Slashdot Mirror

Bollocks. There was meant to be a link in there somewhere

Believe it or not, there is a Winboard/XBoard chess engine named Beowulf.

It's open source, too.

Well there are tons of links at the page if you look around, try the bottom of this pagehere

most interesting link i've found so far is this read on chess programming theory... but then again im still going all theese links still, pretty interesting stuff though

The University of Cambridge have a system called the public workstation facility. This is comprised of machines in many departments and colleges which can authenticate against a single database, and which provide homespace and so on. I understand that some of these machines are now dual boot between NT/win2k and a home grown linux. More infomation is here.

The University of Cambridge have a system called the public workstation facility. This is comprised of machines in many departments and colleges which can authenticate against a single database, and which provide homespace and so on. I understand that some of these machines are now dual boot between NT/win2k and a home grown linux. More infomation is here.

Even not looking at plank though we still run out of bits before we run out of things.

Some dumb guy* math:
3.0e+3 galaxies in the Hubble deep field
2.0e+9 stars in our galaxy.
4.6e+8 HDF field images are required to coved the sky

some quick math: ~2.7e+21 stars in the Universe. We're already out of 'bits' and we're still talking about some of the largest strucures in the universe, nowhere near the size of the Plank numbers.

*Meaning I'm not astro or quantum physisist or mathmetician.

The fact that the sun is yellow isn't the kind of information being discussed. The 1948 paper by Shannon in the Bell Systems Technical Journal is the seminal work; or look at this 1995 short course in Information Theory by MacKay at Cavendish Laboratory. While you're at it, stop trolling.

1) you still have the original code

This doesn't respond to the point made earlier and it doesn't acknowledge the power of patents. The point made earlier was that with the BSD licenses, you can always benefit from someone else's contribution. So still being able to use the code without the patented contribution in no way addresses that point because you are talking about the program without discussing the patented contribution. Also, what you gain with copyright (i.e., "still hav[ing] the original code") you can lose with a patent. Copyright law and patent law are completely separate areas of law that can conflict. A patent holder (whether it is the one that "contributed" to your BSD-covered program or someone else) can write their patent so broadly it encompasses your extant work, thus preventing you from distributing your work, forcing you into a costly licensing fee, compelling a court appearance, or cross-licensing your patents with them (the real value of software patents is in cross-licensing).

2) it is unclear how the patented code was 'contributed' to the project in the first place.

The code could have been sent to you to make it known to you, informing you of its existance in a way where they can win a copyright infringement suit (see Lawrence Rosen's column in the December 2001 "Linux Journal" magazine for details on this) as well as a patent infringement suit. Whatever the reason, they have a patent on that improvement and you probably don't. Patents are written broadly enough to encompass an idea (not just a particular expression of that idea), so it's entirely possible (even likely) you won't be able to reimplement the improvement without infringing on the patent.

Rather, it seems that the people who developed the patented code did exactly what they are allowed, which is they used the BSD code freely.

There's no doubt they acted within the limits of the BSD licenses, that was never the question. The question was whether you want that to happen to your program: Do you want to maintain the ability to share improvements to your program even in the face of software patents? Do you want the other users of your software to be able to share and modify the patented improvements? If so, the BSD licenses are not an appropriate license choice for your program.

AWK was created by three people, Aho, Weinberger, and Kernighan; they happened to do this at Bell Labs.

reference

Ed was in fact based on an earlier program QED, written at Berkeley by Butler Lampson and Peter Deutsch. And ed itself was written by Ken Thompson.

reference

UNIX, I will grant you, was designed by a 'division of bell labs'. But really, one out of three? That's a pretty low accuracy rate. I guess if you sound authoritative enough people will believe and mod up.

The names behind ed/qed and awk are some of the most recognized forces behind early development of computing systems. I mean, even the _article_ about qed was written by Dennis Ritchie. Perhaps not all _lone_ inventors, but there's not much difference for practical purposes between three and one.

Just because some things were created by people working for bell labs doesn't mean that they were created by the telephone monopoly.

I'm asking this as a general question, since I've never owned a console with anything more than an 8 bit processor in it:

Can't the PIC processors often used for these MOD chips be cracked and the code freed for us all to use? I know there's a protection mechanism on the PIC chips to prevent this, but $50 is a hell of a lot of money for a PIC that you can buy raw and unprogrammed from Digi-Key for maybe $5-7.

I program PICs and know there are people out there who've explored cracking them. I don't own an X-Box and probably never will, but freeing up these expensive chips so they're code you can download and burn yourself seems like a viable project for people to work on.

There's better than that...

Autostereo displays

I saw this 5 years ago, and it was extremely cool. They played a variant of Pong where the ball went in and out from the plane of the screen to a plane that appeared to be more or less level with the back of the monitor. They also used a cool 3D mouse so you could move your bat. It was totally realistic stereoscopic 3d without any goggles or anything.

What you're describing sounds like you could render both the bats easily but you couldn't render the ball because it would be in-between the planes of the two LCDs. The autostereo system handles all intermediate distances just fine.

Demis Hassabis, who co-created Theme Park and whose company, Elixir Studios, is currently at work on Republic - the Revolution is a strong amateur shogi player. (OK, strong by Western standards.) He won five out of six (even, as opposed to handicapped) games in the British Open Championship the weekend before last and so has qualified to be part of the team to represent the UK in the World Championship later in the year. It's not much of an exaggeration to say Demis is a strong amateur * player - because if he isn't a strong amateur at a game yet, he's proved that he will pick it up frighteningly quickly - though I understand his poker isn't going to be taking him to the World Series in the near future.

Good luck Demis! (...and Stephen and Les...)

Geeks who are still using so-called "multi-tap" input should be ashamed of themselves. Dictionary based methods, T9 (from Tegic/AOL), and iTap (Motorola's equivalent) have been standard on phones for a couple of years now, even if they do have their short-comings.

If you're not into the legacy layout* you could go with MessagEase or this new thing, but the smart money is on a company called Eatoni, since they have two products (LetterWise and WordWise) which they back up with a big stack of research. There's also Zi Corp. who make eZiText and eZiTap for SMS input.

If you're interested in the HCI aspect of all this you could do worse than looking at the work of I Scott Mackenzie, Poika Isokoski or Mark Dunlop.

* 1-800-GOFEDEX anyone? Probably explains why Europe is ahead of the US in this field. That and our ridiculous txt addctn...

Extracting a 3DES key from an IBM 4758

Attacks on SRAMs and microcontrollers

Extracting a 3DES key from an IBM 4758

Attacks on SRAMs and microcontrollers

For example:
StegFS: the Steganographic Linux Filesystem from 1999 Information Hiding proceedings
A TEMPEST variation for hiding data, "Soft tempest", from IH'98
A One-time password package intended for login or ftpd
and some other stuff.... cool guy!

For example:
StegFS: the Steganographic Linux Filesystem from 1999 Information Hiding proceedings
A TEMPEST variation for hiding data, "Soft tempest", from IH'98
A One-time password package intended for login or ftpd
and some other stuff.... cool guy!

For example:
StegFS: the Steganographic Linux Filesystem from 1999 Information Hiding proceedings
A TEMPEST variation for hiding data, "Soft tempest", from IH'98
A One-time password package intended for login or ftpd
and some other stuff.... cool guy!

For example:
StegFS: the Steganographic Linux Filesystem from 1999 Information Hiding proceedings
A TEMPEST variation for hiding data, "Soft tempest", from IH'98
A One-time password package intended for login or ftpd
and some other stuff.... cool guy!

Here is the article: Optical Fault Induction Attacks.

Abstract:
We describe a new class of attacks on secure microcontrollers and smartcards. Illumination of a target transistor causes it to conduct, thereby inducing a transient fault. Such attacks are practical; they do not even require expensive laser equipment. We have carried them out using a flashgun bought second-hand from a camera store for $30. As an illustration of the power of this attack, we developed techniques to set or reset any individual bit of SRAM in a microcontroller. Unless suitable countermeasures are taken, optical probing may also be used to induce errors in cryptographic computations or protocols, and to disrupt the processor's control flow. It thus provides a powerful extension of existing glitching and fault analysis techniques. This vulnerability may pose a big problem for the industry, similar to those resulting from probing attacks in the mid-1990s and power analysis attacks in the late 1990s.

We have therefore developed a technology to block these attacks. We use self-timed dual-rail circuit design techniques whereby a logical 1 or 0 is not encoded by a high or low voltage on a single line, but by (HL) or (LH) on a pair of lines. The combination (HH) signals an alarm, which will typically reset the processor. Circuits can be designed so that single-transistor failures do not lead to security failure. This technology may also make power analysis attacks very much harder too.

... are in a 1.3 Mb PDF paper by security guru Ross Anderson here

And while we're on homepages, here's Turok's

This is the most exciting webcam since the coffee machine one

Incidentally hopper is a pretty interesting character too. Having worked on the Cambridge ring which was for a while superior to ethernet, he then became involved with the Acorn computers that every Brit of my generation knew and loved at school. He established the then olivetti lab in the mid 80's and is involved with 2 of the three big startups in Cambridge, ARM and Virata. Oh, he also flies planes, is worth a packet and lectures in scruffy jeans.

Liability and Computer Security: Nine Principles by Ross J Anderson can be found here (PDF).

The HTML version can be found here.

I don't know if this applies in this case, but the paper Extracting a 3DES key from an IBM 4758 shows that the IBM4578 isn't as unbreakable as you might suppose. Remember, certifications don't always apply in all situations.

The software installed by default with these devices is not secure. http://www.cl.cam.ac.uk/~rnc1/descrack/

See what Nobel Laureate and professor of Physics Brian D. Josephson has to say of Robert Park.

In Washinton Post, Charles Platt comments like so.

For a good commentary on Park vs Cold Fusion, go to the source.

"When I began my physical studies [in Munich in 1874] and sought advice from my venerable teacher Philipp von Jolly... he portrayed to me physics as a highly developed, almost fully matured science... Possibly in one or another nook there would perhaps be a dust particle or a small bubble to be examined and classified, but the system as a whole stood there fairly secured, and theoretical physics approached visibly that degree of perfection which, for example, geometry has had already for centuries."

• -- from a 1924 lecture by Max Planck (Sci. Am, Feb 1996 p.10)

It's difficult to tell what will be the attributes of any method that will exist, but it's not hard to give requirements. I'll use the word "spyee" to mean the person whose data is being stored.

* First of all, it cannot be done without people's permission. Every single piece of info that is stored MUST be there with the spyee's knowledge and consent. If someone wants to store their sexual preference or medical records, etc. etc. let them, but don't reqiure me to tell you my SSN / Credit Card info.

* Second: It MUST be distributed. This is because it can work iff (if and only if) the spyee retains ownership and complete rights to his data. Nobody else can even think for a minute that they own it. Even if they store it. It's paramount that each spyee's info be broken up and different chunks stored on different computers. In this sence, it would work like The Eternity Service (here's even more info) or (my favorite), Freenet.

*Third, Every piece of info must be stored encrypted. Let the user's browser have a session keys. Let the user have a few keys. That way, the user can access his data (with the help of front-end programs) and he can have a stupid form filler, but the company or Skriptkidd1e can't use it.

*This MUST be a subscription service. I believe that it would be far too expensive for advertising to be the source of driving revenue. The storer MUST NOT be able to sell the data, thus depriving him of that form of revenue as well.

*The user can pay the same way as payment worked in ZKS FREEDOM - The user bought an activation number and used it to buy the service - but the end user name _cannot_ be traced to the person who bought it (Hence "zeroknowledge"). It was awesome!

This can be accomplished quite easily, and built in to any UI so that working it requires minimal gray matter. I think that the best way would be to store it on freenet. It takes care of all the above problems, but introduces one of its own: data expiration.
Reply and tell me what you think, this topic is fascinating.

You can even drag an MP3 folder from a network drive directly into iTunes or into your iPod. Oops, that doesn't work!. You get a mysterious error -39 when you try this.

According to this list of Mac OS error codes, error -39 is "end of file". The mysterious thing is why iTunes gives you "end of file" in when syncing through Samba.

A number of correspondents have said 'Why should libraries provide access to pr0n over the Internet when they don't stock it on their shelves?' This is an interesting question. The answer is simple -- large libraries do stock pr0n on their shelves.

Check out the entries for Playboy at the LOC or Playboy at the Cambridge U library. It would appear that the LOC has a better collection going back to the 50s, while Cambridge only goes back to 89 (and then not all issues).

The only difference between keeping back issues of Playboy on the shelf and permitting access to www.playboy.com is that you probably need to ask to find the paper copy, but on the upside, you can study the articles in a corner of the stacks somewhere!

Sounds like a browser issue. I was able to type it in fine, and Teoma did in fact come back with the ó printed correctly, however the results were garbage. My browser, Macintosh MSIE/5.0, submitted ó as %F3 which is its ISO-8859-1 codepoint (ISO-8859-1 is a superset of ASCII with 128 more characters, including most Western Euro accented vowels). How did yours submit it? If it represented the character as three %XX entities (dont know them off the top of my head), that means youre browser is using UTF-8, which is much less-supported.

Gupta seems to have missed PEN (formerly PicoNet), a low power network developed by AT&T Labs Cambridge (formerly Olivetti and Oracle Research Labs). They built some prototype hardware and designed power-saving radio protocols for it. Further work with PEN has been done at the Laboratory for Communications Engineering at Cambridge University.

However, recent research suggests that there is an excess of L-amino acids (the specific enantiomer used in life-proteins) in amino acids found in space, which further suggests that the shuttling of amino acids from space via meteorites and comets could have led to pre-biotic proteins on planet Earth.

From the article:
Recently it has been discovered that an excess of L-amino acids is present in the Murchison and Murray meteorites indicating that a preference for L-amino acids existed in solar system material before there was life on Earth. This supports an idea, first proposed by Rubenstein et al. (1983, Nature 306, 118), for an extraterrestrial origin for homochirality.

In this model the action of circular polarized light on interstellar chiral molecules introduced a left handed excess into molecules in the material from which the solar system formed. ...

If our own solar system formed in such a region of high circular polarization, it could have led to the excess of L-amino acids which we see in meteorites and to the homochirality of biological molecules. It is possible that without such a process operating it would not be possible for life to start. This may have implications for the frequency of occurrence of life in the universe.

Here are the details of the talk on the 25th.

As the special guest of the Foundation for Information Policy Research:

Founder of the GNU Project, and campaigner for free software which people are at liberty to copy, redistribute and change. Winner of Grace Hopper Award, Electronic Frontier Foundation's Pioneer award, and Takeda Award....

Software patents are patents on software ideas. A typical computer program today combines many software ideas, just as a symphony combines many musical ideas. Inevitably most of them have to be old ideas. Software patents mean that every design decision brings with it a risk of getting sued.

This event will also see the launch of the "Friends of FIPR" - this will be your chance to become a founding supporter of the UK's only effective think tank addressing Internet issues.

All are welcome!

See http://www-jcsu.jesus.cam.ac.uk/~gsb29/sedgames.ht ml for sed versions of pong, noughts and crosses (tic tac toe in the US, I think), a webserver and a program for translating bf into C.

The later SKIM work at Cambridge University Computer Lab was done by William Stoye and supervised by Arthur Norman. Some technical reports are apparently still available from the Laboratory. Look for reports written by W. Stoye.

Bill\'s PhD was on an operating system for the SKIM-2 (I think) machine. IIRC, he even ported his clone of WordStar to SKIM. The port was called FrogStar because it was reputed to be the most totally evil editor in the entire universe :-).

-- Steve

I haven't used this, but it seems to do the trick.

mp3stego, (Windows command line app, with source)

something.wav + secret.data + password = something_secret.mp3

A relevant paper (by Markus Kuhn, same guy who did the research about evesdropping on CRTs using the ambient light generated) here.

ISO standard 8601 is what you're looking for.

I don't know about money - I expect there's a standard for that too, but the site I had bookmarked that listed a variety of standards seems to be down at the moment. Google provided the link above.

I always use YYYY-MM-DD now, since it is the standard format, and gosh darn it, it just makes sense.

Christopher

Check out Ross Anderson's book on security engineering for an number of examples of systems, not too different from this were exploited.

I'm not questioning whether a system could be devised that would prevent forgery or other exploits, but whether or not this system is designed to handle this, and how whether the system will fail safe. Too many systems are not designed fail safe with respect to security and windup being wide open when a new type of attack is discovered.

Check out Ross Anderson's book on security engineering for an number of examples of systems, not too different from this were exploited.

I'm not questioning whether a system could be devised that would prevent forgery or other exploits, but whether or not this system is designed to handle this, and how whether the system will fail safe. Too many systems are not designed fail safe with respect to security and windup being wide open when a new type of attack is discovered.

I have a script which isn't generally appropriate, but it might give you an idea of how to do it. It takes a dvi file and generates a set of postscript files, each contain black and white and colour sections.

See dvicoloursplit.py

(released under the GPL)

It works by generating postscripts for each page, converting to a bitmap, then scanning the bitmap for colour pixels. Not very clever, but works. I tried to examine the postscript itself, but it's very hard to find the colour in a postscript. It can easily be "encoded" in a jpg bitmap, or something else.

From the CNN article: If the card is stolen, officials say the data on the chip can't be easily retrieved. This is probably not true. Check out:

Tamperproofing of Chip Card(s) - abstract: There are two ways of attacking smartcards - destructive reverse engineering of the silicon circuit (including the contents of ROM), and discovering the memory contents by other means; a well equipped laboratory can do both. Persistent amateurs have often managed the latter, and may shortly be able to do the former as well.

Tamper Resistance - a Cautionary Note - abstract: An increasing number of systems, from pay-TV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems - some old, some new and some that are simply little known outside the chip testing community. We conclude that trusting tamper resistance is problematic; smartcards are broken routinely, and even a device that was described by a government signals agency as `the most secure processor generally available' turns out to be vulnerable. Designers of secure systems should consider the consequences with care.

With any cryptographic system, it all comes down to one concept: time. With enough time and resources, these cards CAN be broken, overwritten, you name it. We have seen ubiquitous evidence that even the strongest cryptography can be broken in time. HK is planning on using these SmartCards as digital passports. "Smart card holders will speed through Hong Kong immigration, using self-service kiosks that match digital biometric data on the card against the cardholder's fingerprint image read by a scanner."

The scariest part, for me, is that HK is setting a precedent. And it won't take long for other countries to jump on the bandwagon.

The decay curve in my paper is realistic and nothing is "rigged". The monitor is the first one I tried, a very common model, and operated under default conditions. Other decay curves that you might have seen in the literature before (see the phosphor literature that I quoted and discussed) were most likely measured with *significantly* slower photosensors that miss the initial spike in the first microsecond completely. The use of a photomultiplier with around a nanosecond raisetime in this test is critical to obtain this result.

http://www.atis.org/pub/iitc/ntc/ntc24.doc

This seems to contain the same information in what I found was a tad easier to read although it is in word format so it may not be for everyone.

Here it is in proper HTML :-)

http://dax.joh.cam.ac.uk/~james/ntc24.html

(yes, I turned it into Microsoft's attempt at HTML in Word - then fixed it with Tidy and Emacs :P) It does look rather better than the one linked in the article, though...

They did put it into practice. Read the fucking paper instead of posting the first damn uninformed thought that comes into your head. The information is there in the time domain due to CRT raster scanning and is extractable if you have a fast enough sensor.

Not so standard is an RF modem that enables you to connect to the Internet through a data cable and operate as you would from a PC.

Here's a paper by the amazing Markus Kuhn (who has done many other brilliant security hacks besides this) showing how CRT display contents can be reconstructed from the light given off by the screen, even when the light is reflected diffusely off a wall. It makes me glad I use an LCD monitor.

It's only fair to point out a similarly amusing sarcastic list from the "other side". By no means all the "believers" are cranks or blinkered zealots. That certainly doesn't necessarily mean that they're at all right or even very credible, but it's certainly possible to find problems in the standards of argument of the crusading "skeptics" too.