Hey, there are worse things than living in Canada, which is where he's from. We'll certainly be applying for professorships in both countries; as with all professors, we'll have limited choices on where to live, and we want to live soemwhere with good public transit/biking and so forth. So yes, the flexibility is good... I can't imagine why the visas would work like that for medical school, I've seen them work differently for CS. (It did actually involve interviews with the INS, and I don't expect our case to be any different. I suppose we could just drag his ex in, who, up until a week ago, was incredibly bitter about us being together, but certainly knows we got together for love;) )
FIRST was a wonderful thing when I was involved in it (I was on a team, then helped coach one). It does, however, require a LOT of committment on the part of whatever adults are involved. The team I was on, for example, wouldn't let the adults near the robot most of the time (we wanted to do it ourselves;) ), but legally, someone needed to be in the building and responsible. This meant a lot of all-nighters for a lot of people who had families and lives.
We appreciated it greatly (and I went on to work for both NASA and PARC through those connections), but I can tell it was quite hard on them. They certainly had a lot of fun, though. Where else do you get to see people program for so long that they fall asleep and fall right off their stool?
I do know that they're very anal-retentive about no-work student visas nowadays (I wasn't aware there was any other kind!). Someone two doors down from me got stuck in their home country for 6 months. Someone two doors down from my advisor got stuck in their home country for 9. My fiance is very careful to not accept money or anything that could be construed as an exchange for money when our dance group performs. The US also makes him promise to leave the country every time he comes in. ("Why yes, we've paid $500,000 for your education in grants, but you MUST LEAVE." Won't they be 'dissapointed' if we stay here, as I'm a citizen.)
I'm not sure how professorship visas work, but no one I know in grad school seems concerned about getting one if they get a professorship in the US. You do, however, have to be careful about returning to your home country for a conference, as you might get stuck there. (My advisor has had this problem.)
Heh. I'm part of CyLab (though I tend to work with other people); it's a collection of researchers at CMU. I'm not sure whose work this is, though I would guess that the reporter is stating the results of some research. It's an average figure, however, and I'm not sure exactly what they examined to obtain it.
The upshot is that it's a vague statement, and I'm sure it has to do vaguely with some good research. I'm sure the Stanford researchers did a good job, too. Reporting just tends to do somewhat of a gloss-over job, which sometimes makes the statements inaccurate. Notice that you regularly see letters from the researchers correcting last month's stories in any popsci magazine. This is no different.
(Err... just a note. The reason he's had trouble getting people to use them is not code-related, it's more ego-related. This, for me, really reinforces the moral -- be nice to people who patch your code as part of their research.)
I'm not sure if this is my friend's research (he's a PhD student at Stanford, and works in this area), but he has submitted patches for bugs found in the course of his work to all sorts of open-source projects. He has had a TERRIBLE time getting people to actually use them. This frustrates him, very much.
Moral of the story: if you want people to do research on finding and fixing bugs on your software, take their patches regularly, and think about thanking them for it.
I'm not a programmer-type either, but I'm familiar with some of this research. There are a few techniques that I've seen, but don't consider this to be complete, my research is in crypto, not code.
1. code patterns -- if you see something that looks like a pattern, it is probably a bug... "if(x = 0)", for example. of course, you have to check that it actually IS a bug, but you can catch certain common things that way.
2. type safety -- tools can go through your code (either statically or while it's running) and look for type violations. for example, you might write an int to an unsigned int, or mix up pointers and ints, which could be bad. you can catch a stunning number of bugs this way.
3. pointer analysis -- another annoying bug can be in aliasing, where you have multiple pointers that may or may not be pointing at the same memory. are you really/trying/ to overwrite that data structure pointed to by another pointer? In general, this sort of analysis is hard (undecidable, off of the top of my head), but feasible in limited cases.
I'm not sure what sorts of current tools are released by these researchers, but this is a very basic overview of the techniques I've heard about people using recently. (Repeat disclaimer: I'm a theorist.)
When I worked there a few years ago, there were more tablet-based installations than I saw today (stuck onto walls around CSL, mainly). Ubiquitous computing seems more focused on adding cool functionality to things you already have, making them work together and talk to each other. I'm not saying they might not use them, but it doesn't seem to be the primary focus.
Re:Concur with the "no more registration required"
on
The Year In Ideas
·
· Score: 4, Interesting
>You can even use the time between strokes as a crude measure of distance between (unknown) keys, or as a hint as to what kind of stuff is being typed (c code will sound different from a memo, even if the keys are all the same) to improve your frequency analysis
My advisor (Dawn Song) has a paper (with other people, of course) about timing analysis of interactive ssh sessions. Basically, the upshot is that you can watch how long it is between packets that come out, and you get one packet per keystroke (iirc), so you can use this to learn about what they're typing. It's reasonably difficult, of course, but the microphone attack does gain extra information which the ssh attack does not.
If you're interested, a pdf is at http://www.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf
He couldn't have saved a lot of bulk, because he was using a pre-made casing. No matter how empty he made the inside, the outside is still going to have the same dimensions.
I'd prefer to look at it as room for creativity. What else would be useful (and not too heavy) for a computer like this one? My first thought would be a slide-out keyboard, like the mouse on my dad's tiny laptop. Push a button, and *shoop* a keyboard which is supported on your desk-surface. (This allows you to save a LOT of bulk in supportive materials, even with little spring loaded legs.) My next thought is that you might be able to get some useful audio hardware in there.
And, of course, there is the age-old "secret drawer" technique. No more writing your passwords down and sticking them to the bottom of your keyboard. No, instead you type in the correct password and *poof* out they come, in their own secret drawer. Very. Secret.
What they/really/ need is to also give you a correct reference in the popular formats. Heck, I'd pay for bibtex on short notice, and I'd be happy to contribute back the citations I type up.
It depends on where you live. I've lived in several places (not even rural), where it would take well upwards of an hour to walk to school. This is certainly possible, but difficult when that would involve leaving home at 5:30am in the snow. Biking was quite unsafe in at least one of these places, and impossible for a good part of the year in another. Urban planning often doesn't allow for responsible methods of transportation, which is a terrible pity.
I treasure living somewhere where I only have to use my car to go dancing, and not for commuting, partially because I've lived the alternative.
> Being a part of the F/OSS community and being gay, I always have the feeling that any respect that I've gained would just trickle away if I came out.
Personally, I'd be absolutely baffled that anyone could connect intellegence and productivity to sexual orientation. Idiocy being the way it is, however, I would not be surprised if this were to happen to a small extent. Still, I would trust the majority of people to be more mature, more open-minded, and less bloody stupid than that. I'm not at all sure that the consequences would be severe, even in the worst case.
>I find it increasingly difficult to deal with such situations and control my anger without inadvertently coming out.
I also find it very difficult to deal with such situations and control my anger. I don't have the additional worry about coming out, but I have quite an urge to sit them down and whack them with a clue-by-four. Sometimes this has had positive results.
I'm not telling you to come out, I'm just saying that you should consider the consequences. Being openly gay around those who are intolerant can be exhausting and painful, but also offers an opportunity to confront their ignorance. Perhaps I'm idealistic, but I truly believe that this is the path to alleviating prejudice associated with sexual orientation, gender, religion, race, and so many others.
It's a heck of a slog, though. I believe it is each of our responsibility to work towards a more tolerant, prosperous, healthy, educated, and happy world, and so for me, it is worth it.
How would you find out easily? Universities are accredited by different organizations. MIT isn't accredited at all, last I heard, under the theory that people already know they're just fine. The reason the organization that accredits UC Berkeley has any clout is that it accredits Berkeley. This doesn't sound that organized to me.
Fake online universities put up all sorts of fake stuff on the web to try to give the impression of legitimacy. I'm not aware of a list of "real" universities to check credentials against, and this tactic implies that a simple google search might not be all that helpful. (Putting up a page saying "this university is fake" doesn't fix the problem; they have tons and tons of names.)
I didn't remember it being that bad... except possibly the cockroach one. Frankly, I thought it was just a fun, light game to play in between other games. The Star Wars game where you battle little miniature figures tends to have hand management problems and one player will get whooped, but it's fast and fun enough not to matter.
You want to be really, really careful when trying to combine hash functions to gain more security. You never want to show up as one of those examples illustrating the principle of Don't Roll Your Own Crypto. I believe there was an interesting paper in crypto 2004 that dealt with this.
SHA-1 is currently considered the best option that I'm aware of. The best attack is not practical for the full scheme, only for subsets. There have been several proposals that seem to fix the vulnerability, but I'd personally use SHA-1 for now and wait until at least crypto and eurocrypt next year to see what starts shaking out. I'm not active in this area, so I can't speculate as to what that will be.
SHA-1 has an attack that's somewhat troubling. I'd look to next year's crypto and eurocrypt conferences to see starts shaking out as the new standard.
Still... I would switch out MD5 if you have a target that's worth pretty much anything at all. After a break like this, I'd expect MD5 to become basically useless pretty fast. Of course, I don't work in hash collisions, I work mostly in protocols...
Ice House is more of a gaming kit than anything else. There are literally dozens of games (perhaps hundreds) that use those pieces. I've played several sets of rules, and I found them fun, but they are not near the top of my favorite games list, so I haven't pursued it. Basically I have very little free time, so it's easier for me to buy games which I know are very good and play those, instead of hunting for a fun game with those pieces.
I'm having trouble tracking down the paper right now, but this is not necessarily true for even unrelated hash functions. In fact, you can even treat one of them like a random oracle (which is perfect), and fail.
When you're dealing with cryptography, it should be very, very, very hard to find collisions. If you find enough of them, you can proabably find something bad with the same hash value. For example, if you sign a digital document that says you're going to pay me $1 for my pencil, and I find a suitable hash collision, I could make it look like you signed a promise to pay me $3,000 for some used tissue. I wouldn't rule out that someone could find a harmful collision for a program distributed online, and substitute a trojan. If the prize gives enough reward, people will throw a lot of computational power at it, and will likely hit pay dirt.
Secondly, this is quite a signifigant break. Once a hash function has had an attack like this discovered, it often becomes completely useless not long down the road. I work in cryptography, and the people I know have written off MD5. Heck, the people I know are also quite worried about SHA-1, and the current best attack against that one isn't nearly as strong.
The upshot of this is that this hash function should NOT be considered secure any more. For now, if you are not protecting anything of high value, you're probably fine. Tomorrow? Possbily. But soon, you're not going to be protected at all, and so you should start worrying about that now, instead of when you're already in trouble.
You're in for a world of fun. Go check out www.boardgamegeek.com, where you can find reviews and lists of games. When I found it, I was like a kid in a candy store. My game collection is a lot more fun now.
A few "must have" reccomendations to get you started, based on what you've said... I'd say Bohnanza to play with people who don't play games much (this one goes over well with women, especially), El Grande, and a Kniza game such as Samurai. I bet you'll love all of those, and there are tons of other fun ones, like San Juan, Through the Desert, Lord of the Rings (the cooperate Kniza version), Tigris&Euphrates, Lost Cities, Queen's Necklace (this one is MUCH better than the description would make you think, and you can play online for free. that's what got me to buy it.)
Slashdot Mirror
Hey, there are worse things than living in Canada, which is where he's from. We'll certainly be applying for professorships in both countries; as with all professors, we'll have limited choices on where to live, and we want to live soemwhere with good public transit/biking and so forth. So yes, the flexibility is good... I can't imagine why the visas would work like that for medical school, I've seen them work differently for CS. (It did actually involve interviews with the INS, and I don't expect our case to be any different. I suppose we could just drag his ex in, who, up until a week ago, was incredibly bitter about us being together, but certainly knows we got together for love ;) )
Lea
FIRST was a wonderful thing when I was involved in it (I was on a team, then helped coach one). It does, however, require a LOT of committment on the part of whatever adults are involved. The team I was on, for example, wouldn't let the adults near the robot most of the time (we wanted to do it ourselves ;) ), but legally, someone needed to be in the building and responsible. This meant a lot of all-nighters for a lot of people who had families and lives.
We appreciated it greatly (and I went on to work for both NASA and PARC through those connections), but I can tell it was quite hard on them. They certainly had a lot of fun, though. Where else do you get to see people program for so long that they fall asleep and fall right off their stool?
Lea
I do know that they're very anal-retentive about no-work student visas nowadays (I wasn't aware there was any other kind!). Someone two doors down from me got stuck in their home country for 6 months. Someone two doors down from my advisor got stuck in their home country for 9. My fiance is very careful to not accept money or anything that could be construed as an exchange for money when our dance group performs. The US also makes him promise to leave the country every time he comes in. ("Why yes, we've paid $500,000 for your education in grants, but you MUST LEAVE." Won't they be 'dissapointed' if we stay here, as I'm a citizen.)
I'm not sure how professorship visas work, but no one I know in grad school seems concerned about getting one if they get a professorship in the US. You do, however, have to be careful about returning to your home country for a conference, as you might get stuck there. (My advisor has had this problem.)
Lea
This is why researchers are working on it. If it weren't hard, no one would bother touching it! :)
Lea
Heh. I'm part of CyLab (though I tend to work with other people); it's a collection of researchers at CMU. I'm not sure whose work this is, though I would guess that the reporter is stating the results of some research. It's an average figure, however, and I'm not sure exactly what they examined to obtain it.
The upshot is that it's a vague statement, and I'm sure it has to do vaguely with some good research. I'm sure the Stanford researchers did a good job, too. Reporting just tends to do somewhat of a gloss-over job, which sometimes makes the statements inaccurate. Notice that you regularly see letters from the researchers correcting last month's stories in any popsci magazine. This is no different.
Lea
(Err... just a note. The reason he's had trouble getting people to use them is not code-related, it's more ego-related. This, for me, really reinforces the moral -- be nice to people who patch your code as part of their research.)
Lea
I'm not sure if this is my friend's research (he's a PhD student at Stanford, and works in this area), but he has submitted patches for bugs found in the course of his work to all sorts of open-source projects. He has had a TERRIBLE time getting people to actually use them. This frustrates him, very much.
Moral of the story: if you want people to do research on finding and fixing bugs on your software, take their patches regularly, and think about thanking them for it.
Lea
I'm not a programmer-type either, but I'm familiar with some of this research. There are a few techniques that I've seen, but don't consider this to be complete, my research is in crypto, not code.
/trying/ to overwrite that data structure pointed to by another pointer? In general, this sort of analysis is hard (undecidable, off of the top of my head), but feasible in limited cases.
1. code patterns -- if you see something that looks like a pattern, it is probably a bug... "if(x = 0)", for example. of course, you have to check that it actually IS a bug, but you can catch certain common things that way.
2. type safety -- tools can go through your code (either statically or while it's running) and look for type violations. for example, you might write an int to an unsigned int, or mix up pointers and ints, which could be bad. you can catch a stunning number of bugs this way.
3. pointer analysis -- another annoying bug can be in aliasing, where you have multiple pointers that may or may not be pointing at the same memory. are you really
I'm not sure what sorts of current tools are released by these researchers, but this is a very basic overview of the techniques I've heard about people using recently. (Repeat disclaimer: I'm a theorist.)
Lea
And, of course, there's also the Japanese space agency, as well as the Chinese, and I seem to remember some noise from India about sending people up.
Hopefully that'll inspire some money and useful direction for NASA...
Lea
When I worked there a few years ago, there were more tablet-based installations than I saw today (stuck onto walls around CSL, mainly). Ubiquitous computing seems more focused on adding cool functionality to things you already have, making them work together and talk to each other. I'm not saying they might not use them, but it doesn't seem to be the primary focus.
Lea
>"Worse, cows might be attracted to the weeds growing over mines, with disastrous consequences."
S cr een=PROD&Store_Code=CAG&Product_Code=CAG03 2
Obligatory link: the "Unexploded Cow" game from CheapAss. Mad cows + Unexploded bombs = fun!
http://www.cheapass.com/Merchant2/merchant.mvc?
Lea
>You can even use the time between strokes as a crude measure of distance between (unknown) keys, or as a hint as to what kind of stuff is being typed (c code will sound different from a memo, even if the keys are all the same) to improve your frequency analysis
g .pdf
My advisor (Dawn Song) has a paper (with other people, of course) about timing analysis of interactive ssh sessions. Basically, the upshot is that you can watch how long it is between packets that come out, and you get one packet per keystroke (iirc), so you can use this to learn about what they're typing. It's reasonably difficult, of course, but the microphone attack does gain extra information which the ssh attack does not.
If you're interested, a pdf is at http://www.ece.cmu.edu/~dawnsong/papers/ssh-timin
Lea
He couldn't have saved a lot of bulk, because he was using a pre-made casing. No matter how empty he made the inside, the outside is still going to have the same dimensions.
I'd prefer to look at it as room for creativity. What else would be useful (and not too heavy) for a computer like this one? My first thought would be a slide-out keyboard, like the mouse on my dad's tiny laptop. Push a button, and *shoop* a keyboard which is supported on your desk-surface. (This allows you to save a LOT of bulk in supportive materials, even with little spring loaded legs.) My next thought is that you might be able to get some useful audio hardware in there.
And, of course, there is the age-old "secret drawer" technique. No more writing your passwords down and sticking them to the bottom of your keyboard. No, instead you type in the correct password and *poof* out they come, in their own secret drawer. Very. Secret.
Lea
What they /really/ need is to also give you a correct reference in the popular formats. Heck, I'd pay for bibtex on short notice, and I'd be happy to contribute back the citations I type up.
Lea
It depends on where you live. I've lived in several places (not even rural), where it would take well upwards of an hour to walk to school. This is certainly possible, but difficult when that would involve leaving home at 5:30am in the snow. Biking was quite unsafe in at least one of these places, and impossible for a good part of the year in another. Urban planning often doesn't allow for responsible methods of transportation, which is a terrible pity.
I treasure living somewhere where I only have to use my car to go dancing, and not for commuting, partially because I've lived the alternative.
Lea
> Being a part of the F/OSS community and being gay, I always have the feeling that any respect that I've gained would just trickle away if I came out.
Personally, I'd be absolutely baffled that anyone could connect intellegence and productivity to sexual orientation. Idiocy being the way it is, however, I would not be surprised if this were to happen to a small extent. Still, I would trust the majority of people to be more mature, more open-minded, and less bloody stupid than that. I'm not at all sure that the consequences would be severe, even in the worst case.
>I find it increasingly difficult to deal with such situations and control my anger without inadvertently coming out.
I also find it very difficult to deal with such situations and control my anger. I don't have the additional worry about coming out, but I have quite an urge to sit them down and whack them with a clue-by-four. Sometimes this has had positive results.
I'm not telling you to come out, I'm just saying that you should consider the consequences. Being openly gay around those who are intolerant can be exhausting and painful, but also offers an opportunity to confront their ignorance. Perhaps I'm idealistic, but I truly believe that this is the path to alleviating prejudice associated with sexual orientation, gender, religion, race, and so many others.
It's a heck of a slog, though. I believe it is each of our responsibility to work towards a more tolerant, prosperous, healthy, educated, and happy world, and so for me, it is worth it.
Lea
How would you find out easily? Universities are accredited by different organizations. MIT isn't accredited at all, last I heard, under the theory that people already know they're just fine. The reason the organization that accredits UC Berkeley has any clout is that it accredits Berkeley. This doesn't sound that organized to me.
Fake online universities put up all sorts of fake stuff on the web to try to give the impression of legitimacy. I'm not aware of a list of "real" universities to check credentials against, and this tactic implies that a simple google search might not be all that helpful. (Putting up a page saying "this university is fake" doesn't fix the problem; they have tons and tons of names.)
Lea
I didn't remember it being that bad... except possibly the cockroach one. Frankly, I thought it was just a fun, light game to play in between other games. The Star Wars game where you battle little miniature figures tends to have hand management problems and one player will get whooped, but it's fast and fun enough not to matter.
Lea
You want to be really, really careful when trying to combine hash functions to gain more security. You never want to show up as one of those examples illustrating the principle of Don't Roll Your Own Crypto. I believe there was an interesting paper in crypto 2004 that dealt with this.
SHA-1 is currently considered the best option that I'm aware of. The best attack is not practical for the full scheme, only for subsets. There have been several proposals that seem to fix the vulnerability, but I'd personally use SHA-1 for now and wait until at least crypto and eurocrypt next year to see what starts shaking out. I'm not active in this area, so I can't speculate as to what that will be.
Lea
Take a look at paper published at Crypto 2004. My glasses are broken, so I can't.
Lea
SHA-1 has an attack that's somewhat troubling. I'd look to next year's crypto and eurocrypt conferences to see starts shaking out as the new standard.
Still... I would switch out MD5 if you have a target that's worth pretty much anything at all. After a break like this, I'd expect MD5 to become basically useless pretty fast. Of course, I don't work in hash collisions, I work mostly in protocols...
Lea
Ice House is more of a gaming kit than anything else. There are literally dozens of games (perhaps hundreds) that use those pieces. I've played several sets of rules, and I found them fun, but they are not near the top of my favorite games list, so I haven't pursued it. Basically I have very little free time, so it's easier for me to buy games which I know are very good and play those, instead of hunting for a fun game with those pieces.
Lea
I'm having trouble tracking down the paper right now, but this is not necessarily true for even unrelated hash functions. In fact, you can even treat one of them like a random oracle (which is perfect), and fail.
Lea
When you're dealing with cryptography, it should be very, very, very hard to find collisions. If you find enough of them, you can proabably find something bad with the same hash value. For example, if you sign a digital document that says you're going to pay me $1 for my pencil, and I find a suitable hash collision, I could make it look like you signed a promise to pay me $3,000 for some used tissue. I wouldn't rule out that someone could find a harmful collision for a program distributed online, and substitute a trojan. If the prize gives enough reward, people will throw a lot of computational power at it, and will likely hit pay dirt.
Secondly, this is quite a signifigant break. Once a hash function has had an attack like this discovered, it often becomes completely useless not long down the road. I work in cryptography, and the people I know have written off MD5. Heck, the people I know are also quite worried about SHA-1, and the current best attack against that one isn't nearly as strong.
The upshot of this is that this hash function should NOT be considered secure any more. For now, if you are not protecting anything of high value, you're probably fine. Tomorrow? Possbily. But soon, you're not going to be protected at all, and so you should start worrying about that now, instead of when you're already in trouble.
Lea
You're in for a world of fun. Go check out www.boardgamegeek.com, where you can find reviews and lists of games. When I found it, I was like a kid in a candy store. My game collection is a lot more fun now.
A few "must have" reccomendations to get you started, based on what you've said... I'd say Bohnanza to play with people who don't play games much (this one goes over well with women, especially), El Grande, and a Kniza game such as Samurai. I bet you'll love all of those, and there are tons of other fun ones, like San Juan, Through the Desert, Lord of the Rings (the cooperate Kniza version), Tigris&Euphrates, Lost Cities, Queen's Necklace (this one is MUCH better than the description would make you think, and you can play online for free. that's what got me to buy it.)
Lea