Slashdot Mirror

• Abstract - The commercial feasibility of small scale solar ORC for distributed generation and CHP is demonstrated. This has been achieved with an exergy analysis of over 150 commercially available solar hot water collectors, a survey of candidate working fluids and by adapting rotary refrigeration compressors to run in reverse direction as expanders/asynchronous generators. A computer code combining the results of these sub-studies has demonstrated that self-stabilisation close to optimum conditions for given irradiance may be possible without electronic feedback control. The principle obstacles encountered included oil migration, face and tip sealing problems and low expansion ratios.

If you want solar powered water pumps, they're commercially available. A complete kit, including solar panels, is $1,697. But they're not really cost-effective. Windmill pumps still outperform solar, and newer pumps will work at low wind speeds.

I've worked with banks on other security systems, and in my experience they often "know what they want" but fail to ask the right questions. Of course, as soon as they start losing money, they get the point quickly. :)

(Okay, laziness over, I think this may be the paper I'm thinking of: Why Cryptosystems Fail)

Actually, this may not be as horrible as everyone makes it out to be.

I disagree. This isn't limited to just Microsoft. Take a look

• Microsoft pushes technological solutions to protect data (DRM) with "trusted computing" via "secure BIOS".
• RIAA pushes for DMCA-like laws that prevent circumvention of the aforementioned technological solutions by making it unlawful to do so. The RIAA has demonstrated that it is will not hesitate to use these tools to their advantage.
• The RIAA is using propaganda campaigns to indoctrine our youth and to gloss over the many concerns that we have for our civil liberties. Take, for example, the RIAA's blurring of the distinction between copyright infringement and theft.

So, you see, there's end-to-end lockout being put in place. If you happen to be smart enough to see through the bullshit, you can't do what you want because the technology stops you. If you happen to be smart enough to circumvent the technology, you can't tell others unless you want to risk going to jail. And even if you were some kind of law-savvy uber-hacker, do you have enough money to survive the SLAPP?

I'm not an alarmist, but come on, folks, this is alarming! Microsoft learned the hard way that their behavior isn't beyond the scope of anti-trust regulation, but they also realized that the government is too damn slow to properly stop them. I don't doubt for an instant that they won't use every competitive advantage available to them. Content producers also learned the hard way about fair use with the Betamax decision; don't fool yourself into thinking that they're going to let the Internet slip past them.

The Cambridge one won some architectural award somehow. A friend of mine who works there (doing a PhD) enjoyed himself immensely pointing out the defects - a colour scheme which leads people hunting for toilets (coloured orange IIRC) to find kitchens (also orange) instead; a complete lack of heating, which is supposed to be provided by the computers; etc.

I have a mate doing his PhD in Comp. Sci up there, and he says a lot of the staff in there are militant Linux advocates. They relish the irony.

Yup, same here. I was an "other finalist" of 2003 http://www.christs.cam.ac.uk/bio/publicity/r2003-1 .html (Ed, Westminster) but they wouldn't let me use QBasic - so I had to do with VBasic (I failed miserably I think). Unfortunately they put us in the skanky Fitzwilliam College. One of the winners of the 2000 comp (Tom Barnet-Lamb, Westminster) that you were in is bloody clever, he's now the main geek at Lionhead studios - oh and he wrote the questions for the 2003 final. See what you could've become if you put your mind to it!

Back in the day (2000), I actually got into the final of the British Informatics Olympiad. I'm not sure what the format is elsewhere, but basically they sent out a self-administering test to schools (all the schools in the UK, I think) and had them run it locally, seeing how much of a few interesting puzzles you could write in three hours or so - you can find out more on the site. All programming, no justification, you were scored on results (in that round), which I thought was the way it should be - after all, results are what matters in real life!

All the cool people were using C or Pascal. I used QuickBASIC! And yet I got the right results for enough of the questions (the C guy got his output board the wrong way up), and so I was invited to Cambridge. The best part about the first round was that I hadn't even done the last round right - I just said "yes, that's right" to the sample case and "No, impossible" to everything else. ;-)

Anyhoo, I got to Cambridge (for you USAians, one of our old "Ivy League" colleges) where I learnt to my relief that they had installed QuickBASIC especially for the two of us who had actually got in with it (15 finalists total) - they were shocked at having to, I can tell you! Of course, I was pretty sure at that stage that I wasn't actually going to win, and so I had a great time and zero stress. The tests itself were a) more of the same, but b) there was also an easay paper. Having not read much about the subject formally, I imagine I did dismally on the latter - I think I got about one and a half on the programming at best. Didn't know how to do efficient sorting! Still, it was great fun, and really set my mind on becoming a programmer.

The best part was, we got room, board and tours around Cambridge absolutely free (I guess they were looking to recruit a few of us to Cambridge). I even saw Stephen Hawking whizzing around on his motorised wheelchair! We got given two books at the end of it - Programming Pearls and Introduction to Computer Algorithms. Both darn good books, although I admit to reading the first more closely than the second. ;-)

2.1 The Licensor hereby grants the Licensee a non-exclusive license to a) make copies of the Licensed Software in source and object code form for use within the Licensee's organisation; b) modify copies of the Licensed Software to create derivative works thereof for use within the Licensee's organisation.

2.2 The Licensed Software either in whole or in part can not be distributed or sub-licensed to any third party in any form.

This license is in no way Open Source. Yes, you can play with the source, but you cannot build something useful with it and redistribute under the same license.

This is not earth-shattering news, since HTK has been available for some years. HTK was owned by a company called Entropic and was released as open source when it was bought by Microsoft. HTK can be found at http://htk.eng.cam.ac.uk/. and can handle network grammars. This lessens the impact of IBM's news.

Hint..

Used Scanning Electron Microscope on ebay - $4,000

Googling for the works of Markus Kuhn - free
http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf

Watching free TV just for the challange - Priceless

...because then you'll have all the wonderful benefits of Palladium to go with all the power and security already inherent in XP. ;)

No, the internet was invented for that ;)

It is often suggested that unsolicited bulk email ("spam") is such a problem on the Internet because the current economic framework for email handling does little to discourage it. If only, it is suggested, the senders of email could be made to pay for their messages. Spammers would then cease their indiscriminate distribution of messages and email volumes would reduce as the senders targeted more carefully or just gave up altogether. Nevertheless, almost no one (other than those hoping for a handling fee) thinks that using actual money is a good way to achieve this economic utopia and even the holders of patents for "e-money" systems have failed to generate any significant enthusiasm for their wares.
However, there is an alternative to real-world money, which was first proposed by Dwork and Naor in 1992 [8]. Their idea was to have the sender of an email perform a complex computation as evidence that they believe that an email is worth receiving. The sender then proves to the recipient that this processing work has been completed and the email will then be accepted. The processing time is "free", so there is a minimal burden upon legitimate senders, but it is a finite resource, so that the spammers will not have unlimited amounts of processing time at their disposal and so cannot continue to send in bulk.

Recent research supports the belief that one well chosen password will defeat most intruders and that enforced rotation leads to weak passwords.

Here in work i've implemented a reasonable level (read: what you get for free from MS) password policy on the GC/DC (its a MS shop).
Passwords:

* Vary between Upper and Lower case
* Contain at least 1 number
* Have a minimum of 8 characters (MacOS9 users are only allowed to use 8 unless they have the MSUAM)
* Forced change every 90 days
* Differ from the 3 passwords used previously

In addition we encourage users to pick strong passwords:

Good Passwords contain:

* Multiple small words (let me in now: LetM3In0w)
* Unusual keys (open at eight : 0pEn@Ate)
* Personal Acronyms (open now please : 0pN0Plez)
* Replace letters with numbers (close please : C7o53p7z)
* Misspelled or nonsense words (close please : klOz3PeaZ)
* Offset the Number/Word (to home sweet : H0m325we3t)
* Non-sequential words from songs/poems (home of the brave: 7hebRaFovH0m3)
* A combination of the above!

Bad Passwords contain:

* Countries or Place names
* Names (First or Last)
* Anything Workplace related
* Historical events and Dates
* Personal information: Phone numbers, Birthdays or Social Security numbers
* Dictionary (English and Foreign language) words
* Consecutive numbers
* Popular phrases separated by spaces, underscores or a hyphen

I recently conducted an audit using the excellent @stake LC5. I used the SAM agent import feature and not the sniff the wire capability. It cracked 26/196 passwords in less than 50 seconds with straight dictionary attacks tho' to be fair it was running checks against the weaker LM password. It finished the run with 96/196 successful cracks in around 11 hours using the dictionary, hybrid dictionary/brute force and straight brute force cracking.

It got many "strong passwords" chosen using the above methodology which is similar to the previous post. I am not too worried as ANY password is vulnerable to determined brute forcing. Thats the reason you combine strong passwords and an x-attempt lockout policy.

The bonehead central office still enforces the password rotation despite the evidence that users are sabotaging the process. I sincerely believe this collision of function and security is a zero sum game: the users need to work meeting a complex security process irrespective of the necessity.

I am actively looking into 3rd party DC/GC extensions which perform the routine checks LC5 used so successfully and that have been in use on *nix systems for years. I'd love to hear from any1 in a similar situation. Please note i had reservations purchasing from @stake based on their abhorrent treatment of Dan Geer and evidently vindictive successive OSX disclosure campaign.

I happened to remember this study which compares passphrases and random passwords.

I found it interesting that passphrases are just as secure as random passwords, and as easy to remember as dictionary based passwords.

A 10 character passphrase based password is very hard to brute force.

Your organization isn't likely to be sued for patent infringement by IBM, particularly if your organization holds any patents. Your organization is more likely to be pressured into cross-licensing. Don't take my word for this, read it from IBM's own Assistant General Counsel, Roger Smith. In IBM's "Think" magazine Smith said that IBM gets "perhaps an order of magnitude" more value from their patents by cross-licensing than from lawsuits.

I take them seriously on this matter because they hold more patents than anyone or any other organization. I would not expect that IBM will refrain from suing Linux kernel developers if need be. There's no point in owning the patents if they pose no threat to compel the behavior of others.

Cross-licensing is also one of the key reasons why software patents fail to promote the innovation a limited monopoly ostensibly exists to provoke.

Kudos Sun!

I for one am extremely happy if this goes through as planned. Hopefully, Sun will not charge for the server software and only cash in on Sunray sales.

In a not so distant past, we fell on the following website of a university student's project to reverse engineer the sunray protocol. Our only hope (out of expensive SPARC gear) was that this guy's project would work out in the end. I guess this won't be needed anymore, at least not with the perspective of simply running the thing of a lintel box.

Our environment at work is composed exclusively of Sunrays, approximately 25 of them to be accurate. When we close in the 20 concurrent user, it gets pretty bogged down, especially with our venerable quad cpu E450.

Shelling out money for a better Sparc-Sunray-driving-server was not desired, mainly because of the price (a 4-way V880 costs 10-20 times the price of a quad opteron, and doesn't perform nearly as well). In other words, were stuck with the current setup. The least we could do was to run Mozilla and related apps of a separate Linux X86 box and X11 forward everything. Still, driving the graphical environment for 20 users tends to bring the machine to a crawl once in a while.

For those who will ask, connecting through XDMCP on a Linux box to drive the environment was even worse: those little XSun processes would eat up to a single CPU under heavy usage of the desktop, and it would feel pretty slugish. Understandable, since the screen refreshes would go LinuxBox -> Sunray server -> Sunray (one hop too many).

Enough said: I am thrilled with this piece of news. Sun has made my day (and I haven't said that in a LONG while). Running Sunray enterprise software on a quad x86 box is a dream come true.

I'd highly recommend reading this paper, comparing Xen with VMWare. The benchmarks indicate how much better things could be in the VM world.

Just because dos.library was written in BCPL, and BCPL is an ancestor of C, that doesn't make AmigaOS an ancestor of Unix. If you wanted to call AmigaOS an ancestor of TripOS, you would have less of an argument from me.

Just because dos.library was written in BCPL, and BCPL is an ancestor of C, that doesn't make AmigaOS an ancestor of Unix. If you wanted to call AmigaOS an ancestor of TripOS, you would have less of an argument from me.

You absolutely MUST implement Dasher text input. There's all sorts of stuff on that site, including pre-compiled demos for most every desktop platform.

I think the OP missed some of the best talks:

XenoLinux - a virtual machine layer to support linux and other free OSes at almost native speeds.
Alot faster than UML!

CKRM - not new but I didn't know about it. From their sf site:
The Class-based Kernel Resource Management (CKRM) project seeks to develop Linux kernel mechanisms providing differentiated service to resources such as CPU time, memory pages, I/O and incoming network bandwith based on user defined groups of tasks called classes

TIPC - Transparent Inter Process Communication protocol is specially designed for intra cluster communication but definately not for the internet.

Check it out: Why Cryptosystems Fail

Isn't Microsoft looking to create a nasty piece of BIOS (or no BIOS) which would lock down a system beyond the belief of most persons who aren't "well educated" WRT technology; i.e., the people who wouldn't have a need for tinkering with the system.

No. Microsoft and others have created a nasty piece of technology including BIOS modifications which, working with other modifications and additions to standard PC hardware, will not only lock users out of performing certain actions but could be used to allow total control over end user machines by Microsoft or the government (or your personal least favorite organization), regardless of how tech-savvy the end user might be.

Being smart does not make you safe.

Don't reply about how you can always gain complete control of your own hardware with enough technical knowledge and time. Read Ross Anderson's TCPA FAQ too see why that still applicable bit of security wisdom isn't sufficient to throw off the yoke of TC. Go here for all the technical nitty gritty if you're not still convinced.

... by someone who doesn't know physics.

The Euclidean path integral over all topologically trivial metrics can be done by time slicing and so is unitary when analytically continued to the Lorentzian. On the other hand, the path integral over all topologically non-trivial metrics is asymptotically independent of the initial state. Thus the total path integral is unitary and information is not lost in the formation and evaporation of black holes. The way the information gets out seems to be that a true event horizon never forms, just an apparent horizon.

The Euclidean path integral is the latest trick in quantum gravity.

The original problem with quantum gravity was that as you "quantitized" space into discrete units, explaining gravity in terms of particles like 'gravitons' and trying to do the math was possible for simplistic interactions like tree diagrams where time generally flowed one way - but extremely hairy and full of infinities if you started looking at loop diagrams where time can flow both ways.

So people like Roger Penrose came at it from a different direction, starting off with definining space-time in a quantitized manner (spin networks, quantum foam, whatever you want to call it) which had the side effect that complex examples of spin networks acted a lot like 3-dimensional Euclidean space.

Once people started talking about space-time like this, math started showing up that helped describe events and the progression of events in this space-time, including the Euclidean path integral which attempts to measure the end result of an interaction of particles in this type of space-time.

(Good link talking about path integrals and how they were a problem with quantum definition of gravity: http://www.damtp.cam.ac.uk/user/gr/public/qg_qc.ht ml)

Anyways, it sounds like he's saying: All this new math is great and if the world were a simple place, yeah, black holes would probably have an event horizon and the math to prove it is simple.

But the world is more complex than you think and doing the math for "the real world" shows that the closer you get to the end result, the less and less predictable the end result will be, even though overall it looks like it has a defined end result (i.e. it looks like it _should_ have an event horizon). In reality it's constantly shifting around - and likely this amount of shifting around is representative of the original information/particle system that went into its formation but you won't be able to trace it backwards and extract what the original information was.

This will probably tie into time dialation which will make it be: We never get to the end result event horizon that 'should' be there and in the process of never getting there, the black hole will have a nice jiggly event horizon as a result of all that information - but so jiggly we can't tell what went in to it, all we can do is measure the jiggliness.

What he hasn't explained is how he knows this and the math behind it.

Crap I'm bored.

This page claims the current record of the Shell Eco-Marathon is 10,240 miles per gallon. (This may well be UK gallons, not US)

http://www-outreach.phy.cam.ac.uk/physics_at_work_ 2003/exhibitor/team_crocodile.htm

You should have a look at Richard Stallman's talk about patents, it is far more informative than this article, and also the presented books.

If not, you can read the speech he gave in Cambridge 2002

Which is easier to remember? 12 inches in a foot, or that a piece of paper is 21.59 cm by 27.94 cm instead of 8.5x11 inches?

It is easier to remember that a standard piece of paper is 21 cm by 29.7 cm.

I don't agree that a tech would need a large conspiracy, or a lot of time, or magic. He/she would need detailed knowledge of how the machine works, a supply of fresh seals (genuine or counterfeit), and an excuse to get physical access to the machine. Audit logs can be suppressed or faked. It doesn't take a long time if you already have the replacement components ready.

Of course, the mondo approach is to replace the entire machine with a new one that looks the same and has the same serial number, etc. But I expect that in any realistic case, it will be cheaper and easier to replace only some components in the original machine.

I recommend Ross Anderson's Security Engineering book to anyone who thinks that serial-numbered seals are effective protection against tampering over the long term.

For holography you want monochrome light, which means the light source will be lasers. Probably three diode lasers for R,G,B. Lasers are much more efficient than the incandescent bulbs used in projectors, which means that you will be able to put your PDA back in your pocket without second degree burns after using for a while.

The home page of one of the coauthors of the cited paper is here. It shows a hologram that takes a few seconds to generate on a 2 GHz PC. Pretty low quality, and presumably specialized hardware (which could probably be implemented as an FPGA) will be required to get it to video rates. But for static text type presentations, for the Powerpoint warriors who are the main market for projectors, speed is less important.

Convert all industry and govt. agencies to the metric system

Change the paper standard to A series. i.e. 8 1/2" x 11" to A4

Change Month/Day/Year to Day/Month/Year on all forms and databases.

Use only open source software in all govt. agencies.

Invest much more research and support renewable energy

Invade countries that drive on the wrong side of the road and bring those evil doers to justice.

My policies will create jobs for the thousands of unemployed programmers sitting idle since the Millennium bug scare and allow our fellow Americans to drive anywhere around the world, without the fear of driving into on coming traffic.

Paul.

If they integrated Dasher for an input method (and that control pad is as analog as it looks), this could be hacked into a very respectable PDA. Hell, you could have a decent CLI if you could use Dasher there.

I'd rather iRiver didn't even attempt to make a PDA out of it though. Every PDA/media-player combo attempt I've seen, even the iPaq and half-hearted attempts of the Sony Clie, have been horrible horrible miscarriages. I'd rather they pick up the PDA option later if some people develop something nice after market.

However, Dasher would still be great for inputting metadata.

Pick and Drop is very cool ... in case anyone is interested, we knocked up an audio-based pick and drop interface a couple of years ago inspired by Rekimoto's work. Cheesy videos and webpage available here, and the academic paper describing the work in more detail.

The idea is that you can use existing devices (like voice recorders, mobile phones, PDAs) that can play or record audio to capture documents and move them around. By playing the sound back to a device (e.g. a print server), it decodes the identifer and downloads it via the higher bandwidth network.

Pick and Drop is very cool ... in case anyone is interested, we knocked up an audio-based pick and drop interface a couple of years ago inspired by Rekimoto's work. Cheesy videos and webpage available here, and the academic paper describing the work in more detail.

The idea is that you can use existing devices (like voice recorders, mobile phones, PDAs) that can play or record audio to capture documents and move them around. By playing the sound back to a device (e.g. a print server), it decodes the identifer and downloads it via the higher bandwidth network.

You reckon you wasted your life on sendmail.cf? Check this out:

I tried to post this to slashdot, but I got the following: "Lameness filter encountered. Post aborted! Reason: Please use fewer 'junk' characters."

sendmail blows slashdot's little brain.

or the webpage, which has the results of more tests (all the ones out of Checkmark which I could get to work).

When I have time and can find some foreign banknotes, I will try them, but all the tests take about 4 days to run. The Checkmark tests are slow (since they are in Matlab), and for every test I have to try at least ~10 images in a binary search so as to find the changeover point. The strongly detected regions test takes the most time, since I test about 2,000 images.

That pattern is nothing to do with the currency detection in software. This image with the pattern is not spotted as currency. However this slightly bigger one without the pattern is detected as currency.

That pattern is nothing to do with the currency detection in software. This image with the pattern is not spotted as currency. However this slightly bigger one without the pattern is detected as currency.

You're right, you certainly wouldn't hit on it by accident. You'd have to start with it.

But I disagree that it's "so complex." Maybe I'm daft, but it doesn't look complex to me.

Here's the pattern.

Looks like a series of 5 dots, with predefined angles between the central dot and the other 4. That should be able to be specified rather simply.

That might work. Another one I just thought of would be a necktie. Unlike t-shirts, those are supposed to stay flat (Dilbert's model excluded). The pattern's not even al that far-fetched.

Here's an image of the pattern. As you can see, it's pretty subtle. Putting the shirt directly under a scanner will probably trigger the protection, but wearing it will almost certainly mess up the pattern enough for it not to be recognised. The human body just isn't very flat anywhere.

Of course, I haven't actually tried it myself, so I could be wrong. If that's so, then such a shirt would be wicked cool.

My sincerest apologies. I failed to point out that my tests on a wide range of European banknotes as well. I'm not the only one doing this kind of work; see this presentation for details.

--Dan

...will software developers be required to keep up with new note faces? If old software blocks all note faces as of 2004, will developers face penalties for not updating their software in 2008 when the currency is redesigned?

Here is a good description of the principle.

I wonder if it is copyrighted and I could, say, incorporate it in my photographs...

I use my Treo 600 more as a computer than as a phone. When I get the mobile keyboard, it will increase my "computer time" by 10-20%. As I customize its environment with hyperlinks and apps, I expect to replace 10-20% of my "targeted" (not browsing or searching) info access with the phone. As mobile interfaces like SpotCodes become ubiquitous, probably 30-40% of my info access time will be via the mobile. And once I get a >VGA display, like hyper-Bluetooth shades, I wouldn't be surprised if the majority of my info access is mediated by a mobile, integrating phone, Net, A/V player, teleconferencer, multimedia player, GPS... a "Global Remote" that connects my senses and muscles to the material and virtual worlds, wherever I am.

Well, "beind sendmail" is something that I would definitely put in quotes. IMHO, anything useful that sendmail can do, postfix can do also. The only area where sendmail is more flexibile is for doing things like REALLY complicated and arbitrary routing where you basically have to write a program to make the decisions in real-time. Anything sane postfix should be able to handle with regex rules.

That and things like playing Towers of Hanoi in the sendmail .cf file...

Hopefully we'll keep that organlegging problem under control with these other new developments. Luckily you can read a lot about De Grey's publications here .

Your house would be more secure if you had bullet-resistent windows, steel-reinforced cross-bar doors, one-time pad electronic access, and 24/7 security guards, but most people the find much "weaker" deadbolt/key combination to be the BETTER solution.

Which it might really be, considering that all technology is embedded in a social and legal context. Ross Anderson has written two pretty interesting papers about such issues, Why Cryptosystems Fail and Liability and Computer Security: Nine Principles.

Your house would be more secure if you had bullet-resistent windows, steel-reinforced cross-bar doors, one-time pad electronic access, and 24/7 security guards, but most people the find much "weaker" deadbolt/key combination to be the BETTER solution.

Which it might really be, considering that all technology is embedded in a social and legal context. Ross Anderson has written two pretty interesting papers about such issues, Why Cryptosystems Fail and Liability and Computer Security: Nine Principles.

Your house would be more secure if you had bullet-resistent windows, steel-reinforced cross-bar doors, one-time pad electronic access, and 24/7 security guards, but most people the find much "weaker" deadbolt/key combination to be the BETTER solution.

Which it might really be, considering that all technology is embedded in a social and legal context. Ross Anderson has written two pretty interesting papers about such issues, Why Cryptosystems Fail and Liability and Computer Security: Nine Principles.