Slashdot Mirror

I also know that many visually impaired people use Emacs Speak (which supports Aural Style Sheets for web browsing)

Some sort of a sideline: Any idea if any software speech synths support aural CSS (emacspeak appears to be more suited for hardware devices)? All of the Linux TTS software seems to link to IBM ViaVoice which seems to be gone. I really love Festival (especially with OGI patch - the "mwm" is much clearer than Festival default sounds!) but Festival doesn't support aural CSS, just some markup called SABLE.

(I'm not blind, but reading looooong texts from display might make me one, and being an ecologically conscious wolf I elected not to print everything! =)

It's preposterous that we should be constantly victimized by stack-smashing attacks over and over and over to the end of time. Best cure would be languages and/or systems where this is not possible. The damn stack grows the wrong way! Why the @#&! can the data stack be executed anyway!?! The friggin' architecture needs to be overhauled. Not holding my breath, though.

We've had over 70,000 unique players in the past 3 months on our Counter-Strike server.
http://www.mshmro.com/hlstats/hlstats.php

We even wrote a paper about it.
http://www.cse.ogi.edu/sysl/projects/cstrike

Send it into the building to disable the honeypot laptop.... It can use its onboard signal strength meter to search for it and then with some onboard weapons in the Mark II version (remember its a DARPA project....) BOOM!! no more honeypot...

I know it looks more like an rc truck, but with a name like "Timbot", I just picture a wheel-chair-looking robot bumping into walls all the time shouting "Timmay! ... Timmay!"

No. You will see.

You were right.
I was wrong.

The better algorithm (not language) won.

Shamefull vanity, but I'd like to know how I did.
Radical Too (runner-up) was kind enough to post their source (after the competition is over, there isn't much reason not to).

But what about me (Aqua Team Hunger Farce)?

Links to source/explanations of many entries can be found on the ICFP site Here

My entry is listed as well. The order of listing is just when people submitted links to writeups, not the winning order.

162 total entries.

Java 24 C++ 17 C 15 Perl 10 Python 10 ocaml 6 Haskell 5 Common Lisp 4 Python 2.2 4 OCaml 3 Objective Caml 3 Mercury 2 Ocaml 2 Ocaml (3.04) 2 PLT Scheme 2 Ruby 2 Scheme 2 java 2 perl 2 ANSI-C 1 Ada 1 C++ (with boost) 1 C++ STL 1 C++, InteLib Lisp 1 C++/C 1 C, pure C 1 C, raw C 1 Cobol 4ever! (hehe, no... it's C, which I bet you don't think is much better) 1 Delphi (Object Pascal) 1 Delphi (Object Pascal), IDE Kylix 1 Dylan 1 Erlang 1 Forth 1 Gwydion Dylan 1 Haskell (with GHC extensions) 1 Haskell and C 1 Haskell with GHC extensions 1 Haskell, C 1 Haskell, C++ 1 Icon 1 Java (1.4.0) 1 Java 1.4 1 Mercury (with some C, see README) 1 Microsoft Visual C++ 1 O'Caml 1 OCaml 3 1 Objective-Caml 1 Prolog 1 Python, requires python 2 1 Python, with a bit of C 1 Python2.2 1 Rice PLT v202 1 Ruby, C 1 SML 1 Scheme (MzScheme 202) 1 Scheme (and a bit of C for an X11 interface) 1 Vanilla C (plus my personal toolbox) 1 Vanilla C (with my personal toolbox) 1 VisualAge Smalltalk 1 c++ 1 erlang 1 ocaml 3.06 1 pure python 1 python 1

See, several years ago, Apple used Sagan as a codename for one of their prototype systems, after the well-known astronomer Carl Sagan. After they got sued for using the namee without his permission, engineers started calling their prototype BHA instead -- as in, "Butt Head Astronomer". :-)

I like the way the Sumi people are tweaking Apple back now... :-)

Actually, according the FAQ, there will be one soon:

Q1: Will a test server be available?
A: Yes, stay tuned...

It's RoboRally, published by WOTC. See here for an explanation of the rules, and compare to the ICFP rules here. Personally, I think RoboRally is more fun.

The Task is to implement a program that acts as a player in a multi-player robot game. Contributed programs will play against each other in a tournament.

Sounds a lot like IBM's Robocode for teaching Java.

Software
The following programming language implementations are available on the machine:

* Assemblers (gas 2.10.91, nasm 0.98.22)
* C, C++, chill, objective C (gcc 2.96)
<snip>
* PostScript (ghostscript-6.52)

First, computer-generated singing from MIDI files can be done better. Listen to Festival Singer, from the Oregon Graduate University of Science and Technology, which is in turn based on a speech system from the University of Edinburgh. It's still not that great, but progress is being made. They're approaching the garage-band level.

More components are needed to make computer-generated music more human-like. Some of that work has been done. The Media Lab system for Expressive Performance Extraction takes in a MIDI file and an audio recording of piano music, and builds a model of the performer's expression. This model can then be used with other MIDI files to mimic the specific pianist.

The next big step is to do that for singers.

The goal is to have a system where you put in a MIDI file, lyrics, performer and singer models, and push start. Out comes a performance that sounds like a good backup band.

Because the music industry likes to have the option to replace performers, copyright law doesn't prevent doing this on popular music. You only have to pay a modest statutory royalty to the original songwriter.

Once this works, it could make a real dent in the music industry. Performers could go the way of orators. People would still go to live performances, but we could dispense with much of the recorded music industry.

Currently, there are two versions of Lava in use. One, Chalmers-Lava, developed at Chalmers University of Technology in Sweden, is mainly aimed at interfacing to automatic formal hardware verification tools. The other, Xilinx-Lava, developed at Xilinx Inc., is aimed at generating configurations for Xilinx' FPGAs. We hope to merge these two version soon.

The first step was MIDI - a score goes in, and music comes out. No musicians required. It doesn't sound all that great; we need smarter performance generators. There's research underway on this.

Next step is to eliminate singers. Voice synthesizers exist now, and there are ones that will accept a MIDI track as prosody. Again, this needs to get better.

The best part of this is that there is a compulsory license and statutory royalty rates for this, so the record companies can't say no. The current royalty rate is is $0.0755 per song plus $0.0145 for each additional minute after the first five. Per copy.

It's coming. Click here for examples. Even runs on Linux.

Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase

Then you go to teach, and the top few students seem pretty decent (they're much like you) and the rest of the class seems to suck. Well, no. The rest of the class sucks as much as they ever did, only now you have to notice, because you're grading all the papers, instead of hanging out with the leet geek types.

Crispin
----
Crispin Cowan, Ph.D
Research Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
----
Research Assistant Professor of Computer Science
Oregon Graduate Institute

Then you go to teach, and the top few students seem pretty decent (they're much like you) and the rest of the class seems to suck. Well, no. The rest of the class sucks as much as they ever did, only now you have to notice, because you're grading all the papers, instead of hanging out with the leet geek types.

Crispin
----
Crispin Cowan, Ph.D
Research Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
----
Research Assistant Professor of Computer Science
Oregon Graduate Institute

What happens is at a great school, you have a strong student body. This lets the faculty run the program at a high level (teach fast, advanced content, etc.). This attracts even stronger students, forming a positive feedback loop.

At a not so great school, the students are relatively weak. This forces the faculty to teach slowly, remedial content, etc. Students may also be looking for that "quick fix carreer change", which means teaching technology (Java, JDBC, VB) instead of fundamental concepts (algorithms, data structures, abstraction). This in turn attracts more of the weaker students, forming a negative feedback loop.

So if you're hot stuff, go to a hot school. When the assignments are hard, don't be surprised. If you're more into a slack lifestyle, go to a lesser school.

Of course, teaching quality does vary. But contrary to what some other posters have said, teaching quality is not the inverse of research quality. Some research-oriented faculty are too busy to spend time on their students, while others are also truly great teachers. At small colleges, some faculty are there because they truly love to teach and are great at it, and some are there because they are lamers and a Moo U appointment is the best faculty job they could get. But my basic observation is that these variations are minor compared to the student body feedback effect.

----
Crispin Cowan, Ph.D
Research Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
----
Research Assistant Professor of Computer Science
Oregon Graduate Institute

What happens is at a great school, you have a strong student body. This lets the faculty run the program at a high level (teach fast, advanced content, etc.). This attracts even stronger students, forming a positive feedback loop.

At a not so great school, the students are relatively weak. This forces the faculty to teach slowly, remedial content, etc. Students may also be looking for that "quick fix carreer change", which means teaching technology (Java, JDBC, VB) instead of fundamental concepts (algorithms, data structures, abstraction). This in turn attracts more of the weaker students, forming a negative feedback loop.

So if you're hot stuff, go to a hot school. When the assignments are hard, don't be surprised. If you're more into a slack lifestyle, go to a lesser school.

Of course, teaching quality does vary. But contrary to what some other posters have said, teaching quality is not the inverse of research quality. Some research-oriented faculty are too busy to spend time on their students, while others are also truly great teachers. At small colleges, some faculty are there because they truly love to teach and are great at it, and some are there because they are lamers and a Moo U appointment is the best faculty job they could get. But my basic observation is that these variations are minor compared to the student body feedback effect.

----
Crispin Cowan, Ph.D
Research Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
----
Research Assistant Professor of Computer Science
Oregon Graduate Institute

What happens is at a great school, you have a strong student body. This lets the faculty run the program at a high level (teach fast, advanced content, etc.). This attracts even stronger students, forming a positive feedback loop.

At a not so great school, the students are relatively weak. This forces the faculty to teach slowly, remedial content, etc. Students may also be looking for that "quick fix carreer change", which means teaching technology (Java, JDBC, VB) instead of fundamental concepts (algorithms, data structures, abstraction). This in turn attracts more of the weaker students, forming a negative feedback loop.

So if you're hot stuff, go to a hot school. When the assignments are hard, don't be surprised. If you're more into a slack lifestyle, go to a lesser school.

Of course, teaching quality does vary. But contrary to what some other posters have said, teaching quality is not the inverse of research quality. Some research-oriented faculty are too busy to spend time on their students, while others are also truly great teachers. At small colleges, some faculty are there because they truly love to teach and are great at it, and some are there because they are lamers and a Moo U appointment is the best faculty job they could get. But my basic observation is that these variations are minor compared to the student body feedback effect.

----
Crispin Cowan, Ph.D
Research Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
----
Research Assistant Professor of Computer Science
Oregon Graduate Institute

I am pretty sure that this is all still current - if you have a package that has been built as relocatable, you can specify a different database so that you can install stuff under /home/foo/bin...

Read up about it here among other pages. (This is the first one that I was able to find.)

Maybe we can simply automate the recording industry out of existence. There's a niche market for live performers, of course, but maybe recorded audio was just a 20th century fad.

This document, which is copyright 1993, describes a similar system. If nothing else, it may give you a starting point to talk to some people that developed similar applications prior to that one.

Java is (IMHO) the coolest popular language around, and the most popular cool language around. Before jumping on me with your favorite language, let me explain these terms:

• coolest: supporting the most wizzy features, e.g. type safety, distributed computing. Thus the list of "cool" languages is very, very large, and would include the likes of Java, Eiffel, Haskall, Scheme, ML, Hermes (my personal favorite) and the hundreds of others that the PL community has produced.
• popular: used by so many people that you can reasonably post a job ad seeking programmers with experience in that language and expect to get responses. Thus the list of "poplular" languages is relatively short. This list is nearly inclusive (I may have left out a few):
  • C/C++
  • Pascal
  • Java
  • VB (very popular, not so cool :-)
  • PERL (very popular, coolness hotly disputed)
  • Python ("popularity" getting marginal here)

Now, how did Java get to be so popular? I argue that it has nothing to do with how "cool" Java is. Java could be every bit as sucky as VB, and still be nearly where it is today. Java became popular through the networking effect of being first to enable animated web pages. Yep, that's right: dancing pigs.

If Java had come out three months after animated GIFs instead of three months before, then no one ever would have heard of it.

Topical flamebait: Yes, functional programming languages are obscure and impractical. They may be "cool", but because they are hard to understand without a degree in mathematics, they have zero chance of ever becomming "popular". You will continuously see FP showing up in niche markets where correctness matters, no matter what the cost, (e.g. verifying CPUs such as the AMD/ACL2 case mentioned elsewhere, or the Hawk project being used to verify Intel processors) but you won't see FP enter the mass programming market.

Crispin Cowan
-----
CTO, WireX Communications, Inc.
Immunix: Free, Hardened Linux Distribution

• Use StackGuard when you can, because it's safer:
• • Libsafe only protects selected library string functions, while StackGuard protects all potential sources of stack overflow.
  • Libsafe depends on the existance of the frame pointer in the stack frame to parse/detect the stack frame. Unfortunately, the frame pointer may not be there, either because of a compile option to remove it, or because the optimizer took it out.
• Use libsafe where you cannot use StackGuard. It's better than nothing, and it can protect closed-source apps where StackGuard cannot.

My further comment on libsafe: the paper that the authors will be presenting at USENIX in June presents two forms of defense ("library intercept" and binary-rewrite (BRW)) and only the library intercept appears to be embodied in the publicly available libsafe, which is why libsafe only protects against overflows that use particular string library functions.

The BRW method is a pseudo-compiler that can transform binaries into "safe" programs by transforming the binary. It copies program onto the heap, inserting checks as it goes. The copy-to-the-heap is to make space for the additional checks. I really like the BRW method, and hope it becomes available.

If my understanding is mistaken, and BRW is actually in the distributed libsafe, please correct me.

Crispin
-------
CTO, WireX Communciations, Inc.
Immunix: Free Hardened Linux

and

SecureLinux

The OGI CSLU (center for spoken language understanding) also has an open source toolkit and language resources, but their distribution mainly runs on Win32. Good stuff; they use Festival and the group there has made some excellent contributions.

Find it here in beta.

Even though it is still in beta, it is already being used as a foundation for things like GVoice.

You make a very, very good point. Isn't there a way the Linux and *BSD kernel could be patched to disallow execution from a stack? I know there's plenty of memory protection and such in there, so can't we put in one more layer of protection?

So, let's just change chips. :-) Of course, that's hardly enough. Can't we clear up a lot of these exploits by fixing the stack? The answer is yes, we could clear up a lot of them. But that sadly, it's not going to cure the class of problem completely.

Why should stack and data pages be executable? Why are any pages that are executable also writable? Well, there are a couple reasons for that. Certainly it hasn't always been that way. But the signal trampoline code from gcc(1) makes this very attractive, and it's a bit annoying to change. You still have to deal with issues of mmap(2), which can ask for pages with any access bits it cares for.

And let's not pretend please that C is the issue here. It's not. You're diddling the instruction set. I don't care if you used a Pascal compiler. You could still diddle it. Then again, there's something to be said for having a cleaner library. See the end of this missive for a simple, elegant, and effective approach to one class of these problems in C by someone famously inclined toward the simple and elegant.

What I strongly suggest that anyone interested in this do is read existing literature on this. Yes, it's work, but it's really, really good for you. Start with the paper StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. And yes, the buffer overrun in the version of Perl referenced by this paper has long since been fixed. But then read about how to defeat this. You can also check out disabling an executable stack on Solaris, and why this isn't a cure-all.

Even with a non-executable stack, you can still be bitten. Several such exploits have appeared on bugtrak. Here's one. The short explanation for why this isn't a panacea is that if I push a pointer to "/bin/sh" and a (char *)0 on the stack in a place right before an system(3) (well, or or execl(3) or execve(2) or whatever) then it'll still suck to be you. Notice I haven't executed any code that I put on the stack. I just managed to change some of the arguments to existing calls.

Let me put up a copy of some mail from Ted T'so, who said it well:

Well with a non-executable stack most security conscious system administrators will sleep better :) I can guarantee that. (Not too much better as holes always exist but quite a lot).

The advantage of the patch is that it will stop the current set of attacks that take the form of "find buffer overrun in a program", followed by "apply standard toolkit to exploit buffer overrun by putting executable code on the stack".

The disadvantage of the patch is that after we apply, within a few months we will see a new toolkit of the form "corrupt the stack to point the return address into someplace entertaining in libc --- like right before an an execl call in the implementation of popen()."

The danger is people thinking that with this patch, they don't need to worry about finding and fixing buffer overrun bugs in their code....

Here's the promised gem of insight from Dennis:

> ..... If most implementers will ship gets() anyway,
> there's little practical effect to eliminating it from the Standard.

On the other hand, we removed it from our library about a week after the Internet worm. Of course, some couldn't afford to do that.

Dennis

Look here. Cool stuff. You just have to associate more info with each word (its semantic type(s), in addition to its syntactic type(s)).

You could also try using StackGuard to make your daemons more secure; it looks quite cool.

http://www.cse.ogi.edu/~dylan/dvor ak/dvorak.html
http://www.ccsi.com/~mbrooks/dvorak/
Many more, I'm just to lazy. Use altavista '+dvorak +keyboard'.

This site has information on changing your keyboard to Dvorak with software. It has information for remaping many different platforms including X mappings & windows Software.

I have seen Dvorak keyboards that you can plug in in the place of a normal PC keyboard. For a tech this would solve all but the most obscure problems since you could take your keyboard with you everywhere.

I personally think the key advantage is probalby comfort more than speed. With the dvorak keyboard, you use your weak fingers much less often.

I wonder how it would effect CTS. My guess is that that it would be a wash with the increase in speed canceling the decreased use of weak fingers.

http://cslu.cse.ogi.edu/

The license for this project is not exactly "Open Source", but it is free for educational institutions. The neural net takes as input 5 LPC constants and has as output biphones (hundreds of them.) It's written in C. You can download it, play with it, and learn stuff. The license for commercial use requires payment.

I actually tried to make modifications to it in a class, but due to time constraints and lack of documentation I was unable to finish my changes. I think I made an A anyway and I learned a good deal about AI.

On the contrary, Mr. Katz. I'd like to offer the view that "The Phantom Menace" is nothing other than the biggest independent film ever made. Note that Lucas personally put up the $115 million to make the film: no studio money. This gave Lucas complete artistic freedom to do whatever he wanted. This is normall the realm of art/independent film makers, people too independent to tow to the studio line. Lucas is so wealthy from his success that he can afford to blow off the studios, and make exactly what he wants.

Look at this as a brave new experiment in film: the very first time that 9 digits of money was spent on a film totally under the control of an imaginative film maker, instead of a gang of bankers and focus groups.

I am impressed with Festival. RedHat RPMs and Debian packages are available.

It comes with several British voice. Several American, a Mexican Spanish and a German voice are available from Oregon Graduate Institue.

Call me a nerd but I like to hear the original voices quotes my favorite lines from Monty Python.

Check out http://www.cse.ogi.edu/~bart/billg.html 10,000 murders a year, not even including boot time.