Slashdot Mirror

Web browsers rival operating systems in size and complexity, and are also hopelessly insecure. The main problem, shared with microkernels, is that the protection mechanisms available in common hardware don't allow efficient or convenient communication between protection domains, which are tied to address spaces. In order to cross the boundary, the address mappings must be flushed and reloaded, or at least manipulated, which are both very expensive operations. This makes any IPC very expensive, so the preferred means of communicating is by sharing memory, and for convenience and performance, nearly everything ends up in the same address space. Thus, the inevitable compromise of any part of these monolithic kernels and applications, is a compromise of the whole.

Without better hardware mechanisms for protection, that allow for efficient protection within the kernel and applications themselves, effective security will remain illusory. The furious and endless effort will continue in a futile attempt to hold the line against the flood of exploits. It is an intractable problem, unless we can shrink the protection domains to contain the effects of inevitable breaches. Capability-based addressing as with CHERI offers one approach, and the Mill architecture offers another. (see the Memory, Security, and IPC talks specifically.) Each represent a different set of trade-offs, which will limit applications. In any case, it is an area that needs work, so if there really are any nerds left on Slashdot, get to it, or at least help fund such efforts.

Systems such as containers, pledge, seccomp, jails, systrace variants, chroot etc. are all about restricting what otherwise would have been a process's ambient authority by plugging holes here and there until you can't find any more holes to plug. The problem is the holes that you don't find.

Another approach is to do the opposite: start with the process having no authority and give it only explicit access to the specific interfaces of the specific objects it needs to do its job --- and nothing more.
That is called Capability-based security and is IMHO the only fail-safe way to sandbox processes.
Some of Unix's predecessors had capabilities, some even with special CPU support so that it did not hav emore overhead than shifting pointers, but it was one of those many things that were not included when the original Unix was written to work on off-the-shelf hardware.

In recent years, a capabilities model has been added to BSDs and Linux in the form of the Capsicum project.
The other day, I stumbled over the CloudABI system, which is a runtime environment that uses Capsicum for applications on cloud servers.
With CloudABI your applications would be sandboxed just as safely as if they ran on virtual machines but without the overhead.

The big drawback is that programs need to be rewritten for it. The idea is though that when rewriting a program for CloudABI you should mostly just have to change things to make it compile and run. This would entail quite a bit of gruntwork but it should be pretty much straightforward and therefore less error-prone than to tweak security policies for something like seccomp or SELinux.

And BTW, chroot was never intended to be used for sandboxing.

paleoclimate record is much lower resolution, and actually shows us that CO2 levels *lag* temperature changes, rather than lead them. This is contra to the hypothesis of AGW.

Climate scientists were not surprised when it was confirmed that CO2 lagged temperature - AFAIK it was predicted in advance based on the expectation that orbital forcing / milankovich cycles drove the 100,000-year past warming/cooling cycles. I believe the lag was first observed in this paper by Neftel et al. (1988). This video explains how orbital forcing alone is insufficient to explain the magnitude of the observed warming/cooling and thus a CO2 cycle, thought to be driven largely by CO2 solubility in oceans, was posited to explain the rest of the warming/cooling.

But no doubt someone has explained all this to you before. (aside: CO2 leading temperature change has been observed in the northern hemisphere - Shakun et al. 2012.)

The difficulty is when you assume that CO2's further interactions with say, water vapor, create a tripling effect of heat retention

Again, it's not an "assumption", it was predicted based on the laws of physics.

when you assume that all other sources and sinks of CO2 do not react to perturbations (say, like plant growth)

Wrong. We know for a fact that other sources and sinks of CO2 will react to perturbations, and scientists have been hard at work producing studies to quantify those effects. Plant growth is one effect, soil erosion is another, there's lower solubility of CO2 in the ocean as it warms up... the list goes on.

small differences in the input criteria may yield wildly varying results, making the predictive utility of even a perfectly written physical model essentially zero.

A perfect example of how climate science denial is built around grains of truth which themselves have always been openly acknowledged. Initial conditions can indeed change the outcome and there are significant differences between climate models, but it doesn't follow that their predictive power is zero. Best estimates of ECS from experts and models range from 1.5 to 4.5 Celcius - a wide range, yet we can predict with high confidence that observed ECS will be somewhere in that range.

The funny thing is that deniers imply that high levels of uncertainty mean there is nothing to fear, as if the climate system's instability somehow guarantees we won't experience a high ECS like 4.5. That just doesn't make sense.

The really fundamental advances take a long time to be fully explored. There is little significant that doesn't build upon earlier work.

Check out Conformal Geometric Algebra, which is the basis for the company Geomerics' Enighten software for real-time global radiosity lighting for games. (Now part of ARM / Silicon Studio).

See the lectures linked from the first link, in particular lecture 7 on CGA. These are by Chris Doran, one of the founders of Geomerics, a member of the Cambridge GA group. Also see Leo Dorst's GAviewer CGA tutorial for interactive visualization and a better idea how this can be used in computer graphics. GA is also a lingua franca for physics and simulation that subsumes vector algebra, imaginary numbers, homogeneous coordinates, quaternions and a zillion ad-hoc hacks that have made graphics far more complicated than it needs to be. The papers in the field are nearly all written to be understood and require little background knowledge.

Facebook sold that data.

Not, to CA they didn't.

Facebook permitted (or forgave what was being taken without permission) Alexandr Kogan (or as he calls himself in academia Dr Spectre ... no seriously!) to harvest data on the understanding that it was for academic research only. Doctor Spectre (soz, can't resist ;) created a company called Global Science Research (GSR) which "replicated" the work of Stillwell and Kolinsky who were apparently unwilling to (legally restrained from?) let GSR have the data set they had gathered. This This was, of course, not replication in the traditional sense of the word, Dr Kogan was not interested in testing the conclusions of the earlier paper but only in gaining access to a similar data set. GSR's research went further in glooping data from friends and friends of friends of the people who voluntarily too Kogan's personality quiz. It was this gathering of large data streams that first alerted FB to Kogan's activities, which were then OKed for academic research purposes. Later, when FB became concerned that GSR might sell on the data, they demanded the destruction of the dataset.

At worst, CA is guilty of violating a Facebook ToS regarding the use of that data.

With all due respects your honour, CA is a stranger to the agreement between FB and GSR. If anyone has to pay restitution for theft of the data or it's subsequent use, it is GSR.

"Literal trillions of dollars as calculated by whom? You magnify the "subsidies" of fossil fuels while handwaving over alternatives."

If you're going to persistently refuse to understand the subject whilst insisting you're right regardless I'm going to stop wasting my time. As I said - a simple Google search will find you hundreds of results, so to answer your question in terms of whom, literally every journalist and scientist that's ever objectively studied the subject. As Google is apparently way too confusing for you though, I'll make it easier:

The IMF: https://www.wsj.com/articles/i...

National Academy of Sciences: http://www.nytimes.com/2009/10...

Side note on the above: "The damages are caused almost equally by coal and oil, according to the study, which was ordered by Congress." - you argue oil is better than coal, it's really not, presumably when you say you like fossil fuels what you really mean is that you're an oil man if you believe what you said.

Forbes Journalist: https://www.forbes.com/sites/j...

MIT Economics Prof: http://news.mit.edu/2016/carbo...

World Nuclear Association: http://www.world-nuclear.org/i...

Union of Concerns Scientists: https://www.ucsusa.org/clean-e...

Skeptical Science: https://skepticalscience.com/p...

Cambridge University: https://www.cisl.cam.ac.uk/bus...

How long do you want me to keep going before you decide to stop being in denial? You can't pretend this is bias or partisanism - as I've said all along, there's a reason why left and right come to the same conclusions when they study this. You cannot pretend the likes of Forbes to the Union of Concerned Scientists, the US government to the IMF, and Cambridge University to the World Nuclear Association are somehow bedfellows that all sit on the exact same end of the political spectrum - they don't, that's nonsense - they all agree because it's true, and if you disagree it's because you're being irrational.

I did as you said regarding earthquakes from dams, and yes, whilst I'm willing to admit I hadn't appreciated quite how harmful some of them had been, I think you still fundamentally fail to understand the differences in scale - we're talking less than a million deaths from them across all time, and yet fossil fuels kill tens (possibly squeezing into hundreds) of millions globally not just in one off incidents, but on an ongoing basis every year. There's still not even a remotely equivalent comparison - the externalities of fossil fuels are still many orders of magnitude higher on healthcare alone - even if you reject the global warming argument, and ignore the geopolitical strife caused by fighting over fossil fuels, you're still seeing orders of magnitude more externalities (and deaths) on fossil fuels based just on the topic of healthcare and nothing more alone. When you factor in the other realities - war, climate change and so forth, it's like comparing a spec of sand to the size of the plant and saying the two are equivalent.

I've Google'd the shit out of trying to find any kind of study showing that other fuels externalities are equivalent to fossil fuels. Guess what? Nothing, whilst it's consistently poss

It must be running on a Minecraft Redstone computer. https://cudl.lib.cam.ac.uk/vie...

If you think the cap is high, just look at what they charge overseas students (and yes, STEM courses are much higher)

http://www.undergraduate.study...

Would have been if not for climate change.

This problem has been around for ages:

If you look at early computer keyboard, Apple ][+ there is only one type of double-quote.

! " # $ % & ' ( ) * =
1 2 3 4 5 6 7 8 9 0 : -

When the Apple //e came out, it has a modern keyboard

! @ # $ % ^ & * ( ) _ +
1 2 3 4 5 6 7 8 9 0 - =

The double-quote was moved to the same key as the single quote.

Part of the problem is that the ASCII standard screwed things up by NOT providing dedicated Curly Quotes. HACKs such as ` and ' became popular on X.
i.e.
ASCII and Unicode quotation marks

Unfortunately, the X Window System fonts contained for a long time the following mutually symmetric glyphs:

0x27 APOSTROPHE -- end curly single quote
0x60 GRAVE ACCENT -- begin curly single quote

Outlook also fucked things up by auto-correcting quotes into "Smart Quotes".

And of course most compilers are too stupid to understand anything other then ASCII so they barf on as well.

Banning double-quotes isn't solving the problem. Having _dedicated keys_ for them would.

Yeah, and EMV actually has inadequate protection against cloning, because it has inadequate standards for the use of the chip [arxiv.org], and “some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply” the nonce for the transaction. That does require a compromised reader, but you don’t have to compromise the reader itself, only its communications channel. This can often be done from outside a building.

And if you don’t trust your logistics chain - PS, you shouldn’t - you might crack open a terminal and find a burner cellphone inside that’s MitMing every single credit card transaction.

It’s not a new thing, Schneier wrote this in 2010.

With an electronic sticker, you can intercept the command from the EMV card saying the PIN is wrong, and re-write the acceptance command. Alas, the PIN confirmation isn’t encrypted.

Another good walkthrough of what’s become known as a “wedge attack”.

So... how exactly does the average perp (who isn't exactly a cyberpunk hacker-type dude) actually know if there was or wasn't a camera present? Probably wouldn't.

The University of Cambridge press release (read that instead of the Techcrunch report) says:

Critically, researchers say these behaviour changes rely on cameras recording entire encounters, and officers issuing an early warning that the camera is on â" reminding all parties that the âdigital witnessâ(TM) is in play right from the start, and triggering the observer effect.

You say it yourself. A BA in a science is a BS with the math and other difficult parts removed.

Not necessarily. Some old places call everything a BA, because tradition.

http://www.admin.cam.ac.uk/uni...

Mass transit is also not all that much more efficient than personal cars.

It pretty much is, when done even vaguely right. Here's a link:

http://www.inference.eng.cam.a...

see, e.g. P134: the amortized efficiency of the London Underground including the energy requires to run the stations is about 5x that of car usage. Both figures include the facts that neither the trains nor cars are full all of the time.

The Croydon tram is nearly 2x better again, the primary downside being that it goes to Croydon.

Efficiency measured as the energy (in kWh) required to move one person 100 km.

The narrowest version of my questions is: Which programmers' fonts have the most visually subdued and most visually pronounced $, @ and % symbols?

The broadest version is: What are your thoughts on the neural correlates suggested by Rawlinson's effect to the love/hate response to sigils?

----

Evidence suggests there are neural circuits that process the first and last letters of words specially. More on that in a mo.

Building on this, I hypothesize that programmers' brains may sometimes interpret a sigil as the first letter of a variable and sometimes not and that one might be able to do or suggest things that encourage one or other view and thereby reduce/eliminate negative experiences and increase/ensure positive experiences.

Rawlinson's effect

The following so-called urban legend is unusual in that it's basically true for most people:

"Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn’t mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe."

Larry, did you read that at about full speed, like most folk?

It turns out that:

• Humans do something like treating the first and last letters of words specially. The letters in the middle just have to be sufficiently close to their right position to collectively reduce ambiguity so that only one word makes sense.
• Based on 1976 PhD thesis: The Significance of Letter Position in Word Recognition (summary) I believe this effect was first discovered by Graham Rawlinson in the 70s.

I'm calling this Rawlinson's effect (rather than Typoglycemia, partly in protest at how disrespectful I perceive that page to be toward Rawlinson).

Rawlinson's effect and sigils

What if the brain sometimes processes sigils as the first "letter" of a token and sometimes not?

I find that the sigil at the start of variables sometimes makes it:

• 1. Harder to take in an entire expression
• 2. Easier to take in the variables in a block of code

It's primarily a familiarity thing. Sigils are at their best when I can tune them in and out at will. This has happened when I've been reading a lot of Perl code daily for a while. I found #1 at its worst when I was first learning Perl. Since then it returns if I quit reading sigil'd code for a while and then return to it.

Anyhow, thoughts?

Chip and pin is broken, research from Camebridge.

> 1. WRT Unicode, the biggest problem is "smart quotes."

Agreed. Have a minimal whitelist for Unicode (we don't need no fucking Emoji.) This will take care of 99% of the copy/paste text problems when quoting someone.

1. Smart Quotes
2. Hyphes
3. Umlauts & Diacritics

Just remap the Unicode glyphs to ASCII.

1. Smart Quotes

  * U+2018 to U+0027
  * U+2019 to U+0027
  * U+201C to U+0022
  * U+201D to U+0022

Note: I disagree with this analysis

2. Dashes, Hyphens

  * U+2010 to U+002D
  * U+2011 to U+002D
  * U+2012 to U+002D
  * U+2013 to U+002D
  * U+2014 to U+002D, U+002D
  * U+2015 to U+002D, U+002D, U+002D

3. Umlauts & Diacriti

Support: Latin-1 Supplement = U+0080..U+00FF

4. Blacklist everything else, initially.

5. Run monthly polls to see what Language Blocks should be supported next.

This is a good Unicode Block Previewer:

* http://www.babelstone.co.uk/Un...

The less you have to say, the more you add icing.

Contrast with how things were done 50 years ago:

https://www.cl.cam.ac.uk/techr...

This guy basically invented pretty much everything, and you can read it in an evening.

Has Josephson been banned, or is he just upset that his paper, which seems to be more on the philosophy of biology and quantum mechanics, was deemed not appropriate for being listed as quantum physics?

Josephson claims that he was temporarily "blacklisted" from posting to arXiv. See

http://www.tcm.phy.cam.ac.uk/~bdj10/archivefreedom/main.html

I have never heard of this, and I am interested. Can you name an example of a respectable scientist (not a "fringe" controversial person, I mean) who has been banned?

Nobel Laureate Brian Josephson had this happen to him. He posted a record of his interactions with the arXiv moderators at

http://www.tcm.phy.cam.ac.uk/~bdj10/articles/arxiv_correspondence.html

Often the people who get their papers rejected by arXiv are just ordinary researchers who are trying to post ordinary papers. One such example is the following.

http://blog.tanyakhovanova.com/2013/12/arxivs-police

because after they were shown that it could be done, they did nothing about it until this latest exploit threatened to make their failure general knowledge.

Wrong. It was already fixed.

If you want a good, detailed look at the story, read it on Ars:
http://arstechnica.com/tech-po...

The Ars article contains nothing to support your assertion. On the other hand, the Cambridge group that originally discovered the flaw behind the exploit report that the industry did nothing between being alerted to the problem and the publication of their paper. Instead, it attempted to dismiss the problem as impractical to exploit, even though the Cambridge group demonstrated a practical attack, presented good empirical evidence that it was being exploited in the wild, and proposed mitigating measures.

One of the team members recently wrote "What we do know with confidence is that had the banks acted to close the vulnerability immediately after we notified them, these criminals would not have been able to commit this fraud."

We have to take the industry's word for it that they have now fixed the problem, and our confidence in that claim should be weighted by its previous proclivity to dissemble. Perhaps they have just fixed the liability shift part of the problem.

https://www.cl.cam.ac.uk/resea...
https://www.benthamsgaze.org/2...

People who don't want to have a device that spends 100% of its time connected to a network and has remotely exploitable vulnerabilities. Try reading this paper for an overview of how long Android phones go without vulnerabilities (note that the latest Stagefright exploit, that affects all versions of Android since 1.5 was discovered after the paper).

hm, is this your source? http://jcsu.jesus.cam.ac.uk/~mjg59/about.html
Dated "Sunday the 10th of January, 1999" (16 years ago), so he'd be around 38 now. And I assume it doesn't update automatically, otherwise he would have created the page at age 6.

The paper

https://www.cl.cam.ac.uk/resea...

Average car on the road is 11 years old right now. Assuming it is possible to design secure OS (see Programming Satan's Computer for many reason why not), crypto of that vintage is susceptible to bruteforce. This is assuming over that period of time nobody dropped the ball and lost signing keys and such.

Thing is, what you proposing is fundamentally is a feature bloat. It doesn't help you drive.

After quickly reviewing the evidence I may have to change my opinion, slightly. This Swedish metanalysisfound that the 13 studies (8 American and 5 British), taken together,

showed that improved lighting led to a significant 21% decrease in crime in experimental areas compared with comparable control areas.

Dammit as a self described sceptic I will have to change my mind, but wait.

Since these studies did not find that nighttime crimes decreased more than daytime crimes

Yes the crime dropped, but for the studies which measured both day and night crime, both dropped by similar amounts. This suggests either the control areas are somehow different in some other way or more likely that street lamps give a perception of improvement and a more upmarket neighbourhood.

As a fan of the night sky and I find it unnatural to live in an orange glow, moon light is far more romantic I stand by my opinion that street lights should be concentrated in city centres, leave everywhere else dark.

It's thought to be a Japanese invention.

http://www.cl.cam.ac.uk/~mgk25...

Nice info.

Being a scientist, the first day the new $20's came out, I withdrew $300 and examined the bills under a microscope. The pattern quickly became obvious.

As did two other features. One is public. The other — while chatting with the head of R&D at the US Mint during a conference, I brought it up. He would only deny it, but a fresh sample of 15 is statistically significant. I checked again recently and they've quit using it, as it wears off.

The trick to "out-witting" the US Mint's genius bill-recognition scheme is to move some of the circles around –the yellow ones. They are 5-circle constellations, which is how Photoshop recognizes them as US currency. This has been known since the 'new' $20's came out about 15 years ago.

The US didn't invent everything ;-)

It's been known about since 2002, when it was found in European banknotes dating back to 1996. It's thought to be a Japanese invention.

http://www.cl.cam.ac.uk/~mgk25...

https://en.wikipedia.org/wiki/...

The music business model has been predatory against artists since the player piano roll.

Correction: The music business model has been predatory against performers since the player piano roll.

The music business has been predatory against COMPOSERS (also "artists," i'd think) since Petrucci first popularized music printing around the year 1500. You can read about the details here for example, but early music publishers and patrons generally took advantage of composers -- preferring to publish collections of "greatest hits" and getting copyright protection granting exclusive privileges to PUBLISHERS, not the artists who actually created the music. On the few occasions where composers were granted privileges in the 1500s, publishers frequently ignored them and published whatever they wanted anyway, without necessarily giving any money to composers whatsoever.

You have to wait about 75-80 years after music printing first became popular before any composer was really granted a sort of international copyright privilege for his own works that seemed to "stick" (which was granted by the French king and the Holy Roman Emperor to Orlande de Lassus). Composers before that who tried to print their own works were sometimes sued or fined for illegal "printing without a license." (You think I'm joking... I'm not. And you think publishing cartels trying to control artists is new? It's not -- there's a VERY long tradition.)

Anyhow, the point is that any new technology will always try to exploit artists during the period of transition. Moving music around on the internet in electronic form is barely 20 years old. It could be years or even decades before all of the "dust settles" and artists finally establish secure rights in this new medium... if ever.

If you look at other top-10 universities in the world, you will see a fairly similar picture. A big part of our admission training is getting interviewers to understand their subconscious biases (usually this means 'people like me', although the aspects of 'like me' that they think are important are quite varied). There's no affirmative action or direct equivalent (the closest thing is a set of targets for state school applicants, which we usually meet).

This is a "historically stupefying amount of technology":

http://www.enterprise.cam.ac.u...

- an article about how it is now possible to print microcircuits on very thin materials, cheaply. It isn't shiny or cool in the Apple sense, but if you look into what this company is doing, you will see that it is significant in so many ways:

- they can produce very cheap computers that are small enough to embed into a piece of paper
- they can be equipped with networking
- if this takes off, they are going to be everywhere

For example, in bank notes, so every individual bank note can not only be identified securely, but can actually report back about its location. Think I'm exaggerating? Well read about it and make up your own mind

Here's a nice list of EMV vulnerabilities. The latest one 'wedge' involves a MITM between the card and the bank. Since publishing with a prototype device, the authors have found people manufacturing much smaller ones that can just have a chip from a stolen card popped in them to do fraudulent transactions.

But at least the transactions will be secure

This has been repeated a number of times in the thread and I really have no idea why. I find it odd that the USA deploys a technology that was shown to be insecure five years ago and has since been shown to be broken in a lot more ways.

But at least the transactions will be secure

This has been repeated a number of times in the thread and I really have no idea why. I find it odd that the USA deploys a technology that was shown to be insecure five years ago and has since been shown to be broken in a lot more ways.

One thing that I wonder about is the definition of "fraud".

If C&P isn't as secure as banks say, can the bad guys steal people's money but the banks deny it, saying that C&P is secure?

So... RISC OS can run on it - and there is even a tutorial on writing bare metal code that displays stuff on the screen. (See lessons 6-9)

I'm at a bit of a loss what things other than the video decode and the graphics are actually through the GPU that you'd need in a lightweight OS, open source or otherwise.

Eh?

Risc OS runs on it, for crying out loud.

There are tutorials for running your own bare metal code on the thing *and* using the output. (How much more lightweight do you want?)

Already, the GPU more-or-less runs a blob at the moment - but it also means you get a higher level of access to the facilities on it. (And anybody pointing out that it has access to the entirity of RAM gets asked if they realise how the DMA in a standard PC works (The work on slightly tricked out firewire iPods unlocking screensavers on Windows machines that didn't have drivers springs to mind))

Protip: this research is being done by some of the best people in inter-disciplinary security, so reading and understanding what they are saying is a good idea before you spout off about how whack polygraph testing is.

I'm responsible for computer science admissions at an all-women college in Cambridge. I don't yet gave the figures for this year, but in the most recent year that I do have statistics for male computer science applicants had around a 15% acceptance rate, female applicants had around a 20% acceptance rate over the entire university. In spite of this, only 14% of our total admissions for CompSci were women. You can see the whole figures here. The women that we admit are not clustered anywhere particularly on the bell curve, so we're not bumping up the ratio by letting in inferior female candidates - we're just not seeing many women apply.

These numbers are even worse if you discount international students. The vast majority of women who make it to the interview stage are from outside of the UK. If you only count international students, then the gender ratios are more equal. To me, this means that there's something cultural in the UK (and, from what I've seen, the US) that isn't happening elsewhere, which puts women off computer science before they even get to university applications.

In some countries, the pressure is in the opposite direction. If you work in any computing-related discipline, you've probably worked with some extremely competent Iranian women (unless you work at a company like Google that refuses to hire anyone from Iran). If Iranian women want to pursue further education, they have a choice of engineering or medicine, but medicine in a country with a strong patriarchal ethos doesn't lead to many career paths (no one trusts a woman doctor), so they go to engineering. Within engineering, they have the choice of computer science or something that involves working in a factory, so most of them go into computer science. And then they graduate and realise that the job market looks much better abroad and that they have marketable skills, so they leave.

It's not something that has a quick fix, but it really needs to start in primary schools. It's easy to put young children off a career path very early on and very hard to fix it later.

Whatever happened to that thing?

They released the docs http://www.raspberrypi.org/a-b...

You can run several non-linux OSs on it RISC OS, FreeBSD, NetBSD, Plan 9. Or you could write your own http://www.cl.cam.ac.uk/projec...

Darn, right link, wrong text. Wish I could recall my post for a few seconds to make a quick edit.

It should be Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication

Verified by VISA and similar programs for online shit that did everything we needed but there was one critical flaw - no one used it because they didn't have to. The only site I've ever used that actually implemented it was Newegg. And when I accidentally closed the Verified by VISA popup (I assumed it was a shitty 3rd party offer popup and closed it before it loaded), I discovered that failing the Verified by VISA challenge still let my transaction go through because the merchant never wants to miss out on the sale.

Verified by VISA didn't succeed because:
1) It looked like a scam site complete with redirection to a 3rd party asking for personal details like portion of social security number. Nowhere does it display security credentials.
2) Real phishing scams exist using the name and similar form layouts.
3) Yet Another Password. Hopefully not the same one used to log into the shopping site.
4) If you forget your password, all you need is the card information to reset it, plus a birthday. Not exactly a big secret.
5) It never worked for me because I disable third party cookies, run ABP, disable javascript, etc. I had to use IE the one time I tried to use it.

Here is a paper that describes the flaws in Verified by Visa. Gross Domestic Product Implicit Price Deflator for State and Local Government Consumption Expenditures and Gross Investment

1) Even assuming you are right, just because it 'only' sucks wouldn't lead me to think this issue can be disregarded. Dealing with credit card fraud while travelling, especially in a foreign country, is not something to shrug off.

2) At least in the UK, credit card companies have used the alleged security of EMV to transfer some of the risk to the cardholder (see http://www.cl.cam.ac.uk/~sjm21... )

3) I don't think transferring the cost to the merchant is an acceptable solution. As explained in other posts here, the merchant who accepts the stolen funds is rarely the perpetrator of the fraud.

Thank you, that was the one I was talking about. It was Cambridge not oxford, my bad. It made the headlines because of this http://www.cl.cam.ac.uk/~rja14...

Gravity can be formulated as a gauge theory, like the other forces in Standard Model. It's just a different mathematical representation of General Relativity, and it also captures the gravity-as-curvature idea quite neatly. You don't see it that often because the math gets a little tricky, unless you use something like Geometric Algebra, which made it easy enough for Master's courses.

The core count isn't the interesting thing about this chip. The cores themselves are pretty boring off-the-shelf parts too. I was at the ISCA presentation about this last week and it's actually pretty interesting. I'd recommend reading the paper (linked to from the press release) rather than the press release, because the press release is up to MIT's press department's usual standards (i.e. completely content-free and focussing on totally the wrong thing). The cool stuff is in the interconnect, which uses the bounded latency of the longest path multiplied by single-cycle one-hop delivery times to define an ordering, allowing you to implement a sequentially consistent view of memory relatively cheaply.

Since I'm here, I'll also throw out a plug for the work we presented at ISCA, The CHERI capability model: Revisiting RISC in an age of risk . We've now open sourced (as a code dump, public VCS coming soon) our (64-bit) MIPS softcore, which is the basis for the experimentation in CHERI. It boots FreeBSD and there are a few sitting around the place that we can ssh into and run. This is pretty nice for experimentation, because it takes about 2 hours to produce and boot a new revision of the CPU.

It seems you're one of those Slash idiots I was referring to if you're incapable of reading. RIPA states in plain English that there is a presumption someone hasn't got the key unless the police can prove beyond all reasonable doubt otherwise. What is so hard to grasp about that?

I even quoted the relevant passage, what's so difficult for you? You don't get to just dismiss the law as it's actually written by claiming I'm wrong. The law is the law, I'm sorry it demonstrates very clearly that you have no idea what you are talking about but it is what it is so get over it.

"Having always lived in the UK doesn't give you the position of authority you think it does on the matter. I've been traveling for the last 16 years or so, been to 365 countries....you would probably be shocked at just how misinformed people are about their country of residence."

I'd really love to know how you've been to 365 countries. Even with countries that have been and gone in the last 16 years there haven't been 365 countries to travel to in that time. You're right that being in the UK doesn't give explicit advantage, but it does if like me you actually bother to take the time to research issues in your own country, something you clearly cannot claim to have done given that you are demonstrably wrong, that despite your constant claims otherwise, the law is in direct contradiction to your claims. Given your blatant lie about travelling to countries that don't exist I think it's becoming quite obvious how full of shit you actually are.

"RIPA is bad. The law has been abused, and contrary to what you say, does in fact, in practice, assume that the owner of an encrypted file has access to the key for that encrypted file."

Why are you denying the law says what it says? I've posted the link, I've posted the quote. You're verifiably wrong. It clearly states the accused is understood to have shown they do not have the case unless the prosecution can prove otherwise. That's innocent until proven guilty in it's very essence.

"Reasonable Doubt does not exist in the UK."

Oh shut the fuck up already. Yes it does. Just because you can't interpret a ruling doesn't mean reasonable doubt has magically ceased to exist. Even Cambridge law professors agree you're full of shit:

http://www.crim.cam.ac.uk/rese...

The Wikipedia article you're desperately clinging on to doesn't even say what you seem to think it does. All it says is that jurors aren't asked explicitly using the term beyond reasonable doubt precisely because it's unclear (you yourself demonstrated in your previous post you don't understand what it means) therefore it's now asked in a clearer manner. The legal standard of beyond reasonable doubt isn't in any way moved or removed by this however - it's simply explained in clearer terms to the jury so that their decisions don't get caught up on philosophical debates about what it means in practice.

"We disagree, so lets leave it at that."

Yes we disagree, because you're completely and utterly wrong but still grasping at straws otherwise. I've been pleasant, I've been straightforward, and I've cited evidence in all my responses. Despite demonstrably showing why you are wrong you insist on continuing to be wrong though, thus I will treat you with the level of idiocy you seem desperate to stoop to.

"Like the appeals notes for the case, and perhaps a legal breakdown (by a solicitor, plenty such breakdowns available) of just why RIPA is bad."

I've already done all the necessary research and provided citations for all my claims. You've done nothing other than deny reality and make some half arsed comments about how somewhere on the net there is some mystical evidence proving you right and proving that the very law itself is somehow wrong, even though that's a logical impossibility. The law is the law, so it is what it is, it cannot both be what it is and something it's not - i.e. what you're claiming it it is.

This reminds me of my experiences of typing on a Nokia N800, which is too small for any human fingers, and you actually have to peck with a stylus. (Unless you use the mode where the virtual keyboard fills the entire screen.) However, I found that my touch-typing background goes a long way -- there is little hunting involved if you really know your QWERTY, so the pecking with the stylus is surprisingly natural. It is also surprisingly fast due to the small range of movements. I guess it also helps that the stylus does not block your view of the keyboard.

The real keyboard on the N900 isn't actually much better. Sure, knowing the layout helps there too, but it's still using two thumbs instead of all fingers, so it still feels like pecking. OTOH, there is a real touch response. I personally think it's dumb that phones have lost their buttons while people use them increasingly for typing instead of talking, but I don't see any perfect solution around.

As for alternative input methods, I fondly remember how one of my professors demoed Dasher from his research group around 2000, but it hasn't seen much popularity. I think one problem might be that it relies so much on statistics and prediction, thus limiting and guiding what you want to say a little too much (not that we don't have the same issue with Google and Facebook etc. these days).

Any document that can't even get the location of the maximum torque correct isn't worth reading. It is NOT at max rpm as is indicated, that is normally where max power is located.

So now you resort to the claim that a paper by a professor at Cambridge University who lists "the internal combustion engine" as one of his research topics is incorrect about power and torque curves?

LOL!!!!!

I have provided a citation from a respected academic. You have provided nothing to support your claims.