Slashdot Mirror

Here in Adelaide, Australia we've had the American university Carnegie Mellon open up a local branch offering a Master of Science in Information Technology, http://www.heinz.cmu.edu/australia/information-technology-msit/index.aspx

No idea if they're any good or not though.

This whole discussion reminds me of the talk about teaching Computational Thinking two years ago.

For the entirety of today I forgot about this project. Only now did I remember after seeing some comments on Reddit.

Multiple "notaries" who report what key they've seen and when they've seen it.

Check it out: Perspectives

You don't even have to replace your oligarchy of trusted companies (keys, rather), you could just use this tool in conjunction.

And how do you verify that your compiler has not been Trojaned? (warning: PDF)

The program is actually called dsynch ... they just didn't pick an original name. See this link for DOT source and article: http://www.cs.cmu.edu/~dot-project/ http://www.cs.cmu.edu/~dga/papers/dsync-usenix2008-abstract.html

The program is actually called dsynch ... they just didn't pick an original name. See this link for DOT source and article: http://www.cs.cmu.edu/~dot-project/ http://www.cs.cmu.edu/~dga/papers/dsync-usenix2008-abstract.html

Better to reply to you than to my own "where's the source?" post.

Check this out: http://www.cs.cmu.edu/~dot-project/

and you can find documentation for it here:
http://www.cs.cmu.edu/~dga/papers/dsync-usenix2008-abstract.html

It is rsync on steroids that uses a BitTorrent-like P2P protocol that is even more efficient because it exploits file similarity.

You may have to contact the author of the paper to get the latest version of dsync, but I am sure they would be more than happy to help you with that.

There's a demo by a guy, Johnny Chung Lee, that did just that using a Wii sensor bar and nunchuck.

http://www.cs.cmu.edu/~johnny/projects/wii

Its the third video down. Very cool.
Software is there too.

http://www.cmu.edu/homepage/beyond/2007/summer/happy-25th-emoticon.shtml

Alice by Randy Pausch of the Last Lecture

How about this one? The queries ACID makes (no relation to ACID of DB studies) against the database data generated by Snort are significantly faster in MySQL than Postgresql with certain operations.

PS, that's really old data but I knew where to find it quickly :-).

Well... yes. If you were expecting a quick action fix.
GITS and Masamune Shirow's manga in general need to be watched/read with some concentration.
Add to that Mamoru Oshii's direction who almost always goes of to a deep end of the psychology pool and it may seem unnecessarily complicated.

As for trash..

Try reading some of Shirow's manga. He would really get into particulars with every single little thing in his universe.
That is, before he figured out he can live off the royalties and churning out a borderline hentai calendars and art-books here and there.
There are no "beam guns" in Shirow's manga.
If a piece of technology is used there is a neat description somewhere of how and why that particular piece of technology works and what are its underlying principles.
There is almost no issue without some added bits of text with additional explanation for such cases.
Original Ghost in the Shell manga is a great example. There are about 10 pages of "notes" at the end of the book.

A great example of visionary "future tech" he also featured can be found in Ghost in the Shell 1.5: Human-Error Processor.
In a story printed in 1992 (Drive Slave) he drew microrobots that travel through bloodstream using flagella for propulsion.
Such robots are widely researched today.

 
On other hand...
I fear that you have no idea what Sci-Fi is. Or Science Fiction. Or that one is primarily read, and other mostly watched these days.

GITS SAC 1, 2 and the movies are great sci-fi.
GITS manga and movies are great Science Fiction.
If nothing else, Hollywood hacks like Wachowskis ripping it off is a good indicator of its value.

That occurred to me too; but if so, then it's equally impressive as a scam:

http://news.nationalgeographic.com/news/2004/08/0830_040830_aronralston.html

http://www.cnn.com/2005/US/04/04/cnn25.tan.ralston/index.html

http://www.cmu.edu/magazine/03fall/aralston.html

Ooh a new way to distribute DeCSS source!

Carnegie-Mellon University's CS Department has had a robotic receptionist for several years now. This is nothing out of the ordinary,...

Anderson and others have also incorporated findings from cognitive psychology into the computational architecture ACT-R.

Also

"Machine Learning" by Tom Mitchell
http://www.cs.cmu.edu/~tom/mlbook.html

Good stuff. I have used the NN techniques in there to successfully build a license plate recognition system.

There's been a small amount of previous research in jazz solo composition, including a real-time solo-trading system that learns solo styles from data. Here's one paper describing the system that seems to have made the most progress.

At our school I've helped the grade 8 kids to create their own interactive whiteboard using Johnny Chung's wiimote hack. It works pretty well! They also organized some fund raising to pay for the computer and projector and I donated my second wiimote to the project. The kids are extremely proud of the 3 different infrared pens they built! http://www.cs.cmu.edu/~johnny/projects/wii/

It's coming...
That and computer-mind interfaces are the revolution we're all waiting for.

An interesting "natural experiment" can be found in comparing international CS students to US CS students....

While most of the international women students come to Carnegie Mellon without an extensive knowledge of computers, they all have a high sense of self-efficacy in math. Several students told us that not until coming to the U.S. did they encounter the attitude that women are not suited for math and science. They told us that girls (if they were lucky enough to go to high school in the first place) pursue math and science at the same rate and with the same expectations as boys, at least through the high school level

You'll be waiting 5 years at least. I'm probably getting an iliad DR1000SW or PlasticLogic's model next year because they finally got the screen size up to snuff.

The economic analysis in the summary at least is a bit shortsighted. You can save a little on newspaper subscriptions since they don't have to deliver to you or you don't have to waste gas getting one and there are a lot of good free (legally) books online to learn languages/programming/anything but don't want to sit on the computer for. Like this one:
http://www.cs.cmu.edu/~dst/LispBook/
or
http://www.gigamonkeys.com/book/

When I sat down years ago to read those or other books on the computer, it just was a pain. I couldn't use my computer for other things as easily and the eyestrain of a backlighted screen all day. Years back, without a second monitor, it was kinda a pain to follow some programming examples and keep switching back and forth.

Add to that the convenience of having all your books in a memory card or single harddrive. It was a factor driving mp3 music players vs CDs and CDs are much easier to carry around than books.

What is wrong with the current set of books is this:
-screen size (recently solved with the iRex DR1000S - now they have models out big and small good for newspaper/technical_reading/textbooks vs fiction)
-screen refresh rate (too slow on all models)
-only 4 (16 iliad) shades right now
-klutzy software (Apple could exploit this market sooner or later)
-battery life in some models (e-Ink doesn't use any energy once screen is rendered - yet some manufacturers build these things to be recharged almost daily instead of weekly), turn the page and switch it off
-no color

For me, battery life and software and screen size is what I'm not going to compromise on, all others I'm flexible. It probably will be different for everyone. The potential benefits are tremendous though.

It would be very easy for an ISP to perform man-in-the-middle attacks on supposedly secure sites which use self-signed certificates.

Not necessarily. There's a Firefox plugin called Perspectives that prevents MITM attacks that are confined to a limited IP block, such as one initiated by an ISP.

It works by getting several remote servers to query the site and send the certificate back to the browser. If the certificate the remote sites see is the same as the certificate your browser sees, then you can bee certain your ISP isn't performing a MITM attack.

For some years now, there have been pointing devices for the disabled that essentially involve an IR webcam and a reflector or LED stuck to whatever part of the body the user can still move.

Sounds like one of Johnny Lee's projects, you could probably accomplish this with a Wii-remote and his free software.

Johnny Chung Lee

http://www.cs.cmu.edu/~johnny/projects/wii/

He did this ages ago with nothing but a Wii remote, some IR LEDs, and bits of reflective tape. And all his code is openly available!

If you're interested, take a look around his site at some of the other stuff he's done... and not just with Wii remotes, either. The man is a genius. I love the projector calibration work he did. I mean, he's turned folding fans and umbrellas into screens!

(Please excuse the terrible way that I have to post this - normally the comments are above the command, but slashdot was freaking out...) Here is my .vimrc file:
:com Openvimrc :tabnew ~/.vimrc " custom command to edit the _vimrc file from anywhere
:nnoremap <C-J> 5j " custom key mapping: CTRL-J -> move down 5 lines
:nnoremap <C-K> 5k " custom key mapping: CTRL-K -> move up 5 lines
:nmap <C-t> :tabnew<cr> " custom key mapping: CTRL-T -> open new tab
:nmap <C-tab> :tabnext<cr> " custom key mapping: CTRL-TAB -> move to next tab
:nmap <C-S-tab> :tabprevious<cr> " custom key mapping: CTRL-SHIFT-TAB -> move to previous tab
:autocmd BufEnter * lcd %:p:h " auto set the current working directory to be the same as the buffer's
:filetype on " toggle filetype detection
:filetype plugin on " toggle filetype plugins
:set number " turn on line numbering
:set tabstop=4 " indentation level
:set expandtab " convert tab key to spaces
:set shiftwidth=4 " indent/outdent
:set shiftround " always indent/outdent to nearest tabstop
:syntax on " turn on syntax highlighting
:au BufWinEnter * let w:m1=matchadd('ErrorMsg','\%81v.*',-1) " lines that are > 80 characters are error highlighted by default
:com SetLengthWarning :let w:m1=matchadd('ErrorMsg','\%81v.*',-1) " custom command to set > 80 character highlighting
:com UnsetLengthWarning :call matchdelete(w:m1) " custom command to unset > 80 character highlighting
:set backspace=indent,eol,start " allow backspace over everything
:set noerrorbells visualbell t_vb= " kill the bells
if has("gui_running") " gui specific properties
:set guioptions-=T " hide the GUI toolbar
:set guioptions-=m " hide the GUI menu
:colorscheme inkpot " set the color scheme
:set guifont=Anonymous:h13 " set the GUI font
:set lines=46 columns=100 " set the window size
else " cterm specific properties
:colorscheme default " set the color scheme
:hi LineNr ctermfg=red " set line numbering color to red
endif

(END)
There are some things to note. There are some commands in my .vimrc which will highlight text that has crossed the 80 character threshold. In order for those commands to work, vim7.2 or greater must be installed. Also, tab support was not added until vim7.0 I think. My gvim font is from http://www.ms-studio.com/FontSales/anonymous.html>. If you want some excellent colorschemes, check out http://www.cs.cmu.edu/~maverick/VimColorSchemeTest/>. Finally, I just discovered this a couple of days ago http://technotales.wordpress.com/2007/10/03/like-slime-for-vim/>: an awesome vim trick to use with irb.

I don't know enough about Bill Joy's personality (versus his software contributions which I think many here are familiar with) to have an opinion either way.

I do think David Farber is politically astute and familiar with dealing with government enough that he could make a productive contribution to USA as a solid adviser on technology, based on his track record of "getting it" with historic technologies like that Internet thing, Plus he is a EFF trustee, Fellow of the ACM and IEEE, Oh, and he is a interesting people.

I don't know about Windows machines, but I heard that certain robotic probes run VxWorks and are remotely controlled via a low-bandwidth, high-latency connection. Those devices have a lot of programmed autonomy and fail-safe built in. And they don't run Windows.

Don't forget, too, that the toolchain you're using to do your diagnostics can be the source of the hack.

...You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect.

-- Ken Thompson, Reflections on Trusting Trust

A customer makes a connection to the bank via SSL. How does the customer know whether or not this encryption succeeds or fails? He has no idea and he has no way of finding out.

The 1% error rate of paper ballots can be read here and many other places. Google "paper ballot error rate".

Also, I have my doubts about the methods from the paper, though I haven't read it. For example, how resistant is the technique with respect to attacks on votes that have been cast by people who, for some reason (such as low technical skills), cannot check the correctness of the result? If someone else is going to do that for them, won't this compromise anonymity of their vote?

There are many techniques out there. Some allow for a voter to verify that his own vote has been counted correctly. Universally verifiable systems allow for a voter to verify that everyone's vote has been counted correctly. No, this does not in general compromise the anonymity of the vote.

Also, don't you feel a bit silly arguing against hypothetical weaknesses of cryptosystems when you haven't even bothered to read the basics? Here's another good paper by Microsoft. Here's another good one from Carnegie Mellon.

Please read these papers. You will see they have carefully thought through the issues you are raising.

Most of these systems operate on a server/client basis. The client can use whichever implementation he desires as long as it implements the algorithm. He can use Microsoft Voter or GNU Vote or whatever he wants. You're not forced to sit down at a voting booth with software you don't trust.

http://slashdot.org/~farber
exists so we have a few happy chef-cooks here as well :-)

I'm going to try to come to the defense of that last one there. His Slashdot user page links to: http://www.cis.upenn.edu/~farber/ which claims he is

David Farber, Professor Emeritus

Web Page at CMU:
http://www.epp.cmu.edu/httpdocs/people/bios/farber.html

I don't think he selected that name because he's a happy chef cook nor because he is squatting.

Also, is it so wrong for me to select the UID Ferrari because I'm a Ferrari owner and enthusiast? I would hope CmdrTaco would side with the users if Ferrari & Farber ever wanted to start spamming us with threads about their latest cars and pans.

[c]omputer science can be fun.

You seriously need to read Reflections on Trusting Trust, by Ken Thompson, one of the founders of Unix:

http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

Watch Mark Kryder's CMU seminar from last year at http://www.ece.cmu.edu/news/seminar/2007/fall/kryder_11_29_07.asx.

Like Peak Oil, it's about diminishing returns and commercial viability.

I have my doubts about your statement. See the following paper:

http://reports-archive.adm.cs.cmu.edu/anon/2003/CMU-CS-03-119.pdf

I wrote about this earlier:

http://yro.slashdot.org/comments.pl?sid=321921&cid=20915905

Even if the current systems aren't capable of providing good image recognition from security cameras, it seems to be mainly an image processing challenge to make it work.

Notice how the first link explains that pixelisation isn't effective at thwarting facial recognition. The paper I mentioned last in the thread discusses methods of improving resolution of video sequences.

That view angle problem of yours seems to be a major issue though.

Why buy it when you can build it? Oh yeah, the brain of the unit is a Qwerk which means you can really hack it to respond to all sorts of things.

UC Davis Cyrus Incident September 2007

you're a bit late, it's been done already, but with a wii remote. http://www.cs.cmu.edu/~johnny/projects/wii/

Until this fall, our university was maintaining one of, if not the largest, Cyrus mail system in the world. Over 50,000 mailboxes generating an average of 4,000,000 transactions a day (peaking at 5,000,000), hosted on a cluster of SunFire servers and StorEdge/StorageTek SAN. In-house, open-source...sounds great, right?

This year we estimated the cost of increasing our default inbox quota from a paltry 60 MB to 1 GB (a long-overdue upgrade). The total came in at about US$500,000, which is fiscally untenable at this point.

Then we were hit by a previously unknown ZFS bug that crippled mail delivery for almost a week while we worked with Carnegie Mellon, Sun and consultants trying to figure out why our system wasn't scaling properly.

We realized that sometimes outsourcing is the best alternative, no matter what in-house resources or requirements exist.

We just launched Google-hosted email for all students, which is projected to save $250,000 annually (or more if TCO is considered).

It was fun being the guinea-pig for scaling up Cyrus, but by partnering with Google we can deliver more reliable, larger inboxes and save money instead of spending it. DIY "let the CS department handle it" philosophies are great, but not always the best plan. Even for email, outsourcing can sometimes be the best option, not a cop out.

Self signed certs can not be authenticated.

Do you know what the "fingerprint" of a cert is?

I really wish you people would stop whining about how Firefox alerts on self signed certs. EVERY browser does, FOR A REASON.

And that reason is STUPID, because plain http is always at least as insecure.

An unvalidated self signed certificate will just require a different approach to evesdropping

[emphasis added] There are ways that self-signed certificates can be validated, do you know what "out-of-band" communication is? This can even be automated, if you're willing to reduce your security to only a little bit better than the current CA system.

EXACTLY! With a self-signed certificate, there's no indication that a man in the middle attack is taking place.

SSL without a trusted certificate provides NO additional security over communicating in the clear. AT ALL.

Self-signed != untrusted, and CA-signed may not always = trusted. Why do people always seem to just assume that CA-signed/self-signed are equivalent to trusted/untrusted?

There are ways to verify certs other than having a site- (or attacker-) chosen CA sign them. For example, the Perspectives firefox extension relies on "you can't fool all of the people all of the time" rather than the "you can't fool any of these people ever" that the CA system relies on. And it works regardless of whether a cert is self-signed.

And it's Carnegie Mellon that's putting up the money, and who were (apparently) providing support for the original project.

Carnegie Mellon is not the Mellon Foundation. The Mellon is the same (Andrew), but other than that the two are unrelated.

Not really - first of all, it's harder to OCR them, since reCAPTCHA words are chosen from a set that already failed OCR'ing once. Second, if reCAPTCHA starts seeing way too many guessing attempts from the same IP address (or block of them), it eventually will start handing out entire sentences to OCR. :-)

Their recent article in Science about reCAPTCHA is pretty cool.

I've worked with a similar organization at a US university.

The university provides students with email, personal web hosting, and wireless internet access. We provide web hosting for student organizations and alumni (mainly wikis), mailing lists, nntp service, a jabber server, and local mirrors of useful things (kernel.org, gnu.org). Far from being obsolete, we are often asked to do more, but we lack enough people to maintain things.

One of the other things we have started doing is collecting old computers and video games and making presentations on the history of computing. These events seem to be fairly popular. We also help people out with common tech questions, etc.

don't forget that MIT has had many more courses available for a good while now

MIT and CMU too.

Measuring just by number of courses offered is a bit bogus though; some courses are just a stack of lecture slides which, without seeing the lecture they go with, are a less informative than a library book (example).

I applaud the universities running these projects, it's all good stuff. All I'm saying is 'number of courses offered' isn't the only measure of success; making the material complete and comprehensible is important too!

Combining these 3D shutter based glasses with head tracking to change the point of view of the scene should help significantly. If done right you could probably hang from the ceiling and still have the scene look normal.

Here's some more info

You can watch at http://boom.aladdin.cs.cmu.edu/cgi-bin/ipaddy. (I'm "ttuttle".)

I've just found FoxBeacon. It's a student project at Carnegie Mellon. Navigation is broken on the website--not a good sign. Uses some simple heuristics that might be in AdblockPlus filters already.