Slashdot Mirror

A wonderful little program (5.5k) by Tim Clarke called MARS.EXE let you move with your mouse through shaded voxel-based martian terrain under a cloudy sky. It an at fantastic speed even on a 386.

Read the original usenet posting here.

This is somewhat related --

Markus Kuhn, a researcher at Cambridge University published a paper in 1997 on using monitors to emit radio frequencies which could be picked up by a short wave radio. His goal was to provide covert information dissemination techniques that worked solely in software. (His other goal was to provide information protection techniques that worked solely in software. I think the dissemination stuff is cooler. He's a good guy, though in my opinion.)

The upshot of his research is that
a) A computer monitor can be made to make certain visual patterns which will sound like something on a nearby radio
b) You can get about 6 bytes per second like that, which is small, but enough to steal passwords, etc and transmit them at night when everyone's screensaver is running to a nearby hidden radio.
c) He did this in Linux with XFree86.

I find this totally cool. He also suggests that a graphics card could make a radio transmitter; this is also extremely cool. You can now publish over the airwaves. That would make a great icecast/shoutcast plugin...

The paper is at http://www.cl.cam.ac.uk/~mgk25/ih98-t empest.pdf.
His homepage is at http://www.cl.cam.ac.uk/~mgk25.

This is somewhat related --

Markus Kuhn, a researcher at Cambridge University published a paper in 1997 on using monitors to emit radio frequencies which could be picked up by a short wave radio. His goal was to provide covert information dissemination techniques that worked solely in software. (His other goal was to provide information protection techniques that worked solely in software. I think the dissemination stuff is cooler. He's a good guy, though in my opinion.)

The upshot of his research is that
a) A computer monitor can be made to make certain visual patterns which will sound like something on a nearby radio
b) You can get about 6 bytes per second like that, which is small, but enough to steal passwords, etc and transmit them at night when everyone's screensaver is running to a nearby hidden radio.
c) He did this in Linux with XFree86.

I find this totally cool. He also suggests that a graphics card could make a radio transmitter; this is also extremely cool. You can now publish over the airwaves. That would make a great icecast/shoutcast plugin...

The paper is at http://www.cl.cam.ac.uk/~mgk25/ih98-t empest.pdf.
His homepage is at http://www.cl.cam.ac.uk/~mgk25.

Sorry. The Jargon File will never replace the Cambridge American Dictionary which states:

A (computer) hacker is a person who hacks into other people's computer systems.

Even Microsoft has bowed to the inevitable

In the 1980s, with the advent of personal computers and networks, hacker acquired a pejorative connotation, often referring to someone who secretively invades others' computers, inspecting or tampering with the programs or data stored on them. (Edited for Brevity)

Merriam-Webster was off-line and could not be consulted at the time this was written, but I'm pretty sure they'd say hackers do things pretty similar to crackers. Both dictionaries would probably define crackers as dry, crispy bread eaten by parrots and maybe penguins ;-)

We have lost "hacker" if only because it's a better soundbite than cracker (which is taken by Georgans anyway so CNN is definately not budging). Our loss becomes even more concrete when run of the mill news shows lead off... "Hackers defaced the FBI website...". Don't believe me? Read the article again -- show me where it says cracker :-)

The press release is better -- they avoided the terms all-together.

I wish I could remember the name of the "multiple-password" encryption system I read about (you encrypt multiple plaintexts with multiple passwords into one ciphertext - each password unlocks a different plaintext; under duress you choose which password(s) to give away... coupled with steganography this is very powerful).

SegFS for Linux implements this on top of an ext2 and I was proposing a related file system for PDAs in my first post, but I had not considered using it in a communication protocoll.. which is a briliant idea.

We could set up a simple email network based on the pgp key servers and a modified version of pgp (add support for multilayer encryption). You would run a daemon on your system to find people from the pgp key server who supported this network and randomly send them encrypted mail. Now, if you ever had anything real to send to anyone you would just use a higher stenography/encryption level (which no one can prove exists).

The only problem with this is that your recepiant must know the higher level exists so they must reveal it's existance to there computer (which could be bugged) every time they want to check for a higher level in a message. It also creates a lot of spam, but I suppose your mail reader could automatically determine the message was meningless once you gave it your key's password.

Another really great thing about this system is that it makes traffic analysis difficult as well. Traffic analysis can also be fought by making everyone a non-anonymous remailer.

Internet chat programms could also use the same ideas. Quesion: Do encrypted IRC clients exist? It would seem pretty simple to implement. The clients would automatically exchange public keys with everyone on the channel.. shit you could even generate a new public key every few min. Plus, the client could participate in random other conversations without the trash message actually rolling accrostthe channel. If you were really serious about security many conversation channels could be routed into one IRC channel to hide who was talking to who (which would be great for people in places like China). Shit, with the multilayer stuff you could have it que up messages and send a higher layer message on top of a lower layer message.. so the cops could participate in an encrypted conversation and still have no idea about what is really going on.

If this were 1776, I and 200 of my closest friends would be crouched with muskets taking pot shots at someone in a red coat over nonsense like this.

Goverments never give people fredoms.. they mearly discover too late that they have accedentally given them freedoms. This is what happened with the American revolution and it is what has happened with the internet, but unfortunatly realitivly few people have experenced the Internet freedoms. Hopefully, this will happen when we make a permenant Mars/Moon collony or soemtihng too. Send up lots of non-religious responcible pseudo-libertarians and discover that they don't need much of a government. They will be the ones who laugh at the U.S. for not having a constitution which is good enough to keep stupid laws from being passed.

The flip side to all this optimisim is that people find it hard to comprehend and fight for a freedom they have never experenced. If there were a way to let people exprence freedoms via communication then I suspect the human race would evolve (cognitivly) much faster. Hmm.. Maybe we could publish lots of children's books about human rights to give to people in repressive countries? Interesting experement.

Jeff

http://www.scriptics.com /people/john.ousterhout/wrist.html

What John Ousterhout (creator of Tcl/Tk) does about his RSI. Summary: Windows PC running Dragon Systems NaturallySpeaking, plus a2x to make the Windows PC act as a keyboard for a Unix box running X.

Here is an article from Byte reviewing good mikes with NaturallySpeaking. (Formatting's terrible, but at least it's all on one Web page.)

Accuracy is reported to be 99%+.

I don't get why this is so new (excepting the technique possibly) I was able to demonstrate the shape of orbitals in graphyite using a Scanning Tunneling Microscope last year. Click here to have a peek yourself.

...you'll need plausible deniability. In other words, you'll need the Steganographic File System just released for Linux. It provides a uniquely powerful form of information hiding: you can type in a passphrase that reveals a certain amount of the disk, and there's no way of telling whether there are other, deeper passphrases that would reveal more. This means that there's no legal duress that can force you to reveal your most secret data.

However, if the attacker is using rubber hose cryptanalysis, it means there's nothing you can do to convince them, once and for all, that the passphrase you've given them is the real, true, final passphrase. Could be painful...
--

There are some problems, but overall, I like my TP600E a lot. It's fast, light, and works OK.

I'm running

1) oracle, postgres, mysql
2) apache, apache 2.0, zope 2.0
3) OpenDX, VTK, and VMD

on a puny little laptop. That's kind of cool. Next week, fun with vmWare (need to port the Dopewars client to NT). It's a bloody *laptop*... all I really want is SOUND, which *is* a bit of a bitch. But my coworker got sound on his TP570, and I'm pretty close, so I'm hoping this certification nonsense will help me play my CDs through my laptop.

Suspend is fucked up. apmd will hose up and force a dirty shutdown if you suspend and resume. Keep your windows/FAT partition around (well, at least enough to dump the contents of memory to, in my case 192MB + a little cushion for bookkeeping) to suspend to. Maybe IBM will fix this niggly too.

CardBus cards suck. Sell yours and get a Xircom RealPort type III card before your X-jack breaks off. The Xircom card I have works like a charm and you don't have to unplug/re-plug it after a suspend. If you insist on using the 3Com card (don't say I didn't warn you), go into /etc/pcmcia/config.opts and change this line:

include memory 0xc0000-0xfffff, memory 0xa0000000-0xa0ffffff

to

include memory 0xc0000-0xfffff, memory 0x60000000-0x60ffffff

and do an insmod 3c575_cb.o (or whatever you have) to force it. Then ping somebody. DHCP appears to be fuct for some reason with this card.

Read this article:

Installing Debian on a Thinkpad 600E

I can't think of anything else. X configuration was a drag, but if you read the NeoMagic README it all becomes clear. I assume if you're reading Slashdot, that you already discovered this.

I want 32-bit color (any resolution) on this thing and would gladly pay up to $250 for the upgrade.

I can't think of anything else at the moment, but when I get sound working on *my* laptop I will be happy to gloat about it ;-).

Keep plugging away at it. I wouldn't trade my Thinkpad for anything now that it works for me.

It's a "toy" system in the sense that you'd be insane to attempt to deploy it in a real-world situation. However, it's a very useful base for operating systems research, and even though it's five years old it still supports things that I've never seen on any other operating system.

Nemesis has a number of deficiencies which result from "interesting" design decisions, particularly (in my opinion) its inability to support confinement. I'm attempting to correct these, yet still retain many of Nemesis' good points, in my new operating system Mimesis.

This isn't a perfect solution, of course, but it does mean that most of the exploits in common use won't work against most machines in Cambridge. There is also a site-wide firewall that is used to block some services that are regularly abused.

This isn't a perfect solution, of course, but it does mean that most of the exploits in common use won't work against most machines in Cambridge. There is also a site-wide firewall that is used to block some services that are regularly abused.

This isn't a perfect solution, of course, but it does mean that most of the exploits in common use won't work against most machines in Cambridge. There is also a site-wide firewall that is used to block some services that are regularly abused.

In a traditional credit card system, all you need to know to make a purchase with the card is the card number and expiry date (and possibly also the name on the card and the address at which it is registered). These are easily visible on the card, and readable from the magnetic strip. They are sent to the merchant whenever you make a credit card transaction of any kind.

The problem with this is obvious: you do not need the card to be present to make a purchase. Embedding a chip in the card enables us to be a little more clever.

If AmEx have implemented the scheme sensibly then the chip embedded in the card will be a small microprocessor. It will have some non-volatile memory for key storage, some volatile memory for working storage, and probably some hardware crypto acceleration (because implementing crypto in software on slow microprocessors yields poor performance). The chip will be designed such that it is difficult (i.e. expensive, time-consuming and obvious that it has taken place) to read out the contents of the memory.

When an online purchase takes place, the details of the purchase (merchant ID, amount of transaction, etc.) will be sent to the customer's computer. To complete the purchase the details must be sent to the card, which will perform some cryptographic operation and return some more data which must be sent back to the merchant. (The precise details will depend on the implementation.) The point of the whole scheme, and the reason that it is more secure, is that the data returned to the merchant depends on key material embedded in the chip.

It is still possible to attack systems like this, either by exploiting errors in the system design or implementation, or by physically attacking the smartcard. See this widely-cited paper for more information and references.

We have had ethics lectures as part of the first year CS course. The syllabus can be found here. Things covered include "philosophical aspects of ethics", "IPR", "malicious use" and "what's a profession". Anybody who attends this course would refrain from trying to sell WinNT into the health sector ...

The only file systems which could help guard against this type of attack would be a cryptographic file system or a steganographic file system.

Note that ISO 8601 takes care of these problems. "1999-12-31 23:59:59" is an example. It's Y2K-safe and unambiguous (nobody uses YYYY-DD-MM). It's even fixed-size and sorts correctly. There's also a standard for numbering the weeks in a year, which I guess is helpful if you're doing manufacturing or something.

(y % 4 == 0 && (y % 100 != 0 || y % 400 == 0))

Still, I've had good experiences with my CPS 1000 (pretty much the biggest I can afford - they're significantly more expensive over here in the UK) which seems a damn sight better built. The sheer ugliness of the thing suggests that it's been designed with function ahead of form and as a result it hasn't failed me once. I'm a member of the Cambridge University assassin's guild so we tend to go through a lot of them - the XP20 is very nice and pleasingly concealable, but sadly nobody in the area seems to sell them. XP110s are just about hideable inside a coat, and with anything above that any thoughts of subtlty go out the window. I've never really liked the 50 series for their size/usefulness ratio, but the 55s were pretty solid.

Still, I may be forced to upgrade when the new range appears - someone I know has modified a 2500 (damn big thing about a metre long) and added 12 litres of extra capacity. The temptation to push him gently backwards when he's carrying it is something I may be forced to give in to at some point in the future...

[1] UK, not Massachusetts, thank you.

[1] UK, not Massachusetts, thank you.

Hello, the homepage of Dr Daugman, the guy who has invented some of the technology can be found here. Look for "iris recognition".

With that being said...

Commercial use of SSH generally requires a license. But there are non-commercial allowances in both SSH1 and SSH2. The trouble is what the definition of "non-commercial" includes. SSH2 is very restrictive and pretty much discounts any use of the suite near anything "commercial" in any manner. SSH1 allows for greater leeway:

The file named COPYING that is included in the distribution reads:

Companies are permitted to use this program as long as it is not used for revenue-generating purposes. For example, an Internet service provider is allowed to install this program on their systems and permit clients to use SSH to connect; however, actively distributing SSH to clients for the purpose of providing added value requires separate licensing. Similarly, a consultant may freely install this software on a client's machine for his own use, but if he/she sells the client a system that uses SSH as a component, a separate license is required. If a company includes this program or a derivative work thereof, as part of its product, commercial licensing is required.

Once again, it would be wise to point out that it seems the folks selling SSH later decided against this kind of policy. SSH2's license is much more restrictive and reserves "non-commercial" licensing to personal use and educational use as part of academic research and/or teaching (note: educational institutions don't get to use it for administration).

But you're not out of the legal woods yet. SSH1 uses a whole slew of libraries and intellectual property that adds additional layers of license concerns. Thankfully, most of them are cleared by allowances for use of those properties in SSH1.

Two big concerns that aren't covered include IDEA and RSA. IDEA is easy to get around by not including it in your compile (opting for Blowfish instead). RSA is a tougher issue. You'll have to look at it yourself if you're still trying to figure it out (I luck out with a license granted to the US Government for RSA since a partial Gov't grant helped develop it at MIT).

Indeed. You can work out the information storage capacity of a neural network's neurons: I vaguely remembered this from my degree so I looked up the lecture notes here (if you download the whole book, start on page 436 for this stuff). Turns out that for a binary threshold neuron, you can store a number of bits equal to 2 x the number of connections to the neuron.

As some people have already pointed out, if the brain's neurons are not like those of a neural network in that there are other things to consider (firing rates, etc) then the brain can store more information than this, but at that ought at least to give a lower bound. The exercise on p. 446 asks you to estimate this and asks "Is your brain full yet?" :-)

Is there no one programming Pascal any longer?

If there were more people using more programming languages we might not have so many occurances of things like buffer overruns and other misc security breaches... IMHO

• http://www.adahome.com/
• http://www.cl.cam.ac.uk/~mgk25/linux-ada/

SORRY! Problem with that URL mirror.

Its:

http://www-stu.cai.ca m.ac.uk/~amsm2/projects/mud/Mindex.shtml

(from an author)

Yep, thats one of the main aims of this project - it has to retain compatibility between the two types of client.

Its also intended that -any- GUI client could access it, since all the source (or at least the whole interface) will be open.

By the way, the web URL is mirrored at:
http://www-stu.cai.cam.a c.uk/~amsm2/projects/mud/index.htm

The amount of data that you would have to stored to have a useful dictionary is mind boggling. Suppose that the people you want to listen to use just 1024 bit encryption. According to the prime number theorem the frequency of primes among the numbers near m is about 1/log(m). For 2^1024 that's about a prime every 308 numbers. 2^1024 is 1.88*10^308. That's about 6*10^305 primes. Can you say the volume of the universe in cubic centimeters and still not be close?

That also assumes that you know exactly what they will send. Using any good system "Attack at dawn." will encrypt to something totally different from "Attack at dawn!" A dictionary attack is almost totally worthless with a well designed system.

The real attacks will not come against the math but against the implementation or the people using the system. Check out Why Cryptosystems Fail

JPEG watermarks can be defeaated...
unZign
or
StirMark

Hmm, not sure if I want to do this...
Picked it up earlier today, before I found out it was news!

A mirror of the source is on http://dougal.chu.cam.ac.uk/mosix/

How about some proper stats, like say run analog on the site every night. I'd love to see more up to the minute stats, detailing things like hourly access and stuff like that. Analog is an amazing log analysis tool - check it out Rob.

Matt.

perl -e 'print scalar reverse q(\)-: ,hacker Perl another Just)'

How about some proper stats, like say run on the site every night. I'd love to see more up to the minute stats, detailing things like hourly access and stuff like that. Analog is an amazing log analysis tool - check it out Rob.

Matt.

perl -e 'print scalar reverse q(\)-: ,hacker Perl another Just)'

This is an undergrad degree?

Yes, it's the undergraduate Computer Science course at Cambridge. It's generally taken by people who have just done A-levels and left school, i.e. most people are 18 when they start the course.

There is a reduced version of the course for people who have already done a first degree; the Diploma in Computer Science takes just one year. There's a similar one-year course for people already at Cambridge who have spent two years on another course (part of the Natural Sciences tripos, for example, or mathematics) and want to switch.

Are there any CS degrees that do more than just learn:

• C/C++/Java
• Object oriented programming/design
• Data structures
• Algorithms
• Operating systems
• Compilers

How about the University of Cambridge (UK):

• First year:
  • Foundations of Computer Science (uses ML as a teaching language)
  • Digital Electronics
  • Professional Practice and Ethics
  • "Computer Perspectives"
  • Discrete Mathematics
  • Probability
  • Programming in Java
  • Software Engineering
  • Operating Systems
  • Regular Languages and Finite Automata
  • Structured Hardware Design
  • (The above is half of the first year; the other half is spent doing mathematics and one Natural Sciences subject [Physics, Chemistry, Biology, Geology, Crystallography, ...])
• Second year:
  • ECAD
  • Concurrent Systems
  • Unix Tools
  • Logic and Proof
  • Digital Electronics
  • Data Structures and Algorithms
  • Computer Design
  • Numerical Analysis I
  • Further Java
  • Continuous Mathematics
  • Comparative Programming Languages
  • Operating System Functions
  • Compiler Construction
  • Computation Theory
  • Semantics of Programming Languages
  • Digital Communication I
  • Prolog for Artificial Intelligence
  • Introduction to Security
  • Computer Graphics and Image Processing
  • Foundations of Functional Programming
  • Databases
  • Complexity Theory
  • (Also a group project, usually in Java, Verilog, ARM assembler or a combination)
• Third year:
  • Communicating Automata and Pi Calculus
  • Advanced Graphics
  • Information Theory and Coding
  • Types
  • Introduction to VLSI
  • Optimising Compilers
  • Digital Communication II
  • Information Retrieval
  • Neural Computing
  • Artificial Intelligence
  • Security
  • Natural Language Processing
  • Comparative Architectures
  • Specification and Verification
  • Numerical Analysis II
  • Computer Vision
  • Distributed Systems
  • Denotational Semantics
  • Business Studies
  • "Additional Topics"
  • (Also everyone does a major project for 25% of the year's marks.)

Ok, perhaps this sounds like an advert. I do believe it's a good course, though (after all, I did it...) and the variety really does help people to understand how everything fits together.

http://www.cl.cam.ac.uk/ Research/Rainbow/projects/asd.html
Research project in the Computer Lab and Dept. of Engineering.

Speed is not really the issue with games on Linux. Operating system overheads are small enough not to matter. What does matter is the scheduling policy; "fair" schedulers like those used in Linux are not ideal; rate-based schedulers are much better for "multimedia" applications.

On Windows, games can tell the operating system to get out of the way and not interrupt them while they are running. On a single-user system this is fine. On Windows NT, games can do a similar thing and, mostly, this works. There's no reason why this can't be implemented on Linux; several projects have already done so.

Of course, the question then becomes "what happens when I want to run two or more of these applications at the same time"; a new design of operating system is required to support this.

According to a rumour I heard around at Cambridge University, UK, Bill Gates is supposed to have attempted exactly the same thing over here. A new computer science department building would be funded and/or furnished by Microsoft (or Bill Gates). One of the snags was that it was to be called "The Gates Building".

The academics in this department declined stating they were not going to name any building the "Gates Building" because they did not want to encourage/endorse that particular approach to programming around here. Microsoft are attempting to build offices over here in future, (to try to recruit a few clever graduates) but the consensus over here is that MS isn't that popular, especially as a career. (especially as the main nightclub in town might be closed to allow for the the new MS-Cambridge extension). (See this link for related news)

You might want to start with the comp.speech FAQ:

http://www.speech.cs.cmu.edu/comp.speech/

In particular, take a look at:

http://www.speech.cs.cm u.edu/comp.speech/Section5/Q5.5.html


Two speech synthesis programs I have played with are:

rsynth: ftp://svr-ftp.eng.cam.ac.uk/ pub/comp.speech/synthesis/

Festival: http://www.cstr.ed.ac.uk/projects/f estival.html

Major in the School of Hard Knocks.
Get a degree of some sort to prove that you can learn, read the camel and the bat books, get an entry level position at a small startup where you have to do everything for everbody, and you're on your way to understanding an Adminspotting t-shirt.

pgp.net was set up for just this sort of thing.
See pgp.net for background info and a list of morror sites (or lookup the TXT RR for www.pgp.net for mirrors -- see wwwkeys.pgp.net for WWW access to to the distributed key servers).
Note that none of the keys are in any way checked -- it is up to *YOU* to check the signatures, etc.

On the other hand, "The Global Trust Register" does impart a warm glow ...

Unfortunately, too many signing keys for software distribution rely on massive key redistribution, instead of using the web of trust.

My can get the full postscipt off the author's we page at http://www.tcm.phy.cam.ac.uk/~tmf20/research/publi cations.html

This is an extract of the full article, which is online at Nature's web site. Unfortunately you'll need a subscription to see it there, so why not try your local newsagent? The equations, tables, and a substantial (the most interesting) chunk have been removed from this version.

The simplest of conventional tie knots, the four-in-hand, has its origins in late-nineteenth-century England. The Duke of Windsor, as King Edward VIII became after abdicating in 1936, is credited with introducing what is now known as the Windsor knot, from which its smaller derivative, the half-Windsor, evolved. In 1989, the Pratt knot, the first new knot to appear in fifty years, was revealed on the front page of The New York Times.

Rather than wait another half-century for the next sartorial advance, we have taken a more formal approach. We have developed a mathematical model of tie knots, and provide a map between tie knots and persistent random walks on a triangular lattice. We classify knots according to their size and shape, and quantify the number of knots in each class. The optimal knot in a class is selected by the proposed aesthetic conditions of symmetry and balance. Of the 85 knots that can be tied with a conventional tie, we recover the four knots that are in widespread use and introduce six new aesthetically pleasing knots.

A tie knot is started by bringing the wide (active) end to the left and either over or under the narrow (passive) end, dividing the space into right (R), centre (C) and left (L) regions (Fig. 1a). The knot is continued by subsequent half-turns, or moves, of the active end from one region to another (Fig. 1b) such that its direction alternates between out of the shirt ( ) and into the shirt (). To complete a knot, the active end must be wrapped from the right (or left) over the front to the left (or right), underneath to the centre and finally through (denoted T but not considered a move) the front loop just made.

[...the main body of the article was here: go and buy this week's Nature if you want to read it...]

The symmetry of a knot, which is our first aesthetic constraint, is determined by the number of moves to the right minus the number of moves to the left,

where xi=1 if the ith step is , -1 if the ith step is and 0 otherwise. Because asymmetric knots disrupt human bilateral symmetry, we consider the most symmetric knots from each class, that is, the ones that minimize s.

Whereas the centre number and the symmetry s specify the move composition of a knot, balance relates to the distribution of these moves; it corresponds to the extent to which the moves are mixed. A balanced knot is tightly bound and keeps its shape. We use this as our second aesthetic constraint. The balance b may be expressed as

[...equation elided...]

and the winding direction i(i, i+1)=1, where i represents the ith step of the walk, if the transition from i to i+1 is clockwise, say, and -1 otherwise. Of those knots that are optimally symmetric, we desire that knot which minimizes b.

The ten canonical knot classes {h, } and the corresponding most aesthetic knots are listed in Table 1. The four named knots are the only ones, to our knowledge, to have received widespread attention, either published or through tradition. Here we introduce some unnamed knots.

The first four columns of Table 1 describe the knot class {h, }, whereas the remainder relate to the corresponding most aesthetic knot. The centre fraction /h provides a guide to the shape of a knot, with higher fractions corresponding to broader knots; along with the size h, it should be used in selecting a knot.

Some readers may notice the use of knots whose sequences are equivalent to those shown in Table 1 apart from transpositions of , groups, such as the use of LRCRLCT in place of the half-Windsor (T. P. Harte and L. S. G. E. Howard, personal communication); some will argue that this is the half-Windsor. Such ambiguity follows from the variable width of conventional ties (the earliest ties were uniformly wide). This makes some transpositions arguably favourable, namely the last , group in the knots {5, 2}, {6, 2}, {7, 2}, {8, 3} and {9, 3} in Table 1. We do not attempt to distinguish between these knots and their counterparts; this much we leave to the sartorial discretion of the reader.

Thomas M. Fink, Yong Mao
Cavendish Laboratory, Cambridge CB3 0HE, UK
e-mail: tmf20@cus.cam.ac.uk

Would you people mind showing a little consideration for us poor, impoverished students trying to find out our assigned maths work by not bringing the server to its knees the moment it starts responding again? :) http://www.tcm.phy.cam.ac.uk/~mdt26/ maths.html

If you want to use Gtk & Perl to do simple dialog boxes, check out the Gtk::Dialog module I'm writing.

Alistair Cunningham, ac212@cam.ac.uk

• PostgreSQL 6.4
• MySQL
• mSQL 2
• Oracle 8.0.5
• Ingres 2
• Informix

• Commercial databases: For our purposes, these are totally unnecessary. Sure, all the management tools that come with Oracle are nice, but if you can write Perl, you can achieve the same, albeit with some more work.
• mSQL: MySQL is derived from this, and it offers no advantages over MySQL.
• MySQL: There's one reason and one reason only to choose this: Performance, especially reading performance. However, the cost of this is very high - none of the features that make databases usable with complex data structures, etc. In particular, the lack of transactions verges on criminal negligence.
• PostgreSQL: This is the one we're going for. It supports everything you'd expect from a modern database. In particular, inherited tables allow you to do many things that the commercial databases have, such as per column access control. Performance is adequate, but not fantastic. In our application, this isn't terribly important - but I wouldn't want to run Slashdot on PostgreSQL.