Slashdot Mirror

jangobongo writes "A machine built by the Purdue Society of Professional Engineers employed an outer-space theme and used steps that incorporated a bouncing water balloon, a fireman action figure fleeing a fire and weights attached to a spinning bicycle wheel to win the 18th national Purdue Rube Goldberg Machine Contest. The winning machine told the story of rocket being launched. As the rocket traveled into space, a meteor hit Earth and started a fire. While the mock fire was put out, the rocket turned on the flashlight to shine back down on Earth. A short video clip can be seen here. The contest was filmed by the Game Show Network to be featured on the network's show, 'Games Across America,' at some future date."

jangobongo writes "A machine built by the Purdue Society of Professional Engineers employed an outer-space theme and used steps that incorporated a bouncing water balloon, a fireman action figure fleeing a fire and weights attached to a spinning bicycle wheel to win the 18th national Purdue Rube Goldberg Machine Contest. The winning machine told the story of rocket being launched. As the rocket traveled into space, a meteor hit Earth and started a fire. While the mock fire was put out, the rocket turned on the flashlight to shine back down on Earth. A short video clip can be seen here. The contest was filmed by the Game Show Network to be featured on the network's show, 'Games Across America,' at some future date."

cel4145 writes "The Professional Writing Program at Purdue University recently began the Open Source Development and Documentation Project (OSDDP) where students and instructors across multiple sections of business and technical writing are producing documentation for and about open source applications (see the press release or a mirror). The community and project are modeled after the open source development model and based on service learning principles. For example, students are already working on end user documentation and case study analysis for Drupal and market research and analysis for OpenOffice. Completed texts will be published using a Creative Commons license."

cel4145 writes "The Professional Writing Program at Purdue University recently began the Open Source Development and Documentation Project (OSDDP) where students and instructors across multiple sections of business and technical writing are producing documentation for and about open source applications (see the press release or a mirror). The community and project are modeled after the open source development model and based on service learning principles. For example, students are already working on end user documentation and case study analysis for Drupal and market research and analysis for OpenOffice. Completed texts will be published using a Creative Commons license."

An anonymous reader submits "From this article at Purdue News, 'Researchers at Purdue University have developed a method that will enable authorities to trace documents to specific printers, a technique law-enforcement agencies could use to investigate counterfeiting, forgeries and homeland security matters.' The neat thing is that they are exploiting the characteristics of the print process itself to identify the printer." <update> One of the folks e-mailed me to say that the HP LaserJet 9000dn was one of the big ones tested with.

mcc writes "PlanetGamecube is reporting the upcoming Nintendo DS handheld has been given a launch date of November 21st and a price of $150 ! It is also being reported that the Nintendo DS will ship with PictoChat (a sort of chat/whiteboard software) and some form of the Metroid Prime Hunters multiplayer FPS bundled in. A fact sheet is also available."

michaelpapet.com writes "Edward J. Delp, a researcher at Purdue University is working with Philips to make a monster 140" monitor using 4 projectors on a single screen. Article claims it would be good for National Security... I dunno, I see this being the only way to satisfy 'big screen envy.'"

Read on below for tonight's edition of Slashback, with followups to several previous Slashdot stories, including the Linux-in-Munich saga, Harlan Ellison's feud with AOL, Hotmail's response to the growing space for webmail, and more. Read on for the details.

Please don't link "here": case in point. Kent Brewster writes "As previously mentioned here(1), here(2), and here(3), national treasure Harlan Ellison has been fighting a drawn-out battle with AOL over alt.binaries.e-book. Looks like a settlement has been reached; details (such as they are) are on AOL."

Papa Legba adds a link to an informative page on the suit's progress, with lots of informative links.

The basement dwellers burrow deeper. kevin_conaway writes "Accoring to this article on Tech Target, the DNS outage at Akamai was caused by a massive DDOS attack on Akamai's servers. Akamai Technologies Inc. said a 'sophisticated, large-scale distributed denial of service attack' on its domain name service bogged down several of its clients' Web sites yesterday morning, and that it's investigating the incident with federal authorities."

Time to quit your Winin' marmoset writes "As a followup to this story, Dave Winer has posted information about transitioning weblogs.com sites. Rogers Cadenhead and Steve Kirks pitched in to help. The plan includes a 90-day free evaluation period, during which the affected users will be able to make local copies of their data, sign up for paid hosting, or move to another hosting solution."

Pay up, Pal. ack154 writes "Following up from a previous slashdot story, PayPal may have reached a preliminary settlement in the class action lawsuit brought against them in 2002. The lawsuit was regarding the freezing of suspected fraud accounts and communication of limits on accounts. Limited details are available right now, but the eBay announcement states that anyone who signed up for a PayPal account between Oct 1999 and Jan 2004 may be eligible."

Forkenbrock points to this USAToday today article which says that "Ebay's Paypal will pay a total of 9.25 million dollars to its users (businesses and individuals)."

What about Java vs. T++? Stefan de Bruijn was one of several readers who reacted to the benchmarks cited in the Slashdot post titled 'Java faster than C++'.

He writes "I took the liberty to re-write a major piece of the C++ part of the benchmark. Furthermore, the Intel compiler has been tested as well. The Java code was assumed 'correct.'

The results are quite different than the former posting. Here, C++ appears to be a winner for the vast majority of programs; where Java scored better with (recursive) algorithms and the use of file IO (where it must be remarked that the C++ code uses iostreams)." joekaylor writes "I did a similar study 6-months ago to the study sited recently here on Slashdot, and I did it with java jdk 1.4.x. Java performance has been underestimated for QUITE some time. It's not the best tool every time, but it is not considered often enough and for the wrong reasons."

And an anonymous reader writes "This article by USC graphics researchers surveys a number of good (mostly numeric) benchmarks and then explains the theory of why maybe java should be faster than C++. It also raises the (unanswered) question of why geeks (ostensibly intelligent and scientifically-minded people) continue to believe some ideas (for example, 'garbage collection is slow') despite strong evidence to the contrary that has been available for many years."

Well, it's sort of like a gigabyte. helloanand writes "So, a day after yahoo relaunched their email service with 100 MB space, hotmail also expanded their offering to 25 MB. Just logged into my hotmail account and saw the space bumped up. The thing that I noticed is that MSN/Hotmail didn't make a big splash about it. Its actually a good thing for the users. Gmail started this trend by coming up with 1 GB (yes! gigabyte) worth of space. Then yahoo joined the party with their own 100 MB version and now the latest to join in bill gates & co (aka MSN Hotmail). Lets see what other changes does Gmail stimulate to the email service. Also the thing to note is that Google's gmail is being closely observed by the established players like MSN and Yahoo."

Each city represents a star system; players alternate by country. Wudbaer writes "The Munich city council has finally OK'ed the multi-step 30 Million Euro project to migrate the Munich city council to Linux, as heise news reports (German text). The planned high-profile migration of the administration of one of the largest cities in Germany has already created a lot of interest both in pro and anti-OSS camps, and was rumored to have run into substantial problems at the beginning of the year which might have endangered the council's final OK for the project. But now apparently the road is open for the project. Go Tux !"

Marcus links to this announcement on the city government's web page, and suggests that you put it through Google.

securitas writes "Hot on the heels of Munich's decision to go with Linux, the City of Bergen, Norway will replace its Unix and Windows core infrastructure with SUSE Linux Enterprise Server 8. The second part of the implementation will migrate the city's educational network - with 100 schools and 32,000 users - from 100 Windows application servers to 20 Linux IBM eServer BladeCenters. Bergen is Norway's second-largest city. ZDNet UK's Michael Parsons discusses the choice in an interview with Bergen CTO Ole Bjoern Tuftedal."

Making less of a mess. HishamMuhammad writes "The GoboLinux story featured recently on /. got the project some publicity, but again a number of misconceptions showed up, from people who think we are "just another user-friendly distro", because of our verbose pathnames like /System/Settings. Here is an article I wrote in order to explain the principles behind the design of GoboLinux (also in PDF), which tells our side of the story."

Read on below for tonight's edition of Slashback, with followups to several previous Slashdot stories, including the Linux-in-Munich saga, Harlan Ellison's feud with AOL, Hotmail's response to the growing space for webmail, and more. Read on for the details.

Please don't link "here": case in point. Kent Brewster writes "As previously mentioned here(1), here(2), and here(3), national treasure Harlan Ellison has been fighting a drawn-out battle with AOL over alt.binaries.e-book. Looks like a settlement has been reached; details (such as they are) are on AOL."

Papa Legba adds a link to an informative page on the suit's progress, with lots of informative links.

The basement dwellers burrow deeper. kevin_conaway writes "Accoring to this article on Tech Target, the DNS outage at Akamai was caused by a massive DDOS attack on Akamai's servers. Akamai Technologies Inc. said a 'sophisticated, large-scale distributed denial of service attack' on its domain name service bogged down several of its clients' Web sites yesterday morning, and that it's investigating the incident with federal authorities."

Time to quit your Winin' marmoset writes "As a followup to this story, Dave Winer has posted information about transitioning weblogs.com sites. Rogers Cadenhead and Steve Kirks pitched in to help. The plan includes a 90-day free evaluation period, during which the affected users will be able to make local copies of their data, sign up for paid hosting, or move to another hosting solution."

Pay up, Pal. ack154 writes "Following up from a previous slashdot story, PayPal may have reached a preliminary settlement in the class action lawsuit brought against them in 2002. The lawsuit was regarding the freezing of suspected fraud accounts and communication of limits on accounts. Limited details are available right now, but the eBay announcement states that anyone who signed up for a PayPal account between Oct 1999 and Jan 2004 may be eligible."

Forkenbrock points to this USAToday today article which says that "Ebay's Paypal will pay a total of 9.25 million dollars to its users (businesses and individuals)."

What about Java vs. T++? Stefan de Bruijn was one of several readers who reacted to the benchmarks cited in the Slashdot post titled 'Java faster than C++'.

He writes "I took the liberty to re-write a major piece of the C++ part of the benchmark. Furthermore, the Intel compiler has been tested as well. The Java code was assumed 'correct.'

The results are quite different than the former posting. Here, C++ appears to be a winner for the vast majority of programs; where Java scored better with (recursive) algorithms and the use of file IO (where it must be remarked that the C++ code uses iostreams)." joekaylor writes "I did a similar study 6-months ago to the study sited recently here on Slashdot, and I did it with java jdk 1.4.x. Java performance has been underestimated for QUITE some time. It's not the best tool every time, but it is not considered often enough and for the wrong reasons."

And an anonymous reader writes "This article by USC graphics researchers surveys a number of good (mostly numeric) benchmarks and then explains the theory of why maybe java should be faster than C++. It also raises the (unanswered) question of why geeks (ostensibly intelligent and scientifically-minded people) continue to believe some ideas (for example, 'garbage collection is slow') despite strong evidence to the contrary that has been available for many years."

Well, it's sort of like a gigabyte. helloanand writes "So, a day after yahoo relaunched their email service with 100 MB space, hotmail also expanded their offering to 25 MB. Just logged into my hotmail account and saw the space bumped up. The thing that I noticed is that MSN/Hotmail didn't make a big splash about it. Its actually a good thing for the users. Gmail started this trend by coming up with 1 GB (yes! gigabyte) worth of space. Then yahoo joined the party with their own 100 MB version and now the latest to join in bill gates & co (aka MSN Hotmail). Lets see what other changes does Gmail stimulate to the email service. Also the thing to note is that Google's gmail is being closely observed by the established players like MSN and Yahoo."

Each city represents a star system; players alternate by country. Wudbaer writes "The Munich city council has finally OK'ed the multi-step 30 Million Euro project to migrate the Munich city council to Linux, as heise news reports (German text). The planned high-profile migration of the administration of one of the largest cities in Germany has already created a lot of interest both in pro and anti-OSS camps, and was rumored to have run into substantial problems at the beginning of the year which might have endangered the council's final OK for the project. But now apparently the road is open for the project. Go Tux !"

Marcus links to this announcement on the city government's web page, and suggests that you put it through Google.

securitas writes "Hot on the heels of Munich's decision to go with Linux, the City of Bergen, Norway will replace its Unix and Windows core infrastructure with SUSE Linux Enterprise Server 8. The second part of the implementation will migrate the city's educational network - with 100 schools and 32,000 users - from 100 Windows application servers to 20 Linux IBM eServer BladeCenters. Bergen is Norway's second-largest city. ZDNet UK's Michael Parsons discusses the choice in an interview with Bergen CTO Ole Bjoern Tuftedal."

Making less of a mess. HishamMuhammad writes "The GoboLinux story featured recently on /. got the project some publicity, but again a number of misconceptions showed up, from people who think we are "just another user-friendly distro", because of our verbose pathnames like /System/Settings. Here is an article I wrote in order to explain the principles behind the design of GoboLinux (also in PDF), which tells our side of the story."

TheSync points to this press release about a Purdue University mathematician, Louis de Branges de Bourcia, who claims to have "proven the Riemann hypothesis, considered to be the greatest unsolved problem in mathematics. It states that all non-trivial zeros of the zeta function lie on the line 1/2 + it as t ranges over the real numbers. You can read his proof here. The Clay Mathematics Institute offers a $1 million prize to the first prover."

TheSync points to this press release about a Purdue University mathematician, Louis de Branges de Bourcia, who claims to have "proven the Riemann hypothesis, considered to be the greatest unsolved problem in mathematics. It states that all non-trivial zeros of the zeta function lie on the line 1/2 + it as t ranges over the real numbers. You can read his proof here. The Clay Mathematics Institute offers a $1 million prize to the first prover."

MuddyRiverDoc writes "National Public Radio aired a story describing ice cream manufacturer Ben & Jerry's sponsored development of a thermoacoustic refrigeration technology, which uses helium gas subjected to ultra-loud 173 db sound to chill an ice cream cooler. The NPR interview and pictures of the Penn State researchers who did the development is available. There is also a brief description of the technique at the Penn State Live site and at the BBC, and an over-cute Ben & Jerry's broadband presentation, Sounds Cool!, that does however provide a useful diagram. Thermoacoustic refrigeration has been a focus of research for more than a decade at Purdue and elsewhere, and has reportedly flown on the Space Shuttle, but this prototype is reportedly the first that demonstrates the size, efficiency, and quiet operation that promises successful commercial introduction. Cool Sound Industries, Inc. is reportedly exclusively licensed for this thermoacoustic technology."

newdamage writes "Intel recently released it's ranking of The Most Unwired College Campuses and I was happy to see my school, Purdue, up there at #2. I can personally attest that my laptop w/ wireless card can be used over almost all of the main campus, and there's always a few people in lecture using laptops to access notes and take extra notes. Granted all I've found is that internet access in class just gives me a better way to not pay attention. What are other peoples' experiences with wireless access on their campus? Is there widespread coverage, and if so, does it help you get more school related work done by having your laptop connected where ever you are on campus?"

scubacuda writes "Dr. Eugene 'Spaf' Spafford, security expert and professor of Computer Science at Purdue University, talks with Greplaw about what drove him to the computer security field, what it's like to testify before the White House and Congressional committees on information security and public policy, and how legislating technology is 'bad law.' For you budding legal geeks interested in forensics, technology, law, and ethics, Spaf has provided a reading list."

scubacuda writes "Dr. Eugene 'Spaf' Spafford, security expert and professor of Computer Science at Purdue University, talks with Greplaw about what drove him to the computer security field, what it's like to testify before the White House and Congressional committees on information security and public policy, and how legislating technology is 'bad law.' For you budding legal geeks interested in forensics, technology, law, and ethics, Spaf has provided a reading list."

scubacuda writes "Dr. Eugene 'Spaf' Spafford, security expert and professor of Computer Science at Purdue University, talks with Greplaw about what drove him to the computer security field, what it's like to testify before the White House and Congressional committees on information security and public policy, and how legislating technology is 'bad law.' For you budding legal geeks interested in forensics, technology, law, and ethics, Spaf has provided a reading list."

Roland Piquepaille writes "Tired to type keywords in a general search engine to retrieve an image? A solution is in view. A specialized search engine developed by engineers at Purdue University allows users to draw a sketch of a part or to select one from a database. The system then returns parts having similar shapes. They call it shape searching. They think that companies having huge databases containing existing parts, such as in the automotive or the airline industries, will be able to save millions of dollars annually by saving up to 80 percent of the time necessary to search information on parts. This overview contains more details and an illustration of the searching process."

joelhayhurst writes "Mac OS X 10.3.3 is now available via Software Update. Full details are available on the Apple site - key enhancements include: 'Network volumes are now available in the Finder sidebar and Desktop for easier access... Improved file sharing and directory services for Mac (AFP), UNIX (NFS) and PC (SMB/CIFS) networks... Improved PostScript and USB printing... Updated Disk Utility, DVD Player, Image Capture, Mail and Safari applications... Additional support for FireWire and USB devices... Improved compatibility for third party applications... Previous standalone security updates and Bluetooth Update 1.5."

Brad Lucier writes "The San Jose Mercury News covers a report by the California Student Public Interest Research Group entitled "Ripoff 101" about the high, and increasing, cost of university textbooks. The story notes several practices that force students to buy new books instead of used and quotes yours truly about how universities are insulated from the costs of books. Is electronic textbook publishing the way to go?"

Roland Piquepaille writes "Everybody seems concerned these days by the risks associated with the use of nanotechnologies. So I'm pleased to report that Purdue engineers have proven that metal nano-bumps could improve artificial body parts, such as hips or knees. They based their theory on a simple fact. Surface bumps on conventional alloys used in prostheses are in the micron range, while they are ten times smaller in natural bones, around 100 nanometers. They thought a reduction of the size of these bumps in the prostheses would also reduce the risk of rejection by the body. They limited their experiments to petri dishes, but showed that adherence of new body cells to their new metal alloys was dramatically better than with existing alloys. Ssveral years will pass before improved artificial hips come to market. But the needs are growing. This overview contains more details and references."

An anonymous reader writes "Purdue University, with a $3.6 million gift from Sun Microsystems, is giving recycled PCs new life as a computer cluster that makes high-performance computing power available in undergraduate classes. 'Previously, my students could only do what I'd describe as 'proof' animations - small, low-resolution and not presentation quality,' [Professor Richard] Paul said. 'With access to this computing power, the students will be able to ship their software files of instructions to the Linux cluster, and it will come back in three or four hours with modeling, lighting and animation. Students will get to experience the whole thing in terms of scale and presence, and they can do longer animations.' More images of the current Linux cluster and other servers at Purdue are out there."

An anonymous reader writes "Purdue University, with a $3.6 million gift from Sun Microsystems, is giving recycled PCs new life as a computer cluster that makes high-performance computing power available in undergraduate classes. 'Previously, my students could only do what I'd describe as 'proof' animations - small, low-resolution and not presentation quality,' [Professor Richard] Paul said. 'With access to this computing power, the students will be able to ship their software files of instructions to the Linux cluster, and it will come back in three or four hours with modeling, lighting and animation. Students will get to experience the whole thing in terms of scale and presence, and they can do longer animations.' More images of the current Linux cluster and other servers at Purdue are out there."

An anonymous reader writes "Purdue University, with a $3.6 million gift from Sun Microsystems, is giving recycled PCs new life as a computer cluster that makes high-performance computing power available in undergraduate classes. 'Previously, my students could only do what I'd describe as 'proof' animations - small, low-resolution and not presentation quality,' [Professor Richard] Paul said. 'With access to this computing power, the students will be able to ship their software files of instructions to the Linux cluster, and it will come back in three or four hours with modeling, lighting and animation. Students will get to experience the whole thing in terms of scale and presence, and they can do longer animations.' More images of the current Linux cluster and other servers at Purdue are out there."

SparkyTWP writes "'The United States Copyright Office has ruled in favour of Static Control Components, of Sanford, N.C., saying that its microchips do not contravene the Digital Millennium Copyright Act.' This was in regard to SCC making microchips that imitated Lexmark's in remanufactured printer cartridges. It appears Lexmark won't be able to do anything about third-party cartridges."

bitkid writes "I recently run across techniques that can be used to watermark program code. While I yet have to see some source code for this to play with, the authors claim that the watermarks can be introduced into the source code and can be found in the compiled executable. My question for the slashdot-crowd is: Do you think free software (GPL or other viral licenses) should be watermarked? This could help to find GPL violations (think Everybuddy or Linksys) or can be used in court someday against the next SCO to prove authorship. What might be the ramifications of this?"

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

catfood writes "Ten years ago this evening, Usenet legend Gene Spafford posted his farewell to news.announce.newusers, news.misc, and a few other newsgroups. Among other things, spaf wrote: 'People don't seem to think before posting, they are purposely rude, they blatantly violate copyrights, they crosspost everywhere, use 20 line signature files, and do basically every other thing the postings (and common sense and common courtesy) advise not to. Regularly, there are postings of questions that can be answered by the newusers articles, clearly indicating that they aren't being read.' Speaking of his own post, spaf said, 'even if it is perceived as self-indulgent garbage, it will fit right in with the rest of the net.' Ten years later, we still have all of spaf's complaints plus mounting spammage just barely held in check by auto-canceling volunteers. Is Usenet still useful? Is it worth maintaining? I say yes, but I can feel spaf's pain. It may be too late now, but hey spaf: thanks."

catfood writes "Ten years ago this evening, Usenet legend Gene Spafford posted his farewell to news.announce.newusers, news.misc, and a few other newsgroups. Among other things, spaf wrote: 'People don't seem to think before posting, they are purposely rude, they blatantly violate copyrights, they crosspost everywhere, use 20 line signature files, and do basically every other thing the postings (and common sense and common courtesy) advise not to. Regularly, there are postings of questions that can be answered by the newusers articles, clearly indicating that they aren't being read.' Speaking of his own post, spaf said, 'even if it is perceived as self-indulgent garbage, it will fit right in with the rest of the net.' Ten years later, we still have all of spaf's complaints plus mounting spammage just barely held in check by auto-canceling volunteers. Is Usenet still useful? Is it worth maintaining? I say yes, but I can feel spaf's pain. It may be too late now, but hey spaf: thanks."

Makarand writes "Nature's timepiece, a two-sided cylindrical protein that tells cells when to grow and when to rest, has been identified according to these reports on MSNBC and on Purdue News. The protein directs 12-minute growth and rest cycles in living cells. Scientists at Purdue were able to confirm its function by first identifying the gene that produces this protein and then altering the protein to produce cycles of between 22 and 42 minutes. This discovery promises new insight into cellular activity such as cholesterol synthesis, respiration, heart rhythms, response to drugs, sleep and alertness. We may be able to improve our of methods of minimzing jet-lag and correcting sleep disorders."

An anonymous reader writes "This Stippling effort wins best paper at IEEE Boston conference. Could real time medical rendering be whizzier than Id?"

remora writes "Eugene Spafford[?] (of CERIAS, and co-author of "Practical Unix Security") has written an article for Information Security Magazine with eight of his predictions for the coming years in network security. He touches on subjects such as "Spam will grow as a problem" (obviously), to the "Greater emphasis on international cooperation and communication. Some of the article is fairly predictable, but it is still interesting to hear from one of the more experienced security people out there."

X43B asks: "I don't have a story associated with this but just a question. Does anyone know of any data logging software for the PocketPC? What I'm talking about is something analogous to Hyperterminal for windows. The data logging market for engineering instrumentation, especially with a premium on small size and weight, is relatively sparse. The hardware on PocketPCs seems ideal for this type of application. I'm looking for anything from proprietary software to open source, even perhaps the just a little direction of what to use to do this on my own (all I know is Fortran, C, and Matlab). Thanks!"

nealmcb writes "In a major report from the AAAS, Eugene Spafford, director of CERIAS, summarizes the many risks to our information infrastructure (viruses, bugs, single points of failure, etc.), their causes (explosive growth, primacy of time-to-market over quality, lack of support for basic information security research, etc.), and the negative effects of the DMCA, CBDTPA, and other corporate maneuvers."

nealmcb writes "In a major report from the AAAS, Eugene Spafford, director of CERIAS, summarizes the many risks to our information infrastructure (viruses, bugs, single points of failure, etc.), their causes (explosive growth, primacy of time-to-market over quality, lack of support for basic information security research, etc.), and the negative effects of the DMCA, CBDTPA, and other corporate maneuvers."

Dave Hansen, the IBM programmer who organized this interview (questions were posted on May 28), says, "Perhaps I didn't make this clear enough during the call for questions, but myself and my group are kernel programmers. But, we were able to dredge up some responses for answers that we couldn't do ourselves. We haven't been able to get an answer to the ViaVoice question yet, but if there is real interest, I'll make sure that we do get some kind of answer back to Slashdot. IBM Kernel Hackers:

A note: we answered these questions individually, but in the interests of Slashdot's disk space, we decided to coalesce the answers into a single, unified one. You might say we "became one voice". (the IBMers in the audience will get that one) These were edited by management, but they mostly corrected our spelling mistakes and cleaned up our dirty language :)

Remember, if you're interested in Linux on large systems or if you have more questions, be sure to check out the LSE site, find us on LKML, or look for us at OLS (we're giving lots of talks).

1) Multi-CPU Scalability
by morbid

Now that Linux has been ported to run on high-end machines under virtualization, when will we see a kernel tuned for (e.g.) scalability to 64-128 processors natively?

IBM Kernel Hackers:

Assuming you're talking about single systems running one instance of Linux, we are focusing on 8 way scalability this year, 16-32 scalability next year. After that, we'll do whatever the hardware people can produce ... there aren't many 64-128 processor systems around.

The open source community is tackling the complexities in getting multi-cpu systems to scale well, and with that understanding also comes a realization that sometimes entire subsystems are bottlenecks. Major rewrites of some of these are underway in 2.5 (not just by IBM people mind you). The scheduler is being wrestled to the ground, the I/O subsystem is being dissected, and virtual memory implementations are creating rhetoric worthy of the Cold War. All of these efforts have had contributions from IBM people in Beaverton and other parts of the Linux Technology Center.

2) OS Blending
by 2names

As Linux developers inside IBM, do you get to see the AIX source code? If you do, are you allowed to "steal" some ideas from AIX and implement them in Linux? If not, why not, and what's the IBM official line?

IBM Kernel Hackers:

First of all, before any of us were allowed to contribute to Linux, we were required to take an "Open Source Developers" class. This class gives us the guidelines we need to participate effectively in the open source community - both IBM guidelines and lessons learned about open source from others in IBM.

We are definitely not allowed to cut and paste proprietary code into any open source projects (or vice versa!). There is an IBM committee who can and do approve the release of IBM proprietary or patented technology, like RCU.

That covers "stealing" code, but what about ideas? We might talk to an AIX programmer and comment we're seeing performance issues in Linux in this area or that area and she tells us they discovered that they really needed to profile the network routines when they saw that. Having solved the problem once, our non-Linux peers can help steer us without spelling it out for us, allowing us to still develop solutions that can then be open sourced.

It's a fine line to walk, especially as an engineer who just wants the answer :)

3) The Open Source model
by larry bagina

IBM will be using linux to help sell their hardware. Other companies have tried this (VA Linux, which owns Slashdot, once had linux hackers on their payroll). Obviously, IBM's hardware is in a different league as an x86 clone, but do you have any thoughts on Open Source business models and their validity? Once the kernel is running smoothly, will you be disposable since the "Open Source community" can continue development for free?

IBM Kernel Hackers:

We think the Open Source business model is more than just valid, it is revolutionary. Linux has become a real "killer app"; the ability to run Linux on IBM hardware is increasingly high on customer's lists. Being able to run it doesn't really hurt AIX or VM, but not being able to run it would cost hardware sales.

As far as our disposability: don't get too concerned on our behalf, Linux will always have bugs and there will always be room for improvement.

4) Getting your changes accepted?
by korpiq

Is Linus accepting your changes well? How directly do you submit patches, and what are your experiences on the overall Linux kernel development style?

IBM Kernel Hackers:

Linus himself is wonderful about accepting patches on technical merit alone. He doesn't "grade" them differently if they come from ibm.com or mit.edu. We submit patches the exact same way that everyone else does: append the patch, mail to Linus and CC linux-kernel. If it's good, it gets in. If it sucks, you get flamed.

However, the submission process can be more complicated than first appears. Often, you need to figure out who is maintaining a particular area of code, followed by talking to them to gauge if someone else is already working on the same thing. Once you submit your code to them and the appropriate list, (isn't always lkml..) you may not get a response. This can be discouraging, but you have to find out why, or just simply resubmit, over and over and over. But, once you have a reputation, it does get easier to get quicker responses.

Sometimes it's frustrating when you've put a lot of effort into something that doesn't get accepted, but there's normally a good reason for it. Even work that doesn't get accepted can influence other people's thinking and development in the future. On the flip side you can also just point out problems and other people fix them for you, so in general you win more than you lose ;-)

5)linux on thinkpads
by Olinator

IMHO, IBM makes some of the best mobile hardware out there -- one of the professors I support raves about his ThinkPad 600, that went with him into the Israeli desert for several months and is still running strong, no service required -- but the linux support for that hardware has been, um, erratic at best. Yes, we've been occasionally been able to purchase the odd model with linux preinstalled (usually it's more expensive than the comparable model with MicroSoft preinstalled, grr) but an awful lot of the hardware (mini-pci modems, etc...) is rather difficult to drive with a penguin behind the wheel. Why does IBM's linux enthusiasm fade so quickly at the small (physical) end of the hardware scale? Is there momentum underway to change this?

IBM Kernel Hackers:

All of the people in our group and most in the LTC have Thinkpads for their daily development and run Linux on them (I'm writing this on one as I sit in my apartment). There may not be as much corporate support there as you want, but there is plenty of grass-roots support. We had to learn all the quirks to get Linux installed and get all of the little things working (just like you). I've always wished that we shared more of this information, but there are usually people who are farther ahead than we are. I've uploaded the meager information that we put together during a meeting once. If you're curious, take a look: http://www.sr71.net/slashdot/thinkpad/linux-desktop

People don't buy many small computers just because they will run Linux (the geek population just isn't that large). People do, however, blow large chunks of cash on big machines just to run Linux. Mom-and-Pop can almost always undercut IBM on prices for small machines, and geeks are thrifty. You don't have to sell many million dollar machines to justify being involved in Linux development.

6) Issues with middle management
by Consul

When you were starting out as a group, did you encounter a lot of friction and resistance from middle and/or upper management about your wanting to work on Open Source projects for IBM? If so, what did you do to overcome the objections and become the team you are now? I think the answer to this would help a lot of other people in other companies get mainstream acceptance of the idea of OSS in corporate environments.

IBM Kernel Hackers:

The management chain from engineer up to VP has been surprisingly a non-issue. We believe this is mostly because of the way the Linux Technology Center was founded. You might think the LTC evolved "up" from renegade engineers, but the truth is that our first Linux corporate strategy in 1998 called for the creation of a team, composed of some our best OS engineers, that would join the community to

1. Learn from doing,
2. Grow Linux skills
3. Give back to the community
4. Help make Linux better.

The LTC was founded then with full corporate backing already in place. Boring!! The early funding story for the LTC did involve renegade behavior and a table outside the BOFs at LinuxWorld in 1999, but that's a different story. Our director, Dan Frye, is owed much of the praise for the LTC's existence and smooth operation within IBM. The critical thing here is that engineers shouldn't be fighting corporate political battles, you need management that will go to bat for you on those issues (and win ;-)) We have that, and they do a good job of keeping that stuff off our backs. On the whole, our only work in this arena is to inform the management of what we need, and to feed them with the ammunition they need from a technical standpoint to fight these battles for us.

7) When do you estimate Linux can surpass Solaris?
by wytcld

Solaris 9 is getting great reviews. Between the strengths of the traditional open source community and IBM's resources, do you see a point in the next several years where you expect Linux to surpass Solaris in all of its core strengths? Or does Solaris have some unique values which will allow Sun to continue to position itself to advantage, at least for some applications? Please answer this as a technical rather than marketing question.

IBM Kernel Hackers:

We don't have a Solaris machines to back up any claim we may make, nor do we want to stir up another epic Linux on mainframe battle. It is safe to say, however, that today Linux/x86 is able to outperform¹ Solaris/Sparc in many areas that Sun has a long history of success. If your core business was threatened, wouldn't you make some serious changes?

¹ I know, I know, outperform is a very vague term. Just think price, performance, stability, etc...

8) OS/2 Developers
by reaper20

I'm one of the few people who really enjoyed the OS/2 desktop and its features. Have any of the former OS/2 developers been contributing to Linux?

Specifically, the user interface and accessibility people - OS/2 was very polished - does IBM see a benefit by offering this expertise to the GNOME/KDE projects?

If so, how does this tie into IBM's vision of Linux of the desktop, if you have one? :)

IBM Kernel Hackers:

Yes, there are a number of former OS/2 developers in the LTC including the majority of the teams working on: JFS, EVMS, and Print, as well individuals contributing in the areas of networking, security, RAS, performance and other projects. Remember, OS/2 had JFS support and EVMS supports the OS/2 partitioning scheme.

While IBM is not actively contributing code from the OS/2 user interface, we are supporting and sponsoring both the GNOME and the KDE projects through our involvement in the KDE League and the GNOME Foundation. And as you mentioned, we place a high level of importance on accessibility and so are participating in the community efforts in that area as well.

10) IA64
by sabre ...

Do you think that IPF64 line will see any kind of broad industry adoption? Will it become just like rest of the (non-embedded) processor architectures designed since the x86 -- constantly fighting for 5% of the market? Do you think the AMD Hammer architecture will be a meaningful player in the field?

IBM Kernel Hackers:

Quite possibly, never underestimate the importance of being able to run the huge installed base of ia32 apps natively, and at high speed. But IA64 has lots of industry backing as well. The good news is that Linux runs well on both, so we the community don't have to choose. The market will do that for us.

Additional questions and answers:

What features do you find linux most lacking in? (If we don't examine our weaknesses, we will be crippled)

Linux on the desktop still doesn't really cut it for some of us (though we do use it). Applications are not nearly as robust as they should be, and though we are perfectly capable of configuring X, we'd rather spend the time coding. Though it's fun to throw stones at Windows and the Linux OS is more stable than the Windows OS, as a whole desktop package with the apps, installation, usability and everything rolled together, Linux is not always preferable.

There are thorns in our side daily because of the lack of debugging and profiling ability in the kernel. We're always patching kernels for kernprof or lockmeter and porting them around to new kernel versions. Although Linus has pretty much said that debuggers are for sissies, the built-in facilities are much better than they were during the old days (think readprofile). So, there are advances being made.

...I'm not surprised that your responses have to be vetted by management. But, I'd love to know what guidelines IBM has for hackers' interaction with the rest of the GNU/Linux/Internet community. Are you allowed to criticize IBM management, or other IBM products, for example?

This is the Internet. We are hackers. Our management has been great allowing us to resolve many of our own problems involving certain email systems and desktop OS rules. Working in the kernel group of the LTC we have free reign to do our work on the kernel in the Open Source community.

There's no day-to-day vetting of anything we post or say, they trust us to be sensible. We would not say "IBM product X sucks, and you should buy competitor's product Y instead" in a public forum, but if we don't think something works well, I'm not going to endorse it either. We're engineers who get paid to work on Linux by IBM, not IBM corporate drones ;-)

From the brief bios, and Sequent pedigree, it looks like there is a lot of focus on high-end features like NUMA, async I/O and the like. Other commercial organizations, notably SGI, are also putting forth effort in those areas. There is actually quite a bit of overlap.

Since these are "open source" projects, do you collaborate with your traditional "enemies" such as SGI and Sun on Linux? What is your management's attitude toward that type of collaboration? If not, do you "look" at the work \ the others are doing in comparison to what you are doing?

We have been working smoothly with engineers from HP, Intel, SGI and many other companies through the Linux Scalability Effort Open Source Project. Whatever legal issues there might be within each company, it appears to me that the engineers who are working on open source are allowed to do their work with no problems. Hanna runs the bi-weekly LSE Conference Call and can say the biggest percentage of attendees are from either IBM, SGI or Intel every time. This is nice, but we want more members from the Open Source community to join: (http://lse.sf.net/mtg).

Management doesn't really care too much who actually writes the patch at the end of the day, they want to see Linux work well in their focus areas. Persuading other (external) developers of the correct approach or solution to a problem is just as important a part of our jobs as writing code.

Why isn't IBM making more of an effort to recruit developers directly from the Linux community, as opposed to hiring people who have very little if any working familiarity with the platform?

IBM has hired lots of existing Linux developers such as Rusty Russell, Greg Kroah-Hartman, and Ted Ts'o. There are also others that post to LKML and don't even use their IBM email addresses because they were firmly established community members (with those email addresses) before they were hired. We do have a site where you can view many of our patches, or a list of developers. Keep in mind that there are still developers who don't submit patches here.

What are your opinions regarding the shrinking number of women in the industry? (actually I believe the numbers are rising again in schools)

This is a tough field and many young women are discouraged from sticking it out through all of the math and science classes, as are many young men. Companies, like IBM, help by hiring bright women who move up the technical chain. This shows the less experienced that there is a future for women in engineering.

Shrinking? The numbers seem to be increasing based on what we see at work every day. IBM is active in programs that introduce young women to engineering in an attempt to get them interested in pursing careers in engineering. An example of these programs is Camp EXITE, check this site out for more info: http://www.ibm.com/ibm/ibmgives/grant/education/camp.shtml

An interesting interview regarding the number of women in industry is available at: http://www.nspe.org/etweb/16-02viewpoint.asp

Questions Rick Lindsley liked that didn't make the top 10, plus answers:

Best way into the Professional Linux world?

As many people here, I am a huge Linux fan, but I am so much so that I am trying to figure out how to get into the professional Linux world when I graduate.

I attend Clemson University and am in the Computer Information System (CS + business) program (and doubled in Political Science). My goal is to become a Linux sys admin, or perhaps some other Linux guru type job. The work that IBM is doing with Linux is also very appealing to me.

So, how did you get your job, and what would you recommend as the path to follow for us geeks just getting started in the professional world as to how to get into Linux? How can I become as entrenched with Linux as the professionals at IBM? I have had two internships (not with IBM, nor with Linux, but with other CS stuff), but how can I get an entry-level job in a Linux intensive environment like IBM? How can said job lead me into a career where I can be deeply involved in the Linux world?

Rick:

First: I've done recruiting at a "significant Big 10 university whose mascot's name is Bucky" so let me tell you what I look for in a college candidate.

Knowledgable -- your resume should reflect what you know, but don't puff it. Just because they make me dress up when I'm on campus doesn't mean I can't tell perl from shell scripting. Accentuate your strong points. You gain points for knowledge, but you lose them for lying or "overstating."

Communicative -- a person who cannot talk about what they know might as well know nothing. Seriously consider taking a public speaking course your junior or senior year. Also: it's ok to say "I don't know."

Grade point -- Personally, I really don't care so much about your GPA as you might think. Unfortunately, you will be judged by it by far too many people, right or wrong. So if you're not 3.9 or 4.0, you might be ready to spin it a bit. "Yes, it's 3.2, but I've buckled down and have 3.84 in the last three semesters." "Yes it's 3.1, but you'll note it's 3.6 on courses in my major." Don't get surreal but make that number say something good about you.

Work experience -- you get a big edge for doing something other than a teaching assistant. Internships, co-ops, and summer jobs can help you more than you think in the end.

Second, how did I get my job at IBM? Luck, in part. Right place, right time. Sometimes it really does work for you. Along with that luck, though, was the fact that I'd established a reputation as a smart coder and a fast learner. While I knew far less about Linux then than I know now, that reputation made managers believe that "coming up to speed" would not be a problem, and they judged right. Your reputation, as reported by your colleagues and not yourself, will be your greatest ally (or enemy.) This is never more true than in the Linux community.

Third, advancing? Once you get your foot in the door, work at interacting. Nobody really advances very far without interaction. At first this is with your cubie neighbor or office mate, but pretty soon it's chatting with people down the hall, and then in other projects. Eventually, you have opportunities to help organize informal seminars with the local user's group, and then it's helping out with conferences, and then you're writing papers, and chairing sessions, and before you know it you're standing puzzled in front of a thousand people, wondering how troubled their life must be that they would want to listen to <em>you</em> speak.

Dave Hansen's answer -

Purdue University's Computer Science program. I went to one of the CS job fairs where someone in the large IBM booth saw "Linux" on my resume. I handed my resume off, had a nice chat, and got a sit-down interview a couple of days later. That was followed soon by a plant trip and a job offer. The moral of the story: if you want a Linux job, put Linux on your resume! Make it bold. Make it half the page if that is really want you want to do. Most importantly, you have to learn to walk the walk before you can talk the talk. Engineers usually have better BS detectors than most people and you won't fool them for long.

Advancing - This is probably evident to anyone who has gone through an engineering program at a large school, but the most successful engineers are those who can teach others. You'll notice that there are lots of brilliant engineers and lots of teachers, but those who can do both are a rarity. Learn as much as you can from your colleagues then share as much as you can. The more people who know your name and come to you for help, the more visible you are. There is probably a fine line between getting noticed and being annoying and I have the feeling that a Slashdot interview may be WAY beyond the line :)

YourHero writes "Purdue researchers have come up with a new way to cool chips, in about 2 years. Just build a bunch of little piezoelectric fans (the waving kind, not the spinning kind). Since they don't spin, no bearings, less self-generated heat. Since they don't have magnets, no electromagnetic noise problems. And, of course, super-efficient. A press release and abstract for your reading pleasure. Formal presentation at THERMES 2002 Jan 15th."

YourHero writes "Purdue researchers have come up with a new way to cool chips, in about 2 years. Just build a bunch of little piezoelectric fans (the waving kind, not the spinning kind). Since they don't spin, no bearings, less self-generated heat. Since they don't have magnets, no electromagnetic noise problems. And, of course, super-efficient. A press release and abstract for your reading pleasure. Formal presentation at THERMES 2002 Jan 15th."

akiaki007 was among many who wrote in to say: "Check out this article on the New York Times (free reg, blah blah) site. The Feds have raided 27 cities in 21 states. Raid sites include MIT, UCLA, Purdue, Duke, UofO. Their main target was the group DrinkOrDie. 'This is a new frontier for crime,' Kenneth W. Dam, deputy secretary of the Treasury, said at a news briefing. 'The costs are enormous to both industry and consumers.' I better hide my burned Linux CD's. They might think it's some weird hacking tool."

Gregus writes "ScienceDaily reports that researchers at Purdue have used genetic algorithms to design optimal satellite constellation orbits that "engineers with years of aerospace experience were surprised by the higher performance offered by the unconventional design." The Purdue University release is here."

Brad Lucier writes "Macintouch is reporting (go down the page a bit) that Internet Explorer 5.1, which comes preinstalled on MacOS X 10.1, has a huge security hole---when it downloads arbitrary programs encoded in the Macintosh's standard BinHex (.hqx) format, it automatically executes them. " Well I guess thats one way to make Unix insecure. Can anyone actually confirm this since it looks kinda sketchy. I wonder what someone's rationale would be for that:"Oh this won't hurt anyone, and saving that extra 'OK' click will be great!".

purdue_thor writes: "After the devastating loss to Notre Dame in the Women's College Basketball Championship, numbers of Purdue students took to the streets and rioted. In their wake, there was an estimated $100,000 of damage done and a cloud of tear gas that covered several blocks. In an effort to bring those responsible to justice, the Purdue Police Department have posted images of the rioters on a website and offered up to $5,000 reward money. Check out the news release here."

But don't worry: "Those pictured on the Internet were among those who defied police orders to leave areas in which the destruction and vandalism were taking place." And the Dean of Students says: "We anticipate the images also will be of interest to parents and employers."

This is partly noteworthy because it seems to be becoming a standard operating procedure on campus these days. Anonymous, electronic ratting out, with a reward attached. Is that what students want to pay for? This is the downside (or is it an upside?) to having cameras everywhere; couple that with facial recognition and then try not to be nervous.

purdue_thor writes: "After the devastating loss to Notre Dame in the Women's College Basketball Championship, numbers of Purdue students took to the streets and rioted. In their wake, there was an estimated $100,000 of damage done and a cloud of tear gas that covered several blocks. In an effort to bring those responsible to justice, the Purdue Police Department have posted images of the rioters on a website and offered up to $5,000 reward money. Check out the news release here."

But don't worry: "Those pictured on the Internet were among those who defied police orders to leave areas in which the destruction and vandalism were taking place." And the Dean of Students says: "We anticipate the images also will be of interest to parents and employers."

This is partly noteworthy because it seems to be becoming a standard operating procedure on campus these days. Anonymous, electronic ratting out, with a reward attached. Is that what students want to pay for? This is the downside (or is it an upside?) to having cameras everywhere; couple that with facial recognition and then try not to be nervous.

purdue_thor writes: "After the devastating loss to Notre Dame in the Women's College Basketball Championship, numbers of Purdue students took to the streets and rioted. In their wake, there was an estimated $100,000 of damage done and a cloud of tear gas that covered several blocks. In an effort to bring those responsible to justice, the Purdue Police Department have posted images of the rioters on a website and offered up to $5,000 reward money. Check out the news release here."

But don't worry: "Those pictured on the Internet were among those who defied police orders to leave areas in which the destruction and vandalism were taking place." And the Dean of Students says: "We anticipate the images also will be of interest to parents and employers."

This is partly noteworthy because it seems to be becoming a standard operating procedure on campus these days. Anonymous, electronic ratting out, with a reward attached. Is that what students want to pay for? This is the downside (or is it an upside?) to having cameras everywhere; couple that with facial recognition and then try not to be nervous.

Slashback tonight with more on clockless computing; Benjamin Franklin on patents (!); and early notice to evacuate Zurich in advance of the ISWC Borg. (Read more below.)

I've broken two Timexes this month, this is just old hat now. Pete Brubaker writes: "A few days ago this story was posted to /. pointing to a NYTimes article about Sun's new asynchronous processor. The article, though informative, lacked detail. EE Times comes through and discusses this technology in quite a bit more detail."

If it won't fit in your overhead bin, it probably isn't wearable. If you were intrigued by the wearable computers mentioned in October, you can thankjoeboy4h for pointing out that "the 5th International Symposium on Wearable Computers will be in Zurich this October. Aside from being an excellent academic conference this is also the ultimate hack fest; lots of cool people all interested in hacking both hardware and software, most wearing their wearables, and some really incredible presentations. The call for papers is out now; it would be an excellent place for slashdoters to strut their stuff."

I hope they can webcast a stroll in the Alps with a well-outfitted wearables party ... now that would be a Linuxbierwanderung.

But for the record, would you say you're a "real American," Mr. Franklin? Ovidius writes "Need a historical precedent to argue in favor of open source and against the rash of insane technology patents? Tell people how Ben Franklin valued innovation over profits--in 1742 he not only published the details of his newly conceived Franklin Stove, but refused a patent on it on the principle that "as we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously."

Even when a London entrepreneur took out a patent on a poorly modified version of his stove, Franklin still did not pursue the matter, though maybe he would have if he had known where the use of patents in business would be headed 250 or so years later. The account is from chapter 10 of his Autobiography (which is available at the esteemed Project Gutenberg) :

In order of time, I should have mentioned before, that having, in 1742, invented an open stove for the better warming of rooms, and at the same time saving fuel, as the fresh air admitted was warmed in entering, I made a present of the model to Mr. Robert Grace, one of my early friends, who, having an iron-furnace, found the casting of the plates for these stoves a profitable thing, as they were growing in demand.

To promote that demand, I wrote and published a pamphlet, entitled "An Account of the new-invented Pennsylvania Fireplaces; wherein their Construction and Manner of Operation is particularly explained; their Advantages above every other Method of warming Rooms demonstrated; and all Objections that have been raised against the Use of them answered and obviated," etc.

This pamphlet had a good effect. Gov'r. Thomas was so pleas'd with the construction of this stove, as described in it, that he offered to give me a patent for the sole vending of them for a term of years; but I declin'd it from a principle which has ever weighed with me on such occasions, viz., That, as we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously.

An ironmonger in London however, assuming a good deal of my pamphlet, and working it up into his own, and making some small changes in the machine, which rather hurt its operation, got a patent for it there, and made, as I was told, a little fortune by it. And this is not the only instance of patents taken out for my inventions by others, tho' not always with the same success, which I never contested, as having no desire of profiting by patents myself, and hating disputes. The use of these fireplaces in very many houses, both of this and the neighbouring colonies, has been, and is, a great saving of wood to the inhabitants.

So who is more American, Ben Franklin or Bill Gates?"

Komi asks: "I am a senior EE student at Purdue, and in my design class we're making an mp3 player that can read from a hard disk. We're using an 8-bit microcontroller (Rabbit 2000), and I've read documentation on how to interface it with a 16-bit IDE interface (where you latch the upper bits and get those on the next cycle). So actually doing reads and writes shouldn't be a problem. My question is what file system should I use? I want to be able to copy the songs to the hard drive from a PC, then attach the drive to my player and have the player read it. I've read that the FAT system is a horror to use on a small micro, so I was wondering if I should use ext2 ^[?] or ext3 ^[?] . Or should I just stick to reading from CD's?"

Bates writes "In the New York Times (free reg required) there is an article telling about a gene in fruitflies that when disabled doubles the lifespan of the fruitfly. The gene has been affectionately nicknamed "I'm Not Dead Yet." The gene actually manipulates your metabolism by makeing it so the LESS of your food is converted into calories. The article speculates about the possibility of a pill for humans that will partialy disable the same gene in humans. Maybe someone will beat Methuselah sometime in the future."

Misch writes: "On September 22, the legislature of the state of California has passed a ban on the commercial distribution of lecture notes. Needless to say, there are going to be some definite free speech issues to be played out here. "This lecture is copyrighted by the Board of Regents of the State of California, and is intended for the sole use of a student sitting in the classroom. All images, sounds and ideas presented may not be re-used without the express written consent of Major League Baseball." Text of the bill here. And, of course, there's the people in favor of the ban."

Interestingly, part of the explanatory text of the bill points out that "[e]xisting case law provides that in the absence of evidence of agreement to the contrary, a teacher, rather than the institution for which he or she teaches, owns the common law copyright to his or her lectures." That does seem to make some sense, but are notes "the lecture"? If I draw a sketch of a painting, does the original artist own my sketch, too? (Or in this case, does the University of California?)

If "commericial" distribution is prohibited, what about non-commericial? If this spreads to Texas, I know a few businesses on Austin's Drag that would have to quickly rethink their operations. Absent rigorous NDAs, is it fair to restrict the information in a lecture? A video or audio recording is one thing, but notes are by their nature different from the original lecture. Sharing lecture notes is not akin to "sharing" term papers or stealing tests. Wouldn't this be akin to declaring that a reader is not allowed to summarize the content of a book he borrows from the library, or purchases outright?

Gnutella Gnotes, anyone?

Zanguinar asks: "Whatever happened with the privacy issues in IPv6? I recall there being a small uprising by privacy advocates and even this article on Slashdot. However, I don't recall ever hearing more about it. What has the response from IETF and IANA been? Did they do something about it, or just dismiss it as unimportant? I cannot find anything recent (i.e. in the past six months) regarding this. With the news that some companies may soon begin using IPv6, I'm a bit concerned..."

luddite writes: "Two guys at Purdue University have assmbled a FreeBSD based cluster built cheap - very cheap. With under $2500 spent on the cluster, it's one sweet set-up. Just shows that if you take the time and put some effort into something, money doesn't have to limit your resources! The site also goes into some detail about what the cluster is made of, where they found the parts, how it's been configured, and what they plan to use it for."

luddite writes: "Two guys at Purdue University have assmbled a FreeBSD based cluster built cheap - very cheap. With under $2500 spent on the cluster, it's one sweet set-up. Just shows that if you take the time and put some effort into something, money doesn't have to limit your resources! The site also goes into some detail about what the cluster is made of, where they found the parts, how it's been configured, and what they plan to use it for."