Slashdot Mirror

If you absolutely must claim that one aspect ratio is superior to another, then why not go with the golden ratio? At least that way you can put two together and still have the same ratio.

Nope. You need sqrt(2) to combine two into a bigger version with the same ratio, as we do with standard paper sizes like A4. The golden ratio means cutting a line into two pieces so that long piece / total = short piece / long piece. http://www.cl.cam.ac.uk/~mgk25...

Of course, if you combine displays this way, you are turning subpixels into non-optimal orientations, but I guess it won't be a problem at these huge resolutions.

I agree, right now she needs human contact attention, hope, understanding and patience from those around her. Start with low-tech pointing board, watch her eyes and any other expressions she can make. Just as those who lose a sense rely on others, she must rely more on non-verbal communication and those around her must know how to listen. Let her see and touch her baby. Help her to overcome the panic, fear, helplessness and dispair. Help her friends and family.

Once you're ready to move to more technology, start with an iPad or android tablet. Ask her if she would like to see any movies, or listen to music (her partner and family should be able to suggest favorites.) Read Oliver Sach's Musicophelia for information on the neurological healing power of music.

While she is going through rehabilitation, research Dasher and OpenGazer for eye and head tracking to see if they might be useful. Read about coping with paralysis injuries and the possibilities for recovery from The Christopher Reeve Foundation. Make sure that hoping and praying for a cure doesn't morph into "waiting and expecting for a cure." she and her family may have to learn to live with this condition for years even if there is hope on the horizon. I wish you, her and your family well.

A one-size fits all technical solution doesn't yet exist. Begin with low tech, use a pointing board and watch her eyes and face and see if she is able to move any other part of her body. Try to develop a personal communication technique and learn what she is capable of. Move to something like an iPad or Android ask her if there is something she would like to see, music, movies something to help her focus on something other than the fear, pain and bordem. Give her hope. While she is recovering and in rehabilitation, research Dasher and OpenGazer to see if it would help her communicate. Gently support those who are closer to her but who might not have your level of medical or technical understanding. Help them give her the attention, space, touch, rest and love when she needs it.

I wish you and your family well. Look for information and try to support the Christopher Reeve Foundation and other organizations who are working hard on making life better for people with paralysis injuries. I understand that for other types of paralysis injuries, doctors/psychologists often recommend not to give the person hope that a "cure" is eminent because even if a cure is available now, it may be years before it is widely available and it will almost certainly require rehabilitation and that the person is kept mentally and physically healthy until a solution is found.

This. Wikipedia has a Comparison of consumer brain–computer interfaces that covers devices from Emotiv, Neurosky and others.

Searching for Emotiv, Neurosky or "BCI" (brain-computer interface) plus keywords like "disabled" or "ALS" or "locked" produces a couple of results on improving communication with limited physical control, e.g. this and this. I'm sure there are plenty of others.

Another approach is software like Dasher, which turns gestures from various sources (including eye tracking) into text. There appears to have been some work to integrate Dasher and BCI.

This. Wikipedia has a Comparison of consumer brain–computer interfaces that covers devices from Emotiv, Neurosky and others.

Searching for Emotiv, Neurosky or "BCI" (brain-computer interface) plus keywords like "disabled" or "ALS" or "locked" produces a couple of results on improving communication with limited physical control, e.g. this and this. I'm sure there are plenty of others.

Another approach is software like Dasher, which turns gestures from various sources (including eye tracking) into text. There appears to have been some work to integrate Dasher and BCI.

Both Oxford and Cambridge offer a BA course in Mathematics.

This because the UK discovered to their discredit that chip and pin could be broken by grad students on a security course. See Chip and Pin is Broken (2010)

I love Kullback's book, but it's pretty dry and uninsightful and almost worthless for CS. Doing classical statistics with information theory is cool, but it's imho far from the best way to be introduced to either subject.

There are better choices for similar material, like Cover's Elements of Information Theory for information theory, and MacKay's book for an applied context. I wish there were a good statistics book for CS, but I can't think of one; DeGroot and Schervish comes close I guess.

If you do read Shannon (a good recommendation), consider also reading Khinchin's Mathematical Foundations of Information Theory as a supplement. It's in a very concise and friendly Russian style; you'll either love it or hate it.

Just a note that the linked blog page trots out the old chestnut about Cambridge researchers discovering that it doesn't matter what order you put the letters in a word, as long as you get the first and last ones right. Which is, of course, a load of blockols.

"... in less than one one-hundredth of a second, 50 times faster than we blink our eyes" 1/2 a second to blink?!

You are ignoring the "less than" part. And as far as I can find, typical human blink duration is roughly 400 milliseconds

Ross is a security researcher at University of Cambridge.

In practice, it is far more secure to use a written signature than a 4-digit password that is exposed to eavesdroppers, video cameras, interception devices and a plethora of other attacks. That's secure for the person, you understand: it prevents the bank from saying "you must have lost your pin".

Acording to “Why you and I should NOT sign up for Elsevier’s TDM service“ [0], this is not all that good, as the Text and Data Mining policy is actually overly restrictive. Most notably, it forces you to go through their API to do the work, rather than parsing things locally at your leisure, and imposes conditions on the release of the uncovered data (namely a non-free CC-NC).

[0] http://blogs.ch.cam.ac.uk/pmr/...

I'm hoping it's just ignorance of how EMV actually works that makes you say that. Some people are under the mistaken belief that EMV means account details are encrypted (yes their are private keys on it), or that EMV somehow protects your account details from being used to charge your account - and they're wrong on both counts.

You should read the EMV wiki page.

Wikipedia huh?

Maybe if I get bored I'll add a link to a paper recently published by, um, some Australian researcher showing much simpler techniques. Though I expect the industry shills will just pull it off Wikipedia (again) - it's the only way they can avoid losing in the courts as EMV isn't to protect you - it's to protect banks from liability.

And math skills aren't required - EMV can also be defeated with a paper-clip. I'm sure you can do your own reseach (clicking on Wikipedia barely qualifies as research). Replacing the merchant generated nonce with one embedded by the bank would be a step forward - as will the proposed one-time-key code display for Mastercard. Emue is even more secure.

Or you could have visited the site for the project and their icon would have clarified the meaning of the word.

Google is funding this (both the direct research on FreeBSD and the port to the Linux kernel) because it addresses an aspect one level above the browser. Google Chrome would then be quite tightly sandboxed. This sure beats my method of running browsers as another user (I symlink ~/Downloads to my web user's version of that area and move things out of it quickly), especially since my method wouldn't do anything against actual privilege escalation (to root).

This should also help fight web server exploits (among other malware), especially w.r.t. installing rootkits. Should be great ammunition for advocating *Nix over Windows 8.

I'm excited, but I can wait for it to hit Linux (probably; FreeBSD will release with it by default in few weeks).

http://www.cl.cam.ac.uk/research/security/capsicum/

Capsicum is a lightweight OS capability and sandbox framework developed at the University of Cambridge Computer Laboratory, supported by a grant from Google. Capsicum extends the POSIX API, providing several new OS primitives to support object-capability security on UNIX-like operating systems

More at the link...

Next can we have a book about anti-forensics? I don't want someone going through my digital life, thanks.

man cryptsetup. You might want to study resistance to interrogation too.

*snort* "Today I found out...", indeed! Pretty old story. Ross Anderson's "Security Engineering" book has this "news" for smth like 5 years already!..http://www.cl.cam.ac.uk/~rja14/book/booksec2.html

and though BCPL arrays are zero-origin, the language doesn’t support pointer arithmetic, much less data structures

In BCPL the only way of addressing arrays is by pointers. Pointers are fundamental. Variables can contain pointers to data (vectors), procedures, vectors of procedures etc. If you see that the only way of making structures is to use vectors and pointers you see that zero-indexing is fundamental.

The wiki page is slightly sparse, but links to this site and several others with more information are in the external links section. There are some really cool animations of the thing in action here, especially this one.

The wiki page is slightly sparse, but links to this site and several others with more information are in the external links section. There are some really cool animations of the thing in action here, especially this one.

Yeah, it's not a Windows only thing.

It's a UTF thing.

http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html

It belongs on the internet, regardless of your opinion.

Here's how to even do them in HTML! Gasp!

http://www.dwheeler.com/essays/quotes-in-html.html

Read 26.2.5

Maybe we wouldn't be much safer after all.

Yep. And, regarding your "even if they do not decrypt it", I can't help quoting one of my favourite books on security: "The main problem facing the worldâ(TM)s signals intelligence agencies is traffic selection â" how to filter out interesting nuggets from the mass of international phone, fax, email and other traffic. A terrorist who helpfully encrypts his important traffic does this part of the policeâ(TM)s job for them. If the encryption algorithm used is breakable, or if the end systems can be hacked, then the net result is worse than if the traffic had been sent in clear." (See http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c09.pdf p31)

Perhaps we really need to completely rethink the Keyboard process, as a means of input.
Qwerty is the norm, is because that is what they typewriters have been Query, there have been countless classes teaching people how to type on A Qwerty Keyboard. So when computers came out they stuck with it. Dvorak, while may offer some speed advantage not as much as people think. Perhaps in the world of touch screens we need to rethink user input and drop the Keyboard and replace it with something new. I do like the concept that Dasher has, as well other more abdaptive tequniques.

> It occurs to me that if the signals have almost no chance of reaching China

As you say it would be trivial for the manufacturer to build a WWVB test generator,

however there are multiple alternatives to WWVB around the world.
Many clock chips can switch to an alternative signal if WWVB isn't audible.
http://www.cl.cam.ac.uk/~mgk25/time/lf-clocks/

FWIW, I can hear WWVB in Australia, although I do need an outside antenna.

> Why is any harm allowed free of cost? Publicly fund research to put a dollar figure
> on the current marginal damage done by carbon dioxide emissions as well as on
> the cost to cleanup. Take the minimum of those two values and just tax the
> emissions at that rate, plus maybe a small percentage markup, right from the start.

The research has been done: http://www.jbs.cam.ac.uk/research/working_papers/2011/wp1109.pdf

It says the US should pay $250/tonne of CO2. I'm sure this would be high enough to change behaviour, but imagine the political system capable of putting this in place. I think subsidising renewables and CCS directly to try to make them cheaper than (unabated) fossil fuels, with a lower carbon tax, is more likely to work.

Previously released but retracted - still in archive....

Download low-pass filtered Soft Tempest fonts:

http://web.archive.org/web/20020101000000*/http://www.cl.cam.ac.uk/~mgk25/st-fonts.zip

So-called reason(s) for retraction of fonts:

http://www.cl.cam.ac.uk/~mgk25/emsec/softtempest-faq.html

Computing in the UK really had a head start on the US in many ways, but in usual form it was underfunded and lacked vision;

There was a considerable amount of important computer work done in the UK in the early years. For example, when considering Manchester's contributions one shouldn't overlook the pioneering work done with Atlas. But there is far more than that. In some cases you can trace the path of key developments we rely upon today, or that that probably most people have at least heard of, to things developed in Britain through some familiar names.

A notable example is the computer language, "BCPL", developed by Dr. Martin Richards at Cambridge in 1966. Dennis Ritchie ported BCPL to Multics. Ken Thompson and Dennis Ritchie used BCPL on Multics and from it derived the language "B". Some early Unix utilities were written in the BCPL derivative B. After additional rework of B, it became C, the heart of the Unix system. And of course C has led to the widely used derivatives C++ and Objective C.

BCPL was also used by Dr. Richards to develop the portable Tripos operating system, which was used on a variety of minicomputers. As microprocessors become ever more powerful and started forming the basis for powerful personal comptuers, Tripos was eventually selected to became the heart of the Amiga's AmigaDOS operating system.

BCPL has been available on many systems with familiar names, including (reportedly) the Raspberry Pi.

Classic BCPL

To anyone interested in the whys and wherefores of C, a passing acquaintance with BCPL is worthwhile. Viewed forwards through BCPL, rather than backwards through Java and C++, many C constructs, and idiomatic C ways of doing things, just make a lot more sense.

Beyond its historical importance, BCPL had intrinsic merits. In retrospect, what particularly impresses, is the elegant simplicity of its compiler. This is well documented in the book BCPL: the language and its compiler by Martin Richards and Colin Whitby-Stevens (Cambridge: Cambridge University Press, 1979). -- more

BCPL: A tool for compiler writing and system programming
THE PROGRAMMING LANGUAGE B
The Development of the C Language

Different standards for paper sizes might be annoying, but it has nothing to do with "metric conversion".

That's incorrect: http://www.cl.cam.ac.uk/~mgk25/iso-paper.html (read it; it's very informative!)

1 A0 sheet of paper has an area of 1 m^2, so if it is "normal" paper of 80 g / m^2 then the A0 sheet weighs 80g and the 8 A3 sheets you can cut from that without any paper loss weigh 10 g each, and each of the 16 "standard" A4 sheets you can cut from it again, without any paper loss weighs 5 g.
It's so perfect that probably aliens use the same ratio 1 : sqrt(2) on their paper :-)

Well, my point wasn't that the original card is impossible to clone given physical access to the card. My point is that using only radio communication with the chip, it is not possible to clone it. I imagine that NFC stuff and the crypto module are isolated, and the hardware crypto module quite literally has only one command exposed, to generate a response to a challenge. So neither passive (when you hear the challenge and the response) nor active (when you can submit challenges yourself) attacks can give you the required key, even if you can find a bug in NFC that you can exploit.

As for complex protocols. I'm a logician working with proof theory. There have been precedents of full formal verifications of such protocols that, given a set of assumptions about the hardware, can exclude any possibility of a flaw in the protocol itself. Example 1, example 2. It's usually very hard, but can be done, and gives the same rigor as normal mathematical proofs.

Smart card security isn't new. So it's a reasonably mature concept, but it has usability problems in this application.

How about a micro engine like this: http://www.eng.cam.ac.uk/news/stories/2006/micro_engines/?

But here's the good news! You're not liable for card fraud, the bank is. At least, the bank is for a short period of time, then that liability will switch over to the merchant because he hasn't upgraded to chip technology yet.

So, after the 'short period of time', who is liable for fraud when the merchant has upgraded to to chip technology? There seems to be an assumption that with the technology in place, fraud will be impossible, at least without the collusion of the cardholder. That was the assumption in Britain, and on that basis, liability was legally transferred to the cardholder. It turned out, however, that fraud (without the cardholder's participation) was both definitely still possible and almost certainly happening, but as far as I know, the cardholder is still legally on the hook.

http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf

The particular error covered here may not be repeated in the US (though I would not automatically assume that), but perfection is unlikely. It looks to me that the banks have themselves a deal whereby, for continuing to bear the cost of fraud for a short time, they get the new system rolled out beyond the point of no return, after which they transfer the liability for whatever happens from then on to the merchants and cardholders. I'm not celebrating yet.

Here's the deal - chip IS secure. What's more, contactless is also secure. Or rather, it's a hell of a lot more secure than the shitty magstripe you're talking about.

'Secure' and 'better than magstripe' are two different things, and as you acknowledge, it is the second of them that is most accurate. Nevertheless, it is a valid point that chip technology is much more secure than magnetic stripe.

Three things bother me, however. The first is that while the security is better, it has not, so far, been state-of-the-art. There is a team at Cambridge University that has found a number of exploits of the British chip 'n pin system, and good evidence that these exploits are being exploited by criminals. Some of the poor design decisions that opened the way for these exploits fall in the 'what were they thinking' class. A change of this magnitude only happens once in a couple of decades, and it is in something that matters a great deal. Is it unreasonable to expect that a great deal of care should be taken to make sure it is done as well as possible, such as by employing and paying attention to people who are at least as competent as the researchers (and the criminals, for that matter) who have been able to break these schemes? We cannot expect or demand perfection, but a significant reduction in gratuitous and easily avoided mistakes appears to be achievable and reasonable to expect.

The second thing (which may also be particular to the British experience) is that the banks have lobbied successfully to change the law so that the cost of fraud is transferred to the merchants and the cardholders. It has been revealed that this transfer was a major motivation for the banks to make the change in the first place (they would prefer to be secure than not, but what they really care about is not paying for fraud.) The lobbying for these changes included what turned out to be unjustified claims about the level of security the system provided. One particular aspect of this liability transfer is that they have been able to do it without producing the log files that might have exonerated those on whom the cost was being transferred.

The third thing is that these security blunders keep on happening - we have seen the same sort of complacent mediocrity (or outright incompetence) in electronic locks and voting machines, to pick just a couple of examples. What is it going to take for security to be taken seriously? For all I know, the chip card system being developed for the US may be better than that in the UK, but past experience makes me skeptical.

http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf

The study on which the argument of both sides was based had calculated that capturing enough energy in the channel would supply the entire energy needs of England, Wales, Scotland and Eire, all the outlying islands and the North Sea Oil Rigs, and still only deplete 5% of the total amount of energy passing through the channel at any time.

That seems almost criminally optimistic.

Check this book http://www.inference.phy.cam.ac.uk/sustainable/book/tex/sewtha.pdf

Specifically chapter 14 (Tide).

Or if you prefer, skip to the beginning of chapter 18, and see how all renewables stack up against all energy usage.

Tidal is great, but not that great.

OK, for anybody still following this... the grand prize: http://vision.psychol.cam.ac.uk/jdmollon/papers/Bostenetal05.pdf

Quick summary: Deuteranomalous individuals have a gamut that's restricted compared to chromatypicals, but if you just accept it on its own terms & redefine the green used by RGB metameric color so it conforms to deutan "unique green" (shifted towards red) instead, an entire band of unique hues are found that all basically look "orange" to a non-deuteranomalous viewer, but form readily-discernible bands that can be given names and recognized easily as distinct hues by deuteranomalous viewers.

Even though he is a self-starter ...

Okay, awesome! What you should do is get him a raspberry pi then pick up an HDMI cable, a cheap keyboard and cheap mouse (both of which should be wired as it lags to offload wireless processing to the pi) from monoprice. Right now, B&H Video has a deal where you get 2 x 16GB cards for $15 if you add two of these to your cart with free shipping. Okay, I've actually already bought several sets of this stuff from these exact same suppliers and handed them off to a bunch of kids that are loving them right now. So that's all legit. You'll need to have a TV or monitor with an HDMI in and it helps if you have a cheap webcam (one of the tutorials I'm gonna mention uses it). You'll also need a second computer with a way to access SD flash cards (pick up a USB toaster for $5 if you don't have this)> Optional would be male-to-female wires like these with any breadboard so he can tinker with making his own stuff -- you'll probably have to drop more cash on more electronic devices to interface with it if you go this route though.

Next, you might consider this book but I prefer this one more. Okay then you send your kid here to get the hard float raspbian wheezy and you tell him how to figure out how to get it on the flash card to boot on the pi. There's a wiki for all this stuff. Then you send him here and make him do these tutorials. Then you make him read all the issues of the MagPi. And if he's smart enough, you buy him some more peripherals. There should be a lot more tutorials coming out for this device.

Once he has all that stuff, you go to the liquor store. Now, the liquor stores around my house sell a lot of types of vodkas and Absolut is great but I've found that Sobieski satiates me just as well. It's made from this Dankowski rye that makes great gimlets. Try to buy a case of handles and haggle him down to ~$13 a handle (that stuff is really cheap). Then you go to the store and you get some of that Real Lime lime juice. Not the key lime shit, the actual lime juice. You're gonna need a decent blender because this thing is gonna be working all summer long. Also, a bag of hazelnuts. Go home and fill a cup to the top with ice and put in about one finger of lime juice. Fill the rest with Sobieski. Blend that shit up, garnish with a couple crushed hazelnuts to really dry that shit out and kick back. Trust me, your kid is going to come and talk to you about python and apt-get and registers and you are not going to want to have to deal with that. So just get good and fucking faced in the sun all summer long. Your kid will thank you for staying out of his hair. A summer of riproarin' fall down drunk? You can thank me later.

http://www.withouthotair.com/ Great book which performs a detailed analysis and discussion about energy usage (written by a Physics Prof who is also chief scientific advisor to the UK Government's Dept of Energy), freely available for download as a PDF (Off-topic: he's also the author of a brilliant textbook on Information Theory, also available as a free PDF)

Please note, mainframes and most mini computers went 64 bit in the 1990s. x86 and ARM are the last to do so.

IBM mainframes went 64-bit in 2000. Opteron came out in 2003, so, yes, x86 went 64-bit after System/3x0 did (by 3 years). However, System/3x0 (feel free to set x = 10 for z/Architecture :-)) went 64-bit long after, for example, MIPS did.

But, yes, at least for non-embedded computing, we probably won't have a lot of 32-bit machines, and most if not all 64-bit software platforms that have time_t have a 64-bit time_t.

Then there is the Hardware backdoor from China, using the ASIC chip in US Military components

Citation please?

If you're talking about the Actel chip, it wasn't done by the Chinese: http://www.csoonline.com/article/707542/china-not-to-blame-for-backdoor-in-us-military-chip
http://www.cl.cam.ac.uk/~sps32/sec_news.html#MEDIA

There is also the option of using Dasher. You only need four controls: up, down and forward and back. The program shows a tree of the possible options, emphasizing more frequent words. You can write "the" by just looking at "t" and then at the "h e" that appear. This is pretty intuitive with eye-tracking, more so than a keyboard.

Please read this, it explains it clearly:

http://www.cl.cam.ac.uk/~mgk25/iso-paper.html

It's too bad you didn't keep at least the first and last letters of each word correct. People might not have noticed!

http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf
http://applied-math.org/acm_optical_tempest.pdf
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf
===
http://view.samurajdata.se/

http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf
http://applied-math.org/acm_optical_tempest.pdf
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf
===
http://view.samurajdata.se/

Actually the international standard notation is YYYY-MM-DD.

They already have a visual confirmation of DNA replication, obtained by transmission electron microscopy again.

Google "replication fork TEM" for some images. You have to prep DNA from cells, you can't see it happening inside cells, but it's very strong visual evidence of how replication happens.

There's also a cool visualisation method that allows you to see new DNA being laid down during replication using confocal (laser) microscopy. The way it works is: they feed an artificial version of a DNA base to cells during replication, then stop, and swap the first one out with a different artificial DNA base analogue to see the new DNA being made after the point that you change analogues. They then use fluorescently labelled antibodies to detect both types of bases, using (for e.g.) a red-labelled one for the first period of replication, and a green labelled one for the second period.

This is a good explanation. It can be used for some awesome experiments - here's an example from the same lab (Fig. 3).

Few years ago I suggested to guys at Nokia Research Center to use DTN in mines and they actually got something done about it... http://www.cl.cam.ac.uk/~fb375/extremecom/2010/GinzboorgExtremeCom10.pdf

Here is a snippet from:
http://www.inference.phy.cam.ac.uk/withouthotair/cC/page_269.shtml

What are the fundamental limits of travel by flying? Does the physics of
flight require an unavoidable use of a certain amount of energy, per ton,
per kilometre flown? What’s the maximum distance a 300-ton Boeing 747
can fly? What about a 1-kg bar-tailed godwit or a 100-gram Arctic tern?

Just as Chapter 3, in which we estimated consumption by cars, was
followed by Chapter A, offering a model of where the energy goes in cars,
this chapter fills out Chapter 5, discussing where the energy goes in planes.
The only physics required is Newton’s laws of motion, which I’ll describe
when they’re needed.

This discussion will allow us to answer questions such as “would air
travel consume much less energy if we travelled in slower propellor-driven
planes?” There’s a lot of equations ahead: I hope you enjoy them!

Anyone who doesn't believe chip and pin is completely broken, should read this research paper (PDF) where the researchers demonstrate practical proof-of-concept for each stage of a couple variants of "pre-play" attack that renders chip and pin useless (it is essentially as strong as being able to clone the cards, when the whole purpose of chip and pin is to prevent the cloning of cards).

Bruce Schneier reported on it in a blog post back in September.