applications. Does that really sound good? Corporations win, little guy loses?

I wonder if your employer has fed you some lies about TCPA? Please listen to Stallman, and at least recognise the nature of the threat.

See also: http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Giving a "this site is blocked" message would allow people to put together parts of the censorship list, which is supposed to be secret. So they don't do it. On the other hand, this (warning: pdf) claims to describe how the system works, including a vulnerability which would allow the list of blocked sites to be discovered.

This was linked into the most recent thread at thedailywtf, and having just now finished reading it, it obviously deserves to be linked here as well to increase your own morning "gotta read this" time: unix horror stories

And never forget to mount your scratch monkey...

1) http://www.firstscience.com/site/articles/gribbin. asp/ There's plenty more with a quick google. Ignorance does not mean actual absence of data.

2) Localized data set for a global climate model. Not relevant.

3) Your point that the water problem can be solved by engineering is irrelevant to the discussion at hand. Though the original point itself has the problem of using a local datapoint to support a global climate event.

4) I'd say as well that no one said we'd have crop failures now. Give it another 50 years or so. Though deadly heat waves were rampant across the world last year.

5) No one said that local climates are directly to global trends. Not only that, but no paper argued that there'd be a linear increase in hurricane strength in the Golf of Mexico.

6) http://news.nationalgeographic.com/news/2003/03/03 25_030325_belizereefs.html/ Google for Coral Bleaching if you want to find out more what causes coral reefs to die. And no, contrary to your whishful thinking, it isn't divers that cause it.

7) In the same article you listed, there's this little quote. "Finally, Joughin says that two nearby West Antarctic glaciers are thinning rapidly, so the trend cannot be extended across the continent." It's at the end of the article, so I can understand why you didn't see it. Just for kicks, from the same site, here's another link: http://www.newscientist.com/article.ns?id=dn6962/ Just google for Antarctic Ice sheet for more of the same.

8) Now you're either plain lying, or deliberately ignoring facts. In the 60s, the Ozone layer was fine. For the data, see here: http://www.atm.ch.cam.ac.uk/tour/part2.html/. Or just google for Ozone layer Antarctic.

I'm glad that people who deny Global Climate Change have such lousy arguments. It means there's plenty of money to be made from them once real issues hit.

Perhaps you should read what a TCB is.

In the TCB concept, all security mechanisms (including hardware) should be trusted and easily auditable. TCB != Trusted OS AND != TC.

this is actualy almost pure bull!

The proof

It is actualy a realyl interesting page to read, it is mostly just one person who came across the meme (as it really is just an internet meme) and did a little bit of rscreeah (research) into it.

sad aint it....

Wow, figures. I actually used TFA for my Cambridge application -- nice to see it appearing on /. albeit slightly later than I expected. Really though, Cambridges Computer Science Lab (funded by our friend Bill Gates, among others) is doing some amazing things. Check out their website at http://www.cl.cam.ac.uk/.

• Smalltalk - The original OO language and programming environment
• • The Smalltalk Portal
  • For a bit Free of fun and games
  • Gratis Very Fast - Recommended
  • Gratis non-commercial version of the top-shelf product
  • The online Smalltalk library - gratis
• Ruby - OO in a sane file oriented environment
• • The Ruby Portal
  • Buy the best of the books. Only $25 for a pdf download.
  • The gratis first edition as a WWW site
• SQL - You'll need to store your data somehow
• • PostgreSQL - The Free Relational Database off the top-shelf
  • MySQL - The fast, and most popular, one for Web use
  • Gratis book - PostgreSQL Introduction and Concepts as a WWW site
• C and C++ - Get these downloadable books FAQ & Tutorial.
• • The New C Standard - A huge well written book
  • comp.lang.c FAQ'
  • My own modest contribution

An 18 page article by Karen Spark-Jones at http://www.cl.cam.ac.uk/~ksj21/securksj3a.pdf might be worth looking at jamesM(j . a. mal colm at herts dot ac . uk)

I would think that a specific motion (think: jiggle) would be more appropriate for a non-clicking interface. Time spent at a location would vary, but imagine if the "click" action was a quick jiggle perpendicular to the current motion. As you move left to right on the screen, when you wanted to "click", you jiggled the mouse in an up/down fashion. Granted, RSI and all would probably go up significantly, but it would be more responsive than timing a pause.

As an aside, Dasher (http://www.inference.phy.cam.ac.uk/dasher/) was an interesting non-clicking method for entering text. I can't view the web site due to the Slashdot effect.

Layne

Spoilerish... (outdated version, though) http://www.statslab.cam.ac.uk/~eva/nethack/ways_to _die.html Also, thinking about my own stuff, I especially liked 'killed by elementary chemistry'. Never add water to acid, people, always the other way around...

...before they can claim it's the smallest - this puts it to shame.

(Yes, it's holding a ball 65um across)

For more info read the section on Cambridge University Engineering department's photo competition page

...before they can claim it's the smallest - this puts it to shame.

(Yes, it's holding a ball 65um across)

For more info read the section on Cambridge University Engineering department's photo competition page

In what way are time zones ridiculous? We could have one time zone for the whole world but I can't help thinking that would be more confusing.

DST? Well it certainly makes sense where I live which is in the Midlands of England, but I'm quite willing to accept that it makes less sense elsewhere.

As for going metric, start with something positive - moving to a more useful paper format (see http://www.cl.cam.ac.uk/~mgk25/iso-paper.html ). It's immediately useful to everyone in the US and once "Letter" is no longer the default paper size on printers/software the rest of the world will rejoice as well. As far as everything else goes, keep it. I'm quite happy knowing my height and weight in feet and stones respectively and much prefer miles to kilometres.

Cam.ac.uk has also proposed blocking "high numbered ports" details: http://www.cam.ac.uk/cs/netdiv/portblocking.html - from the document: 'It is likely that the blocking will affect activities such as P2P communications', my experience suggests it affects features such as video calling and file transfer in instant messanger applications. Where the University is a domestic ISP with a monopoly for many students and some staff, many of whom prefer to communicate with friends and family online rather than using expensive phones this is a particular problem.

Cam.ac.uk has also proposed blocking "high numbered ports" details: http://www.cam.ac.uk/cs/netdiv/portblocking.html - from the document: 'It is likely that the blocking will affect activities such as P2P communications', my experience suggests it affects features such as video calling and file transfer in instant messanger applications. Where the University is a domestic ISP with a monopoly for many students and some staff, many of whom prefer to communicate with friends and family online rather than using expensive phones this is a particular problem.

Alas TripOS isn't (and wasn't) open source, merely "source available/limited distribution".

TripOS's role within AmigaOS was always a little strange and overblown by some people. (Most of) DOS, which dos.library interfaced with, and the CLI and its commands were essentially the whole of it. The kernel (exec) and pretty much everything to do with graphics and the GUI were a separate system. By the time of the release of AmigaOS 2.x, most of the code had been thrown out in favour of C equivalents.

And just so you don't think you're safe just because you're IMing over an SSL port, with the proper sensor (a Hamamatsu H6780-01 photosensor module) the same telescope can be used to spy on your screen just by detecting the reflected light from your monitor. Markus Kuhn wrote this paper (read section 6) about just such an attack.

Is anyone in a position to compare this book to the folowing?

http://www.cl.cam.ac.uk/~rja14/book.html