Slashdot Mirror
Domain: cam.ac.uk
Stories and comments across the archive that link to cam.ac.uk.
Comments · 1,846
-
FYI
A nice faq on Trusted Computing.
-
Re:What, didn't you hear?
I haven't read the article you point to, but Foundations of Physics can sometimes be a bit of a crack-pot journal (but sometimes not). There is actually other good evidence that time is not well defined in quantum theory. This bloke has done some work which I hear is rather good on quantum time. Most of the work in there was published in rather good journals, although I was never able to read through them properly.
-
Re:how stupidThe UK is currently in the process of migrating all credit cards to smart cards with a user PIN.
Interesting response. Europe does have some really cool things going on with smartcards. A couple years ago I was at cebit and there was what seemed to be a full building devoted to the technology.
Unfortunately, the smartcard concept is fundamentally flawed. They had a good idea, but they didn't carry it far enough.
The fundamental problem is that one must trust whatever smartcard reader they stick the card into. There's no way to independently verify anything, so it's almost the same as a normal credit card. There's also no way to tell if a "reader" is attempting to crack your private key.
IMO, they should be deploying battery powered devices with displays which communicate via infrared signals. This fixes two key problems with smartcards:
- You can verify that they really are charging you the amount they said.
- It becomes MUCH harder for a rigged reader to attemp to steal your private key.
One of the key problems with the smartcard design is that it relies on an external source to supply its clock and power supply. It is possible to manipulate these signals to cause a smartcard to give up its private key.
This means that I could stick my smartcard into what looks like a perfetly normal smartcard reader, and in addition to completing a normal transaction, it could steal my private key, no crypto-breaking required.
There have been attempts to deal with these problems, but I think a better approach is to avoid trusting an outside source for clock and data streams to begin with.
Here's a pretty good link on the subject of breaking smartcard security.
I think smartcards are a step in the right direction, but they don't offer nearly as much security as other implementations might.
There are many more benefits the public/private key crypto could provide if they were willing to take things just a couple steps further and make the device provide it's own user interface and communitcate via a more protected means.
One of the most important in my mind is removing the ability for a vendor to charge you an arbitrary amount of money. (There's no way for you to confirm that they really are charging you the amount they say they are before completing the transation.)
A smaller benfit would be the ability to establish a "never give your widget to anyone rule". With an IR-link type communication, there is absoultely no reason to give up physical custody of your key. This makes attempting to steal the key from your device much harder. The onboard display would also give it the ability to say "Help someone is trying to steal my private key. Leave this area!" -
Re:Cambridge University, UK
"As the Gates Cambridge Scholarship program enters its third year"... - written this year, because it refers to Cambridge's "new Vice Chancellor, Professor Alison Richard".
-
Re:What other Gates buildings are there?
Cambridge:
http://www.cl.cam.ac.uk/UoCCL/intro/
http://www.cl.cam.ac.uk/site-maps/gates.html
+ Washington:
http://www.law.washington.edu/GatesHall/
+ Stanford:
http://www-db.stanford.edu/pub/keller/gates-map.ht ml
+ Pennsilvania:
http://www.facilities.upenn.edu/mapsBldgs/view_map
+ MIT:
http://www-tech.mit.edu/V119/N20/20lcs.20n.html
+ RIBA:
http://www.riba.org/go/RIBA/About/About_162.html
+ Southern Indiana:
http://www.usi.edu/visit/map/housing.asp
+ Michigan:
http://www.admin.mtu.edu/admin/prov/facbook/ch9/9c hap-37.htm
= University Building Monopoly !!!! -
Re:What other Gates buildings are there?
Cambridge:
http://www.cl.cam.ac.uk/UoCCL/intro/
http://www.cl.cam.ac.uk/site-maps/gates.html
+ Washington:
http://www.law.washington.edu/GatesHall/
+ Stanford:
http://www-db.stanford.edu/pub/keller/gates-map.ht ml
+ Pennsilvania:
http://www.facilities.upenn.edu/mapsBldgs/view_map
+ MIT:
http://www-tech.mit.edu/V119/N20/20lcs.20n.html
+ RIBA:
http://www.riba.org/go/RIBA/About/About_162.html
+ Southern Indiana:
http://www.usi.edu/visit/map/housing.asp
+ Michigan:
http://www.admin.mtu.edu/admin/prov/facbook/ch9/9c hap-37.htm
= University Building Monopoly !!!! -
Cambridge University, UK
The computer labs at my old uni now have a shiny new William Gates Building which the Compscis moved into the year I left. The old building was too tall, weird and creaky but at least there were some good pubs nearby
-
Re:Vanderpool?
Sounds sort of like Xen's approach, but with hardware support.
-
Re:Wohoo
Does Slashdot and OSN use the same time zone offset from UTC? They should, according to "International Standard Date and Time Notation"
-
I found a very good paper on trusted computing...It's located here:
`Trusted Computing' Frequently Asked Questions
Scary stuff...
-
Re:Honest question
For a slightly doom-spelling (unforunately Ross tends to be right far too often) check Cambridge University professor Ross Anderson's Trusted Computing FAQ. There is also his Cryptography and Competition Policy - Issues with `Trusted Computing' paper as well.
You can also look at documents at Trusted Computing Platform Alliance, and I recommend reading The TCPA; What's wrong; What's right and what to do about by William A. Arbaugh
-
Re:Honest question
For a slightly doom-spelling (unforunately Ross tends to be right far too often) check Cambridge University professor Ross Anderson's Trusted Computing FAQ. There is also his Cryptography and Competition Policy - Issues with `Trusted Computing' paper as well.
You can also look at documents at Trusted Computing Platform Alliance, and I recommend reading The TCPA; What's wrong; What's right and what to do about by William A. Arbaugh
-
Re:Honest question
For a slightly doom-spelling (unforunately Ross tends to be right far too often) check Cambridge University professor Ross Anderson's Trusted Computing FAQ. There is also his Cryptography and Competition Policy - Issues with `Trusted Computing' paper as well.
You can also look at documents at Trusted Computing Platform Alliance, and I recommend reading The TCPA; What's wrong; What's right and what to do about by William A. Arbaugh
-
Please don't forget the following...
- X10 controller
- GNU Automaton
- an established IPv6 tunnel with your own IPv6 address subnet (it's a whole new world out there)
- SMS server for your cell-phone (good with X10)
- Mobile IP server for your roving laptop
Coffee Maker (this one needs an Java-Dispenser SNMP agent badly)
We're almost there...
-
Re:Xen and opensource
well here is a great paper about it: the article
it basically says that when you use an API to access things like a DOM Node, you lose things like type checking and other advantages inherent to OO programming. They then go on and ask: "why not put that API in the language syntaxe?" The paper is great on the advantages of it has some very good examples. -
Incidentially
If you're looking for more free online maths / physics texts, there are a great many avaliable.
Some CS people might be interested in the book on Information theory by Dave Mackay (author of Dasher). Unlike most people, he seems to have taken a truly "Open-Source" approach to book publishing. -
Incidentially
If you're looking for more free online maths / physics texts, there are a great many avaliable.
Some CS people might be interested in the book on Information theory by Dave Mackay (author of Dasher). Unlike most people, he seems to have taken a truly "Open-Source" approach to book publishing. -
Date format
disclosed on 05-01-2003
OK time for me to tilt at a few windmills. Aside from the date being off by a year (the link quotes the date as 05-01-2004), is this supposed to be 1st of May or the 5th of January?
In an international forum and for clarity, ISO 8601 dates. Therefore: 2004-01-05.
Sorry for the rant, but I work for an international company, and have spent sizable parts of meetings trying to figure out which version of a document is "most recent", 2/3/04 or 3/2/04.
-
Re:For small office/home networksOh, I missed this:
- msntp - A small, simple SNTP (not SMTP) server+client to force all the machines on your LAN use the same clock time
-
Re:Laziness Bad
That's why some researchers in the field of lazy functional language have developed techniques for "optimistic evaluation" -- basically, the compiler uses strict evaluation until it's determined that the object it's evaluating can't be evaluated strictly (for example, in the case of a conceptually infinite list). You still get lazy semantics, and you have most of the performance benefits of a strict language. See the work of Robert Ennals and Jan-Willem Maessen.
-
Don't have to type when you use this:
Dasher
It's an input method that doesn't need a keyboard, is fast, is always accurate, is fun and is GPL. -
don't forget...
-
Just like Xen, in other words?
This sounds like Xen for Linux...
-
Look on other Uni's websites
Other university's websites often have a link to their P2P policy on them. For example my college's policy is fairly sensible.
-
nothing new
I thought I had see something like this before from Canterbury University. A few people have tried solutions like similar to this. Check out http://www2.eng.cam.ac.uk/~arlt1/research/third/a
l l3d.html. -
Re:Iris changes
-
Re:Iris changes
-
LodinwsSO
-
Re:gimp and sane illegal
The Eurion pattern also appears on the reverse of the newest US $20 bill. Have you ever wondered why the zeros of the little yellow "20"s are so round? They're the Eurion circles. There are a bunch of the Eurion patterns you can play connect-the-dots with right there. -
Re:Trimming the edgesWhat's more likely, however, is that the system detects patterns that the bill includes (i'm sure there is some nonrandom distribution of dots or lines or something).
You're right. It's called the Eurion Constellation.
-
Re:gimp and sane illegal
-
Ross Anderson on Open Source Security
There was a good paper by Ross Anderson, a well known British security expert, that compared the security of open source vs closed source systems (sorry, paper is PDF). He set up a mathematical model for how quickly bugs would be found and fixed by the maintainers and testers, versus being found and exploited by attackers. His conclusion was that the two models would both be about equally successful.
A recent posting on the Unlimited Freedom blog took another look at Anderson's analysis and came up with some different results that were not as favorable. But either of these articles seem more convincing than this challenge by Russell Jones. -
Ross Anderson on Open Source Security
There was a good paper by Ross Anderson, a well known British security expert, that compared the security of open source vs closed source systems (sorry, paper is PDF). He set up a mathematical model for how quickly bugs would be found and fixed by the maintainers and testers, versus being found and exploited by attackers. His conclusion was that the two models would both be about equally successful.
A recent posting on the Unlimited Freedom blog took another look at Anderson's analysis and came up with some different results that were not as favorable. But either of these articles seem more convincing than this challenge by Russell Jones. -
Nomic
Talking about games and government reminds me of nomic Fun stuff.
-
Re:How creative
-
Re:SIGGRAPH keynote: geometry instead of dark enerHe's got the Powerpoint presentation, with associated material, on his website here.
I'm reading the presentation at the moment, but my math's a bit rusty (20 years rusty, if truth be told), so I can't comment on it.
-
Cosmologists have it easy
At least they have observations. And astronomers in general are a genial bunch. Anyone who finds (and this is the most likely case) that there is dark matter, but not nearly enough of it, is assured of nothing more that a few years of ostracism before enough new scientists come into the field who don't have the same emotional investment in dark matter theories.
Compare that to the potential fate of the poor wretch who disproves the Riemann Hypothesis, and undoes almost all progress in pure mathematics since the beginning of the 20th century. I know for a fact that there is a basement in Cambridge where this person will live out their days being forced to review unsolicited "proofs" of duplicating the cube, trisecting the angle, and squaring the circle. -
Re:Stupid. Really stupid.
As has been pointed many times before, this technique *has* been introduced into the newer Euro and Sterling notes. This PDF has an explaination of how this apparently works. It's not just Americans who can't fire up Photoshop CS for an extra few drinks at the weekend.
-
Good, but not a good starting point
Speaking from some experience (CS undergrad TA while in grad school)....
A few thoughts:
It's essential to teach some assembly at some point in a CS undergrad - A CS course should give full insight into the workings of a real CPU, and should give as wide a variety as possible.
At Edinburgh the first year CS course included assembly, C, and
When I was a CS undergrad we had practical classes in no fewer than 17 languages, covering the range of imperative, declarative, functional and stack based, plus specialist toys like theorem provers and SQL.
The best starting point for a university level course is the good old procedural language - in my day it was Pascal, C++ and Modula-3, these days I'd use Java (and many CS departments do).
Also, when you do get to assembler, I don't think using a real assembler is the best teaching tool - assemblers are intended for developing real low level code, or as back end targets for compilers. For teaching at Edinburgh, we used an X11 based tool called xspim which simulated a MIPS R2000 (we actually ran it on Sun Sparc-II's, not that it matters), and it let you single step and examine registers without the complexity of adding a debugger, and had a window where you could see the registers, CPU pipeline etc. displayed.
For introducing programming concepts to a younger audience I think an interpreted language which will execute command lines, allowing them to experiment while avoiding the edit-compile-run cycle, is very important. Some are better than others; when I was a kid the 8 bit micros (Apple, Commodore, Atari,
I don't like Pilot or Comal for teaching (failed experiments of the 1980's) but I think LOGO is a very commendable way to make concepts accessible to the young.
A perhaps unexpected place I was made to learn with an interpreted environment was as an undergrad at Cambridge University, where the first programming language taught is ML which for the CS people who haven't heard of is an implementation of lambda calculus with a sane syntax. -
Relax, Spelling isn't all that important anyway.According to a researcher (sic) at Cambridge University, it doesn't matter in what order the letters in a word are, the only important thing is that the first and last letter be at the right place. The rest can be a total mess and you can still read it without problem. This is because the human mind does not read every letter by itself but the word as a whole.
see the rest of the details HERE
-
The article omits XEN & coLinuxOddly enough the article doesn't even mention XEN, one of the most interesting virtualization systems. Xen is being actively developed and has also been featured on Slashdot a couple of months back when they released the first public versions.
Also omitted is the new coLinux, which was discussed on Slashdot, too, just the other week.
-
Re:why?
Linux runs on _current_ EFI boxen. The article mentions that EFI will be integrating "Trustworthy computing". So future versions of EFI will be capable of locking out anything except unmodified versions of signed operating systems.
-
Check out interferometry
There is a project in the U.K. by professionals to do this (Cambridge Optical Aperture Synthesis Telescope). This gives a pretty good description of what is necessary for setting up an optical array. Note the combining building, which is where the light path lengths are matched. The main thing is that the images are formed from light that arrives at the telescopes at the same moment. With radio frequencies, the signal can be recorded on tape, along with a time hack, allowing for multiple signals to be combined after the fact. I don't believe there is a way to do that with light.
-
It would be difficult...
It would be difficult. I think you're talking about interferometry. This was originally developed for radio telescopes, and is harder to do at shorter wavelengths. The Submillimeter Array, working at the shorter submm wavelengths, has just opened on Mauna Kea, although some work has already been done with linking the James Clerk Maxwell Telescope and the Caltech Submillimeter Observatory. At optical wavelengths it gets harder still. An example is the Cambridge Optical Aperture Synthesis Telescope (COAST). There's also the proposed `Ohana project.
A major problem is that you have to preserve the phase information of the light when you combine the signals from the telescopes, so you can't just record images with a CCD (which only gets you the intensity) and then try to handle the rest of it in software.
Essentially this means that you'd have to combine light from the telescopes in real time and keep the path lengths between them accurate to a small fraction of the wavelength you're measuring. You can do this "off-line" at radio frequencies, for example with the Very Long Baseline Array (VLBA) but not at optical frequencies.
So, in summary, the Internet lets amateur observers collaborate in various ways. However, combining their optical telescopes to get the resolving power of a larger telescope (the size of the distributed collection of individual telescopes) through optical interferometry is not one of them.
-
It would be difficult...
It would be difficult. I think you're talking about interferometry. This was originally developed for radio telescopes, and is harder to do at shorter wavelengths. The Submillimeter Array, working at the shorter submm wavelengths, has just opened on Mauna Kea, although some work has already been done with linking the James Clerk Maxwell Telescope and the Caltech Submillimeter Observatory. At optical wavelengths it gets harder still. An example is the Cambridge Optical Aperture Synthesis Telescope (COAST). There's also the proposed `Ohana project.
A major problem is that you have to preserve the phase information of the light when you combine the signals from the telescopes, so you can't just record images with a CCD (which only gets you the intensity) and then try to handle the rest of it in software.
Essentially this means that you'd have to combine light from the telescopes in real time and keep the path lengths between them accurate to a small fraction of the wavelength you're measuring. You can do this "off-line" at radio frequencies, for example with the Very Long Baseline Array (VLBA) but not at optical frequencies.
So, in summary, the Internet lets amateur observers collaborate in various ways. However, combining their optical telescopes to get the resolving power of a larger telescope (the size of the distributed collection of individual telescopes) through optical interferometry is not one of them.
-
If you want free VMWare check out XenIf you want free VMWare check out Xen. It's GPLed and it should actually be faster than VMWare. There is a catch though: the OS that runs inside must be modified. Linux is already supported. XP is almost ready but I wonder if they'll be allowed to distribute their modifications.
Xen has already been covered on slashdot
-
Re:Unfortunately
My university library would have hung, drawn, and quartered you for that kind of thing.
They've got quite a good webpage about the way people abuse library books.
-
Re:Unfortunately
My university library would have hung, drawn, and quartered you for that kind of thing.
They've got quite a good webpage about the way people abuse library books.
-
Free Online TextbooksThe following are some sources of free online textbooks (and lecture notes):
A huge list of math texts.
David MacKay has posted his book Information Theory, Inference, and Learning Algorithms on his website. (This is despite it being a recently published work available through major bookstores.)
The classic, Numerical Recipes in C, is available online for free.
Some more math texts.
Another grab bag of online texts (mostly math).
Yet even more math and CS stuff.
-
Free Online TextbooksThe following are some sources of free online textbooks (and lecture notes):
A huge list of math texts.
David MacKay has posted his book Information Theory, Inference, and Learning Algorithms on his website. (This is despite it being a recently published work available through major bookstores.)
The classic, Numerical Recipes in C, is available online for free.
Some more math texts.
Another grab bag of online texts (mostly math).
Yet even more math and CS stuff.
