Slashdot Mirror

The top of my list is timing analysis of entered commands. You SSH into someplace and later type a password or something worth knowing. Timing between keystrokes can be used to recover information about what you are doing.

It can be done with microphones..
http://berkeley.edu/news/media...

It can be done with clocks..
http://users.ece.cmu.edu/~dawn...

I am fascinated by that other guy that says that these "programmers" were nothing more than secretaries that managed the punch cards. There used to be a lot of grunt work and manual labor in computing that isn't there anymore

I can't tell if you are fascinated by him because he's an idiot or you think he has a point. Punch card secretaries didn't need BS degrees in CompSci, but females awarded CompSci BS degrees peaked around 1984 at over 37%.

Sure. Nobody's ever done work on that idea. And our government would never sponsor work on it.

Get with the times. It's a matter of engineering at this point. Sitting down and doing the work. Yes, it's slow. Yes, there are remaining issues. Yes, it can be done.

Actually, now that I think about it a bit more (same AC), the USB user input problem is very similar to the attack Ken Thompson described in Reflections on Trusting Trust (pdf), and the suggestion I gave in the previous post somewhat resembles David Wheeler's Diverse Double Compiling (pdf) solution to that.

In that vein of thought, if we require each input device to verify every other input device, then it stands to reason that any number of untrusted input devices could be validated as long as at least one isn't compromised. The combinatorial explosion of validations shouldn't really be an issue, since the number of input devices intentionally connected to the same machine is typically very small.

How does this compare to Learnfun and Playfun, programs publicized last year as learning and playing NES games?

http://www.cs.cmu.edu/~tom7/ma...

Sigh. I am short of time so I am reduced to repeating what I wrote to the other responder above, and the others will have to be satisfied with this answer as well:

That is incorrect. Credentials were hacked from NFC-enabled devices even before NFC was very common. There were several different methods used, but apparently it was not difficult at all. If I recall, it only required a device to spoof a legitimate terminal.

That is only one reference. The original researcher was named Christopher something. He was the same one who mounted an antenna in his car for reading RFIDs at a distance.

Wrong. Look it up.

I don't have time right now, but HERE is one reference, though it might have been the same experiment.

Computer Science is teaching EXACTLY what Computer Science is supposed to. Theory. It's an academic pursuit, not an applied skills program.

If you want to learn how to build usable software, that is a different skillset.

Precisely. Getting a computer science degree in order to become a programmer is like getting a mechanical engineering degree before becoming a mechanic. Yeah, it's kind of vaguely field related and will help give you some background about why things are done a certain way, but it's not at all necessary to the occupation and for many people is a big waste of time. Conversely, a typical programmer can't do CS work (just as a typical mechanic can't do most mech E work) without significant training in that arena.

There should be a professional "Software Engineering" (or call it something else if the Engineers get upset about the term) program for those that want to actually build code.

My school had these, http://www.sei.cmu.edu/ vs http://www.cs.cmu.edu/ The SEI only offered masters and higher level degrees, though, which seems backward if anything.

Computer Science is teaching EXACTLY what Computer Science is supposed to. Theory. It's an academic pursuit, not an applied skills program.

If you want to learn how to build usable software, that is a different skillset.

Precisely. Getting a computer science degree in order to become a programmer is like getting a mechanical engineering degree before becoming a mechanic. Yeah, it's kind of vaguely field related and will help give you some background about why things are done a certain way, but it's not at all necessary to the occupation and for many people is a big waste of time. Conversely, a typical programmer can't do CS work (just as a typical mechanic can't do most mech E work) without significant training in that arena.

There should be a professional "Software Engineering" (or call it something else if the Engineers get upset about the term) program for those that want to actually build code.

My school had these, http://www.sei.cmu.edu/ vs http://www.cs.cmu.edu/ The SEI only offered masters and higher level degrees, though, which seems backward if anything.

Though the source code has supposedly been released under GPLv2, according to their website. Confusing.

http://www.cs.cmu.edu/~om3d/co...

Yeah, not running on Yosemite for sure. Here's the GPL2 source code: http://www.cs.cmu.edu/~om3d/co...

Texture mapping is just the final step in the process. Read the full paper for more info.

This actually isn't that big of a leap from a technical difficulty level. A pair of Carnegie Mellon researchers drove across the country in 1995 using a forward camera based system. 98.2% of the trip was autonomous. The non-autonomous parts of the NHAA drive are the same which would be needed under this approach.

a bit of research and I found
http://www.cs.cmu.edu/~chuck/r...

used this search on google.... MIT robot ants walking

came up with this

http://webcache.googleusercont...

history repeating itself LOL

The 1970's called, they want their userspace problems back:

http://www.cmu.edu/computing/c...

From page 5 of the PDF:

Thus, all participants were required to click through a consent form. Beyond the consent form, there was no evidence that they were participating in a research study

Did the consent form say that you agree to allow CMU to do bad things to your computer? If not, then most people know that free money is free money (and sue the university for megadollars if things go bad). All you had to do was raise the price high enough that they believe they're getting paid fairly for their time. Some may have even been hoping for a virus so they could sue.

> But is Mach UNIX?

It was at the time Steve Jobs started NeXT. They even paid AT&T for a Unix license, which was required to use Mach:

https://www.cs.cmu.edu/afs/cs/project/mach/public/FAQ/license.info

Perl Festivity Level 1: Developers and users have gathered to nibble hors d'oeuvres and chat amiably with each other about the Modern Perl Renaissance. With every sip of their drinks Perl seems ever more striking. Some are gathered around the upright piano improvising songs that proclaim how it is faster, neater, and sharper than ever before with its asynchronous APIs.

Perl Festivity Level 2: Everyone is talking loudly -- sometimes to each other, and sometimes to nobody at all. Perl seems even better. Perl Monks are patiently explaining syntax and style to potted plants and other nearby objects. Around the piano people are feeling fun and flexible, just as programming in scripting languages used to be. Someone is crooning a bawdy ballad where a couple of inexperienced DOM and CSS selectors encounter a very supportive bundled development server.

Perl Festivity Level 3: Monks are arguing violently and defrocking one another over nested do...until loops that bail on exceptions. People are gulping down other peoples' drinks, placing hors d'oeuvres in the upright piano to see what happens when the little hammers strike as everyone bawls "Got my Mojolicious workin' ... but it don't work on Python!" They have lost count of their drinks, and the world is harmonious with blissful adherence to modern interfaces and standards.

Perl Festivity Level 4: All the guests, hors d'oeuvres smeared all over their naked bodies are performing a ritual dance around a burning heap of tables and chairs in celebration of postfix dereference syntax, subroutine signatures, new slice syntax and numerous optimizations. The piano is missing.

~~ with apology and deference to Dave Barry

Well Chris Okasaki's book is the first place. His thesis is still online: http://www.cs.cmu.edu/~rwh/the... . The book which expands the thesis: http://www.amazon.com/Purely-F... . It has been 15 years since his book his blog has some new stuff: http://okasaki.blogspot.com/

Here is a terrific blog post of what came next:
http://cstheory.stackexchange....

No, but working on it:
http://www.ri.cmu.edu/research...

http://www.ri.cmu.edu/research...

http://www.ri.cmu.edu/research...

No, but working on it:
http://www.ri.cmu.edu/research...

http://www.ri.cmu.edu/research...

http://www.ri.cmu.edu/research...

No, but working on it:
http://www.ri.cmu.edu/research...

http://www.ri.cmu.edu/research...

http://www.ri.cmu.edu/research...

The size of the award was based on an analysis by Catharine M. Lawton, an intellectual property damages expert who testified on behalf of CMU during the trial along with CMU's technical and industry experts. Ms. Lawton applied several commonly used and court approved methods of determining an appropriate royalty for Marvell's infringement in patent cases. Ms. Lawton's analysis rested on a comparison of Marvell's business and economic circumstances both before and after it started to infringe. Her opinion and application of these accepted methods were based on a detailed analysis of the facts and financial records in the case, as well as the testimony of Dr. Steven McLaughlin, CMU's digital signal processing expert, and Dr. Chris Bajorek, CMU's expert in the hard disk drive industry.

Marvell earned an average revenue of $4.42 per chip and made an average operating profit of $2.16 for each of the more than 2 billion chips sold over more than a decade. Based upon her analysis of all the facts, Ms. Lawton determined that the proper value of the CMU invention was $.50 per chip.

"Their work was done under the auspices of CMU's Data Storage Systems Center, which was formed as a partnership between CMU and certain members of the information storage industry and through which CMU has worked closely with industry partners for decades. The DSSC was formed to and has played a critical role in preserving research and development efforts and jobs in the hard disk drive industry in the United States."

"Their work was done under the auspices of CMU's Data Storage Systems Center, which was formed as a partnership between CMU and certain members of the information storage industry and through which CMU has worked closely with industry partners for decades. The DSSC was formed to and has played a critical role in preserving research and development efforts and jobs in the hard disk drive industry in the United States."

In fact, they will. CMU's IP Policy is quite clear on this matter. The inventors will get 50% of the proceeds.

Since these proceeds will qualify as royalties, under CMU's Intelectual Property Policy the school will "only" get 750 million. The other half will go to the two inventors on the patents.

And I'm sure they'll find something to do with it.

If you have reached the level of OT3 in Scientology, and you profess that you don't believe the story of XENU, you will be sent to "Ethics" to determine what is wrong with you. If you continue to say that you don't believe Xenu existed, you will be sent to the RPF (Scientology's thought reconstruction prison camp) where you could stay for years. Finally after all that, if you state that Xenu doesn't exist after reaching OT3, you will be labeled an SP (suppressive person). All Scientoligists (including brothers, sisters, mothers, fathers) will be forced to disconnect from you. If you speak to the press about Xenu or talk bad about scientology in an unflattering way, you will be targeted for "Fair Game". Hubbard stated that a suppressive person can be destroyed under the "Fair Game" policy.

I realize it is shocking, but there are many individuals that believe in Xenu. These same individuals believe that discussing Xenu with "Wogs" (non scientologists) is a high crime and a suppressive act. In fact, Hubbard said that Wogs that learn of Xenu without proper counseling risk death (R6 Implant).

... to learn with the PRO: http://www.cs.cmu.edu/~dst/DeC...

Rather than publishing on proprietary data of uncertain characteristics, this will essentially force researchers to use common, known, and available data sets. A smattering of what's available and reputable:

http://www.itl.nist.gov/div898...
http://www.keypress.com/x2814....
http://lib.stat.cmu.edu/DASL/
http://www.statsci.org/dataset...
http://data.gc.ca/eng/facts-an...
http://library.med.cornell.edu...

More than 10 years ago even!

If only Dice had a way to learn from the past...

Which would explain why repeated studies have found the MTBF published by manufacturers to be orders of magnitude higher than reality.

IIRC Backblaze's workload is write once read maybe once (I mean, they are a backup company). So it's quite likely that they are massively under the specs for throughput.

The truly interesting thing about this study is that they name names; previous work in the area (lke Bianca Schroeder's FAST 07 paper, http://www.cs.cmu.edu/~bianca/... or Google's FAST 07 paper, http://research.google.com/arc..., or NetApp's FAST 08 paper http://www.usenix.org/event/fa...) doesn't give away vendor names. The Backblaze results broadly agree with the previous results.

There is no doubt that women have made many important contributions to science. One may argue this one or that is or isn't a genius, but there is little doubt that science would be poorer without their contribution.

Madame Wu and the backward universe
Marie Curie - Biographical

Ten Historic Female Scientists You Should Know
Pioneering Women in Computing Technology
The 50 Most Important Women in Science

Well, there is that Coke machine at CMU, allegedly the only Coke machine on the Internet that would give you information the temperature and count of its inventory so you didn't have to run downstairs to to learn that the root beer you were craving is out of stock or is warm. In the old days you "fingered" its account on a Unix machine to learn its status. I think the status was in the .plan file.

Attempting to treat an honest-to-goodness thought disorder like schizophrenia without medication is akin to treating near-sightedness with counseling. There's a place for cognitive therapy in schizophrenia but it's considered adjunctive treatment (among mainstream practitioners). There are a smattering of schizophrenics who can ignore auditory and visual hallucinations that are the hallmark of the disease, and anti-psychotics may indeed make some people feel less sharp (though that isn't universal). I'd wager that most people with schizophrenia are more capable of getting things done when they aren't beset by what are typically very vivid and often intrusive hallucinations. There are, of course alternative viewpoints, such as that of the Church of Scientology.

I answer myself because I looked for it and found this paper (PDF) titled "An Analysis of Google Logs Retention Policies".

LM is the timestamp of the last modification to the user Google's preference. It can be used to track down the user because we update our preferences at different times. This applies also to non logged in users like me.

Luckily it's easy to reset LM. Just go to google.com, click the menu, turn on or off Safe Search, click again and turn it back to its original value. LM is different.

Obviously Google could store the old and new value and link them into a db ;-)

One of the earliest devices connected to the internet (actually ARPANET in those days) was a coke machine in the Carnegie Mellon University Comp Sci department. It's still online today

One of the earliest devices connected to the internet (actually ARPANET in those days) was a coke machine in the Carnegie Mellon University Comp Sci department. It's still online today

I teach a graduate course in computational neuroscience at CMU. My lecture notes, exercises, and Matlab software are all available online via my home page, at http://www.cs.cmu.edu/~dst

I disagree with the notion that only professionals should speak publicly about their scientific work. Amateurs should be welcome in any branch of science. Who knows where the next contribution will come from? And there is plenty of disappointing work from tenured professionals. So read the journals, but be prepared to wade through a lot of straw to find the gold. One of the advantages of graduate school is that there are experts who can help you with this.

How many cores does it have? I can haz rapid alignment-free quantification of isoform abundance in my pocket? http://www.cs.cmu.edu/~ckingsf/software/sailfish/

By the way, CMU has another project, NELL, that's been running since Jan 2012 doing the same thing, but with text. Its accumulated knowledge base is downloadable.

An example of knowledge it has gleaned: God died at age 14.

Am I the only one that gets a special feeling in my pants after seeing inkblot 2

According to this challenge, I'm totally failing the Turing test. Is http://www.cs.cmu.edu/~jblocki/GOTCHA-Challenge_files/Account%200Inkblot4.jpg really a "robot on a skateboard like thing" to anyone here? What am I missing?

It appears that no human can identify the pictures. Perhaps we can get a team of AI programmers to create an app to tell us what the figures are;-)

According to this challenge, I'm totally failing the Turing test. Is http://www.cs.cmu.edu/~jblocki/GOTCHA-Challenge_files/Account%200Inkblot4.jpg really a "robot on a skateboard like thing" to anyone here? What am I missing?

how do you spend $100,000 on an undergrad degree?

After scholarship, MIT undergrads average $24,000 a year.

http://mitadmissions.org/afford/basics

Carnegie Mellon $46,000 annual tuition.

http://admission.enrollment.cmu.edu/pages/tuition-fees

Stanford $14,000 per quarter

http://exploredegrees.stanford.edu/tuitionfeesandhousing/#tuitiontext

What percentage of you have downloaded the source code, verified the MD5 of the source code against what is reported, then compiled it yourself using compilers that you trust aren't compromised?

The authors of those programs make it easy to verify by publishing the hash along with the source and encouraging people to verify their downloads. I expect your distribution's maintainer follows those protocols when building the released version. That build is automatically signed when built and verified upon download when installing it on your system.

As for trusting your compiler, I assume you're referring to Ken Thompson's seminal Reflections on Trusting Trust (PDF). It's an interesting academic exercise, but I'm pretty sure if such a compiler were out there and in common use, someone would have noticed. Especially now that there is a published way to detect it.

Installing the distro's version is likely safe, although you must realize you're opening up your circle of trust to include the distro's maintainer and server farm instead of just the original author(s) and their source repository.

The bad part of this is, until we get NSA's unconstitutional programs back under control, simply encrypting your emails may be enough to trigger their systems to preserve it.

Maybe things are different now, maybe not.

Reading and Writing with Computers: A Framework for Explaining Differences in Performance

Most studies have found that reading from paper is faster than reading from computer screens. Muter, et al. [1982] showed that reading from TV screens took 25% longer than from paper, but produced roughly equal comprehension scores. Wright and Lickorish [1983] also found that paper was faster. Gould and Grischkowsky [1984] studied subjects performing an eight hour proof reading task. They found that work was more rapid on paper, with slightly higher quality than on personal computers. Our own experiments verified these results and extended them to positional memory and various alternate computer conditions.

(I was actually looking for something else this morning and stumbled across this, and the topic came up on Slashdot. Synchronicity?)

Reflections on Trusting Trust (PDF alert). Required reading for anyone with interest on that very topic. Written by Ken Thompson, in fact.

Looks like it's back to using the alternative.