Slashdot Mirror

Perhaps by using this: http://tx.technion.ac.il/~zvik...
Also, by drawing it in a drawing program and saving it as an image (http://scienceworld.wolfram.com/physics/fimg88.gif).

Note: I am a scientist and use PowerPoint daily. There is a place for each goal:
Giving a scientific talk at a conference (20 minute presentation, 10 minute Q/A) - PowerPoint
Giving a project/program briefing of monthly activity - PowerPoint
Giving a classroom presentation - PowerPoint

It is a good format for one-way presenting. It is not a substitute for dialogue, decision making, collaborative pro/con analysis, or documentation. There are other solutions for that (whiteboard, whiteboard-handout combo, briefing-whiteboard combo, whitepaper, respectively).

These aren't even proper diamonds. Apparently, it's some strange combination of a regular diamond structure with that of lonsdalite. It has some very neat properties from industrial use perspective (up to twice the hardness of regular diamonds - think about what that means for tools), but it's not exactly "shiny".

Not to detract from your Big Blue commercial.My fly by night Pavilion laptop runs Ubuntu Studio slickly. My experience with Ubuntu forums is excellent. Debian, from which Ubuntu springeth, hath billions in dollars in people time, coding,hacking and sundry work. We could put out a commercial for any linux and laptop for any number of reasons.

            My advice is research some laptops over at http://www.linux-laptop.net/ and get a feel for what you like/can afford, then find a linux that suits your needs. http://www.livecdlist.com/ is a fun easy way to browse/test/fondle various distros before commiting to tweaking an install. Tests your hardware pretty fair, but to their credit most drivers not included in a distro can be downloaded and compiled if you just gotta have a certain distro.
http://linmodems.technion.ac.il/compiling.html should take some mystification out of it if you need it.

          If you really wanna do the linux/bsd/*nix lifestyle, poking around, customizing, tweaking are all part of it. Support is netwide anytime.

Wasn't the first HDR video camera back in 1993? Granted, they called it Adaptive Sensitivity back then.

Not only is there lots of research being done about copper replacing aluminum, but this particular scientist has done some himself.

His faculty page
Stuff his group has done regarding copper

Although it looks like he has done stuff to do with corrosion, most of this is over my head... go go Physics Nerds!

Not only is there lots of research being done about copper replacing aluminum, but this particular scientist has done some himself.

His faculty page
Stuff his group has done regarding copper

Although it looks like he has done stuff to do with corrosion, most of this is over my head... go go Physics Nerds!

http://www.haaretz.com/hasen/spages/875277.html http://t3.technion.ac.il/more_details.php?id=76

http://www.scitech.technion.ac.il/index1024.html
http://www.weizmann.ac.il/zemed/english/float.php?page_name=float&cat=256&incat= (I participated in this, good program, but for graduating seniors only)

GSM is the most sophisticated communications protocol that I have ever seen. I have read the standard (dispite getting a headache in 5 minutes) and it is totally locked down using encryption, session keys, etc.

I am shocked to see this statement so highly moderated ! You are obviously not qualified to comment on the GSM standard. GSM is riddled with flaws and makes use of particularly weak ciphers that are known to be so poorly designed that communications can be decrypted in a few seconds with a stantard PC.

Well, that's not really hard; however it doesn't look so nice if you view it from another angle.

The Technion IIT (Closest thing to MIT we have in Israel) has a course which is essentially what was described: http://webcourse.cs.technion.ac.il/234321 (Much of the informaton will be in Hebrew) The course grade is 50% a project and 50% a final test. The project includes simulated 'client meetings' (with the TAs), building a requirements document (and meeting with the 'client' again to review these requirements), modeling the application in (eww) UML, and implementing it with tests - all of these are given approximately equal weight in grading. Project is submitted in parts, so if there's something wrong with the spec you've devised - you will be corrected so you don't get screwed later on. Project is done in groups of four. Note: I absolutely despised this course.

As a small semestrial academic project, I worked on a different kind of mapping project which uses a large number of very simple (and cheap) robots instead of a small number of expensive robots like in this article.

Each robot is aware of its location through odometry (measuring the distance traveled by both the of the bot's wheels) and collision detection using, in our case, a rotating straw due to the fact we were limited to Lego Mindstorms.
Using odometry inserts a lot of error to the calculations. To counter these errors, the robots communicate over a short distance (touching distance) and average their expected location and heading.

In theory, and simulation, the algorithm proved very successful. Especially for a large number of agents.
In practice the errors were too large compared to the very small number of agents (4) we had at our disposal.

The project page.
And the simulation applet, written with NetLogo.

I wonder if they use such averaging algorithms with these robots aswell.

As a small semestrial academic project, I worked on a different kind of mapping project which uses a large number of very simple (and cheap) robots instead of a small number of expensive robots like in this article.

Each robot is aware of its location through odometry (measuring the distance traveled by both the of the bot's wheels) and collision detection using, in our case, a rotating straw due to the fact we were limited to Lego Mindstorms.
Using odometry inserts a lot of error to the calculations. To counter these errors, the robots communicate over a short distance (touching distance) and average their expected location and heading.

In theory, and simulation, the algorithm proved very successful. Especially for a large number of agents.
In practice the errors were too large compared to the very small number of agents (4) we had at our disposal.

The project page.
And the simulation applet, written with NetLogo.

I wonder if they use such averaging algorithms with these robots aswell.

Although most laptops today have builtin winmodems (with what would normally be hardware implemented in the software drivers themselves) that don't usually work with most linux distros out of the box, there is still support for winmodems running as "linmodems" avaliable. Using the "scanmodem" tool (http://linmodems.technion.ac.il/#scanmodemread more here) I quickly found out what drivers I required and installing them was a painless process.

In my university days, I've worked on a Multi Agent Robotic System (MARS) in which simple robots calculate their position using odometry and mark where they collided with obstacles, thus allowing for mapping of a given area. The interesting part was allowing the individual agents to communicate when they come close to each other and average their predicted positions and headings to compensate for the error in the odometry calculation.
In simulation it worked great (using netlogo), but in real life tests, using Lego Mindstorms, it failed miserably. Partly because the agents could only communicate when their InfraRed sensors were aligned. This required that the bots align themselves to face each other every time a collision was detected, seriously slowing down the operation and opening much more room for error. And also the the code is horrible :)
If we had these bluetooth enabled cores, we could have let them communicate much more easily and constantly instead of waiting for both bots to align, much like the simulation.
Project page here.

I think you'll find this interesting: http://www.cs.technion.ac.il/~gershon/EscherForRea l/

I believe Mandriva's Diskdrake is best for fast installs.The ability to save the package
list as perl script for sharing with new users is a great feature.
http://iew3.technion.ac.il/CC/Comp_news/Mandrake_s tarter/diskdrake.html

package_list.pl from a recent install. this allows installation in under 10 minutes.

# You should always check the syntax with 'perl -cw auto_inst.cfg.pl'
# before testing. To use it, boot with ``linux defcfg=floppy''
$o = {
              'default_packages' => [

        etc,etc
Debian and M$ XP both take 2 hours to install on same machine. As more places install
Linux , the economics of the fastest install will impress customers.

According to the Tiger home page, Tiger2 is just Tiger using the MD5/SHA padding method. It's probably done to make it a more convenient drop-in replacement, rather than for any security reasons.

...better use Tiger or Whirlpool (based on AES). AFAIK there are no known vulnerabilities or attacks for these two yet.

I think the big deal is that he did TCP/IP before anybody else. He was the first.

Since then there are all sorts of protocols that fix flaws in TCP/IP. There are even protocols implemented in languages (not C) amenable to machine proofs of correctness. That's Ensemble (originally developed at Cornell)

However, I suspect the main problem is getting those rolled out -- given that TCP/IP is jammed in the kernel, and given that we don't use exokernels or something similar that would allow for radical experimentation with network protocols, we'll be using TCP/IP forever.

Perhipherial support of my argument that I found after looking around:

http://phycomp.technion.ac.il/~phsorkin/Seminar/co at.html

Just to notice, this is not the original report on the issue. The first publication was a CACM article "The Homograph Attack", which featured a spoofed version of www.microsoft.com. See details here:http://www.cs.technion.ac.il/~gabr/papers/hom ograph.html.
Funny thing: at first, I included only the "here" as the text of the <a> tag. But then I thought: why should you trust to click a link if it can be homographed...

Yes, two years ago Slashdot had a thread http://slashdot.org/article.pl?sid=02/05/28/014224 8 discussing a paper titled "The Homograph Attack" http://www.cs.technion.ac.il/~gabr/papers/homograp h.html

"Scientific American has an interesting article about how a pair of students at the Technion-Israel Institute of Technology registered "microsoft.com" with Verisign, using the Russian Cyrillic letters "c" and "o". Even though it is a completely different domain, the two display identically (the article uses the term "homograph"). The work was done for a paper in the Communications of the ACM (the paper itself is not online). The article characterizes attacks using this spoof as "scary, if not entirely probable," assuming that a hacker would have to first take over a page at another site. I disagree: sending out a mail message with the URL waiting to be clicked ("Bill Gates will send you ten dollars!") is just one alternate technique. While security problems with Unicode have been noted here before, this might be a new twist."

Incidentally, it seems that Slashdot's ASCII-only URL reporting system successfully deflects such spoofing here: Go to paypal.com

Shmoo Group Finds Exploit For non-IE Browsers

Actually, they didn't find anything. They demonstrated how the IDN character support could be used to trick users. A virtually identical demonstration can be found in the original paper/advisory. Thanks for the FUD, slashdot editors.

Furthermore, whether this is actually an exploit or not remains a subject of debate, as is evident from Opera's response ("It's implemented properly"). Fact remains that people can be fooled, though.

OmniGraffle by the good folks at the OmniGroup Is the best diagramming software I have seen or used. Very slick interface, and easy to use but powerful at the same time. Can't export to PS, but you can always use pdf2ps to convert exported PDF's.

Coincidence?

Right after reading this article I found this Free Cell Solver 2.8.7 on Freshmeat.

It's even available as a Win32-version. :)Now his boss would have been able to solve the solitaires WHIL working! And multitask as a real Amiga-owner.

SetThreadContext ebp eip CreateProcess CREATE_SUSPENDED WriteProcessMemory

Buy a "real" modem with a UART, preferably an external serial modem (RS232). Yes, a lot of people already said this already. But it's the only way to avoid trouble. There is no need to buy an expensive brand, just any external modem with a 9-pin or 25-pin connector will do the job. USB modems are often WinModems, so are most PCI modems. ISA is dead. ISA modems are often "real" modems with a build-in COM port (i.e. UART), but there are some ISA WinModems.

Even if someone would try to build a serial port WinModem, he would fail terribly: the serial port is fast enough for the well-known Hayes commands even at 56.000 baud, but it is way to slow for a WinModem sampling the phone line and doing the modem part in Software. So an external serial modem can't ever be a WinModem.

And by the way: Yes, I have a success story. My WinModem in my old Toshiba Tecra 8200 "accidentally" works. I just had to try two or three different drivers that all claimed not to work with my WinModem. Thanks to http://linmodems.technion.ac.il/! (But I just don't want to know what happens when I update my kernel.)

Tux2000

• Sequential Bayesian Kernel Regression.here.
  
• Kernel Recursive Least Squares.here.
  
• Dynamical Modeling with Kernels for Nonlinear Time Series Prediction. here
  
  Kernel machines are actually quite good at handling nonlinear regression problems.
  

The Integraph suit deals with Itanium stuff, as is stated here. The SSE/Hyperthreading suit is another company (MicroUnity) and another suit (same article).

Now, from what I understand, MicroUnity's MediaProcessor is a fine-grained multithreaded processor. There's limited information here and here, which may be the processor with the alleged patents that have been infringed upon. But what about University of Washington's SMT group? They put out their first paper in 1995. The Alpha EV8 (21464), before it got canned, was supposed to have SMT (and the Alpha group went from Digital to Compaq and then to Intel). I'm speculating that Intel got Hyperthreading from Alpha who got it from Washington. DEC/Compaq worked with Washington's SMT group, as Luiz Barroso is listed on the Washington SMT page (interestingly, he works for Google now. His Google article is quite interesting).

If the GNU userland utilities are so bad, how come they consistently come up as best in security tests? Like in this test (follow the PS link for the full report)?

Care to substantiate your attack on GNU coding quality? Your comment makes you sound like another BSD elitist who likes to rag on GNU/Linux for the mere fact that it supplanted your beloved BSD.

If you are looking for C++ book recommendations, here are the best two web sites that I know of:

www.accu.org/bookreviews/public/index
This is probably the most complete and accurate list of C/C++ book reviews you are ever likely to find. Unlike the reviews you find on places like amazon.com which are written by the unwashed masses, these reviews are written by the experts who really do know a good book from a bad one!

www.cs.technion.ac.il/users/yechiel/CS/BadBooksC+C ++
This won't tell you which book(s) to buy, but which one's to avoid!

The Que book is littered with omissions and errors. If you want to learn C++, start with the free Bruce Eckel e-book Thinking in C++, then move on to the Meyers trio, the Sutter pair, Gang of Four, Dewhurst, Alexandrescu, then Agile Software Development, in that order.

See Accu's booklist, EfNet #c++'s book list, or Yechiel Kimchi's list of bad books for opposing opinions.

ltmodem-2.6-alk-v00.tar.gz
ltmodem-2.6.tar.bz2
(I have not tested them)

Although this article on the insecurities of IE (or in a more general sense, Windows' URL handling) is fitting for ./, the advice to type URL into the address bar may be one that we should all take to heart in the future.

As pointed out here, the advent of multilingual (Unicode) domain names gives rise to a new possibility for attacks: the Homograph attack.

Example: one could replace the o's in http://www.microsoft.com with Greek omicrons, Cyrillic o's or characters from other charsets, as long as they are rendered by our browser as something resembling an "o". The users won't notice the difference, but they might be redirected to another site, even though they visually inspected the URL.

A more serious example: my bank, the Dutch Rabobank, features internet banking. It specifically displays a warning before logging in: Make sure that the address in the address bar starts with https://www.rabobank.nl/, then you are sure you're communicating with us. Now, with a homograph attack, even that might not be certain again: it looks the same, and users are reassured even though reassurance is not due! And it's not limited to using IE or Windows either.

A comment is in order here: we're not that far yet, as most clients require special (non-default) DNS clients to access Unicode domain names. But it might become a big problem in the future.

Are there any people from countries using non-latin domain names that might want to comment on this?

Well, for a regular user, the choice really boils down to these alternatives:

1. Be pestered (actually an unobtrusive tooltip floating next to the address bar is what I had in mind),

2. Have no way of defeating a homograph attack .

If you cut and paste the two "microsoft.com" URLs from the article I linked, you'll see one works and the other doesn't, but both look identical. The dummy link could be sent in an email, or even put up temporarily on a website - and point to an exactly mirrored fake Microsoft site with a dummy "virus patch".

Note, regular X.509 certificate don't help (Verisign will just be issue one to the dummy site). Only code-signing procedures that check for Microsoft's signature will work.

Here's the paper by Gabrilovich and Gontmakher on the Homograph Attack (unicode scam).

Anyone managed to download the postscript version? The PDF version is horrible.

• 2003-08-11 NSA's Statement on Cybersecurity (articles,security) (rejected)
• 2003-08-19 DNA based game playing computer (science,science) (rejected)
• 2003-09-06 Brown Dwarfs fingerprinted (radio,science) (rejected)
• 2003-09-06 Study Indicates Possible Surface Water on Mars (science,science) (rejected)
• 2003-09-07 GSM cellular phone encryption cracked (articles,security) (rejected)

It has been 14 years since two little-known electrochemists announced what sounded like the biggest physics breakthrough since Enrico Fermi produced a nuclear chain reaction on a squash court in Chicago. Using a tabletop setup, Stanley Pons and Martin Fleischmann, of the University of Utah, said they had induced deuterium nuclei to fuse inside metal electrodes, producing measurable quantities of heat. That was the opening bell for one of the craziest periods in science. Cold fusion, if real, promised to solve the world's energy problems forever. Scientists around the world dropped what they were doing to try to replicate the astounding claim. Full story

Astronomers using NASA's Hubble Space Telescope have discovered three of the faintest and smallest objects ever detected beyond Neptune. Each lump of ice and rock is roughly the size of Philadelphia and orbits just beyond Neptune and Pluto, where they may have rested since the formation of the solar system 4.5 billion years ago. The objects reside in a ring-shaped region called the Kuiper Belt, which houses a swarm of icy rocks that are leftover building blocks, or "planetesimals," from the solar system's creation. The results of the search were announced by a group led by Gary Bernstein of the University of Pennsylvania at a meeting of NASA's Division of Planetary Sciences in Monterey, Calif. Full article

The elreg and reuters article are a bit low a technical details, somehow the israely ambasy of wasington has more covarage in english probably a translation of something. The university of haifa (where the research heaponed) links to this israely newspaper (in hebrew, registration req`ed).

This story isn`t only interesting becouse GSM is (and will be for many years to come) the most used standard. The most interesting aspect is that these vulnarabilities are not like the intentionaly broken crypto algorithems but are a stupid mistake in the implementation of systems for dealing with interference. according to one of the researchers: "At first, I didn't believe it. We checked it, and it was true."

Now for the tinfoil hat angle, is this yet another briliantly engineered "mistake" to make sure the crypto used keeps the customers feeling of privacy while maintaining the posibility of those with computing power to listen in or a honest screwup?

The full details will be in the patent these articles mention, the researchers apperantly wouldn`t mind marketing this trick to law enforcement groups.

Prof. Eli Biham and Elad Barkan. Both good friends of mine.

Prof. Eli Biham and Elad Barkan. Both good friends of mine.

The Russians are not the only ones with shuttle problems. Unfortunately the list is long:

Ariane 5 (1996) - distruction at 40 seconds after launch. Cause: 64-16 bit conversion generated an uncatched exception in both main and backup module.

Mars Pathfinder (1997) - was frequently reseting. The cause: priority inversion between processes with shared resources.

Mars Climate Orbiter (1998) - desintegration while entering the athmosphere. Cause: errors at conversion between American and European metric system.

As you see, what happened with Soyuz was nothing compared with the rest.
A efective solution can be Formal Verification (.ps article by Joost-Pieter Katoen) - authomatic tehniques for verifying finite state concurent systems as is defined in Clark, Grumberg and Peled's book - Model Checking

So either you've got to believe the NSA lied to Congress, deliberately deceived Denning, and that Denning wasn't smart enough to know she was being deceived... or you can believe the civilian cryptanalytic community is getting good enough to challenge the NSA on the NSA's own terms.

Biham's cryptanalysis, if you actually read it, shows how to get an attack on a 31-round SKIPJACK in 1/4 the time of brute force exhaustion. This attack is hardly a complete break of the algorithm, and doesn't prove anything about back doors. This paper makes me respect Biham (his application of impossible differentials was a brilliant insight, even if the concept predates him, as he cites in the paper). On the other hand, I don't think it allows you to accuse the NSA of any wrongdoing.

And what exactly would be so wrong about domain names in non-ASCII character sets?

The automatic documentation generators in the style of JavaDoc did get quite popular, and started springing up on every language, almost overnight.

I suggest that Common Lisp's docstrings and the browsers and information screens available in every widespread Common Lisp environment are far more useful and convenient. Also C-z a in ILISP rocks.

I've heard the same thing. The next time you get what you consider to be an unsolveable game, fire up this bad boy and check it out:

freecell-solver

The work was done for a paper in the Communications of the ACM (the paper itself is not online).

The Homograph Attack