Slashdot Mirror

You only need machines with 32-48 MB system memory for LTSP, machines with 4-8 MB are a bit stuck although they could be purposed with SVGALIB VNCviewer or SVGALIB rdesktop. It should be possible to acquire suitable machines for under $100 used, or $150 new.

To minimize the hardware needed and improve administration you might want to try running Edubuntu (a Linux terminal server specialised for education) diskless, and use a directory to store all account information in. There is a directory server project dedicated for small Linux terminal server environments to act as a boot manager for LTSP clients and servers, and account store for users. Team this up with m0n0wall and FreeNAS and you have a complete solution.

Hate to reply to myself as a general rule, but I thought a little searching would pay off.

Here is a movie from Rolls Royce, not exactly the same, but it's nice.

I disagree, others are being encouraged to do the same seeing the success of Rutan. Take the press release the other day of the Cambridge University students who have just used a ballon to take pictures of the earth from 32Km for £1000 (approx $1879). Now this doesn't sound like very much and in the grand scheme of things it isn't but its their long term goals are which are important. The project intends in future launches to use ballons to push that first 30Km with a rocket then taking over to take the payload to the 100Km mark and potentially higher at a fraction of the cost. Although NASA have attempted things like this before it will be interesting to see how they do.

Then perhaps you can explain why the hardware manufacturers are going along with it.

It is possible to encrypt something to keep it from its recipient. When every single program on your computer is encrypted, and people need licenses to write programs or own recording devices, how are you planning on defeating that encryption?

You are quite correct, but there is much more to say. Security commonly fails because of economic issues - this has become an area of academic interest in recent years - for example Ross Anderson, whose paper kicked off a lot of research into this area. BTW, his book is now also online, an excellent read.

You are quite correct, but there is much more to say. Security commonly fails because of economic issues - this has become an area of academic interest in recent years - for example Ross Anderson, whose paper kicked off a lot of research into this area. BTW, his book is now also online, an excellent read.

Well if you're going for a sort of academic career, then the next "level" I would think would be this sort of apprenticeship. Which would be pretty cool considering there are many people capable of getting a doctorate, but only one such opportunity to work for Stephen Hawking. I imagine that if you could land that job then your resume would only need one sentence. "Stephen Hawking picked ME to work for him".

Not really. It's not an academic job - it doesn't even mention a science degree. It's practical assistance he needs, not intellectual assistance. Maybe someone would be swayed by the fact that you worked for Hawking - more likely they will be interested in your PhD subject and what papers you have written.

If you want *that* kind of kudos, you have to apply for a PhD with DAMPT in Cambridge and try to persuade him to take you as a PhD student (good luck with that, he doesn't take many). Best if you get a distinction in Part III of the Mathematics Tripos first.

Here is the link to the job listing. http://www.admin.cam.ac.uk/offices/personnel/jobs/ vacancies.cgi?job=670

Actually, Ross Anderson was the first infosec/crypto dude to channel Akerlof, in section 5 of this paper.

No, i'm not thinking of j, I said i, like in math. Not j, like in electrical engineering. Because i was already used for current.

Where I come from, Capital I is used for current. However, i and j are the unit vectors on the x and y axes respectively. And the complex plane looks like an xy plane with the real axis on x and the imaginary one on y. So the vector j is basically the imaginary unit.

In fact, the connection between the 2-dimensional geometry and complex algebra is formally shown in Geometric Algebra. It does make it a little more complicated, but then again you get to generalize all the goodies of complex analysis into n dimensions.

wget -r http://www.cl.cam.ac.uk/~rja14/book.html

Upto "SE-25.pdf" covers the 25 chapters of the book.
Try the links later.

I'm surprised you didn't mention the 1973 Physics Nobel Laureate, Brian Josephson, discoverer of the Josephson Effect and director of the Mind-Matter Unification Project. Have a look at his home page. He's also a very vocal and articulate critic of the scientific community's treatment of such `crackpot' topics as homeopathy and cold fusion.

Personally, I side with the view that extraordinary claims require extraordinary proof, but I think we need figures such as Josephson to keep us on our toes.

While secret sharing is cool, one of its primary drawbacks is that it's usually built using asymmetric crypto (as in, based on number theoretic assumptions and the like). That means it's potentially quite slow. Ross Anderson wrote a paper on a cool alternative which uses only symmetric primitives to achieve the same result. (In fact, he's able to build a lot of different things by combining symmetric primitives in the right way.)

While secret sharing is cool, one of its primary drawbacks is that it's usually built using asymmetric crypto (as in, based on number theoretic assumptions and the like). That means it's potentially quite slow. Ross Anderson wrote a paper on a cool alternative which uses only symmetric primitives to achieve the same result. (In fact, he's able to build a lot of different things by combining symmetric primitives in the right way.)

Ross Anderson of the Computer Security Group at Cambridge University wrote a paper called the Eternity Service. It has had a few different attempts at implementation, as well as some reworks in terms of design. The primary difference is in the Eternity Service - you had no idea what data you had, nor did you have access to the keys. This new concept/design seems to provide more control/granualirity for the user. Given the new proposed encryption laws in the UK, I'm not sure this is a good idea.

Ross Anderson of the Computer Security Group at Cambridge University wrote a paper called the Eternity Service. It has had a few different attempts at implementation, as well as some reworks in terms of design. The primary difference is in the Eternity Service - you had no idea what data you had, nor did you have access to the keys. This new concept/design seems to provide more control/granualirity for the user. Given the new proposed encryption laws in the UK, I'm not sure this is a good idea.

There were some of them in EDSAC back in 1949.

From reminiscences:

Gordon at this time was working on a memory bank for EDSAC, which was several tubes about 6ft long 1" diameter 1/8" wall, filled with mercury and a crystal at each end. (What would health and safety say now to the mercury globules in the floorboards?)

There were some of them in EDSAC back in 1949.

From reminiscences:

Gordon at this time was working on a memory bank for EDSAC, which was several tubes about 6ft long 1" diameter 1/8" wall, filled with mercury and a crystal at each end. (What would health and safety say now to the mercury globules in the floorboards?)

No, I'm serious: Before the coffee pot, a typical web page was

• a list of my cats
• a list of my favorite bands
• a list of my favorite links to other cat/bank/link web sites

The coffee pot was an a-ha! moment. It made Jenny-cam possible.

...The second problem is that this is illegal in the US under the DMCA.

How so? What content's protection is being bypassed?

The Digital Millennium Copyright Act (DMCA) is a United States copyright law which criminalizes production and dissemination of technology that can circumvent measures taken to protect copyright, not merely infringement of copyright itself, and heightens the penalties for copyright infringement on the Internet.

15. Can't TC be broken?

The early versions will be vulnerable to anyone with the tools and patience to crack the hardware (e.g., get clear data on the bus between the CPU and the Fritz chip). However, in a few years, the Fritz chip may disappear inside the main processor - let's call it the `Hexium' - and things will get a lot harder. Really serious, well funded opponents will still be able to crack it. But it's likely to go on getting more difficult and expensive.

Also, in many countries, cracking Fritz will be illegal. In the USA the Digital Millennium Copyright Act already does this, ...

Also, in many products, compatibility control is already being mixed quite deliberately with copyright control. The Sony Playstation's authentication chips also contain the encryption algorithm for DVD, so that reverse engineers can be accused of circumventing a copyright protection mechanism and hounded under the Digital Millennium Copyright Act. The situation is likely to be messy - and that will favour large firms with big legal budgets.

Naturally, as with all Intel-based Macs, it will contain a special chip to implement DRM in hardware (remember the so-called Fritz chip that was proposed a few years ago.). See here for the proof, and here for some detail on the level of control that this "hobble" gives to Apple over your crippled machine.

You could think of it as an anti-piracy chip -- but that would be underestimating just how abusive the hardware is. Essentially, the chip allows Apple to verify that you are running software of which they approve, and to encrypt their code so that you cannot find out what your machine is going... as a bonus, it allows Apple to take Free software a "lock" it... preventing any modification that can still be used. This combination of features also has severe privacy issues -- not only does it allows for secret code, but also the secure identification of the machine (each chip has a unique serial number).

Face it: they sold you a brain-damaged machine. One that was actually designed to be defective and work against you.

Inflation
There's a book, too.

A cheap web cam: http://insidecomputer.stores.yahoo.net/usbwebcamwe p.html $7
This book: http://www.nerdbooks.com/item.php?id=1852336668 $45
GCC compiler: http://gcc.gnu.org/ $0
A lot of time: http://www.time.org/ $0
----------------------
$52 + tax, shipping, etc.

And there you go.

Or just go here: http://www.it4tomorrow.de/shop/index.php?lang=ENG& list=KAT14
Or read this: http://www.sciencedaily.com/releases/2006/04/06040 4091149.htm
Which will lead you here: http://www.cogain.org/
Which will lead you here: http://www.inference.phy.cam.ac.uk/dasher/developm ent/

Now, from there, I'm stuck. I can't find any more information on the OWL. But it was invented in 1987 and could be mass produced for around $10 (according to the link), so I see potential there.

Layne

It is easy to process in a substring and if the filename contains it, it always can be sorted correctly. Just pure simplicity.

Description of the international standard date and time notation (ISO 8601):
http://www.cl.cam.ac.uk/~mgk25/iso-time.html

Although I have been taught to use dd/mm/yyyy, I tend to use the standard yyyy-mm-dd whenever possible, especially in discussions with people coming from other countries because this standard date format is less ambiguous.

See also the List of date and time formats used in various countries. You will see that many countries use dd/mm/yyyy, while USA, Canada and parts of Asia use mm-dd-yyyy and several countries from Eastern Europe have adopted the ISO standard yyyy-mm-dd.

Disclaimer: In addition to being opinionated, I've used Xen and VMware in an attempt to deploy an ISP hosting environment.

Actually, the guest OS can very much benefit from being cooperatively virtualized.

A lot of realtime code is run along side the kernel under a rudimentary hypervisor (Google for nanokernels, Adeos and RTLinux do this sort of thing). In this very important case, it is usually quite a pain to require the OS to have to implement the infrastructure to support emulated devices when it could be using a hypercall infrastructure like Xen. The real potential isn't the gigabyte-sized general-purpose OS guests, it's the 40 kilobyte realtime handlers.

If you're running VMware to run some Windows terminals under a beefy Linux box, that's great. It's an important use case.

However, in addition to this, Xen caters to situations with tiny realtime handlers running along side the a larger interface OS. Little dedicated systems controlling things like Avionics, X-ray equipment, or tracking systems. Xen is an architecture for revolutionary new systems. VMware is a crutch to prop up existing systems, and VMI is designed to efficiently implement that crutch. I don't want to take away people's crutches, I just don't want to impede the revolution.

In my case, specifically, the combination of Xen, a SAN, and CLVM has been consistently less trouble, less management, and higher performance than anything we achieved with VMware. Considering my development partner is a VMware dealer, you can bet that we exhausted their possibilities before diving into Xen. The Xen architecture has simply been better for my purposes.

If you desire to have any real understanding of the issues, take a look at the VMI spec and then the Xen Hypercall docs. Note the proliferation of x86 instructions and constructs in the former and the clean implementation of abstract interfaces in the latter.

VMware is designed to do literal translation of instructions that are pretty much architecture specific. This is because that is how they virtualize--by instruction trapping and translation. The VMI is effectively defined in terms of fencing off x86 specific instructions, memory management, and certain IO. The idea is that everything "dangerous" is trapped and emulated.

The Xen hypercall interface, on the other hand, is much clearer and targeted at actually developing towards it somewhere above a machine code level. Rather than just providing mitigation for basic instructions and processor architecture, Xen provides an hypercall layer and abstractions of pagetable maps / IO that are not nearly as architecture specific. In Xen, a single priviledged domain is allowed to do the dangerous stuff (think kernel-space / user-space split) and an efficient, set of interfaces is used to selectively provide those services to the subdomains.

Of course XenSource and VMware can't agree. VMware doesn't want to have to use abstractions when their selling point is sandboxing binaries. XenSource doesn't want to compromise a good architecture for hardware partitioning just so that a commerical vendor (with sharing issues) can implement a simple meat grinder to churn native code into sandboxed code backed by their clever emulated hardware devices.

Silly Historical Note: If you have enough history under your belt, the VMI might remind you of the architecture behind the Windows NT compatability layer to run NT code on the DEC Alpha processor. The Xen Hypercall system will likely remind you of the architecture of the kernel-space / user-space split among Unixes. If you recognize these, I'm sure you remember which one was a solid, successful product and which one was a buggy source of enterprise-level headaches.

Combining biometrics makes identification less accurate. Using both face recognition and a finger print scan would be less accurate than using either alone. For a source, see John Daugman's webpage. He is the one who invented the algorithm that modern iris scanners use.

Anyway, methinks some investors are being taken for a ride here.

...depends entirely on what they do with it, doesn't it?

"If all Iran does with their nuclear program is produce electricity..."

"If all the government does with subcutaneous RFID chips is to track down criminals..."

No, it doesn't depend on the intent of the user - evil technology is evil in anyones hands, and Apple is only marginally less evil then your typical corporation. Just because Apple IS GOD doesn't alter the facts of Trusted Computing which you conveniently want to ignore.

BZZZT wrong... with a Linux based software stack, you should be able to sign your own code and thus ensure only code you've signed and code signed by others YOU trust can be run...

Signing your own code is not what he's talking about. Signed, and encrypted, code downloaded to run on your machine from elsewhere and how it is used is totally at the mercy of what vendors stipulate can be done with it. If they want an effective way of timebombing software because you haven't paid up then they have the framework to do that. If they want to break data protection laws and start communicating usage statistics and other sordid details, encrypted and safe from prying eyes, then they now have a means for doing that. It also means that it is almost certainly going to be nigh on impossible to switch to a competing vendor's products.

Some people seemingly have no idea what the trust in Trusted Computing actually means. What it means is that external people and organisations, particularly software vendors, content companies etc. have a way for them to trust my computer or equipment. Whether I can trust the computer or electronic equipment I own, and what software run on there actually does, is an entirely different matter. It's a fundamental shift in the idea of how computers work that will probably end in anarchy and chaos.

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Here is a good FAQ on the subject. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

2. What does TC do, in ordinary English?

TC provides a computing platform on which you can't tamper with the application software, and where these applications can communicate securely with their authors and with each other. The original motivation was digital rights management (DRM): Disney will be able to sell you DVDs that will decrypt and run on a TC platform, but which you won't be able to copy. The music industry will be able to sell you music downloads that you won't be able to swap. They will be able to sell you CDs that you'll only be able to play three times, or only on your birthday. All sorts of new marketing possibilities will open up.

TC will also make it much harder for you to run unlicensed software. In the first version of TC, pirate software could be detected and deleted remotely. Since then, Microsoft has sometimes denied that it intended TC to do this, but at WEIS 2003 a senior Microsoft manager refused to deny that fighting piracy was a goal: `Helping people to run stolen software just isn't our aim in life', he said. The mechanisms now proposed are more subtle, though. TC will protect application software registration mechanisms, so that unlicensed software will be locked out of the new ecology. Furthermore, TC apps will work better with other TC apps, so people will get less value from old non-TC apps (including pirate apps). Also, some TC apps may reject data from old apps whose serial numbers have been blacklisted. If Microsoft believes that your copy of Office is a pirate copy, and your local government moves to TC, then the documents you file with them may be unreadable. TC will also make it easier for people to rent software rather than buy it; and if you stop paying the rent, then not only does the software stop working but so may the files it created. So if you stop paying for upgrades to Media Player, you may lose access to all the songs you bought using it.

For years, Bill Gates has dreamed of finding a way to make the Chinese pay for software: TC looks like being the answer to his prayer.

There are many other possibilities. Governments will be able to arrange things so that all Word documents created on civil servants' PCs are `born classified' and can't be leaked electronically to journalists. Auction sites might insist that you use trusted proxy software for bidding, so that you can't bid tactically at the auction. Cheating at computer games could be made more difficult.

There are some gotchas too. For example, TC can support remote censorship. In its simplest form, applications may be designed to delete pirated music under remote control. For example, if a protected song is extracted from a hacked TC platform and made available on the web as an MP3 file, then TC-compliant media player software may detect it using a watermark, report it, and be instructed remotely to delete it (as well as all other material that came through that platform). This business model, called traitor tracing, has been researched extensively by Microsoft (and others). In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present). So someone who wri

Keep the first/last letters of every word the same, but jumble the letters in between. You have seen this site, haven't you? ;)

This is hilarious! My coworker and I just sat here laughing and coming up with other great ideas for having fun with hijackers' browsing experience:

-Occasionaly replace images with random google-image-searched images
-Translate any text on a web page on the fly into some very English-like language but different enough to make the pages impossible to understand
-Translate text on the fly into languages with non-arabic characters
-The obligatory replacing all images with random porn images
-Keep the first/last letters of every word the same, but jumble the letters in between. You have seen this site, haven't you? ;)
-Invert the colors of all images on the web pages
-Convert all graphics to grayscale, or 16-color

etc. etc.

The possibilities are obviously pretty extensive... I think after hearing about this I'll be a little more careful with my usage of other peoples' wireless networks! ;)

Microsoft has every incentive (beyond simple finance) to force everyone onto Vista. Vista, when combined with a Trusted Computing TPM chip (which many machines, and soon all machine, have these days), will put Microsoft in total control of the hardware of your machine -- perhaps not the first version of Vista, but this kind of control is only a software update away. The other pieces are already in place.

It will be Microsoft who dictates *completely* what drivers you can and cannot run, since they will be able to use the Trusted Computing hardware to remotely test whether you hardware/software has been modified in any way they do not approve of. In fact, Microsoft will be able to anything they want, and you will never know because it all happens behind the walls of hardware encryption.

So not only will you, the user, be Bill's bitch, but device makers will be totally locked in (even more so than present). The driver signing business could now (when Vista) is released be enforced, rather than just being a minor annoyance for developers/users.

Apple annouces that it's all its Intel Macs have Treacherous Computing chips in them. So Apple could use "Remote attestation" to tell whether you have modified your hardware or software, or whether you are running "approved" software or not, and if not, their servers refuse to talk to you. Wasn't that nice of them? Big Brother chip and hardware DRM. All it needs is a simple software update to enable all this.

Apple fans rejoice. The boy-god Jobs has removed temptation from you. You can sit back and relax, safe in the knowledge that all the nasty choices have been removed.

It should be noted, since no one else seems to have brought up the point, but Xen was originally partly funded by Microsoft. The original history of Xen had it running on both Red Hat Linux and Windows XP. IIRC They used the Shared Source program available to educators to access the source and at the time XP was enabled as a Xen hypervisor client, I don't believe it could act as the hypervisor at the time though.

I quote from the xen development website: A port of Windows XP was developed for an earlier version of Xen, but is not available for release due to licence restrictions.

It seems like the logical direction of Xen's progression.

From the creator of Xen's website "A port of Windows XP was developed for an earlier version of Xen, but is not available for release due to licence restrictions"

http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ind ex.html

The only thing standing in the way of Xen's running Microsoft's products is Microsoft.

Professor Brian Josephson.

Here is an unformatted link to his webpage at the University of Cambridge. http://www.tcm.phy.cam.ac.uk/~bdj10/

Are there any OSS virtualization software suites in development right now (besides Wine)?

WINE is not virtualization software. WINE is more of a hack that maps API calls. If you are looking for OSS virtualization software, check out XEN aka The XEN Hypervisor. It works great. Xen is the reason that VMWARE and Virtual PC are now free. Xen smokes both VMWARE and Virtual PC in terms of performance.

This appliance, setup in 1991, predates the www. It was networked so that users could check if coffee was available without walking to the machine.

http://www.cl.cam.ac.uk/coffee/coffee.html

Dasher is, albeit still in development, a very promising input tool for people with disabilities of varying degree, from Carpal Tunnel Syndrome to Quadraplegy (it has already been used to type complete BSc thesises), and it promises to soon provide a speedup in typing speed even for normal users. Check it out.

No, I'm not affiliated with the project in any way, I only had my nose poked at it by a friend. And I must say, it's impressive. And it is FOSS.

Some of the simplest solutions are the best.

Xen is a nice hypervisor, but nothing else. They have nothing like VMotion, or even snapshots.

Are you sure about that?

Linux & UNIX based virtualization has always been far superior to that of Windows. Superior is probably an understatement though, more like exponentially better.

Just check into

OpenVZ http://openvz.org/
FreeBSD Jails http://en.wikipedia.org/wiki/FreeBSD_Jail
Solaris zones http://www.opensolaris.org/os/community/zones/faq/
Xen http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

and the list goes on. So much better on *nix. Of course, I think that is somehow related to the fact you can run a *nix box via CLI, bare minimum of functionality, the likes of which it even the best Windows gurus cannot get close to (though Mark Russinovich and Bryce Cogswell do rox)

What is funny, is so many of us are ignorant of virtualization's roots in IBM mainframes. Big Blue was so far ahead of the times, it is like omg. BTW, I love Wikipedia. I've been preparing a presentation on virtualization the last few days, and Wikipedia makes it so easy!

For example, IBM cannot currently migrate a running LPAR. In the next iteration of their technology they say they will be able to do that, but not now.

Currently, there is no support for providing automatic remote access to filesystems stored on local disk when a domain is migrated. Administrators should choose an appropriate storage solution (i.e. SAN, NAS, etc.) to ensure that domain filesystems are also available on their destination node. GNBD is a good method for exporting a volume from one machine to another. iSCSI can do a similar job, but is more complex to set up.

It appears the link to the source is missing - I first read about it last week on Schneiers blog, linking ot the original blog post found here:

    http://www.lightbluetouchpaper.org/2006/06/27/igno ring-the-great-firewall-of-china/

And for all the details, the paper to be presented is here:

    http://www.cl.cam.ac.uk/~rnc1/ignoring.pdf

I think the interesting thing is that by configuring our end to ignore the invalid resets from the Great Firewall of China we can aid the distribution of otherwise censored material.

DDoS attacks against the GFC seems not to be that easy, as the article mentions the GFC is not one giant router at the backbone, but rather smaller machines closer to the end stations - the firewall is distributed accross an unknown number of gateways.

Apple is also shipping all their Intel-based Macs crippled with Trusted Computing hardware DRM... essentially, a Big Brother chip.. As with all the companies sneakily trying to get this nastiness into their product lines, they desperately don't want to talk about it. Apple fans, naturally, don't want to either.

Make them.

No; the best part is going from basic functionality to Killer System without investing any more money in software. Electronics simulation? Virtualization? Bioinformatics? Come on in, the water's fine.

Que jokes about British Government instead. 1. The database is already out there under the name "CleanFeed" invented by BT a while back. 2. The government has badgered a large proportion of UK ISPs to use it by now regardless of their relationship with BT. That includes ones with their own DSL networks based on unbundling and most of the ones which buy BT DSL wholesale. 3. The implementation as mandated amidst other things allows transparent redirect to other URLs which whoever "controls" clean feed can supply if need be. Now the obvious 2 million pound question question is what exactly prevents Antonio Bliar and his liar cronies from feeding URLs into the database which redirect people from sites that go against their liking. The database is already there, operational and defective as well: http://www.cl.cam.ac.uk/~rnc1/. Move along people, nothing to see. Business as usual.