On the topic of complexity classes... Currently, the decision problem form of factorization is known to be in NP, co-NP, and BQP. Because it's within NP, it can not be NP-hard without being NP-complete. If it were shown to be NP-complete or co-NP-complete, that would imply that NP = co-NP, which is currently believed to to be false.
BQP is "bounded-error, quantum, polynomial" and represents what quantum computers are capable of. It is known to contain P and BPP, and to lie within PP and PSPACE.
Your claim that quantum computers should be able to solve NP-hard problems (presumably in polynomial time) doesn't make sense...
I believe that your formulation of the problem, "any public key cryptosystem", makes it impossible to prove anything. I think you should at least make a list of problems that are currently used as the basis of various public key systems and start hacking at them...
I'm sorry, but your post borders on incoherent, so it's difficult to comment on more of it.
RFC3546, section 3.1 specifies server name indication. mod_gnutls has supported it since April of 2005. mod_ssl (bug) is waiting on OpenSSL to make support possible. Opera has supported SNI since 8.0. IE7 has since beta 2. Mozilla/NSS/Firefox is ready to go with NSS 3.1.1/Gecko 1.8.1/Firefox 2.0. Konqueror will support it in 4.0 (bug). Safari is the only major browser without support (fresh bug).
First, I'll agree that, yes, CAcert is not supported by anything I know of. Mozilla finally got its act together and published a policy. The ball's in CAcert's court, last I heard; they need to have an audit done.
As I understand it, the point of the system is not to act as a content filter, but simply to establish identity. For e-mail certificates with no name (just the address), they simply send an e-mail probe. For domains, they run a WHOIS and you select one of the e-mail addresses in the registration info. If you actually want a name on your certificates, you must be assured by two people, who can be someone already in the web of trust or one of several widely trusted third parties. These procedures are comparable to the ones used by CAs that are installed in browsers, at least for their lower levels.
I really don't understand the belief that "only people with $20-1500/yr need to be authenticated." Really, anytime you send secret/valuable data, it should be sent to an authenticated server over an encrypted channel. CAcert is a program that provides some hope of achieving this. The other big thing is Server Name Indication support and the retirement of SSL2; that will allow multiple SSL certs per IP, removing another costly barrier.
Let's be realistic here: how many people actually use a different password for each website that uses one? how many of these sites actually use SSL?
If your gripe is based on some problem with CAcert's execution, then I encourage you to ignore this rant and elaborate on your points.
For end user-server communication:
Yeah, using SSL/TLS is almost guaranteed to work. Sadly, it looks like http://www.myopenid.com doesn't redirect to https://www.openid.com unless you're logged in, breaking the phishing defense aspect of it. (The form on the real site submits using SSl/TLS, but browsers don't indicate where forms will be submitted...)
For consumer-identity and consumer-server communication:
The OpenID page does not even mention support for SSL/TLS, much less encourage support for it. There's a similar silence about multiple openid.server links. I don't see how you can expect SSL/TLS to work without a good chance of breaking things.
The spec I'm reading uses three servers, none of which are authenticated. It also uses plain old HTTP, which is wide open to tampering.
So, the system is vulnerable to at least DNS poisioning (or simply a domain expiring) and man-in-the-middle attacks in several places:
Consumer fetches the identity page
Consumer contacts the server
User-agent contacts the server
Note that this is an obvious vehicle for phishing. The user is expecting to be redirected to a different page that they trust and are expected to enter some sort of credentials. Just use JavaScript to open a window with no location bar and something that looks like the page they're expecting; customization is easy since you can be pretty sure you know what identity server they're using.
The protocol has an "associate" mode that provides some semblance of authentication, but it seems to be temporary (OpenID::Server in CPAN defaults to 14 days). There's also this bit in the protocol that blows it away: "if you use an assoc_handle the server doesn't know about, it'll pick its own and you'll have to use dumb mode as well."
My bank, on the other hand, uses SSL or TLS with an X.509 certificate signed by another company whose sole purpose is to verify identities. If I don't trust that, I can at least check the certificate fingerprint every time I connect (like SSH), so I verify that I'm connecting to the same server. As for authenticating myself, I present information that only I should know (this part is weakest). There is authentication, encryption, and integrity.
I'm not asking for a full-blown PKI; simply verifying that each machine is the same would probably be sufficient. Encryption isn't necessary because the information transferred (your OpenID server and the answer it gives) is not confidential.
Unfortunately, OpenID is very weak for an authentication system; it has no authentication or integrity checking. I'll tolerate it for blog comments, because it is better than trusting anything, but there's no way on earth I want to use it where money or real privleges are involved.
"Keeping OpenSSH environments secure requires constantly updating the environment with latest security patches." This is the only mention of the frequency of patches. They never claim that you have to patch their version less often.
However, updating OpenSSH servers involves an extremely laborious and time-consuming process of source-code compilation, testing, installation, and configuration. This is the statement that upsets me the most. Distributions usually provide binaries. How are are these binaries different from recieving a binary from anywhere else? How does recieving a binary remove the need for testing? The only case I see the proprietary solution is when you have the same environment that the binary was tested in.
The remainder of that paragraph just claims that exorbitant costs ensue when you test updates. The obvious thing to do is, in some way, compare the values for each product: (number of releases) * (cost of testing each release) + (probability of threat between releases) * (cost of compromise)
It's also now availble via Firefox's update feature. Here's the page on addons.mozilla.org . Unfortunately, they seem to be having some problems... erm, I hope my server holds up at least until addons is doing better
I've expounded on why OpenID is insecure and I believe it is unnecessarily complicated.
Problems with OpenIDI put off reading the OpenIDspec because I though it was probably flawed. Now I just feel applying my head to my desk.
OpenID is led by with this philosophy:
The point of OpenID is to be dead simple, short-comings and all, so it's actually adopted.
The above is taken from a discussion of vulnerabilities. The problem with this lowest common denominator approach is that it's horribly broken. OpenID is currently no better than just giving the URL of your blog.
The number one problem is the complete lack of integrity checking. Everything in OpenID seems to be perfectly happy to let their requests be modified in transit. I think the problem with this are pretty damn obvious: nothing can be trusted. Fortunately, fixing this is pretty simple: use TLS. In today's shared hosting environment, you probably want to require support for server name indication.
Another brilliant idea: transmit the key that you'll use for signing later in plaintext.
Yes, you can ask for DH-SHA1 encryption and get back a plaintext secret. If this troubles you, don't use the handle and instead use dumb mode with that server. (and if somebody sniffed the plaintext secret, it won't matter, since you'll never accept queries using that assoc_handle). If the server can't do DH, it's probably limited in some way, but using dumb mode is still safe, if not a little slower.
I believe "limited in some way" means "completely insecure." "Dumb mode" is not safe because there's no key associated with the server, so there's no way to ensure you're talking to the same one or that someone isn't tampering.
I also don't see much point in using a symmetric key for speed and security when you're just encrypting a short string. It's so tiny that both improvements are similarly small.
Perhaps the biggest problem with OpenID is it's reliance on sending a user to another page to login. It's just too easy to spoof a page and fool most people. Even better, you can open a window using Javascript and hide the location bar. Even if you normally use TLS, most people probably won't notice if it's missing or the certificate is different. Also, most sites (including LiveJournal) include a completely insecure assurance that you're secure. For example, LiveJournal says "LiveJournal Secure Site "
A simpler and more secure alternativeThe only way to fix this is (gasp) get users to carry their own keys. If you stored your key in a bookmarklet or extension, you could sign something with it. This is completely feasible because Javascript cryptography implementation is done. You could submit your public key with the signed comment. If you wanted to associate yourself with a URL, all you need to do is link to a page with the public key. If the same public key can be used for the signature.. That's right, no special identity server is needed. The public key could be submitted directly or it can be linked to. It might be a pain to write out the entire URL to the key, so perhaps autodiscovery-from-HTML should be supported: <link rel="openpgp.key" href="http://www.livejournal.com/pubkey.bml?user=a trustheotaku"/> Note that no TLS is needed. The signature is secure in and of itself. If you want to support all the fanciness (e.g. revocation) of OpenPGP (spec), then you just need the
I actually switched to Gentoo after using FreeBSD for a couple years. I was mostly motivated by a desire for a 3D-accelerated driver for my Radeon card. I chose Gentoo because it seemed the closest to FreeBSD in terms of philosophy behind use. Using portage via emerge is very similar to using portinstall. The major difference I see is that portage was designed from the ground up for package management while the ports system started life as a collection of makefiles.
I'm not saying Gentoo is better, but I do prefer it's package system. I've also found that both have very helpful users. Whenever I had a problem in FreeBSD I'd post to a mailing list and get a quick, non-snobby response. My experience in the Gentoo forums has been similarly pleasant.
Also, both encourage you to build from source with your own compile (and in Gentoo, USE) flags.
I like both FreeBSD and Gentoo Linux a lot, and encourage users of one to try the other if your interested in the selling points of the other (FreeBSD is known for it's stability, Linux has a lot of devel activity)
In the future children get constant free memory upgrades, wig sales will increase dramaticlly, and the only people who are bald will be the "computing impaired"
Trillian, gaim, and others use oscar, I'm certain of that. AOL hasn't touched TOC since 1996, they did their bit as required by the FCC and have since moved on. If you've looked at the specification it's blindingly obvious that trillian, gaim, and the ohters couldn't do half the things it does if it used TOC. Tik is one of a very small number of AIM clients that uses the TOC protocol.
Because oscar is a closed protocol, gaim, trillian, and any other unofficial AIM clients that use it have only information from reverse engineering to work with. The diffrences between TOC and oscar are covered well enough in gaim protocol page.
One of two things probaly happened: 1) AOL extended the oscar protocol to handle the new charachters 2) The other clients can't handle the @ and . in screen names
I've mirrored the U o W page here complete with comments(don't shoot me, it's free).
The text of the main article is below:
At 10:00 today Microsoft Canada Co. President Frank Clegg announced $2.3 million funding that will facilitate three projects in the areas of academic research, education solutions, and curriculum integration. UW President David Johnston, UW's Director of ICR Vic DiCiccio, and MS Canada's Director of Education Sector George Kyriakis spoke as part of the announcement.
The aim of the research project is to develop equation recognition for new Tablet PCs that, in addition to having the functionality of laptops, have a screen which is touch sensitive to styli.
Clegg said that Tablet PCs are set to be released 7 November this year. He said he couldn't say for sure what the retail price will, "It would be great if we could get it down to the price of of a regular laptop."
Clegg and Dr. Dave discussing the Tablet PC The education solutions project will allow students to access lab equipment and simulators. A press release says that 8,000 course students in E&CE will benefit from this.
Under curriculum integration, first-choice applicants to UW's E&CE program will be allowed to take a new pre-university programming course in C#, E&CE 050. Completion of this course will be mandatory for students entering the E&CE program. C# is a new programming language developed by Microsoft.
The existing course E&CE 150, an introductory course to programming, will change from using C++ to C#.
DiCiccio commented on changing curriculum under the agreement, "E&CE weighed all the aspects of it and was comfortable with the change...UW is really sensitive to curriculum decisions it makes." He also joked, "$2.3 million isn't enough to sacrifice curriculum."
DiCiccio, Johnston, Clegg and Kyriakis At the end of the press conference, Clegg and President Johnston signed the agreement using an Acer Tablet PC. The announcement was made at UW in the Davis Centre's ICR Corporate Partner Lounge, which is also known as the fishbowl or the wine-and-cheese lounge. About 100 people attended.
The funding is part of the Microsoft Canada Academic Innovation Alliance, a $10 million dollar fund administered over five years that will accept proposals from acredited universities. A press release describes the four categories of the fund, academic research, education solutions, curriculum integration and industry outreach.
Kyriakis said, "We believe we should create ties between the business community and the academic community to ensure that innovation happens into the future." He added, "What we're doing at Waterloo is just fantastic."
All projects under the alliance will incorporate Microsoft technology. Clegg said, "We think that is the value that we provide."
Microsoft Canada President Frank Clegg has agreed to answer the 10 best questions posed by uws readers about the Microsoft Canada Academic Innovation Alliance, and its impact at UW. So, post your questions. uws editors will select the 10 best and send them to Mr. Clegg, then post his responses.
mandatory course on C# for all electrical and computer engineers.
That just doesn't make sense. Last time I checked, C# was supposed to be a high level language (MS's competitor to java) and electrical and computer engineering are very low level (C++ is as high I'd expect them to work with).
Well, once you include linux you get into the preffered distro battle.
FreeDOS is obviously a a good neutral choice, no one would believe Dell expects you to install it, it's free for them, and it can be taken as a joke (or "apology") to microsoft (FreeDOS is, as the name suggests, a free MS-DOS compatible OS).
Most applications edit in an uncompressed format like avi or uncompressed quicktime
Most applications use compressed video because uncompressed video streams are roughly 235 megabits per second (over 1Gb/s for HDTV). For the math impaired that apromimately 29 megaBYTES per second of video. That means your cute little 5 minute video requires 8.6 gigabytes! Most computers ship with 40GB drives, which means you couldn't even edit 20 minutes of video.
So we use compression. If you're feeling especially powerful, you use HuffyUV because it's lossless. Most people use DV, it's 25 megabits per second is a reasonable cost, it's interframe which means it's easy to manipulate, most home digital cameras record in it (so no nasty recompression), and it looks great. DV is supported by both Microsoft AVI and Apple quicktime. At NBC they use DV pro (which is a 50 megabits per second that has a larger color space) for their digital editing suites.
Just because it's a somewhat inconsequential topic to everyday life doesn't mean it's not something that's useless.
After removing the negative that nullify each other you get:
Just because it's a somewhat inconsequential topic to everyday life means it's something that's useless.
Obviously not what you intended (it also makes it much more obvious that you could have removed "something that's" and saved everyone the trouble of reading gratuitous charachters). I keep telling people that a even number of negatives in a sentence is going to cause a disaster, like an intergalactic war, a hole in the ozone layer, my fingers falling off from writing corrections, or possibly even people-who-were-trying-to-read-the-sentence's heads exploding! As an example, "None your base are not belong to us" is a most confusing and statement. Players might be confused about the storyline and thousands of geeks would be forced to utter a gratuitous syllables. I doubt that many people's confusion would change, except for a decreased probability of them understanding, so overall the damage would be minimal, but I'm not one to rely upon ignorance and confusion for protection.
There are a lot more mixes than that. There are about 19 home mixes, I'm not going to bother with the arcade versions (according to ddrfreak). The U.S. versions have incldued a total of 2 new songs so far, and probaly shouldn't be counted, but were.
Making software writers/distributers liable for bugs is simply impractical. Software is simply not like a bridge or a toaster. Software is incredibly complex, and it runs on machines that are also highly complex, connected to other machines with equal complexity. All the interactions can't possibly be comprehended.
This reminds me of one of one too-complex-too-understand thing everyone uses everyday: the human body. Medical care people (doctors, surgeons, etc.) are expected to do what they can to remedy a problem but are not held accountable. The only time you can sue or prosecute them is when they willfully cause "failure". The human body is simply too complex for one person to understand entirely and most computer systems have a similar problem. While it is possible for software developers (including corporatons) to completely understand one specific setup, it is impossible for them to test all possible combinations of hardware, software, and circumstances. Now if they know of an incompatibility with something they are responsible for making it possible for their users to know of it. This is similar to the warnings on most over-the-counter medications (don't take this if you have liver pproblems or somesuch).
I don't think these are good metrics at all, what about how many Linux kernals you can buy with it? Wait, that divide by zero is a problem for that calculation. Hm, then perhaps we could put this in terms of iPods or a beowulf cluster with x nodes.
iPods: 72,727,273 beowulf cluster nodes: about 450,000
Now that's a lot of mp3s. Or a lot of processing power.
Slashdot Mirror
On the topic of complexity classes ... Currently, the decision problem form of factorization is known to be in NP, co-NP, and BQP. Because it's within NP, it can not be NP-hard without being NP-complete. If it were shown to be NP-complete or co-NP-complete, that would imply that NP = co-NP, which is currently believed to to be false.
...
...
BQP is "bounded-error, quantum, polynomial" and represents what quantum computers are capable of. It is known to contain P and BPP, and to lie within PP and PSPACE.
Your claim that quantum computers should be able to solve NP-hard problems (presumably in polynomial time) doesn't make sense
I believe that your formulation of the problem, "any public key cryptosystem", makes it impossible to prove anything. I think you should at least make a list of problems that are currently used as the basis of various public key systems and start hacking at them
I'm sorry, but your post borders on incoherent, so it's difficult to comment on more of it.
RFC3546, section 3.1 specifies server name indication. mod_gnutls has supported it since April of 2005. mod_ssl (bug) is waiting on OpenSSL to make support possible. Opera has supported SNI since 8.0. IE7 has since beta 2. Mozilla/NSS/Firefox is ready to go with NSS 3.1.1/Gecko 1.8.1/Firefox 2.0. Konqueror will support it in 4.0 (bug). Safari is the only major browser without support (fresh bug).
First, I'll agree that, yes, CAcert is not supported by anything I know of. Mozilla finally got its act together and published a policy. The ball's in CAcert's court, last I heard; they need to have an audit done.
As I understand it, the point of the system is not to act as a content filter, but simply to establish identity. For e-mail certificates with no name (just the address), they simply send an e-mail probe. For domains, they run a WHOIS and you select one of the e-mail addresses in the registration info. If you actually want a name on your certificates, you must be assured by two people, who can be someone already in the web of trust or one of several widely trusted third parties. These procedures are comparable to the ones used by CAs that are installed in browsers, at least for their lower levels.
I really don't understand the belief that "only people with $20-1500/yr need to be authenticated." Really, anytime you send secret/valuable data, it should be sent to an authenticated server over an encrypted channel. CAcert is a program that provides some hope of achieving this. The other big thing is Server Name Indication support and the retirement of SSL2; that will allow multiple SSL certs per IP, removing another costly barrier.
Let's be realistic here: how many people actually use a different password for each website that uses one? how many of these sites actually use SSL?
If your gripe is based on some problem with CAcert's execution, then I encourage you to ignore this rant and elaborate on your points.
For end user-server communication: ...)
Yeah, using SSL/TLS is almost guaranteed to work. Sadly, it looks like http://www.myopenid.com doesn't redirect to https://www.openid.com unless you're logged in, breaking the phishing defense aspect of it. (The form on the real site submits using SSl/TLS, but browsers don't indicate where forms will be submitted
For consumer-identity and consumer-server communication:
The OpenID page does not even mention support for SSL/TLS, much less encourage support for it. There's a similar silence about multiple openid.server links. I don't see how you can expect SSL/TLS to work without a good chance of breaking things.
The spec I'm reading uses three servers, none of which are authenticated. It also uses plain old HTTP, which is wide open to tampering.
So, the system is vulnerable to at least DNS poisioning (or simply a domain expiring) and man-in-the-middle attacks in several places:
- Consumer fetches the identity page
- Consumer contacts the server
- User-agent contacts the server
Note that this is an obvious vehicle for phishing. The user is expecting to be redirected to a different page that they trust and are expected to enter some sort of credentials. Just use JavaScript to open a window with no location bar and something that looks like the page they're expecting; customization is easy since you can be pretty sure you know what identity server they're using.The protocol has an "associate" mode that provides some semblance of authentication, but it seems to be temporary (OpenID::Server in CPAN defaults to 14 days). There's also this bit in the protocol that blows it away: "if you use an assoc_handle the server doesn't know about, it'll pick its own and you'll have to use dumb mode as well."
My bank, on the other hand, uses SSL or TLS with an X.509 certificate signed by another company whose sole purpose is to verify identities. If I don't trust that, I can at least check the certificate fingerprint every time I connect (like SSH), so I verify that I'm connecting to the same server. As for authenticating myself, I present information that only I should know (this part is weakest). There is authentication, encryption, and integrity.
I'm not asking for a full-blown PKI; simply verifying that each machine is the same would probably be sufficient. Encryption isn't necessary because the information transferred (your OpenID server and the answer it gives) is not confidential.
Unfortunately, OpenID is very weak for an authentication system; it has no authentication or integrity checking. I'll tolerate it for blog comments, because it is better than trusting anything, but there's no way on earth I want to use it where money or real privleges are involved.
"Keeping OpenSSH environments secure requires constantly updating the environment with latest security patches."
This is the only mention of the frequency of patches. They never claim that you have to patch their version less often.
However, updating OpenSSH servers involves an extremely laborious and time-consuming process of source-code compilation, testing, installation, and configuration.
This is the statement that upsets me the most. Distributions usually provide binaries. How are are these binaries different from recieving a binary from anywhere else? How does recieving a binary remove the need for testing? The only case I see the proprietary solution is when you have the same environment that the binary was tested in.
The remainder of that paragraph just claims that exorbitant costs ensue when you test updates. The obvious thing to do is, in some way, compare the values for each product:
(number of releases) * (cost of testing each release) + (probability of threat between releases) * (cost of compromise)
It's also now availble via Firefox's update feature. Here's the page on addons.mozilla.org . Unfortunately, they seem to be having some problems ... erm, I hope my server holds up at least until addons is doing better
Problems with OpenIDI put off reading the OpenID spec because I though it was probably flawed. Now I just feel applying my head to my desk.
OpenID is led by with this philosophy:
The above is taken from a discussion of vulnerabilities. The problem with this lowest common denominator approach is that it's horribly broken. OpenID is currently no better than just giving the URL of your blog.
The number one problem is the complete lack of integrity checking. Everything in OpenID seems to be perfectly happy to let their requests be modified in transit. I think the problem with this are pretty damn obvious: nothing can be trusted. Fortunately, fixing this is pretty simple: use TLS. In today's shared hosting environment, you probably want to require support for server name indication.
Another brilliant idea: transmit the key that you'll use for signing later in plaintext.
I believe "limited in some way" means "completely insecure." "Dumb mode" is not safe because there's no key associated with the server, so there's no way to ensure you're talking to the same one or that someone isn't tampering.
/>
I also don't see much point in using a symmetric key for speed and security when you're just encrypting a short string. It's so tiny that both improvements are similarly small.
Perhaps the biggest problem with OpenID is it's reliance on sending a user to another page to login. It's just too easy to spoof a page and fool most people. Even better, you can open a window using Javascript and hide the location bar. Even if you normally use TLS, most people probably won't notice if it's missing or the certificate is different. Also, most sites (including LiveJournal) include a completely insecure assurance that you're secure. For example, LiveJournal says "LiveJournal Secure Site "
A simpler and more secure alternativeThe only way to fix this is (gasp) get users to carry their own keys. If you stored your key in a bookmarklet or extension, you could sign something with it. This is completely feasible because Javascript cryptography implementation is done. You could submit your public key with the signed comment. If you wanted to associate yourself with a URL, all you need to do is link to a page with the public key. If the same public key can be used for the signature.. That's right, no special identity server is needed. The public key could be submitted directly or it can be linked to. It might be a pain to write out the entire URL to the key, so perhaps autodiscovery-from-HTML should be supported:
<link rel="openpgp.key" href="http://www.livejournal.com/pubkey.bml?user=a trustheotaku"
Note that no TLS is needed. The signature is secure in and of itself. If you want to support all the fanciness (e.g. revocation) of OpenPGP (spec), then you just need the
I actually switched to Gentoo after using FreeBSD for a couple years. I was mostly motivated by a desire for a 3D-accelerated driver for my Radeon card. I chose Gentoo because it seemed the closest to FreeBSD in terms of philosophy behind use. Using portage via emerge is very similar to using portinstall. The major difference I see is that portage was designed from the ground up for package management while the ports system started life as a collection of makefiles.
I'm not saying Gentoo is better, but I do prefer it's package system. I've also found that both have very helpful users. Whenever I had a problem in FreeBSD I'd post to a mailing list and get a quick, non-snobby response. My experience in the Gentoo forums has been similarly pleasant.
Also, both encourage you to build from source with your own compile (and in Gentoo, USE) flags.
I like both FreeBSD and Gentoo Linux a lot, and encourage users of one to try the other if your interested in the selling points of the other (FreeBSD is known for it's stability, Linux has a lot of devel activity)
In the future children get constant free memory upgrades, wig sales will increase dramaticlly, and the only people who are bald will be the "computing impaired"
Trillian, gaim, and others use oscar, I'm certain of that. AOL hasn't touched TOC since 1996, they did their bit as required by the FCC and have since moved on. If you've looked at the specification it's blindingly obvious that trillian, gaim, and the ohters couldn't do half the things it does if it used TOC. Tik is one of a very small number of AIM clients that uses the TOC protocol.
Because oscar is a closed protocol, gaim, trillian, and any other unofficial AIM clients that use it have only information from reverse engineering to work with. The diffrences between TOC and oscar are covered well enough in gaim protocol page.
One of two things probaly happened:
1) AOL extended the oscar protocol to handle the new charachters
2) The other clients can't handle the @ and . in screen names
I've mirrored the U o W page here complete with comments(don't shoot me, it's free).
The text of the main article is below:
At 10:00 today Microsoft Canada Co. President Frank Clegg announced $2.3 million funding that will facilitate three projects in the areas of academic research, education solutions, and curriculum integration. UW President David Johnston, UW's Director of ICR Vic DiCiccio, and MS Canada's Director of Education Sector George Kyriakis spoke as part of the announcement.
The aim of the research project is to develop equation recognition for new Tablet PCs that, in addition to having the functionality of laptops, have a screen which is touch sensitive to styli.
Clegg said that Tablet PCs are set to be released 7 November this year. He said he couldn't say for sure what the retail price will, "It would be great if we could get it down to the price of of a regular laptop."
Clegg and Dr. Dave discussing the Tablet PC The education solutions project will allow students to access lab equipment and simulators. A press release says that 8,000 course students in E&CE will benefit from this.
Under curriculum integration, first-choice applicants to UW's E&CE program will be allowed to take a new pre-university programming course in C#, E&CE 050. Completion of this course will be mandatory for students entering the E&CE program. C# is a new programming language developed by Microsoft.
The existing course E&CE 150, an introductory course to programming, will change from using C++ to C#.
DiCiccio commented on changing curriculum under the agreement, "E&CE weighed all the aspects of it and was comfortable with the change...UW is really sensitive to curriculum decisions it makes." He also joked, "$2.3 million isn't enough to sacrifice curriculum."
DiCiccio, Johnston, Clegg and Kyriakis At the end of the press conference, Clegg and President Johnston signed the agreement using an Acer Tablet PC. The announcement was made at UW in the Davis Centre's ICR Corporate Partner Lounge, which is also known as the fishbowl or the wine-and-cheese lounge. About 100 people attended.
The funding is part of the Microsoft Canada Academic Innovation Alliance, a $10 million dollar fund administered over five years that will accept proposals from acredited universities. A press release describes the four categories of the fund, academic research, education solutions, curriculum integration and industry outreach.
Kyriakis said, "We believe we should create ties between the business community and the academic community to ensure that innovation happens into the future." He added, "What we're doing at Waterloo is just fantastic."
All projects under the alliance will incorporate Microsoft technology. Clegg said, "We think that is the value that we provide."
Microsoft Canada President Frank Clegg has agreed to answer the 10 best questions posed by uws readers about the Microsoft Canada Academic Innovation Alliance, and its impact at UW. So, post your questions. uws editors will select the 10 best and send them to Mr. Clegg, then post his responses.
mandatory course on C# for all electrical and computer engineers.
That just doesn't make sense. Last time I checked, C# was supposed to be a high level language (MS's competitor to java) and electrical and computer engineering are very low level (C++ is as high I'd expect them to work with).
Well, once you include linux you get into the preffered distro battle.
FreeDOS is obviously a a good neutral choice, no one would believe Dell expects you to install it, it's free for them, and it can be taken as a joke (or "apology") to microsoft (FreeDOS is, as the name suggests, a free MS-DOS compatible OS).
Minor inaccuracy in my post: the quoted data rates include two channels of audio, they require a comparatively small amount of data
Most applications edit in an uncompressed format like avi or uncompressed quicktime
Most applications use compressed video because uncompressed video streams are roughly 235 megabits per second (over 1Gb/s for HDTV). For the math impaired that apromimately 29 megaBYTES per second of video. That means your cute little 5 minute video requires 8.6 gigabytes! Most computers ship with 40GB drives, which means you couldn't even edit 20 minutes of video.
So we use compression. If you're feeling especially powerful, you use HuffyUV because it's lossless. Most people use DV, it's 25 megabits per second is a reasonable cost, it's interframe which means it's easy to manipulate, most home digital cameras record in it (so no nasty recompression), and it looks great. DV is supported by both Microsoft AVI and Apple quicktime. At NBC they use DV pro (which is a 50 megabits per second that has a larger color space) for their digital editing suites.
Just because it's a somewhat inconsequential topic to everyday life doesn't mean it's not something that's useless.
After removing the negative that nullify each other you get:
Just because it's a somewhat inconsequential topic to everyday life means it's something that's useless.
Obviously not what you intended (it also makes it much more obvious that you could have removed "something that's" and saved everyone the trouble of reading gratuitous charachters). I keep telling people that a even number of negatives in a sentence is going to cause a disaster, like an intergalactic war, a hole in the ozone layer, my fingers falling off from writing corrections, or possibly even people-who-were-trying-to-read-the-sentence's heads exploding! As an example,
"None your base are not belong to us"
is a most confusing and statement. Players might be confused about the storyline and thousands of geeks would be forced to utter a gratuitous syllables. I doubt that many people's confusion would change, except for a decreased probability of them understanding, so overall the damage would be minimal, but I'm not one to rely upon ignorance and confusion for protection.
*runs for protection*
It was, at least in 1999, according to this article. It hasn't been mentioned as a problem in recent articles, such as this
However, if you actually bother reading the licenses on the code that gets embedded by bison and gcc, special excemptions are made --
Thus, code compiled with gcc may be distributed under any license you want. Sorry, thanks for playing.
I reccomend this FAQ entry for a practical explanation of the LGPL.
There was a contest for a new logo, and after over 100 people participated they decided that "none of them were what we were looking for".
That was the FreeBSD Foundation, which I'm fairly certain is seperate from the FreeBSD core team.
There are a lot more mixes than that. There are about 19 home mixes, I'm not going to bother with the arcade versions (according to ddrfreak). The U.S. versions have incldued a total of 2 new songs so far, and probaly shouldn't be counted, but were.
This reminds me of one of one too-complex-too-understand thing everyone uses everyday: the human body. Medical care people (doctors, surgeons, etc.) are expected to do what they can to remedy a problem but are not held accountable. The only time you can sue or prosecute them is when they willfully cause "failure". The human body is simply too complex for one person to understand entirely and most computer systems have a similar problem. While it is possible for software developers (including corporatons) to completely understand one specific setup, it is impossible for them to test all possible combinations of hardware, software, and circumstances. Now if they know of an incompatibility with something they are responsible for making it possible for their users to know of it. This is similar to the warnings on most over-the-counter medications (don't take this if you have liver pproblems or somesuch).
I don't think these are good metrics at all, what about how many Linux kernals you can buy with it? Wait, that divide by zero is a problem for that calculation. Hm, then perhaps we could put this in terms of iPods or a beowulf cluster with x nodes.
iPods: 72,727,273
beowulf cluster nodes: about 450,000
Now that's a lot of mp3s. Or a lot of processing power.
Is this this "pizza delivery boy" mode? Or, more correctly "ball delivery killing machine"
"Red team, this is blue team. We know you have our balls and would like you to return them"