Slashdot Mirror

Hmm, you can die of strangulation in Nethack if you wear the wrong amulet ... Apparently you can also die of suffocation --- not sure what triggers this... Squeezed to death by a ; maybe?

I don't know about anyone else, and it could just be cos I go to a rather high-pressure university, but I'm completely drained by the end of term. I'm about to hit 4 or so weeks of holiday and will need every last one for a) rest and recuperation, b) catching up on work and c) getting ready for the next term's worth of stress in the form of exam season.

I get your point, and I think it's an interesting one. But be careful about encouraging students to move quickly into the world of work for the sake of it. It is perfectly possible to burn out at this age.

It is not as easy as it sounds, although recent advances in virtualization at the OS level and service level is going to make it a lot more interesting if not easier.

Of course, such a system would have undesirable uses as well, DRM and the like...
From the TC faq:
"unless your system administrator configures your machine in such a way that TC is mandatory, you can always turn it off. You can then run your PC as before, and use insecure applications.

There is one small problem, though. If you turn TC off, Fritz won't hand out the keys you need to decrypt your files and run your bank account. Your TC-enabled apps won't work as well, or maybe at all. It will be like switching from Windows to Linux nowadays; you may have more freedom, but end up having less choice. If the TC apps are more attractive to most people, or are more profitable to the app vendors, you may end up simply having to use them - just as many people have to use Microsoft Word because all their friends and colleagues send them documents in Microsoft Word. By 2008, you may find that the costs of turning TC off are simply intolerable. "

See the Trusted Computing FAQ for the many reasons why this is a bad idea and why lock-in will in fact be a result, despite IBM's claims to the contrary. Written by Ross Anderson, Professor of Security Engineering at the UK's leading univeristy, this article is an excellent primer.

Here is what the opponents of Trusted Computing have to say.

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

this: http://www.gentoo.org/news/20050202-trustedgentoo. xml and, linked from there, this:

http://www.research.ibm.com/gsal/tcpa/tcpa_rebutta l.pdf

Just been poring over the new RPM versions...

I see FC4 includes MySQL 4.1.10 a nice wee jump up from 3.23. Apparently RedHat are now happy with the MySQL licensing terms.

It has Eclipse 3.1, dovecot, bash 3 (with debugger), Tomcat 5 (but only 5.0, not the declared stable 5.5.7), Xen 2. And that is about all that caught my eye.

Having just been recompiling the RHEL4 sources I'm struck by how similar the versions all are. I'm presuming that rhel4 split off fc4 or vice versa a month or two back. I'd be curious how/if they co-ordinate all the patches and source code between the two different brands.

--
FC3 (now!) and RHEL4-based (soon!) VPSs

You really have to think about changing your dentist. I mean like change it today.

I tried out their matlab code and put a few example colourings on my web page, for the interested:

http://www.inference.phy.cam.ac.uk/cjb/

How about reading http://www.cl.cam.ac.uk/Research/SRG/netos/xen/, as linked in the article, first and second paragraphs?

Xen is going to be a much better performer than UML. However, if you need maximum performance and are OK with running only one operating system (Linux), consider Linux VServer. It gives you most of the functionality of "virtualization" (even though it's not true virtualization since there is only _one_ kernel running on the machine) - a complete "virtual server" appearance with essentially no overhead.

There are numerous advantages to the VServer approach (a.k.a. as Zones on Solaris and Jails on FreeBSD, BTW), such as the ability to access the filesystem from host (very useful for backups), ability to view/control the virtual server processes from host, single VM and IO across all virtual servers thus providing much better optimization. The performance is stunning - you just don't feel "virtualized".

Linux VServer isn't backed by major universities and Microsoft Research and thus unfortunately does not get the publicity, even though it is one of the most revolutionary projects out there IMHO. I hope it becomes part of vanilla kernel some time soon.

http://www.cl.cam.ac.uk/Research/SRG/netos/xeno/

If I understand it correctly, the big problem is that the X86 architecture was designed without this sort of thing in mind, so it is difficult to get it to work well without making changes to the operating system. The new 64-bit architecture addresses this limitation.

Xen outperforms UML. At least on applications that heavily work the OS.

It has only technical reasons, that windows is not supported. From the Xen FAQ ( http://www.cl.cam.ac.uk/Research/SRG/netos/xen/faq .html#a1.4):

Unfortunately we do not currently support Windows; the paravirtualized approach we use to get such high performance has not been usable directly for Windows to date. However recently announced hardware support from Intel and AMD will allow us to transparently support Windows XP & 2003 Server in the near future. We are working on this and intend to have support available by the time the new processors are available.

Interesting, and true. The only problem is that no spell-checker will get everything right, so it may "correct" words to the wrong thing, and that could make a huge difference in meaning.

Don't forget the concept of letter order in English (and some foreign) text, it might be possible to alpha-sort the interior of words and still present readable text, although there is an example included that shows it might not be the best idea:

A dootcr has aimttded the magltheuansr of a tageene ceacnr pintaet who deid aetfr a hatospil durg blendur

Interesting, and true. The only problem is that no spell-checker will get everything right, so it may "correct" words to the wrong thing, and that could make a huge difference in meaning.

Don't forget the concept of letter order in English (and some foreign) text, it might be possible to alpha-sort the interior of words and still present readable text, although there is an example included that shows it might not be the best idea:

A dootcr has aimttded the magltheuansr of a tageene ceacnr pintaet who deid aetfr a hatospil durg blendur

If you figure out a way to make people life forever or at least a very long time, you can only make them pay for it once. If you discover a way to make people live an extra decade, they'll pay through the nose for it, eventually die, move on and you'll have a new generation of customers.

Actually, if you read the SENS plan, you'll see that most of the interventions suggested there would have to be performed regularly, every decade or two, and some of the procedures don't look cheap (replacing the stem cells of your blood, skin, and intenstines with bone marrow transplants and surgery).

Sounds like every health provider's dream medical procedure.

If you figure out a way to make people life forever or at least a very long time, you can only make them pay for it once. If you discover a way to make people live an extra decade, they'll pay through the nose for it, eventually die, move on and you'll have a new generation of customers.

Actually, if you read the SENS plan, you'll see that most of the interventions suggested there would have to be performed regularly, every decade or two, and some of the procedures don't look cheap (replacing the stem cells of your blood, skin, and intenstines with bone marrow transplants and surgery).

Sounds like every health provider's dream medical procedure.

But frankly, the people interested in helping people live forever probably aren't that concerened with doing it for profit in the first place. (And if you have ever seen a picture of Aubrey de Grey you will understand what I'm talking about.)

Don't discount non-commercialized medicine/research for eventually finding the 'cure for aging'. Who would have thought that someone would release a 'free' enterprise-grade operating system when they could actually charge for it indefinitely with upgrades and service packs.

Xen has been benchmarked to outperform VMWare in certain applications. In addition, Xen allows you to migrate a domain (instance of client OS) to another machine running Xen, live over the network.

Although, another difference is that the OS must be ported to run on Xen. But Linux, FreeBSD, NetBSD have been ported.

Some things about the article seriously bother me, like "creating nitrogen" and "nitrogen gas is known to destroy ozone". If the most common gas in our atmosphere destroys ozone then why does it exist at all? Nitrogen (not as a gas) is important in the depletion process but not as the article implies...

Before anyone claims that humans are no longer the cause for the ozone hole, please realize the depletion was caused because of CFCs. Ozone is depleted as a result of many things, CFC is one of the key components and is a non-natural factor. The increased UV and polar vortices that were a result of the solar activity along with a colder winter increased the depletion, but, it would never have happened at above natural levels without CFCs.
Please read: A simple explanation that I posted a while back and a more complete explanation on how the ozone hole is formed.

These chemical processes are extremely well known: We know that CFCs are the cause, we know that there are a lot of them near the ozone layer, we know they are man made. Therefore, we know we are the cause. All that these researchers found out is that these conditions will speed up the process, not that they are the cause of the process.

It is unfortunate that even with the CFC ban it will take 100-200 years for the ozone hole to repair itself to pre-industrial era levels...

Patrik

The reason the ozone holes form above the poles and not directly above the CFC source regions is due to the very cold atmospheric conditions at the poles.

During the winter polar night, sunlight does not reach the south pole. A strong circumpolar wind develops in the middle to lower stratosphere. These strong winds are known as the 'polar vortex'. This has the effect of isolating the air over the polar region.

Since there is no sunlight, the air within the polar vortex can get very cold. So cold that special clouds can form once the air temperature gets to below about -80C. These clouds are called Polar Stratospheric Clouds (or PSCs for short) but they are not the clouds that you are used to seeing in the sky which are composed of water droplets. PSCs first form as nitric acid trihydrate. As the temperature gets colder however, larger droplets of water-ice with nitric acid dissolved in them can form. However, their exact composition is still the subject of intense scientific scrutiny. These PSCs are crucial for ozone loss to occur.

Source

It should serve as a lesson to you that your actions can have effects beyond your backyard.

Most scientists I know recognise that there are "natural" components to phenomena such as the ozone holes (eg volcanic aerosoles) and global warming. The concern is that human activities may exacerbate the effects and that the rate of change may be much faster than would otherwise be the case.

If you ever wonder what affect humanity's actions have on the world and our society, look at the ruined land due to salinity in Australia.

True, although this comes on top of a significant all-time low that's been in place ever since the Soviet Union's ore and refined titanium hit the market.

However, if this process or others hits the market, the price should become far cheaper.

Why having a free software bios is a good idea. Any Questions?

On a somewhat related note, IBM has released rhype, it's research hypervisor as open source under the GPL. This should spice up the free hypervisor community. First Xen, now IBM's rhype. Choice is so good :)

I bet someone else will post the exact same thing, but instead they will replace Java with Flash...

I think the point is that you don't need to insert an object or rely on a 3rd party enviroment. You can do it in Javascript.

Also, the reason this is so very cool is that it doesn't tie your applicaiton into a backend of any kind, you can scale your backend as long as it spits out XML. I think this is the reason so many of the big companies are going to it. They require a bit more flexibility on that end.

I bet someone else will post the exact same thing, but instead they will replace Java with Flash...

I think the point is that you don't need to insert an object or rely on a 3rd party enviroment. You can do it in Javascript.

Also, the reason this is so very cool is that it doesn't tie your applicaiton into a backend of any kind, you can scale your backend as long as it spits out XML. I think this is the reason so many of the big companies are going to it. They require a bit more flexibility on that end.

I bet someone else will post the exact same thing, but instead they will replace Java with Flash...

I think the point is that you don't need to insert an object or rely on a 3rd party enviroment. You can do it in Javascript.

Also, the reason this is so very cool is that it doesn't tie your applicaiton into a backend of any kind, you can scale your backend as long as it spits out XML. I think this is the reason so many of the big companies are going to it. They require a bit more flexibility on that end.

Decades of work has indicated more than three ways to make QM compatible with GR, including: string theory (AKA M-theory), twistors, and loop quantum gravity (LQG). However, it is suspected by some that, just like St. Patrick would tell us, these three are actually different facets of the same underlying reality. (Just like different interpretations of QM don't actually produce different predictions.)

There are hundreds of beautifully crafted text adventures these days, and Dasher is a text input system that addresses your exact condition. Basically, letters fly by and you "steer" the pointer to each letter's region. The genius here is that Dasher learns the things that you tend to input a lot, and makes those regions take up a large convenient part of the entry area, while pushing unusual sequences to the margins.

There are hundreds of beautifully crafted text adventures these days, and Dasher is a text input system that addresses your exact condition. Basically, letters fly by and you "steer" the pointer to each letter's region. The genius here is that Dasher learns the things that you tend to input a lot, and makes those regions take up a large convenient part of the entry area, while pushing unusual sequences to the margins.

Probably with Dasher". Definately worth checking out, even if you are not disabled.

Take a pinch of Standard Linux
Wrap it up in Xen
Add a touch of SELinux
And a little bitty bit of Globus
Oh like a Sandboxed Platform
Oh Lordy, Lordy, mixed with Free and Open Source Code
You know you lump it all together
And you got a recipe for a Multi Vendor Development scene
It is coming though, you know, you know.

What we have is a great big melting pot
Big enough enough enough to take every vendor and all IT's got
And keep it stirring for a hundred years or more
And turn out Application Service and Content Providers by the score.

With apologies to Blue Mink .

If your brother enjoys gaming, he'll dig dasher. It's mouse controled, assembles words on the fly based on login and can create odd song lyrics automatically check it out

I did something similar after reading this reseach document: http://www.cl.cam.ac.uk/ftp/users/rja14/tr500.pdf
I don't use passphrases, but passwords constructed from a phrase by using the first characters of the words, subsituting words with numerals (i.e. "twelve" becomes "12") and Capitalizing either verbs or nouns. A phrase like "Yesterday I had six beers before breakfast at Tiffany's" becomes "YIh6BbB@T". Fairly short, easy to remember, fairly hard to crack.

Recent empiricial research suggests patents are even less successful in software. This is because software is different. Or search for "while statement" here. To illustrate cumulative innovation complexity-wise, the 2.6.8 kernel has 300,000+ IF statements, a BMW sedan car has a complexity of "only" 15,000-18,000 pieces (Mr Blabst BMW press department), a typical drug consists of 10-100 atoms.

In other words, the position that there are fields of human activity that the patent system is not so well tailored for is well-defensible even without killing the entire patent system.

Sidenote: there have been a lot of quirks and surprises in the past with the Software Patent Directive, so get prepared to the thought that next week's Brussels/Berlin demos are still needed and useful politically (only one scenario of total fiasco has hopefully been avoided, there is not yet a renewed referral in Parliament nor B-iten in council).

I was hoping this was a Xen Linux live cd. That'd be fun to play with. But it doesn't appear to be.

Sorry, but many of the points you make are correct, but you basic premise - that HST is obsolete, is wrong. For these reasons:

- Not all of "us" are asking the same questions - HST is incredibly versatile. I was waiting for COS to go up in the next service mission, since it was going to have a huge impact in my field, studying the possible accretion of gas into the milky way.

- Interferometry is only applicable in specific circumstances and is not a general replacement for diffraction-limited imaging at resolutions of about 0.1". COAST (please at least give the correct URL!) is indeed exciting, but interferometry is very technically challenging and increases somewhat exponentially with the number of apertures (at least in the optical). We're a long way off VLA-type large-scale optical interferometers. Please don't portray this as being in common usage - it's not (yet).

- MCAO and AO (adaptive optics) systems also do not compensate - again, resolution is great, but the field of view just sucks arse :-( Technical challenges are also significant for adaptive optics.

- On the infrared band, yes ground-based observations are blocked. But then, so are the UV observations that can be made from HST. Much science is left to be done here - some species only have observable transitions in the optical/UV, meaning we can only measure their metallicities in this wavelength band.

JWST and hubble are complimentary, not competing. Some of the science might overlap, but certainly not the greater part. Hubble is old, yes (and now dead, thanks to o'keefe and his political agenda), but it isn't obsolete at all.

Now if you want to argue about where to best put the resources....that's a whole new kettle of fish.

It seems innovative to me.

I would make the point that innovative does not equal successful. In today's winner takes all world, the term innovative often seems to be restricted to successful innovations. Unsuccessful innovations are valuable though, as they rule out things which don't work.

wow, you're typing is still working out. Try this It can also be used as an Ouijia board for the completely bored geek.

Sigh, wish you could edit Slashdot posts.

The correct link to the department is:
Laboratory for Communication Engineering, and the correct name is Rip Sohan (sorry!)

You're right, they are left over equipment from AT&T Labs Cambridge, which were redeployed in the Laboratory for Communication Engineering at the University of Cambridge.

But they're more than prototypes, the phones work really well even six years after being built (mainly due to their thin-client architecture, as only the servers need to be upgraded to run more complex services, not the edge phone hardware).

It's a bit of a shock to see this randomly show up on Slashdot, but for those interested readers, here's a WIP paper about what we're doing with them these days (using the Active Bat location system to migrate mobile phone calls via Bluetooth to the nearest environmental phone among other things).
As I said, the paper is very much WIP, and is being hacked up after being freshly rejected from a conference so the link is liable to disappear :-) Feel free to get in touch with the main man behind the phones, Rip Soham, if you are interested in more details (contact details in the link).

As far as I know, no commercially available VoIP phone uses VNC these days, which is a real pity as its a really neat way to offer easily upgradable services to the end user (forget running mobile code on the edge device, compute power is cheap these days).

....get with the proper scalable paper sizes. Any geek would revel in the rationality of the ISO A-type paper sizes

It is not true that people only use rings 0 and 3 on the x86 architecture. For example, the Xen virtual machine monitor, runs in ring 0, has the the guest OS kernels--e.g. Linux--in ring 1, and leaves ring 3 for userland.

Longhorn will be the first release of Windows authored completely after Microsoft began their Trusted Computing Initiative and released .NET. Longhorn will reimplement and convert major Windows subsystems to managed code.

This really starts to get boring. I have already written about it countless times only to get completely ignored every time I dare to point out that the emperor is naked.

I find it truly amusing that people who say that there are other advantages than only Digital Restrictions Management of using "trusted" computing and Palladium-like platforms usually talk with great enthusiasm and excitement about the new and innovative security features that have already been implemented in the 1970s for crying out loud, only better and with no strings attached. All TCPA zealots are usually completely ignorant of the existance of such operating systems as KeyKOS or EROS with formal proofs of correctness for God's sake and without all of the silliness of "trusted" computing.

And no, this is not only my opinion that we don't need DRM to get security. I am not the only one who says that everything that TCPA can possibly do to security can also be done in software, with the only exception of DRM, and in fact it has already been done, decades ago. I am not really surprised at all why it is completely ignored by the TCPA and TCI pushing industry. I am only outraged that there are so many naïve people who once again will gladly do anything no matter how dumb it is, if only their good uncle Bill Gates says that it's good for them.

Please, people, if you want to learn about real systems security, then read some old papers by Jerome Saltzer, Michael Schroeder, Norman Hardy and Jonathan Shapiro. If you want to learn about cryptography, read texts by Bruce Schneier. Microsoft is not a reliable source of knowledge in that field.

People always ask me where are the real innovations in systems security and I always say them that they are in the seventies, and have been being ingnored since then by major software vendors because people don't demand using them. This story and this thread is a great example: "Yeah, this version of Windows may suck, but still I am looking forward to buy the next one."

This will dramatically lessen the exploitation potential of code flaws in the Windows application libraries. Microsoft has to maintain support for legacy application, but that doesn't mean they can't get a fresh start on the underlying code, and doesn't mean that existing Microsoft applications can't be converted to managed code as well.

Wait, I've already heard it... In 1995, 1998, 2000, 2003... Oh, you mean that this time they really mean it?

When the first programs run, it is just a matter of time before there is a functional L4 port of Debian GNU/Hurd (or just Debian GNU?). I really like the design of the Hurd, but what I'd like to see the most are not the "POSIX capabilities" but the real capabilities as described in the 1975 paper by Jerome Saltzer and Michael Schroeder, The Protection of Information in Computer Systems. (For those who don't know what am I talking about, I recommend starting from the excellent essay What is a Capability, Anyway? by Jonathan Shapiro, and then reading the capability theory essays by Norman Hardy. As a sidenone I might add that I find it amusing that people who say that there are other advantages than only Digital Restrictions Management of using TCPA/Palladium-like platforms usually quote security features, which have already been implemented in the 1970s, only better and with no strings attached. Those TCPA zealots are usually completely ignorant of the existance of such operating systems as KeyKOS or EROS with formal proofs of correctness without all of the silliness.) Are there any plans to have a real capability-based security model available in the Hurd?

Since I haven't seen it posted so far, here's a link to a piece on TCPA/Trusted Computing.

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

It has some answers to the questions/issues you address, and is quite a scary read for anyone that values individual freedom. Hope that helps.

Strat

Trusted Computing Group (TCG) technology makes sense in the context of Linux. Microsoft refuses to implement it. They had their own conception, which was Palladium, then NGSCB, then was dropped. So if TCG is going to go forward at all, it has to be with Linux.

It's kind of ironic, because Ross Anderson's lying Anti-TCPA FAQ tries to claim that TC exists to kill Linux. And yet it is turning out that Linux is the salvation of Trusted Computing.

There are a number of research projects in TC on Linux, including TPM Device Driver, Trusted GRUB and Secure GUI, tcgLinux, TCPA Open Source Platforms, Enforcer, and more. All Linux based.

Don't believe the FUD about TC. When implemented in Linux using Open Source software, TC gives you new options for securing and expanding the capabilities of your computer.