Slashdot Mirror

"Of course wanting to slaughter your enemies because they have been beating the ever living shit out of you for decades now has nothing to do with it. Nothing at all."

Can you back up your emphatic claim with support from an unbiased source?

"Of course wanting to slaughter your enemies because they have been beating the ever living shit out of you for decades now has nothing to do with it. Nothing at all."

Can you back up your emphatic claim with support from an unbiased source?

Here is a link to a previous year's problem with a C++ solution. An interesting problem.

80% of people who get hit by lightning recover and "lightning often flashes over the outside of a victim, sometimes blowing off the clothes but leaving few external signs of injury and few, if any, burns."

Now, I won't presume to try to explain exactly why that is because, not knowing much about biology, I don't understand the composition of the human body enough to even make an educated guess. However, considering it is observed to happen you can't argue that flashover doesn't exist.

RMS was at UIC this week, giving an official speech Friday, and giving a Q&A session with CS students Thursday. After the session he sold off various wares such as T-Shirts, Books, keyfobs, etc.

The guy lives off his speeches. Give him a break. I "donated" $45 by buying a book and a t-shirt.

Now I also shot about 30 mins of footage (stupid kodak camera using ulaw for audio, meaning I couldn't fit more than 30 mins on a 1GB card, video is mp4v 640x480), and he obviously didn't mind. Video WILL be up at http://acm.cs.uic.edu/ at some point this week. Argh.

There is plenty of stuff on the web, but to get you started, here are some things to get you thinking about how abiogenesis may have occurred, or at least suggest the workings of some steps along the way.

1) In 1953, Stanley Miller, working under Harold Urey, showed that amino acids are able to form spontaneously in the conditions which may have existed in earth's primordial atmosphere. In three months, his experiment produced at least 7 amino acids, which included 3 of the 20 found in modern (and probably ancient) organisms. (Amino acids are the 'building blocks' of all proteins).

2) Certain lipid molecules, including phospholipids (the main type of molecule that makes up cell membranes), will spontaneously form a number of structures when placed in water, eg "micelles" and "bi-layers".

Micelles are tiny spherical structures made of relatively few molecules, and can 'carry' other molecules inside them, although I'm am not aware of the significance of this.

Bi-layers are often much larger structures capable of forming large sheets, or "membranes" which can be quite bendy and stretchy. They can even bend around on themselves to form massive. spherical "containers" which separate their contents from the outside world and thus allows the contents to become significantly chemically different. This is exactly the structure used by all living cells to contain the vast array of chemical reactions that need to be carried out under special chemical conditions.

The significance of spontaneous organisation of certain lipids is that it is thermodynamically favourable for these structures to occur and therefore plausible that they played an important part in containing the first biochemical interactions that occurred during abiogenesis.

3) It has also been suggested that certain clay substrates may have formed a biochemical "staging ground" for collecting and organising biologically significant molecules. I remember reading (possibly in a Richard Dawkins book) about one theory which suggested the idea that the clay substrates themselves could have been self-reproducing. The premise of this particular theory is that imperfections in some crystal structures are often repeated throughout the crystal as it grows. Therefore crystal structures with certain imperfections may have encouraged more of themselves to exist. Furthermore, the theory says, if particular "self-replicating" crystal structures gave rise to large scale properties that further encouraged the production of these crystals, then they would become even more prolific. For example, if a certain "self-replicating" crystal was usually generated in still water, but also had the property that, when washed into slow-moving water, sediments of the crystal caused that slow-moving water to "dam up", then the water would become still again, thus creating an environment suitable for creating more of the crystal.

Far-fetched? Perhaps, But I am always wary of criticising a theory simply because of my own incredulity.

Anyway. The upshot is that we are a number of theories of abiogenesis out there, none of them at all complete. I guess that any theories will remain speculative until we are able to satisfactorily string together a series of observeda and reproducible reactions and interactions that would be able to explain abiogenesis.

Hey I actually like joe (Joe's Own Editor), which is a direct descendant interface-wise, of Wordstar. I usually point unix-newbs to joe and let them choose later whether to side with vi or emacs.

Plenty of other schools do the same (or better), e.g.:

http://www.csc.calpoly.edu/~zwood/teaching/csc476/ final/
http://www.evl.uic.edu/spiff/class/cs426/projects/

Didn't happen in the US.
http://tigger.uic.edu/~rjensen/no-irish.htm
BTW, I'm part Irish and Catholic too...

Something like this: http://www.evl.uic.edu/cavern/optiputer/geowall2.h tml

95.2% if you count ability to do any kind of reading and writing as "literate", which I don't.

Literacy correlates fairly directly with income, rather than with intelligence. Evidently, belief in God is not driven by material largesse.

Right now, my only real gripe is their lack of giving back to the open source community. They used linux to build their empire but give very little back to it other than being able to use it as an example of what linux can do. Ok, that's useful, but given how large they are, I think they could actually spend some resources to give back to the community.


You need something more than this?
Google Code

Looks like google also contributed code to the Linux Kernel, see copyright on this file:
ppp_mppe_compress.c

Enjoy,

They should also replace actual destruction with playing Batallion - if anything the scale is greater and they will never be shot back at.

28 US school shooting incidents in last 10 years vs. ~1000 cases of people being killed by lightning...

So I think calling this a "trend" is a bit of a stretch. Don't let media hysteria throw off your empirical, data-based decision making processes.

How about some good TeeVee SciFi?

Any of you 'big bux burning hole in pocket' /. readers care to fund a pilot based on Dahlgren?
I envision a revolutionary 100% product placement production with no stand alone commercials. Imagine! Commercial free commercial TeeVee.

Seeing as the protagonist would have to take about three shits per episode to remain true to the novel, it's a natural to add comments on the quality of a sponsor's fine asswipe product to his minds narration. There's equal room for plenty of other, true to the novel, products as well. Go read.

The novel's controversial(as far as prime time TeeVee goes) sexual overtones make for a huge guerilla marketing opportunity and will guarantee big audiences from the get go.

I see Samual R. Jackson in the leading roll and a spot for that Vulcan chick with the luscious low slung ass from the latest, RIP, starheck series. There's even a place to plug in Kirk given an adequate quatloo supply.

Musical score? How about dueling Japanese girl bands. 5678, cibomato, etc.

> And anyone computer-savvy enough to be using firefox
Computer-savvy? At UIC, firefox is the default browser on all student lab machines. Most users dont even realize any difference between Firefox/IE, let alone know which one they're using. So obviously you dont have to be computer savvy to use firefox.

Actually I had a glance at the Hague Convention Concerning the Rights and Duties of Neutral Powers in Naval War recently. I was tolerably familiar with the Arms Control treaties of the Sixties and Seventies.

One provision of those treaties stands out, considering neither the US nor the Soviet Union trusted each other, quoting from SALT I

Article V

1. For the purpose of providing assurance of compliance with the provisions of this Interim Agreement, each Party shall use national technical means of verification at its disposal in a manner consistent with generally recognized principles of international law.

2. Each Party undertakes not to interfere with the national technical means of verification of the other Party operating in accordance with paragraph 1 of this Article.

3. Each Party undertakes not to use deliberate concealment measures which impede verification by national technical means of compliance with the provisions of this Interim Agreement. This obligation shall not require changes in current construction, assembly, conversion, or overhaul practices.

verification by national technical means refers to satellites. Military satellites observing the enemy, verifying that they were in fact keeping their word.

It's also consistent with the Hague Convention referred to above, in practically all its articles, effectively neutralizing NEO. It treats NEO as if it were a Neutral Power

Art. 10.

The neutrality of a Power is not affected by the mere passage through its territorial waters of war-ships or prizes belonging to belligerents.

Art. 5.

Belligerents are forbidden to use neutral ports and waters as a base of naval operations against their adversaries, and in particular to erect wireless telegraphy stations or any apparatus for the purpose of communicating with the belligerent forces on land or sea.

'Nuff sed?

UIC has had a total immersion VR system for a long time now. They are used heavily in industry as well as academia. Check it out at: http://www.evl.uic.edu/pape/CAVE/

...I went to an open day at the University of Central Lancashire (Begin the slagging off), last saturday were they has a full demonstration of this, it was pretty good, using 3 rear projexted screens to make a 3d hallway


VR Caves are still on the high-end of the market.

Consumer stereo glasses have come down in price to $200 and less.

What does ActiveX do that XPCOM and Java are incapable of performing?

Oh holly Crap! and I am here breaking my ass to get one article accepted for the GTDT
IJCAI 05 workshop...

darn...

The rest of the ecosystem would probably not be so flexible.

http://icarus.uic.edu/~ssenne1/

it even has a nice script that will download and compile almost every thing. In linux.

http://www.ai.eecs.uic.edu/GCM/chicagoland.html

Thanks to UIC, Chicago has this too.

I posted this in reply to another comment, but I don't think it's getting the attention it deserves there, so I'm going to post it here in the hope more people see it.

How come details of these exploits have been released to the public (and heavily publicised on slashdot, no less) the day after notifications of the problems were sent to package maintainers.

This is, I think, a serious breach of correct security flaw reporting protocol. While many of these bugs are unlikely to affect many users (most of them only show up if you process files from untrusted sources through applications that you would not normally do so with), some of them are exploitable in situations that occur commonly (e.g. this one) and publicising the existence of the problems so quickly after the maintainers became aware of them merely servers to put the users of these software packages at greater risk.

So why was it handled this way?

Here's an excerpt from the first one I viewed, with my emphesis:

Danny Lungstrom, a student in my Fall 2004 UNIX Security Holes course,
has discovered that uml_net, when installed setuid root (as is normal),
allows any local user to type

./uml_net 4 slip down eth0

to take down the computer's Ethernet connection. The connection stays
down until the system administrator manually brings it back up. I'm
publishing this notice, but all the discovery credits should be assigned
to Lungstrom.

Who's gonna call this guy's other bullshit?

DJB's UIC Faculty Profile includes a photograph.

Always interesting to put a face with a name.

Others are pretty implausible, for instance the jpegtoavi exploit, which requires the user to run the jpegtoavi program on a set of files provided by an attacker.

On my quick perusal, the nastiest holes seem to be the changepassword hole, a local root exploit, and the two holes in cups, particularly the first one, which straightforwardly gets the attacker access to user "lp" where they can monitor everything that gets printed.

One thing that is a bit surprising and disappointing is that so many of these bugs are from well-known bad coding practices. Why the hell is *anyone* still using strcat in distributed software, for instance?

Others are pretty implausible, for instance the jpegtoavi exploit, which requires the user to run the jpegtoavi program on a set of files provided by an attacker.

On my quick perusal, the nastiest holes seem to be the changepassword hole, a local root exploit, and the two holes in cups, particularly the first one, which straightforwardly gets the attacker access to user "lp" where they can monitor everything that gets printed.

One thing that is a bit surprising and disappointing is that so many of these bugs are from well-known bad coding practices. Why the hell is *anyone* still using strcat in distributed software, for instance?

Others are pretty implausible, for instance the jpegtoavi exploit, which requires the user to run the jpegtoavi program on a set of files provided by an attacker.

On my quick perusal, the nastiest holes seem to be the changepassword hole, a local root exploit, and the two holes in cups, particularly the first one, which straightforwardly gets the attacker access to user "lp" where they can monitor everything that gets printed.

One thing that is a bit surprising and disappointing is that so many of these bugs are from well-known bad coding practices. Why the hell is *anyone* still using strcat in distributed software, for instance?

Others are pretty implausible, for instance the jpegtoavi exploit, which requires the user to run the jpegtoavi program on a set of files provided by an attacker.

On my quick perusal, the nastiest holes seem to be the changepassword hole, a local root exploit, and the two holes in cups, particularly the first one, which straightforwardly gets the attacker access to user "lp" where they can monitor everything that gets printed.

One thing that is a bit surprising and disappointing is that so many of these bugs are from well-known bad coding practices. Why the hell is *anyone* still using strcat in distributed software, for instance?

Click the right link. And no, it's not hacked, I simply have no particular reason for people looking at the index of my home directory, and "pwn3d" seemed more appropriate at the time than "This is the default page for James Longstreet."

Ok, for an example read this notification about a hole in NASM, an assembler program. It says: Jonathan Rockway [..] has discovered a remotely exploitable security hole in NASM. The problem is, this is not quite correct. Read on for some lines: You are at risk if you receive an asm file from an email message (or a web page or any other source that could be controlled by an attacker) and feed that file through NASM. I.e. it is not remotely exploitable, only localy! Thanks djb, for using terms in quite different ways from what they're used usually!

And what about all those sourceforge projects that have one developer and less than 10000 lines?

Behold!

Here's the bug: Line 317 of changepassword.c, without cleaning its
environment in any way, calls system("cd /var/yp && make &> /dev/null");
the Makefile arranges for changepassword.cgi to be setuid root (mode
4755). A user can set $PATH to point to his own make program, set
$CONTENT_LENGTH to 512, set $REQUEST_METHOD to POST, and feed...

hacked? All that page says right now is "pwn3d"..

to Kris Kubicki's mirror is here.

Crossfire can get free and nobody will sue them. But if they re-name themselves "Crossfire Scholar", they will have a trademark problem too.

Here are a few others that use the term Scholar in their product name - will the ACS sue them too (I think the Rhodes Scholars for one would win):

1. Ron Brown Scholar Program http://www.ronbrown.org/
2. Webelements Periodic Table of the Elements - Scholar Edition http://www.webelements.com/webelements/scholar/
3. Jenses's Scholar's Guide to Humanities and Social Science http://tigger.uic.edu/~rjensen/
4. The Black Scholar http://www.theblackscholar.org/
5. Scholar's Bookshelf http://www.scholarsbookshelf.com/
6. Fulbright US Scholar Program http://www.cies.org/us_scholars/
7. Christian Scholar's Review http://www.hope.edu/resources/csr/
8. Scholar and Femenist Online http://www.barnard.edu/sfonline/
9. ScholarSite.com http://www.scholarsearch.net/
10. Warrior-Scholar.com http://www.warrior-scholar.com/
11. Tennessee Scholar Dollars http://www.tnscholardollars.com/
12. MAA Scholar http://www.maa.mhn.de/scholar.html
13. Scholar Inc. http://www.scholarinc.com/
14. The Thirsty Scholar Restaurant and Pub http://www.thirstyscholarpub.com/
15. Twisted Scholar Inc. http://www.twistedscholar.com/
16. Midtown Scholar Bookstore http://www.midtownscholar.com/
17. Electronic Scholar http://www.electronicscholar.com/
18. War Scholar http://www.warscholar.com/
19. Rhodes Scholar http://www.rhodesscholar.org/

You are a USDA-certified Troll

If SciFinder is so great, unique, etc., why is the ACS so worried? It's not because of what Google Scholar is now, but what it will become in a few years.

Their actions in firing off a slap-suit say that they are the ones trolling - trying to lock in a market with a dumb lawsuit that has a good chance of being dismissed with prejudice.

That doesn't matter. It's the hashing algorithm that the grandparent is talking about. Make sure it's MD5 or SHA1, and not DES. DES will ignore everything after the 8th character, regardless of LDAP/PAM/shadow.

Oh, and now I can share my I-think-I-am-going-to-stab-you stupidity story. I work for the "A-triple-C" (Academic Computing and Communications Center). Some guy comes in and needs his password reset. Fine. I tell him he needs to visit passwords.accc.uic.edu to pick a permanent password. His reply? "How do you spell ACCC?" It's bad because he spelled out A-C-C-C himself! I think I was so shocked by the stupidity that I just answered the question and locked myself in my office...

Ah, and then there's the no food and drink policy in the computer labs. People always have great reasons on why they can have a drink in the lab ("I'm God! No really!"). Anyway, I come up to this woman and ask her to put her Diet Pepsi away. Why can't she do that? She's diabetic and needs sugar-water or soda for her diabetes. I kind of gave her a weird look and said "but doesn't that not have sugar in it?" She gave me the "damn. you're not that dumb" look and then left when I asked for ID. She wasn't even affiliated with the University.

In fact, it's probably worse here. Although our DD/MM/YY is relatively sane, if you see documents on the web you've often no way of telling if they're UK-style DD/MM/YY or US-style MM/DD/YY.

For a long while I used the first three letters of the month instead of its number where possible (and included the century), which makes things unambiguous, but it still doesn't sort properly.

So these days I use YYYY-MM-DD almost everywhere. It sorts properly, it's logical, it's unambiguous, it's neat, and it's an international standard (hint: the 'I' in 'ISO'...), so it should be acceptable everywhere they count years in the same way we do!

The only real issues with it are 1) it makes date intervals awkward, and 2) it's much longer than a simple D/Mmm for near dates. But you can't have everything*.

(* Coz if you did, it'd probably undergo gravitational collapse and end up as a black hole, and then you'd look a bit of a fool...)

http://www.evl.uic.edu/spiff/class/cs426/Notes/Per ception.ppt is good presentation from the University of Illinois in Chicago, that explains why some people suffer from motion sickness and seizures in games, and gives a few suggestions on how to avoid it.

According to the UIC LUG archives, he is giving a presentation on this article on the Nov 20 UIC Linux Users Group.

Details here: http://linux.pharm.uic.edu/

According to the UIC LUG archives, he is giving a presentation on this article on the Nov 20 UIC Linux Users Group.

Details here: http://linux.pharm.uic.edu/

After lunch, we saw Jimmy Wales, the founder of Wikipedia. He seems like a really great guy... a millionaire from the futures and options market deciding to devote his life and fortune to amassing the sum of human knowledge in one central, but not controlling place.

Later Saturday night, we went over to the HOL (House of Leet) for a conference party they were throwing. I think I spotted Brad Kuhn, the executive director of the FSF, and I know for a fact that Ari, the maintainer of SourceForge, was DJing the party. root@sf.net spinning for a bunch of nerds... what a sight.

Sunday we saw Phil Zimmerman's talk. He started by saying that there was no reason for him to explain the technical basis behind PGP, because everyone pretty much knew what it was. So the whole talk was mostly about his legal battles getting PGP out in the world, getting it through customs without getting put in jail, etc. I thought it was specifically interesting that in order to get PGP 2.6.2 distributed worldwide, they had MIT Press print the source code in a very OCR-readable font, with checksums on every line, a rolling checksum for all previous lines in the page, and an MD5 for every file to simplify error correction. Books, apparently, can be exported, disks with source code cannot.

Finally, we got to see the final showdown of MechMania X. The teams had been coding for 24 hours, with only a 5 hour break from the labs. Despite some problems with the visualizations (they were testing an OpenGL one that looked really cool but didn't work very well), it was pulled off quite well. Some of the teams did nothing, or had bad logic that ended up killing themselves, but some were really interesting. Once a team won a match, the ships would inevitably do some sort of crazy dance, not having any idea what to do, since there was no longer anything to do...

It was a fun weekend. I would highly suggest attending next year's conference. Check http://acm.uiuc.edu for more information about the conference and the ACM.

SEL? My office is in 2267 SEL

I wonder if Bluestem is affected. It uses Kerberos as the backend.

It is internal to the UofI, so maybe nobody has really looked for vulnerabilities.

I believe, as most Christians do, that Adam and Eve were meant to sin, no matter what. Sin is a necessary part of being 'human'. Sin no doubt existed before Jesus, and Jesus died on the cross for us as a way to know that sinning can lead to forgiveness if we show that He (as in Jesus, the son/earthly-being of God) is always a part of our lives and guiding us. With faith in the Lord, no sin we commit can lead to damnation.
This of course, brings up the question of evil in the world, and why God can't just 'defeat' it once and for all, and thereby make all his creations 'perfect'.

A few days ago I stumbled across this writing (scroll down a bit) that my classmate wrote on his website about the necessity of evil. It was enlightening and something that most faiths can relate to.

I have to support the decision made by the administrative folks. Pointing out vulnerabilities and how to fix them is one thing. Pointing them out and showing how to exploit them to a large, relatively untrusted population is quite another. I mean, I ran his POC code that showed a directory listing... I imagine others did the same. I also imagine others probably wrote their own code and ran that. He had www access to the server.

I'm all for finding vulnerabilities. I think if he had handled it better, he would have been touted as almost a hero and not some malicious kid. But he didn't.

I have to support the decision made by the administrative folks. Pointing out vulnerabilities and how to fix them is one thing. Pointing them out and showing how to exploit them to a large, relatively untrusted population is quite another. I mean, I ran his POC code that showed a directory listing... I imagine others did the same. I also imagine others probably wrote their own code and ran that. He had www access to the server.

I'm all for finding vulnerabilities. I think if he had handled it better, he would have been touted as almost a hero and not some malicious kid. But he didn't.

the CAVE(tm) is virtual reaity implementation where its walls and/or floor and ceiling are projection surface to allow the user to see a virtual environment.

More info:

-B