Slashdot Mirror

Prof. Fokas. He has quite a big brain, has qualified as an MD AFTER a PhD in Applied Mathematics, and (although not in CS) his breakthroughs have revolutionized things like brain imaging.

Ok. You really don't know what you're talking about, do you?

Admittedly, you goaded me into looking for info on how LaTeX works (I had used it, but didn't study the format up close). It tends to be more strict than XHTML/CSS actually, and does require good markup of a document. If you want to see some reference, check out this document.

CSS is very flexible for making layouts. Please suggest what you think LaTeX can do that CSS can't. Prior to that, though, you may want to take a look at the spec (and yes, most of that stuff does have good support, even in Explorer).

No. The ISO 8601 standard specifies YYYY-MM-DD. No slashes. And the proper time format is HH:MM:SS (:SS can be omitted, of course).

RMS gave a rather nice talk on this in Cambridge. Not sure whether it counts as a legal source!
Here

I'm not familiar with this five dot pattern. Could you tell me where I could find an example of it? Either on the web or on the currency itself.

Sure... Check out this image (warning, a PDF)...

On the 10 Euro note pictured, you can see the pattern VERY well, as the author connected the relevant 5-dot groupings with green lines.

It looks vaguely like the Cingular logo, IMO, or perhaps a little headless stick-figure.

On the US $20, the pattern appears using the zeros from the repeated background "20"s, or so I've read (I haven't personally verified it).

This actualyl leads to some intriguing possibilities. Perhaps politicians might start having this arrangement of dots present on those boards they are so fond of standing in front of these days to prevent later photoshopping of their images.

I also considered setting up some merchandise with this pattern of dots on at somewhere like cafepress.com. Imagine if someone couldn't scan or edit a picture because of the t-shirt you were wearing or a mug left surrepticiously sitting around.

Rich

The correct format is yyyy/mm/dd, anything else doesn't sort correctly when used to date filenames, etc.

Just to be perfectly pedantic, the 'correct' (iso8601) format is yyyy-mm-dd or yyyymmdd, both of which sort quite nicely. ;)

Have a look at the Dasher Project. Its not voice input, but they have several input methods which can be used by para- and quadra-plegics (eye tracker, head mouse, breath mouse, toungue mouse, etc) - you pretty much can use any movement you can make. It can be faster and more accurate than most voice recognition systems, and they have it working for controlling the UI as well as textual input now.

I got your international standard right here.

YYYY-MM-DD and YYYYMMDD are both standards-compliant.

Seriously, if you've never heard of this standard, read up. Whenever I need to stick a date or a time on something in text form, I just do it the ISO 8601 way.

This is a copy of a post on the Adobe forum, which is now slashdotted:
---
Markus G. Kuhn - 03:45am Jan 8, 2004 Pacific(#106 of 110)

How it works:

For those of you curious about how this algorithm detects a banknote, here is a slide of a short talk that I gave to our local research group soon after I discovered the "EURion Constellation" two years ago while experimenting with a new Xerox color photocopier and a 10 euro note:

http://www.cl.cam.ac.uk/~mgk25/eurion.pdf

The algorithm looks in the blue channel of a color image for little circles and most likely examines the distance distribution encountered. I have discovered a small constellation of just five circles (a bit like Orion with the belt starts merged) that will be rejected by a Xerox color photocopier installed next door from here as a banknote. Black on white circles do not work.

These little yellow, green or orange 1 mm large circles have been on European banknotes for many years. I found them on German marks, British pounds and the euro notes. In the US, they showed up only very recently on the new 20$ bill. On some notes like the euro, the circles are blatantly obvious, whereas on others the artists carefully integrated them into their design. On the 20 pound note, they appear as "notes" in an unlikely short music score, in the old German 50 mark note, they are neatly embedded into the background pattern, and in the new 20 dollar bill, they are used as the 0 of all the yellow 20 number printed across the note. The constellation are probably detected by the fact that the squares of the distances of the circles are integer multiples of the smallest one.

I have later been told that this scheme was invented by Omron and that the circle patter also encodes the issuing bank.

Many new banknotes have a special pattern that is designed to be easily detected by photocopiers etc. You can add the same pattern to any document to make copying and editing more difficult. For the details, see the "The EURion Constellation" by Markus Kuhn.

However, the processor is just a part of it. A high-end Sun boxes offers muliple PCI buses as well as other I/O interfaces. It is I/O throughput that makes high-end commercial computers for most people. The other issue is execution domains. This allows you to assign procesors to domains that run particular processes. This gives you fine grained control over who runs what. When IBM runs Linux on a Z series, they run multiple instances of Linux as virtual machines under a host operating system. VMs can be assigned processors to allow them to increase their power or redundancy. However VMs can and do share processors. The problem is that the host system is propietary IBM. There are efforts to do this with Linux, such as VMWARE, or as open-source, Xen but they don't cover the issue of multiprocessing management.

High-end CPU chips can compete, they just need the on-chip hardware to facilitate interlocking but what they really need is a lot of glue chips to allow efficient shared memory use. Building the big boxes that support multiprocessing with more than 2 processors isn't easy. Adding fast I/O channels to keep pace is even less easy. However, I do have big hopes for the Opteron based motherboards though.

Note that clustering helps only when you have loosely coupled cooperation between processes. If you need lots of closely interacting processes or threads then a cluster isn't really fast enough.

Then Microsoft announced plans to make the data files of its flagship applications executable.

They were warned. Security experts warned that this crazy innovation would allow vandals to infect Word files and to infect e-mail.

Microsoft ignored the warnings. And it wasn't long before the first Word macro viruses were seen in the wild. But, in the end, the e-mail viruses, that raided your address book, turned out to be much more expensive.

Why?

Why would a corporation with the public interest at heart introduce a suite of programs with such a fundamental design flaw?

Some wise man counselled, "Never attribute to malice that which can be explained by incompetence." I used to think that this bad design could be explained by incompetence on Microsoft's executive floor.

About a year ago I started to wonder about this. Gates and Ballmer started talking about security. Palladium . The Trusted Computing Platform. When I read about these schemes I realized that the explanation for Microsoft's terrible design choices could be part of a deep game. Make the internet an insecure place in the mid nineties? Reap the rewards by getting your victims^H^H^H^H^H^H^Hcustomers to welcome allowing you draconian control over their computers in the mid 00s?

I'm still convinced that a closed-source competently-designed operating system will be, on the whole, less vulnerable than an open-source competently-designed operating system. The theoretical million eyes on the source isn't worth as much as it (used to be) hyped, because you're not talking about a million security professionals and you're really talking about maybe a thousand eyes on different parts of the code.

Read the paper Security in Open versus Closed Systems -- The Dance of Boltzmann, Coase and Moore (pdf) by Computer Security expert (since the 1980s) and Cambridge University professor Ross Anderson.

Your conclusion of more secure because it is close-sourced and "competently-designed" OS does not hold. The million eyes argument is a red herring.

I'm still convinced that a closed-source competently-designed operating system will be, on the whole, less vulnerable than an open-source competently-designed operating system. The theoretical million eyes on the source isn't worth as much as it (used to be) hyped, because you're not talking about a million security professionals and you're really talking about maybe a thousand eyes on different parts of the code.

Read the paper Security in Open versus Closed Systems -- The Dance of Boltzmann, Coase and Moore (pdf) by Computer Security expert (since the 1980s) and Cambridge University professor Ross Anderson.

Your conclusion of more secure because it is close-sourced and "competently-designed" OS does not hold. The million eyes argument is a red herring.

What if some tries things like 'fcuk' or the like? Does it work also? Think of that english research done lately where it says it doesn't make much difference in which order the letters are, as long as the beginning and ending letter are correct. More about that here.

You can make a cluster of telescopes, the technique is called interferometry. However, combining the results from individual dishes requires painstaking detail. The lengths of the signal paths must be matched to a degree less than the wavelength of the signals. For radio astronomy this has been done for a long time, because the wavelengths are quite manageable. The optical equivalents are only quite recent and not that widely deployed, but here is one example that I know of.

This is obviously going to be the vehicle with which the Trusted Computing Group (TCG) will impose its trusted computing standard onto the PC market. I just think it's very suspicious that this is not even mentioned in this article. As major players in the TCG, Microsoft and Intel will be quietly pushing these standards into PCs because of their contraversial nature. For more info check out Ross Anderson's trusted computing FAQ

Others have noted that the eye is an analog device, and so the notion of a 'frame rate' is absurd for that reason. Fair enough. Still, there's a limit to how fast the receptors in the human eye can 'refresh' themselves. Light shining on the eye triggers reversible chemical reactions; the rate at which the receptors can be restored to their unstimulated state after exposure to light arguably places an upper limit on the eye's 'frame rate'. In getting that signal to the brain, again a number of reversible reactions take place, all of which may impose an upper limit on your vision 'refresh rate'.

For those that are interested, there's not a bad description of the entire process in point form here, as well as a more detailed description of phototransduction (what happens when photons strike the retina) here. A diagram of the phototranduction cascade is here.

2 930 footnotes
his choice of data

So he "chose" data? Did this person perform any experiments or observations of his own, or is this more crack armchair science from a person who did all their research from the first 2930 hits on google?

This exact same thing came up when someone presented "research" to the us government showing that nanoscale particles were harmful when inhaled (something that I suspect has been somewhat common knowledge since coal miners started getting black lung). The whole "research" was assembled from other people's research with very little in the way of original work, for which the US government paid a pretty penny in a grant.

Mankind currently lacks the instrumentation, knowledge, and experience to Prove most complex phenomenon. We still have no working Proof of how gravity actually works, we just know that it does empirically.

Global warming? Who knows? All I know is that my freshman year of college, the university opened late due to snow, and it has not snowed here since then. There is no Proof that the cows farting, the cars driving, the factories belching, the volcanoes erupting, and whatever other factors people say take part cause global warming. But theres no Proof the other way either.

Lets take the ozone hole. Nobody has ever traced the path from individual CFCs in an old refrigerator in the US to the antartic circle, so CFCs were not Proven to cause the hole. However, shortly after CFCs (which are proven to destroy ozone through a well understood chemical process) were banned in industrialized nations, the ozone hole began to shrink (compare 2001 to this page which details a decade of loss. Note that the color scales are different, the EPA defines the ozone hole as less than 220 Dobson Units which is the small blob in the middle of Antartica in 2001, while the 220 Dobson Unit level marks most of the antartic circle in blue and purple in 1991. You can also see on the EPA picture that ozone depletion is also taking place over countries in southern Asia and Africa where CFCs were not banned, but very little is taking place over South America. Thus there is very strong empirical evidence for a link between CFC release and ozone depletion.

or perhaps as a backup known good environment.

That being said, there's one interesting point here - there are a lot of people who, after OS X, are switching to Apple because it's a Unix derivative that, for desktop use, is more polished than Linux.

e'll only have to crack it once and then we'll all be set. :)

No, they want this new "Universal DRM System" to prevent exactly that.

22. What's TORA BORA?
This seems to have been an internal Microsoft joke: see the Palladium announcement. The idea is that `Trusted Operating Root Architecture' (Palladium) will stop the `Break Once Run Anywhere' attack

The whole thing runs on top of Trusted Computing. They are pushing for this new "Universal DRM system" becuase it is very very different. You will no longer own your own computer or your own devices. They will have a "Trust" chips inside that guarantee them control.

To "crack the system" you need to dig your own personal encryption key out of the chip soldered to your motherboard. Breif info on one such chip. See page one "Physical security circuitry" and page 2 where it says "if it has been removed from the PC in any way and can also take actions internally"? That means chip is tamper resistant and programmed to wipe your key if it detects you trying to get at it.

And lets say you do manage to dig out the key - every computer has a different key! If you dig out your key that only cracks that one machine. One key extracted, one PC liberated. The TORA BORA plan includes plans for "traitor tracing". If you aren't extremely carefull how you use that key they will detect it and revoke that key. Hell, they might even track you down and throw you in prison.

And before people say they simply won't buy computers with these control chips built in I suggest they look at my other post here. In a few of years you may be denied internet access unless you submit.

-

Actually, he's right, one version of this bug does affect Mozilla including firebird. Look at the two links on this demo page.

In the first case, the exploit works in both IE and gecko, in the second case it is IE only. Now it's a race to see which gets patched first :-)

(Sam Ruby pointed this out before me)

All of these security problems at Federal Agencies, with Blaster, Welchia, spam, "piracy" etc. are going into a big hopper, where they will be used as reasons to justify TCPA, aka the Death of My Computer.

In a nutshell,

"Since IT security is in a such a poor state right now, the solution is obviously to put greater power in fewer hands."

Yup, we're getting to the point where being able to use your hardware is "value added content" that should preferably be payed by month on a licence basis. With TCPA noone should have been in a position to whine about this.

Trojans and man-in-the-middle attacks on ATM machines.

This should help raise public awareness of what I've long worried about.

Everyone worries about authenticating the user to the machine (PIN numbers, biometrics), but I worry about whether what's shown to me is my authentic machine.

It's already kind of iffy, but in a few years it will be a foregone conclusion that I cannot trust my machine when it no longer trusts me.

ATM fraud like this has been reported at least since 1988. Ross Anderson presented this at a conference in 1993 Why Cryptosystems Fail mentioning that:

The fastest growing modus operandi is to use false terminals to collect customer card and PIN data. Attacks of this kind were first reported from the USA in 1988; there, crooks built a vending machine which would accept any card and PIN, and dispense a packet of cigarettes. They put their invention in a shopping mall, and harvested PINs and magnetic strip data by modem... in 1992, criminals set up a market stall in High Wycombe, England, and customers who wished to pay for goods by credit card were asked to swipe the card and enter the PIN at a terminal which was in fact hooked up to a PC.

This is really more of a problem with the lack of attention to such security issues on the part of banks than a new type of crime.

Nope it was at Cambridge University in the UK:
http://www.cl.cam.ac.uk/coffee/coffee.html

I recommend reading Eurpoean University websites, you get to read things years before they are discovered by MIT !!! e.g. Linux :-)

You would be more familiar with the Coffee Cam.

Remember the coffee cam? Now that was cool. Wasn't it at MIT?

The four patents listed appear to be to do with VFAT, and specifially the way it simultaneously has a short (8.3) and a long name for each file.

The earliest patent was granted in 1996 - what then of the Rock Ridge CD format which offers a somewhat similar mechanism for long Unix filenames over the standard short ISO9660 length, and was adopted in 1994?

For those who don't understand what "Trusted" Computing, DRM, NGSCB and friends are all about, but do want to be awakened to reality - here's a red pill.

Buy a new one!

You just wait until they figure out that they can pull a Motorola or a Lexmark with the battery. Oh, and sealing the case to prevent "unauthorized repair."

• AMI Introduces 'Trusted Computing' BIOS
• and Phoenix Sounds Death Knell for BIOS.

So when Big Brother wants to know what you're up to, they don't need you to be online to the public internet. How convenient. The "trusted" BIOS can always let them bypass your firewall, as the BIOS is going to handle the net connection too.

The part about this story that gets to me is that the researcher didn't alert Microsoft before posting to a public mailing list. Sure, a lot of people don't like Microsoft, but that's no reason to make it worse for the millions of people who are forced to use Microsoft products, especially for security holes which have yet to be exploited.

While I agree that all vendors, even Evil(tm) ones, should be notified and given adequate time to fix a bug before exploit code is published, I disagree that there is no reason to "make it worse for the millions of people who are forced to use Microsoft products". There are plenty of reasons.

Making things worse for MS users will lead to more people objecting to being "forced" into using MS products (the word "forced" is used loosely, as in your post). The more people that object to the monopoly, the less likihood that the monopoly will continue to thrive. Whether you admit it or not, the proliferation of MS security exploits in the form of viruses, worms and any other means, is a big part of the recent success of the adoption of open source software around the world. People are getting fed up with viruses and security problems on their PCs, and looking to alternatives. Just by looking at alternatives, the world is coming to realize that there are better ways to get software than paying a vendor for a licence to use binaries, under restrictions.

Another reason is that Microsoft itself is getting fed up with the problem, and so maybe some day they'll change their ways and maybe get a part of a clue about security. This ties in with the first reason I cited, in so far as their present solution to their security problems will only make people dislike them more than they already do. MS constantly blames the users for problems in MS software, so their solution is to remove control from the users and put it in the hands of... whomever. This is more good news for MS alternatives.

There are a multitude of reasons that stem directly from the first reason that I mentioned. Lots of good things will happen if the monopoly crumbles. After only a few crumbs have come off the edges, there are already benefits. For example, poor countries are now much more able to build up their infrastructure, thanks to the existence and advocacy of alternatives to the monopoly. The monopoly itself is bad for security: some of the world's leading computer security experts have argued that the lack of platform diversity is itself a security threat. There are many economic arguments about why monopolies are bad.

So MS users may have some pain coming their way, but in the end the result will be beneficial for society.

when the enevitable book,discussion, etc on patterns and their use in software I remind myself of Christopher Alexander , Austrian born, Cambridge educated maths and architecture graduate.

One aspect of Alexanders work often overlooked, is that we should be making up your own patterns. Instead we look to references as cook books rather than as building blocks.

Here's a free tip. Never attack anyone personally. If you have a valid point, state it. Name calling is something that people revert to when they feel the point they're trying to make can't stand its ground on its own, and needs an intimidating muscle-showoff to help others get convinced. It screams at the reader that you yourself aren't buying into whatever it is you're saying. Here on /. it won't cut you any slack.

Now all you had to do was ask. Microsoft announced and revealed Palladium, and quite plainly As MS Employee states [Palladium] "is to be included in a future version of Windows, possibly in Windows XP successor Longhorn, scheduled for release in 2005".
Taking an educated guess based on the fact that their interest does lie there, that they announced it, that they're well underway developing it and that the DMCA was legislated, I'd dare say it will show up in Windows sooner or later. Sooner if they have anything to do with it.

If you do not yet realize the extent of the problem this poses, I strongly suggest you spend 10 minutes reading up .

Cheers mate.

Look at DSpace, the mission of which is "To create and establish an electronic system that captures, preserves and communicates the intellectual output of MIT's faculty and researchers."

Each data set (collection) has a handle, suppoosedly longer lasting than URNs. We're talking about long term data storage here.

There's an implementation of it at Cambridge University, and my organisation will be evauluation it as soon as the SuSE Linux Enterprise Server software lands on my desk and I've installed my server.

Tom.

Each data set (collection) has a handle, suppoosedly longer lasting than URNs. We're talking about long term data storage here.

There's an implementation of it at Cambridge University, and my organisation will be evauluation it as soon as the SuSE Linux Enterprise Server software lands on my desk and I've installed my server.

Tom.

Nonsense! All we need is Mercury delay lines where each bit is a pool of mercury with pulses causing waves in the mercury determining a bit is on or off. Ahhhhh the good ol' days.

The well known limitations of Fedora's multimedia capabilities plague every linux [sic] distribution. It's not Fedora's fault that US laws suck.

Looking at Loli-Queru's review of Yellow Dog's distribution of GNU/Linux (version 3.0.1) which includes an XMMS that can play MP3s (which probably qualifies in the US as patent infringement), I see that she finds it convenient and nice that XMMS plays MP3s without any additional software:

A nice addition to the system is that XMMS supports mp3s, even if RHL's doesn't. The YDL guys have re-compiled the original XMMS package and its libraries and not the Red Hat SRPM.

It seems to me she either wants to remain ignorant of powerful forces that shape the way in which people must do things (following the law, protesting bad laws) or she genuinely does not understand these forces. I think it's sad that she doesn't acknowledge how much "US laws suck" (to use your words) or what we could do to change the law so we don't have to contend with software patents anymore. She doesn't give any indication that Red Hat was making a strategic choice by not including MP3 software--they did not want to lose their business to a patent infringement lawsuit. More people need to tell users and citizens that stressing convenience over everything is part of the way we get into this mess, not the way we get out.

Two top-class papers if you want to take a look to the "emerging" world of pervasive computing

Mark Weiser, The Computer for the Twenty-First Century (the most referenced paper in the subject)

Frank Stajano, Security for whom? The shifting security assumptions of pervasive computing (dangers of ubiquitous computing exposed)

In the section titled GENERIC STRUCTURE, HIERARCHIES , Sutherland describes how he restructured SKETCHPAD in what we would immediately recognize as an OO manner:

"The big power of the clear-cut separation of the general and the specific is that it is easy to change the details of specific parts of the program to get quite different results or to expand the system without any need to change the general parts. This was most dramatically brought out when generality was finally achieved in the constraint display and satisfaction routines and new types of constraints were constructed literally at fifteen minute intervals." ... "Before the generic structure was clarified, it was almost impossible to add the instructions required to handle a new type of element."

Later in the section DEMONSTRATIVE LANGUAGE we see what we might call today the association of classes with methods as Sutherland notes:

"The organization of the demonstrative program in Sketchpad is in the form of a set of special cases at present. That is, the program itself tests to see whether it is dealing with a line or circle or point or instance and uses different special subroutines accordingly. This organization remains for historical reasons but is not to be considered ideal at all. ***A far better arrangement is to have within the generic block for a type of picture part all subroutines necessary for it.***" [asterisks mine].

Or they could put a "virtual Fritz chip" into the virtual PC. And make it so the virtual PC will only load boot code that's been cryptographically signed by Microsoft. And call it a security feature. See the "Palladium FAQ" for details.

You just need to learn how to play the game. it's not easy, and while it seems like everything is random and you're just going to die over and over again, in actuality 90% of the deaths suffered in NetHack are suicides. Look here spoilers to get you started Newer versions of the game have a prmitive graphical tileset that can be activated in the options (open the config file). It's still not pretty, but some people find pictures easier to deal with than ascii. Never forget the power of Engraving "Elbereth" on the ground when you need a breather, and remember to use the #pray command if you know you are about to die (though don't count on it too much)

If you're an academic (you can probably get an entercard if you are, through your institution), and can travel, get into one of the other legal deposit libraries. There are two within striking distance of London:

the University Library of the University of Cambridge

the Bodleian Library of the University of Oxford.

The UK legal deposit libraries are, I believe:

the British Library
the University Library, Cambridge
the Bodleian Library, Oxford
the National Library of Scotland
the National Library of Wales,
and, bizarrely, the Library of Trinity College, Dublin (in Eire).

I'm impressed that the UK legal deposit system has offsite backups :)

DO NOT READ THEM ALL AT ONCE.

If you find that you keep dying from the same thing, then don't do it. =)
For example, drinking from fountains is one of the single largest causes of newbie frustration. Just experiment a lot, and if you find yourself really, really confused, consult a guide at that website. They often have useful advice.

Some things, like scrolls, just take a while to learn the effects of. It's all about those little one-line messages like "Your hands begin to glow red," or "You feel like someone is helping you."

Don't despair; it's really one of the most complex and interesting games out there. It just takes a while to get the hang of.

My tinfoil hat may be on too tight, however:

1. Microsoft Loses Antitrust case.
2. Bush gets into the Whitehouse and expected results of antitrust case become very wattered down.
3. Microsoft employee becomes chief of cyber security for the government - authors 'National Strategy to Secure Cyberspace'.
4. Google is known to have former NSA people on the payroll.
5. Microsoft's 'trusted computing' strategy includes building an all in one DRM gateway.
6. Microsoft goes after Google...

It seems to me that Microsoft is tightening their ties with government in an attempt to influence the upcoming DRM war. What better way to do that than to have an inside man to set internet security policy, to control all access of electronic resources into the home, and to control the most important search portal. There are probably other evidence to support this view - but I don't have the time to 'google' it all for you (kind of ironic, if it wasn't so scary in a 'big brother is watching you' sort of way...)

To paraphrase Frank Herbert, "he who controls the access, controls the universe"