Slashdot Mirror

http://rtw.ml.cmu.edu/rtw/kbbrowser/arnold_schwarzenegger is female, certainty 100%

Since the article left more to be desired, you can find the project page here and follow NELL's 'learnings' on Twitter. Latest post:

Further Down:

I think "FoxPro" is an #ethnicgroup (http://bit.ly/9530nT)

I think it sill has some learning to do...

I think it's useful, in a way, for inspiration when writing poetry. When you get stuck, you can look at what Nell has found that relates to your subject. Say, you need help with gentle breeze. You come up with things like "flowers dancing on", or "whispering through". It's like getting all the short-range literary tricks without doing any reading. By short-range I mean it cannot pick up yet on any sort of a longer story built on your topic, but can see interesting word-strings in the short neighborhood of your topic. It seems to pick on word plays, parallels, and such.

I think "Playstation Network" is a #videogame (http://bit.ly/cnJWSD)

Urmson (PhD, faculty on leave), Montemerlo (PhD), and Thrun (former faculty) all have ties to Carnegie Mellon. Autonomous driving has been a steady effort at CMU. For example, No Hands Across America was in 1995.

Technically, even a screw is considered a machine. Everything more complex and more functional than a screw should then also be a machine, regardless if it contains biomass. No?

Famous classic images such as Lena, the Baboon, etc., often used when doing compression comparisons, are unfortunately not free of copyright.

I thought Playboy relented (just said the hell with it), and released Lenna (the head shot version) to public domain for research purposes?

Anyways, what people use to consider porn linked (now it seems like tasteful art :) ).:

http://www.cs.cmu.edu/~chuck/lennapg/

Funny,

The first thing I thought was how remarkably sharper the WebP looked. Especially on the football player.

I wonder if the artifacts along defined lines are making them stand out better for you.

Anyway, what's an image comparison test doing without Lenna?
http://www.cs.cmu.edu/~chuck/lennapg/

The only real question is, can anybody figure out how to fit the source on a T-shirt? If yes, the case is moot, right?

I take it you're referring to this?

http://www.cs.cmu.edu/~dst/DeCSS/Gallery/

A wonderful gallery of multiple representations of the "illegal" DeCSS DVD decryption code presented with artistic merit. For example, the DeCSS code can be represented as a prime number. Does this make that prime number illegal?

what you describe has already been done, and ignore the people saying it's impossible. see http://www.cs.cmu.edu/~srinivas/

Did you watch Randy Pausch's Last Lecture? http://www.cmu.edu/randyslecture/

Would your wife be interested in doing something like this? I assume privately, but maybe she'd want to make it public.

You seem to have described almost exactly the functionality of Perspectives, which has been discussed on Slashdot, although not recently.

[...] And when Mendel fudged his data about heredity [...]

Although Fisher claimed Mendel fudged his data (or rather, out of respect for Mendel, 'an overeager assistant', which of course did not exist), this was later shown to be due to an incomplete model of how fertilization en the pea-plant he studied takes place. Please read Ending the Mendel-Fisher controversy, especially Teddy Seidenfeld's contribution, also available from his website: P’s in a Pod: some recipes for cooking Mendel’s data.

I have never seen any creditable study
made up shit on pro gay sites
but the truth is

A plethora of credible studies are available literally at the touch of a button, many of them suggesting a biological component to homosexuality. I suppose your findings are dependent on your definition of credible, and since you declare that you know "the truth", you may not be open to contradictory evidence.

Here are a few I found just now, but I'm sure you can let your fingers do their own walking if you are interested.

http://www.newscientist.com/article/dn3008-homosexuality-is-biological-suggests-gay-sheep-study.html

http://www.cs.cmu.edu/afs/cs/usr/scotts/ftp/bulgarians/nih-ngltf.html

http://allpsych.com/journal/homosexuality.html

>> When I get money, I always use the ":-)" set of characters. Why can't we use emoticons for currency symbols?

Nice idea man. World would be a much happier place dealing with smileys. If Scott Fahlman had been born a few centuries earlier, we could have had one for a Dollar :)

http://www.cs.cmu.edu/smiley/

Carnegie Mellon has an open source speech recognition project you might want to look into. Sphinx

He probably is talking about the closing down of the BSD kernel (even though it's permitted in its license agreement).

They don't use the BSD kernel, they use their own custom kernel called XNU which is based on Mach. Some elements of the BSD kernel are included in this kernel but it was never closed down. It's released under the Apple Public Source License (APSL) which qualifies as open source and the source code can be found here: XNU source

There is also nothing to stop someone from performing a man-in-the-middle attack on a self-signed HTTPS connection

There's an extension that fixes that: http://www.cs.cmu.edu/~perspectives/

Sounds like a research project at CMU called Internet Suspend and Resume. http://isr.cmu.edu/

While we're at it, your browser SSL encryption is only as secure as the least secure of the certificate authorities that your browser trusts. Any time your browser shows a secure and validated SSL connection it's because someone in your authorities list said it was okay. Just one authority. That's all it takes.

Go look at the list of CAs your browser trusts.

I just checked mine and I see 86 certificates belonging to maybe 30 different organizations. If any single one of those 30 organizations has a compromised certificate, my browser could show a bogus SSL connection as valid. So, I connect to Bank Of America, and the connection appears like a good SSL connection, but that's only because the fake cert in this attack was authorized by some rogue operator at "TÜBTAK UEKAE Kök Sertifika Hizmet Salaycs - Sürüm 3" or whichever of the 30 companies. That's a pretty long chain to deal with for a weakest-link-screws-you scenario.

Maybe some folks here didn't realize that this is how the model works. That's part of the problem.

So I might suggest understanding the difference between an anonymized connection and an encrypted one. Folks should understand how Tor works before using it. Already we have a problem with people using SSL without understanding it.

Anyway, I installed Tor and Torbutton recently and kept running across notices of how Tor works and that I should be aware of how it works to receive the benefits of it.

Here's another way you can protect yourself against bogus SSL certs, by the way: Perspectives. See the demo. There's a Firefox extension.

Perspectives shows you an SSL cert's history. That is, how long that cert has been in use by the host you're SSL connecting to (as seen by a number of other hosts on the net). If the cert changed on you today, that's suspicious. If it changed today and you are the only person seeing that new cert, you might consider not using that connection for sensitive communication.

While we're at it, your browser SSL encryption is only as secure as the least secure of the certificate authorities that your browser trusts. Any time your browser shows a secure and validated SSL connection it's because someone in your authorities list said it was okay. Just one authority. That's all it takes.

Go look at the list of CAs your browser trusts.

I just checked mine and I see 86 certificates belonging to maybe 30 different organizations. If any single one of those 30 organizations has a compromised certificate, my browser could show a bogus SSL connection as valid. So, I connect to Bank Of America, and the connection appears like a good SSL connection, but that's only because the fake cert in this attack was authorized by some rogue operator at "TÜBTAK UEKAE Kök Sertifika Hizmet Salaycs - Sürüm 3" or whichever of the 30 companies. That's a pretty long chain to deal with for a weakest-link-screws-you scenario.

Maybe some folks here didn't realize that this is how the model works. That's part of the problem.

So I might suggest understanding the difference between an anonymized connection and an encrypted one. Folks should understand how Tor works before using it. Already we have a problem with people using SSL without understanding it.

Anyway, I installed Tor and Torbutton recently and kept running across notices of how Tor works and that I should be aware of how it works to receive the benefits of it.

Here's another way you can protect yourself against bogus SSL certs, by the way: Perspectives. See the demo. There's a Firefox extension.

Perspectives shows you an SSL cert's history. That is, how long that cert has been in use by the host you're SSL connecting to (as seen by a number of other hosts on the net). If the cert changed on you today, that's suspicious. If it changed today and you are the only person seeing that new cert, you might consider not using that connection for sensitive communication.

While we're at it, your browser SSL encryption is only as secure as the least secure of the certificate authorities that your browser trusts. Any time your browser shows a secure and validated SSL connection it's because someone in your authorities list said it was okay. Just one authority. That's all it takes.

Go look at the list of CAs your browser trusts.

I just checked mine and I see 86 certificates belonging to maybe 30 different organizations. If any single one of those 30 organizations has a compromised certificate, my browser could show a bogus SSL connection as valid. So, I connect to Bank Of America, and the connection appears like a good SSL connection, but that's only because the fake cert in this attack was authorized by some rogue operator at "TÜBTAK UEKAE Kök Sertifika Hizmet Salaycs - Sürüm 3" or whichever of the 30 companies. That's a pretty long chain to deal with for a weakest-link-screws-you scenario.

Maybe some folks here didn't realize that this is how the model works. That's part of the problem.

So I might suggest understanding the difference between an anonymized connection and an encrypted one. Folks should understand how Tor works before using it. Already we have a problem with people using SSL without understanding it.

Anyway, I installed Tor and Torbutton recently and kept running across notices of how Tor works and that I should be aware of how it works to receive the benefits of it.

Here's another way you can protect yourself against bogus SSL certs, by the way: Perspectives. See the demo. There's a Firefox extension.

Perspectives shows you an SSL cert's history. That is, how long that cert has been in use by the host you're SSL connecting to (as seen by a number of other hosts on the net). If the cert changed on you today, that's suspicious. If it changed today and you are the only person seeing that new cert, you might consider not using that connection for sensitive communication.

Web of trust-like mechanism for SSL: Perspectives.

A web demo is available.

Not really a web-of-trust. More like a history-of-key, which also works well.

Web of trust-like mechanism for SSL: Perspectives.

A web demo is available.

Not really a web-of-trust. More like a history-of-key, which also works well.

check it out hackers of the wurld //

http://www.cs.cmu.edu/afs/cs.cmu.edu/user/ralf/pub/WWW/files.html

it's got what you needz //

I'm not sure what a "79% correlation" even means. The way to describe correlations is to provide estimated correlation coefficients. It appears that even the original article uses this bizarre percentage notation ("r = 63.5%"), which suggests that perhaps the authors don't understand correlation as well as they think they do. Sigh. This is what happens when computer scientists try statistics without any training...

For low-end machine vision, there's one obvious product to suggest: CMUcam ( http://www.cs.cmu.edu/~cmucam/ )

Another option that's not quite as widely known, but is slightly different (better in some ways, worse in others, depending on what you're looking for) is the AVRcam ( http://www.jrobot.net/Projects/AVRcam.html ).

Both are basically NTSC/PAL-type monochrome video cameras with a dedicated processor that does things like object-recognition for you and alerts you when it thinks you'll be interested. Neither is likely to be appropriate for astrophotography, but either one will probably do the job nicely if you want to let your robot find a ping pong ball or navigate a maze.

First, there is no proof there's a conspiracy to deny publication of dissenting papers. Several investigations have decided that there is no conspiracy. There is an outside chance that one little corner of science may have slipped into pseudoscience, but that's hardly justification for your statements about science in general.

The nondisclosure of data is a serious issue, but it's also not universal and even in this case it sounds like it's more due to the CRU not having the legal right to disclose the data in question, NOT to their unwillingness to do so. That's a problem with the law or with the commercial right-holders, not science. Again, even in the worst case scenario, it's not a justification for your statements about science in general.

Following are a few examples of large, publicly available scientific datasets that were assembled at considerable cost, entirely voluntarily (a small selection, several that I have personal experience with and others that I've included to try to give some breadth to the list):

http://physionet.org/
http://mouldy.bic.mni.mcgill.ca/brainweb/
http://www.med.harvard.edu/AANLIB/home.html
http://archive.eso.org/skycat/servers/usnoa
http://www.astrometry.net/data.html
http://www.ncbi.nlm.nih.gov/genbank/GenbankOverview.html
http://www.ncbi.nlm.nih.gov/guide/data-software/

And some publicly available code:

http://noodles.bic.mni.mcgill.ca/ServicesSoftware/HomePage (the MINC tools are apparently available from Debian as well)
http://www.bic.mni.mcgill.ca/~ilana/diffusion/diffusion_tools.html
http://www.vlfeat.org/~vedaldi/code/sift.html
http://www.itk.org/
http://www.cs.cmu.edu/~cil/v-source.html
http://iraf.noao.edu/

There's hardly an overwhelming culture of closed and proprietary secret keeping in science as you suggest. Quite the opposite. Sure, some of the non-scientific appendages to science do have issues in that area (journals, for example) but scientists are usually all too willing to do end runs around such things. If you want to read a paper, e-mail the author and he's likely to send you a PDF despite that often being technically a violation of copyright. Failing that, go to a library and they'll let you read it, free.

We can actually validate certificates relatively well using "notaries". This gives us in effect validation of identity. It's better than trusting CAs, and you don't have to buy certificates:

"Perspectives"

Demo

About

Firefox extension

We can actually validate certificates relatively well using "notaries". This gives us in effect validation of identity. It's better than trusting CAs, and you don't have to buy certificates:

"Perspectives"

Demo

About

Firefox extension

Though security on the Web is broken by design Perspectives , while no panacea, can help. Be sure and check "Contact notaries for all HTTPS sites".

Check out Perspectives: http://www.cs.cmu.edu/~perspectives/

Of course, by removing all CA's, manually/permanently accepting the site's cert you'll also be warned if it changes (pretty much like SSH then).

Parts of that story also turn up in "Bare Faced Messiah", the unauthorised biography of L. Ron Hubbard. Scientology tried to ban it, failed miserably, and now you can download it.

Fascinating stuff. Cult leaders are very interesting people.

For the return to tin can and string?

No, but it might be time for people to start using Perspectives. Which I'd guess is a better version of the new extension these people are making, although I can't really tell due to the PDF being broken (slashdotted?).

The research mentioned in the article is about verifying identity by comparing a person's keystroke timing to a previously acquired of keystroke timing. Nothing the professor's research makes any claim of being able to determine age, gender, culture or anything else from an unknown person's typing.

At best, you could compare a person's typing to a database of typing patterns and see if you find a match. To identify pervs this way would require that you track down all the pervs, give them typing tests, ensure that they type like they normally do, store the typing profiles in a database, ensure that all programs record and send the timing of typists keystrokes, ensure that the pervs all type the same way they did on the typing test and compare the resulting keystroke timing profile.

But hey... how could any of that possibly fail to work?

Also, the professor's list of published papers can be found here. There is some interesting stuff there
http://www.cs.cmu.edu/~maxion/pubs/list.html

SurfaceScapes http://www.etc.cmu.edu/projects/surfacescapes/index.html http://vimeo.com/8211657 Then again, it uses Microsoft Surface, and considering the crowd...

OpenCV has C interfaces and there are more that have some C code libraries. Really the coding challenge would be building the wrappers to utilize those libraries with your camera's hardware (I assume provided through CHDK APIs). My vote is for a nifty KLT implementation that allows me to take a video and extract a huge wide pan image in post processing on the camera.

This looks a lot like Pioneer:

Seshadri, Arvind, Mark Luk, Elaine Shi, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla.
"Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms."
In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), Brighton, United Kingdom, October 2005.

http://sparrow.ece.cmu.edu/~adrian/projects/pioneer.pdf

You can do this with commodity hardware. CMU's GREY program has been letting users not only open doors, but manage issues such as access control lists, key management, and usability issues associated with such a system. There's been a considerable amount of information published as a result of their research. They've been doing this since about 2005. It is by no means a new idea.

Definitely write some code. When you are done with that, though, give a look at Common Lisp: http://www.cs.cmu.edu/~dst/LispBook/ Common Lisp: A Gentle Introduction to Symbolic Computation by David S. Touretzky, or http://www.gigamonkeys.com/book/ Practical Common Lisp by Peter Seibel. Then, learn to use Clojure to tie the two (functional programming and JVM bytecode + platform) together.

Here's another idea: Defense in depth. Make CAs just one part of the whole picture. Another big part could be stability of certificate:

Perspectives

The idea might be quickly conveyed by the images on their web demo.

They've even got a Firefox plug-in.

Here's another idea: Defense in depth. Make CAs just one part of the whole picture. Another big part could be stability of certificate:

Perspectives

The idea might be quickly conveyed by the images on their web demo.

They've even got a Firefox plug-in.

Here's another idea: Defense in depth. Make CAs just one part of the whole picture. Another big part could be stability of certificate:

Perspectives

The idea might be quickly conveyed by the images on their web demo.

They've even got a Firefox plug-in.

Have a look at Perspectives: an approach to detecting MITM attacks by comparing the keys visible from other vantage points on the net.

Estimate the parts required using historical proxies based around size and content. Use historical development time data based on the part estimates. Consolidate the group of smaller estimates for yourself, or ideally across an entire team, to allow estimation error to cancel itself out as much as possible across the group. Now you have a solid estimate of the total effort required, and you just have to map that to the available development hours in each developer's schedule, rebalance as necessary, and see what your end date looks like. Team Software Process

They've got a Firefox extension, too: http://www.cs.cmu.edu/~perspectives/firefox.html#install

And this conveys the idea quickly and visually... the web demo: http://moo.cmcl.cs.cmu.edu/perspectives/

They're also looking for developers to take the project. This could be a great tool for everyone.

They've got a Firefox extension, too: http://www.cs.cmu.edu/~perspectives/firefox.html#install

And this conveys the idea quickly and visually... the web demo: http://moo.cmcl.cs.cmu.edu/perspectives/

They're also looking for developers to take the project. This could be a great tool for everyone.

Did you notice how many CAs are in the list? How do you feel about each?

I might recommend encouraging technologies like Perspectives to provide defense in depth.

I don't read boring news, I read slashdot!

Oh wait... I think I just confirmed your post and the article.

Well, TBH one reason I read slashdot is because crowdsourced comments are more difficult to bias than paid journalism. Perhaps we commenters come from a niche demographic to begin with, we're not perfect; I'm simply (lazy and) hard pressed to find a more stable journalistic platform.

Commenters reliably reflect most information from TFA and season it with their own personal perspectives (explaining why RTFA is so unpopular xD). Commenters misrepresenting TFA are regularly named and shamed. Many commenters even correct, clarify or expand upon summary and article alike. We demand references and citations from one another; sometimes we even get them. :P

It doesn't always work. It isn't always fair or informative. Oddly enough, if you serve up a genuinely high tech article about hard science, space or quantum physics the crowd starts sounding about as clueless as my grandmother on the topic. xD But you can usually tell when the discussion has gone off and browse on to the next topic. I get more usable, bias-corrected "news" here (sadly) than from any other source of which I am aware.

This is a very peculiar thing. Perhaps we should brainstorm methods to distill fact from biased noise to arrive at an untainted wellspring of current affairs intel we can all drink from. The data is there, we just need to cancel out the opposing non-factual chaff. Someone, get Luis Von Ahn in here, STAT! :3

> Maybe Perspectives can help show that certs come from the right
> source.

> http://www.cs.cmu.edu/~perspectives/index.html

Perhaps something like what Perspectives does for SSL certs would be
feasible for GPG keys pulled off a key server.
As in: "This public key for email@domain has been seen consistently
for X amount of days", i.e. it has not changed thereby preventing
imposters. Would be a nice secondary path of semi-trust in addition
to the Web-of-Trust.