Even if the modified program fails to crash and fails to trigger the anomaly detector, there's no way to prove that the program still works as intended. For example, suppose the fix of an overflow also elides the initialization of some other variable, which results in data corruption? How is that better than an overflow/crash?
The approach is valuable even if you can't prove the program still works as intended (which is impossible in general). The goal is to have a program that works a bit better than it would without ClearView.
For example, the unmodified web server may have a buffer overflow that can lead to the system being hijacked. ClearView modifies the program so that a connection is prematurely dropped, but hijacking is prevented. Neither behavior was what was the programmer intended, but we've taken a serious bug and replaced it with a minor bug. That's valuable.
The real issue is whether the modifications do in fact make the program work a bit better. Rinard's
experiments indicate that they do, at least for the applications used in the experiments.
My company makes a code understanding tool called CodeSurfer. It's not open source, and it's not free (though it is free for academic use).
You can browse your code, following dependences and definitions. You can also construct queries, do isolate what statements can affect a particular variable, and a bunch of other tricks based on static analysis. There's a programming interface too.
Other good ways to get your head around code (speaking as a software engineer, rather than a guy promoting his company):
I agree with whoever suggested breaking in a random spot and stepping through the code.
Talk to the other developers, if they are around. Don't suffer in silence for the sake of doing it on your own.
Pick a minor throwaway feature (eg every button should be blue) and modify the code to add that feature. This forces you really learn the code, but without the pressure of making a real product-worthy feature.
All three tools can (to some extent) infer how a program will behave at run-time, so they find more subtle bugs than tools that just look for suspicious patterns in your code.
I had some extensive conversations with the team at CodeSurfer and they think they the problem is NOT impossible, maybe more like Polynomial time.
I work at GrammaTech on CodeSurfer. I thought
it might be helpful to clarify a few things:
We don't claim to solve the halting problem. None of our products will find
every bug in your program--such a tool would be impossible.
We have a bug-finding tool called CodeSonar which
is designed to scan your software in something like polynomial time.
It won't find
all bugs, but in practice it does find lots of them, some of them very subtle.
CodeSonar isn't classified or otherwise restricted--anyone can buy it.
We're hiring. If you are into this kind of thing, please send us a resume:)
Dastardly IBM had been producing nefarious devices which think. Each of these devices, which are called 'computers', can replace a dozen typesetters, clerks, accountants and secretaries.
If this 'comp-sourcing' continues at the present rate then by 1970, 99% of America will be unemployed and society will be run large thinking robots controlled by fat cat IBM executives.
Dealing with my iPod is now a major function of my computer. But my WinXP machines has no USB2 or Firewire, and iTunes performs horribly in XP--freezing for minutes at a time, not responding to drag-and-drop. Adding files to the iPod is therefore a very painful process.
I'd also like to move from big loud boxes to small quiet boxes. And I would like to switch to a unix variant.
All in all, the Mac mini looks like it will be my next computer.
From TFA, they mentioned how localized builds are a problem... If Google were to host the Start Page in different languages, would the Foundation not be able to set a different language version of the page in their localized builds?
My impression was that there were non-Google search engines out there that were better for specific languages. Maybe Swahili speakers prefer some specific Swahili sw-search.example.com search page, but the Swahili Mozilla build still has to use http://www.google.com/intl/sw/.
This is hypothetical, though; I'm not aware of any languages where people overwhelmingly prefer other search engines to Google.
I like being able to shut down my mail app without losing my work in the other in my browser -- and vice versa.
My imap server only gives me a small amount of space for my email folders. When I start deleting stuff the deletion often only commits when I shut down the mail app. With Mozilla, that might be hours later because I don't want to lost my web sessions. I can restart Thunderbird without touching Firefox.
Also, if one app crashes it won't take down the other. Crashes are pretty rare now, but when they happen it's still pretty annoying.
Finally, it seems like more work (on the UI and extensions) is going into Firefox than Mozilla, so I might as well get on board.
This whole thing is stupid. Say a New York City or San Francisco company saves money by outsourcing to Canada, a place where a housing isn't $400 a square foot and salaries are not inflated. They could probably get very similar savings if they oursourced to WVa or TN and be sung praises as heros for boosting local American economies.
Up to a point, but in Canada you can get both the WVa/TN cost of living and NYC/SF-like environment. A company in Montreal will have access to an excellent infrastructure and a large cosmopolitan workforce that will accept lower wages than workers in a similar American city would demand. There's a reason companies like big cities, and in Canada (and India etc.) they can get that and still save money.
Sure, some outsourcers are probably overlooking large cities in the midwest. But moving your jobs to dirt poor appalachia won't be much of a win because you will struggle to find qualified workers, get reliable power/water/Internet, etc.
I learned a little Danish and Japanese with Rosetta Stone. I just learned simple "the cat is jumping over the ball" stuff, so I don't know how good it is for advanced learning. But the system is a lot of fun -- essentially a game where you do pattern matching, linking sounds with pictures on the screen. It covers basic nouns at first and then builds more complex phrases and sentences. It's all very natural -- no explicit grammar or rules to memorize, you pick that up unconciously.
Of course, chatting with someone patient is the best way to do it, but Rosetta Stone will get your foot in the door.
It was assigned in my computer architecture class. One of my favorite books, computer-related or otherwise. It's a book about a group of engineers working together to put together a new computer. It's great as a story about accomplishment and business, plus it's got lots of geekiness thrown in.
Do smashing cars head-on into brick walls improve car safety? No, of course not. Evalution of the results of the crash, and using those findings to build better cars, that is what improves car safety, and the situation is entirely analogous in the security world.
Except that when researchers do a crash test only a handful of cars get destroyed. If the analogy applied here, after a crash test everyone with that car model would have only a few hours to get the mechanic (i.e. patch your system) before some script-kiddies destroyed the car.
Astronomers can then compare these four timings as seen from different locations, a known distance apart. Using some fairly simple geometry the distance between the Earth and the Sun can be calculated.
The method described apparently requires the astronomers to have synched clocks spread out over the globe. Since NTP was not in widespread use in 1716, how did they manage to keep the clocks in sync despite the long distances, different time zones and slow rates of travel back then?
Not saying it's impossible, but it seems like it would be an interesting problem. Anybody know the answer?
And I have no more right to work than anyone anywhere else - But the idea of going from the income that I barely get by on to a wage one third of what it is now, just to compete with someone who has never experienced indoor plumbing or a room of their own terrifies me.
It's a perfectly understandable fear -- as a society we value progress and innovation, but as individuals we like comfort and stability. And there's a way to even the score that doesn't kill innovation or hurt hard-working Indians: ask the government to give you a helping hand when you are down.
Outsourcing, automation and general market churn are great for society at large but bad for the workers getting fired. So it's fair to have society (through the government) somehow compensate the workers for lost wages until they find new jobs. So don't ask your elected representative to enact innovation-killing protectionist legislation. Ask them to create a decent social safety net.
And it should protect everybody, not just the outsourcing victims -- getting laid off due to outsourcing is no worse than getting laid off because a robot replaced you or your boss misjudged the market.
Anyone know where the images of this 'pasta-like' object are?
You can see it here. It's a little above and to the left of the center of the picture.
Other pictures from that day (sol 30 for Opportunity) are here. They drilled the area in the following days and there's a picture of the 'pasta' post-drilling, but finding that image is left as an exercise for the reader.
Re:Anybody else want to see a night time picture?
on
Brine on Mars?
·
· Score: 1
You can read about what I did
here. It's a headless Pentium 350 running Winamp on top of Windows 98 (yes, really). Winamp plugins let me control it through a web browser and automatically search the network for mp3s. The files are kept on a separate machine with a big hard drive.
I recently added a next-generation user interface device called a 'three-button mouse', but I haven't updated my web page yet. The 3 buttons are 'stop', 'next' and 'play', which is pretty much all I need. On the rare occaision I want to mess with the playlist I use the web interface.
Not the most elegant or advanced solution, but it was all done with stuff that I had already or could download for free and it fit my existing setup with minimal hassle.
What problem are electronic voting advocates trying to solve?
You can make ballots much easier to read with touch-screen voting. The ballot for my last local election had a few dozen questions including mayor, city council and a few referedum questions. Even with a very small font the ballot was the size of a newspaper page. This not only annoying; it makes it more likely that someone will make a mistake, reducing the legitimacy of the election.
With touch-screen voting you can dedicate a separate screen to each question and make it easy to read. You can also switch the ballot depending on language or (as somebody already mentioned) adjust the interface for disabilities like blindness.
So I think there are real benefits if they can work out some way of doing it reliably and securely.
This is an argument I've heard before from Americans, but all I can say is, it's really not like that.
Maybe it's that we don't assume that everyone is partisan.
I'm from Canada (where we also have non-partisan electoral commissions) and I live in the US (where everything is partisan). In my experience both sides are right. In America people are born and bred thinking that everyone is partisan and everyone actually is partisan. In Canada, where people are born and bred thinking civil servants should be non-partisan, there are actually non-partisan civil servants.
It seems like Canada and the US each have a system that's suited to their respective culture. I think it will take a change in culture for the US to adopt the Canadian system (or vice-versa).
Even as a small child when 8-bit micros had speech synthesizers, I wondered why, in the technologically advanced Star Wars society that damned robot couldn't speak in a human (or whatever) language.
It's called a speech impediment you intolerant jerk.
(sound of beeping)
Great. Now you've made R2 cry. I hope you're happy.
It makes me wonder what the reasons behind this are.
Quebec is the only French speaking state or province in North America. The 5 million French speakers in Quebec are surrounded by 300+ million English speakers in Canada and the US. People in Quebec worry that French will disappear in a generation, making Quebec just another English speaking part of North America and losing (or at least muting) a distict culture. So they pass laws encouraging the use of French (the law in question here applies to much more than video game sales). Personally, I think their fears of being assimilated are understandable.
It's a fact that France and Germany have more vacation time and shorter work weeks. Your statement that US workers are less productive is an opinion...possibly a stereotype?
I'm not the guy who made the claim, and this is off-topic, but...
From the Economist, Feb 6 2003
According to figures from the Conference Board, an American business group, Belgium, France, Germany, Ireland and the Netherlands all now boast higher output per hour than the United States.
Slashdot Mirror
Even if the modified program fails to crash and fails to trigger the anomaly detector, there's no way to prove that the program still works as intended. For example, suppose the fix of an overflow also elides the initialization of some other variable, which results in data corruption? How is that better than an overflow/crash?
The approach is valuable even if you can't prove the program still works as intended (which is impossible in general). The goal is to have a program that works a bit better than it would without ClearView.
For example, the unmodified web server may have a buffer overflow that can lead to the system being hijacked. ClearView modifies the program so that a connection is prematurely dropped, but hijacking is prevented. Neither behavior was what was the programmer intended, but we've taken a serious bug and replaced it with a minor bug. That's valuable.
The real issue is whether the modifications do in fact make the program work a bit better. Rinard's experiments indicate that they do, at least for the applications used in the experiments.
You can browse your code, following dependences and definitions. You can also construct queries, do isolate what statements can affect a particular variable, and a bunch of other tricks based on static analysis. There's a programming interface too.
Other good ways to get your head around code (speaking as a software engineer, rather than a guy promoting his company):
I work on a commercial static analysis tool called CodeSonar. It costs money, but we do offer free trials.
Our major competitors in this space are Coverity and Klocwork.
All three tools can (to some extent) infer how a program will behave at run-time, so they find more subtle bugs than tools that just look for suspicious patterns in your code.
I work at GrammaTech on CodeSurfer. I thought it might be helpful to clarify a few things:
Dastardly IBM had been producing nefarious devices which think. Each of these devices, which are called 'computers', can replace a dozen typesetters, clerks, accountants and secretaries.
If this 'comp-sourcing' continues at the present rate then by 1970, 99% of America will be unemployed and society will be run large
thinking robots controlled by fat cat IBM executives.
Dealing with my iPod is now a major function of my computer. But my WinXP machines has no USB2 or Firewire, and iTunes performs horribly in XP--freezing for minutes at a time, not responding to drag-and-drop. Adding files to the iPod is therefore a very painful process.
I'd also like to move from big loud boxes to small quiet boxes. And I would like to switch to a unix variant.
All in all, the Mac mini looks like it will be my next computer.
From TFA, they mentioned how localized builds are a problem... If Google were to host the Start Page in different languages, would the Foundation not be able to set a different language version of the page in their localized builds?
My impression was that there were non-Google search engines out there that were better for specific languages. Maybe Swahili speakers prefer some specific Swahili sw-search.example.com search page, but the Swahili Mozilla build still has to use http://www.google.com/intl/sw/.
This is hypothetical, though; I'm not aware of any languages where people overwhelmingly prefer other search engines to Google.
I like being able to shut down my mail app without losing my work in the other in my browser -- and vice versa.
My imap server only gives me a small amount of space for my email folders. When I start deleting stuff the deletion often only commits when I shut down the mail app. With Mozilla, that might be hours later because I don't want to lost my web sessions. I can restart Thunderbird without touching Firefox.
Also, if one app crashes it won't take down the other. Crashes are pretty rare now, but when they happen it's still pretty annoying.
Finally, it seems like more work (on the UI and extensions) is going into Firefox than Mozilla, so I might as well get on board.
This whole thing is stupid. Say a New York City or San Francisco company saves money by outsourcing to Canada, a place where a housing isn't $400 a square foot and salaries are not inflated. They could probably get very similar savings if they oursourced to WVa or TN and be sung praises as heros for boosting local American economies.
Up to a point, but in Canada you can get both the WVa/TN cost of living and NYC/SF-like environment. A company in Montreal will have access to an excellent infrastructure and a large cosmopolitan workforce that will accept lower wages than workers in a similar American city would demand. There's a reason companies like big cities, and in Canada (and India etc.) they can get that and still save money.
Sure, some outsourcers are probably overlooking large cities in the midwest. But moving your
jobs to dirt poor appalachia won't be much of a win because you will struggle to find qualified workers, get reliable power/water/Internet, etc.
I learned a little Danish and Japanese with Rosetta Stone. I just learned simple "the cat is jumping over the ball" stuff, so I don't know how good it is for advanced learning. But the system is a lot of fun -- essentially a game where you do pattern matching, linking sounds with pictures on the screen. It covers basic nouns at first and then builds more complex phrases and sentences. It's all very natural -- no explicit grammar or rules to memorize, you pick that up unconciously.
Of course, chatting with someone patient is the best way to do it, but Rosetta Stone will get your foot in the door.
The Soul Of A New Machine by Tracy Kidder.
It was assigned in my computer architecture class. One of my favorite books, computer-related or otherwise. It's a book about a group of engineers working together to put together a new computer. It's great as a story about accomplishment and business, plus it's got lots of geekiness thrown in.
And it won the Pulitzer.
.. only a few hours to get the mechanic (i.e. patch your system)
should be: only a few hours to get to the mechanic...
dammit
Do smashing cars head-on into brick walls improve car safety? No, of course not. Evalution of the results of the crash, and using those findings to build better cars, that is what improves car safety, and the situation is entirely analogous in the security world.
Except that when researchers do a crash test only a handful of cars get destroyed. If the analogy applied here, after a crash test everyone with that car model would have only a few hours to get the mechanic (i.e. patch your system) before some script-kiddies destroyed the car.
Astronomers can then compare these four timings as seen from different locations, a known distance apart. Using some fairly simple geometry the distance between the Earth and the Sun can be calculated.
The method described apparently requires the astronomers to have synched clocks spread out over the globe. Since NTP was not in widespread use in 1716, how did they manage to keep the clocks in sync despite the long distances, different time zones and slow rates of travel back then?
Not saying it's impossible, but it seems like it would be an interesting problem. Anybody know the answer?
And I have no more right to work than anyone anywhere else - But the idea of going from the income that I barely get by on to a wage one third of what it is now, just to compete with someone who has never experienced indoor plumbing or a room of their own terrifies me.
It's a perfectly understandable fear -- as a society we value progress and innovation, but as individuals we like comfort and stability. And there's a way to even the score that doesn't kill innovation or hurt hard-working Indians: ask the government to give you a helping hand when you are down.
Outsourcing, automation and general market churn are great for society at large but bad for the workers getting fired. So it's fair to have society (through the government) somehow compensate the workers for lost wages until they find new jobs. So don't ask your elected representative to enact innovation-killing protectionist legislation. Ask them to create a decent social safety net.
And it should protect everybody, not just the outsourcing victims -- getting laid off due to outsourcing is no worse than getting laid off because a robot replaced you or your boss misjudged the market.
Anyone know where the images of this 'pasta-like' object are?
You can see it here. It's a little above and to the left of the center of the picture.
Other pictures from that day (sol 30 for Opportunity) are here. They drilled the area in the following days and there's a picture of the 'pasta' post-drilling, but finding that image is left as an exercise for the reader.
Pathfinder did it. Here's Phobos and Deimos.
You can read about what I did here. It's a headless Pentium 350 running Winamp on top of Windows 98 (yes, really). Winamp plugins let me control it through a web browser and automatically search the network for mp3s. The files are kept on a separate machine with a big hard drive.
I recently added a next-generation user interface device called a 'three-button mouse', but I haven't updated my web page yet. The 3 buttons are 'stop', 'next' and 'play', which is pretty much all I need. On the rare occaision I want to mess with the playlist I use the web interface.
Not the most elegant or advanced solution, but it was all done with stuff that I had already or could download for free and it fit my existing setup with minimal hassle.
What problem are electronic voting advocates trying to solve?
You can make ballots much easier to read with touch-screen voting. The ballot for my last local election had a few dozen questions including mayor, city council and a few referedum questions. Even with a very small font the ballot was the size of a newspaper page. This not only annoying; it makes it more likely that someone will make a mistake, reducing the legitimacy of the election.
With touch-screen voting you can dedicate a separate screen to each question and make it easy to read. You can also switch the ballot depending on language or (as somebody already mentioned) adjust the interface for disabilities like blindness.
So I think there are real benefits if they can work out some way of doing it reliably and securely.
Judging by the screenshots, it looks like a primitive version of some of the multiplayer levels in the sorta sequel Perfect Dark.
Michael
From the press release: similar events occurred several times during the Mars Pathfinder mission. So a friendly "Don't Panic."
That was yesterday, before some more failed attempts to contact the rover. Today they are calling it an "extremely serious anomaly".
This is an argument I've heard before from Americans, but all I can say is, it's really not like that.
Maybe it's that we don't assume that everyone is partisan.
I'm from Canada (where we also have non-partisan electoral commissions) and I live in the US (where everything is partisan). In my experience both sides are right. In America people are born and bred thinking that everyone is partisan and everyone actually is partisan. In Canada, where people are born and bred thinking civil servants should be non-partisan, there are actually non-partisan civil servants.
It seems like Canada and the US each have a system that's suited to their respective culture. I think it will take a change in culture for the US to adopt the Canadian system (or vice-versa).
Even as a small child when 8-bit micros had speech synthesizers, I wondered why, in the technologically advanced Star Wars society that damned robot couldn't speak in a human (or whatever) language.
It's called a speech impediment you intolerant jerk.
(sound of beeping)
Great. Now you've made R2 cry. I hope you're happy.
It makes me wonder what the reasons behind this are.
Quebec is the only French speaking state or province in North America. The 5 million French speakers in Quebec are surrounded by 300+ million English speakers in Canada and the US. People in Quebec worry that French will disappear in a generation, making Quebec just another English speaking part of North America and losing (or at least muting) a distict culture. So they pass laws encouraging the use of French (the law in question here applies to much more than video game sales). Personally, I think their fears of being assimilated are understandable.
I'm not the guy who made the claim, and this is off-topic, but...
From the Economist, Feb 6 2003
Michael