Yes. Look at this example of the light frequencies generated by CRT phosphors. It's not all that pure (i.e. a narrow band) when compared to a laser. So, if you are not being particularly stringent, you might say an (non-laser) LED or a phosphor is monochromatic; However if you are comparing it to a coherent light source such as a laser, you wouldn't call it monochromatic.
Well, so far, all the Linux/BSD bugs have been from mounting corrupt filesystems. Not to say that these aren't bugs, but how many people would mount an untrusted ext3 volume? To exploit any of these, even locally, requires root access. The only one remotely alarming is the Linux CD-R filesystem DoS. At that level though, there are DVDs which cause my physical drive to hang -- not much the OS can do about that. I guess the main lesson would be to educate people not to mount untrusted filesystems, unless that filesystem has been thoroughly audited for that use (FAT on usb drives should be tested, CDs, DVDs, etc). The rest I would consider pretty normal bugs, and the overwhelming complexity of filesystems means we won't ever get rid of all of them (I wonder how Sun's ZFS fares in fuzzing tests).
Racism. Japan is a very homogeneous society, so a lot of Japanese blame an influx of foreigners for any new ills. This is perpetuated by the media "If crime goes up, it must be all the foreigners." If you want to translate this to US-speak, substitute "Chinese National" for "Black Gang Member". Of course, in that case, its obvious the person fanning the flames of the story is being a racist troll. Congratulations, Kotaku, Zonk.
I had always hoped the Linus Torvalds would come onto the screen, kick the Mac guy in the nuts, and say "I can run on your hardware too." Then, he can turn to the PC guy, tell him "It's not too late," and then walk away.
It not funny though, the poor kid has just become an unsigned long. Hopefully another actor can give him a few pointers which he can store for future reference.
Maybe he meant ABBA? That was also developed during the mid-70s and early 80s.
Re:They put in more T cells than they took out...
on
AIDS Can Fight AIDS
·
· Score: 4, Insightful
Um, that's like adding dry wooden supports to a house that's on fire... not going to work.
You need some way of blocking the virus from exploiting the new T-cells as "fuel". This new virus is kind of like a fire ring; Burn/infect it first in a controlled way to stop the real fire/infection from spreading further.
Yes, this method is an obvious way to get some benefit from a small number of extra hardware threads. But it is *not* future proof. This approach may give good CPU utilization up to perhaps 10-20 threads, but after that it will start to take a big dive.
While they are obviously not doing anything that supercomputer programmers didn't invent 30 years ago, they are leading their industry into the future, err, present. Though the article details are pretty weak, its clear that they've already gone beyond the module-level threading (sound, AI, graphics), to something that sounds more like work queues. If done right, those can get you to hundreds of threads as seen on early supercomputers, although it doesn't sound like Valve is dealing with cache-sharing problems yet, which could cause problems far sooner. I'm hoping hardware + language extensions will help mitigate that somewhat, at least on the read-sharing side.
Personally, my bet is on languages like Haskell. Purely functional programming makes multithreading easy, and for the imperative bits it has transactional memory (no locks, no deadlocks, and finally composability even with multithreading). Haskell itself may be too slow, so we may need to find a non-lazy version (laziness is basically the biggest performance problem Haskell has) for it to be practical.
I think OCaml has a lot better chance of becoming mainstream than Haskell. For one thing, I know of programs written in OCaml that aren't written by members of the PL community. For Haskell, outside of compilers and libraries, the only thing I can think of is Darcs, and that project is having all sorts of issues with determining and fixing performance problems (I love darcs though!). I'm not sure a pure-lazy language will ever map well to a soft-realtime media app such as a game. Also, when you really need delayed evaluation (i.e. laziness), ML derivatives have closures and higher-order functions which allow you to implement it easily enough.
Yep. Valve finally hired a systems programmer, and now they can do threading. This is almost as revolutionary as hiring someone with a background in AI to work on AI, rather than hiring a graphics programmer to do AI.
The major problems with threads are lock/starvation (see the dining philosopher's problem and race conditions (you have A and B in separate concurrent threads but A needs to finish before B). Both of these problems are usually caused by coding errors.
When it first came up that game programmers were mystified with how they were going to use mutli-core processors, I didn't understand why it would be as hard as they claimed it would be. I've been writing graphics and multi-threaded software for years in support of my robotics work. The graphics and visibility algorithms that games employ can be quite complex, and these programmers eat those for breakfast. In comparison, threading doesn't really seem that bad; If you modularize your code and data, getting correct locking isn't that hard. Then I realized that these guys fell asleep in their Operating Systems class (after staying up working on Advanced Graphics), or their school was myopic like mine, and required you to take Graphics or AI or Operating Systems. A game programmer should take all three, but will pretty much always just take the first one. Hopefully that will change soon.
I'd say that what the US did in Afghanistan was both justified and well executed. We caught as many of the perpetrators as we could, and we freed a nation that for the most part didn't want to be under the ruthless Taliban rule. We also showed restraint with the Palestinians, still sending them the aid that keeps their country running, while they celebrated the attack like it was a national holiday. Of course, after electing Hezbollah, we finally rethought that aid...
Iraq, on the other hand, was neither correctly justified nor carried out well. It's also been sad to see North Korea and Iran be opportunistic about the situation. Politics is a bitch.
Regarding "Access", there's no reason they can't apply security at the granularity of categories; i.e. analyst X is only allowed access to items about Afghanistan and Pakistan, and won't be allowed to look up things on China or Russia. You can push that as far as you want in terms of compartmentalization to make it as fine as needed. The traditional paperwork for access to documents becomes paperwork for getting the access keys, so that can still be there. "Need to Know" is harder to model, but I'd expect this system is very aggressive at logging page views. If someone is consistently looking at things they don't need to know, it should turn up soon enough. As an aside, a software system becomes a great method for planting incorrect information for suspected leaks. A page can be modified quite easily depending on who is looking at it.
On the other hand, an electronic version such as this can easily log every page you've ever looked at. That's more difficult with paper. If done right, with the appropriate security compartmentalization, this could work very well for them; Let's just hope they listened to the NSA when designing it.
That said, leaders who fold under international pressure against nukes (like, Kadafi, for example) are lame.
Why? Because they are uncool? Let's see which nation is the most successful in the next 50 years; Libya, North Korea, or Iran. I know who my money is on. Kadafi did the smart thing, dropping his program in return for every other nation dropping whatever international beef it had with Libya. It's good for the people, and its good for stability in the government. Having nukes or a nuke program simply puts you on the target list of every nation that has nukes. Because of that, once you have more than a fledgling program, you have to build it up further, and dismantling it no longer becomes a real option.
They can easily lie to us in direct talks (so can we, for that matter), but they can't really lie while in front of China. China wields far too much power over NK. That's why they hate the idea of the six-party talks; When all the neighbors are included, there won't be a way to weasel out. Russia and China are content to move quite slowly however, as NK's annoyance of the US and Japan isn't seen as a negative. As an analogy, how much do you care if your neighbor's uncontrollable dog is threatening someone you don't like?
I never got around to actually downloading the evolved neural networks into robots, although all my source code is GPL'ed and posted at the above site.
Transfer doesn't tend to work that well, except as a starting point for further learning carried out on the physical robot. This is because simulation is never really that accurate, due both to numerical limitations, and the vast number of parameters that won't have the correct values with the idealized simulation models. This is the same reason that playing a racing video game will not make you into a race car driver -- training in simulation can be helpful, but is not a substitute for the real thing.
Ideally the simulation needs to run parallel to the agents in the world, learning to update its simulation model to match reality, while the agent intelligence learns in both simulation and in the real world. Of course, that's a really complicated experiment to set up and run, but someone will get there eventually.
Clearly we need to start adding testosterone to plastic. Then we can have male and female versions of soda bottles. The companies can charge extra for the "man's drink bottle" to offset the extra expense, as men won't want to be caught with the "women's drink bottle"[1]. I think I had better patent this...
It would be a sign that they need more Windows developers and testers. I doubt many of the complainers helped out by testing one of the release candidates.
I've had exactly the opposite experience. Mozilla and Firefox2.0 have always been huge memory hogs for me, at least since tabs became available. I tend to open a fair number of tabs, and close them later. I could get Firefox 1.x to 3GB of virtual memory after running it for several days, even after applying all the memory saving tricks suggested on mozilla forums/wikis. This is far worse than I've ever heard from anyone else's descriptions. The latest version in Debian (1.99+patches) never seems to exceed 200 MB virtual and 100 MB real, which is fine for me given that I tend to open a lot of tabs.
Because people have pointed out this weakness for years.
That means we need to try harder to get this into the mainstream press. As Bruce Schneier might say, its an education problem, not a technical problem. Nader did a good job getting cars changed for safety, even though he was ignored (and ridiculed) for a while. He didn't have to push the boundaries of law in order to do it, either.
...and then one person describes or provides a way to demonstrate that to yourself,
First, if you actually read my post, you'd see that I'm well aware that self-printed boarding passes have no meaningful security. That's why I don't use them -- it's a protest of sorts because I know that they are useless for any kind of authentication. Second, you want to use "you" in that sentence, not "yourself", which is pseudo-educated business speak.
we instally have idiots going 'They should have told someone in charge instead of telling everyone'.
Again, read my damned post. You tell people, then wait, then release said exploit if they don't listen. This person didn't even try. There's also many other options he could have explored -- such as making some example boarding passes (rather than a false boarding-pass service), or sending a stack of them to a local TV station or newspaper (preferably with the news team's names on it, to get their attention).
I hope someday you get stuck with some counterfeit bills, since after all, someone was just making a point about the security of printed money.
I think it would have been more responsible on the researcher's part if he had simply announced that he could make fake boarding passes, rather than fielding a system for doing so. As an undergrad, I found some holes in our university IT system, and in the grading systems for two classes I took. Instead of exploiting it, I told the people in charge so they could fix it. There are cases where the person with the problem won't admit it, and wants you to keep it secret. In those cases you might eventually have to go forward and release an exploit to make people listen.
Security research is a good thing, and the self-printed boarding passes really are a joke (I never use them since I think they are a stupid idea). However, as an analogy, you don't need to rob an ATM in order to show a weakness in the US banking system. If you look at the default name for the boarding pass generator, you really can see how this guy is trolling for trouble. Somebody bit.
The Tivo case will remain no matter what. They forked their kernel off a long time ago. For the "Tivo issue" to be a real problem, we'd need to see other companies doing it too, and the market failing to correct things by itself (don't buy a locked-down machine). You wouldn't go buy a modern game console and expect to be able to start developing code on it, would you?
If tomorrow, the kernel switches all future development to GPL3, many of the embedded developers would fork at that point, and we'd lose all of their contributions. This would be causing real problems in order to avoid potential problems: MSFT/patents, SCO/IP, and Tivo/DRM. None of these problems have shown themselves to be a repeating issue, and until they are, many developers will remain unconvinced.
The GPL 1.x addressed a real problem that was already occurring at that point (distribution of binary software without the associated code). Although many people say it was "great foresight", there really wasn't any foresight at all... it addressed a real problem at the time. I would prefer if the GPL3 would wait until these potential problems have proven themselves to be real problems without a simpler solution.
Slashdot Mirror
Yes. Look at this example of the light frequencies generated by CRT phosphors. It's not all that pure (i.e. a narrow band) when compared to a laser. So, if you are not being particularly stringent, you might say an (non-laser) LED or a phosphor is monochromatic; However if you are comparing it to a coherent light source such as a laser, you wouldn't call it monochromatic.
Well, so far, all the Linux/BSD bugs have been from mounting corrupt filesystems. Not to say that these aren't bugs, but how many people would mount an untrusted ext3 volume? To exploit any of these, even locally, requires root access. The only one remotely alarming is the Linux CD-R filesystem DoS. At that level though, there are DVDs which cause my physical drive to hang -- not much the OS can do about that. I guess the main lesson would be to educate people not to mount untrusted filesystems, unless that filesystem has been thoroughly audited for that use (FAT on usb drives should be tested, CDs, DVDs, etc). The rest I would consider pretty normal bugs, and the overwhelming complexity of filesystems means we won't ever get rid of all of them (I wonder how Sun's ZFS fares in fuzzing tests).
Thanks for mentioning the affected operating system(s). Oh wait, you didn't...
Here, I'll help:
Code Execution Bug in Broadcom Wi-Fi Windows Driver
Racism. Japan is a very homogeneous society, so a lot of Japanese blame an influx of foreigners for any new ills. This is perpetuated by the media "If crime goes up, it must be all the foreigners." If you want to translate this to US-speak, substitute "Chinese National" for "Black Gang Member". Of course, in that case, its obvious the person fanning the flames of the story is being a racist troll. Congratulations, Kotaku, Zonk.
I had always hoped the Linus Torvalds would come onto the screen, kick the Mac guy in the nuts, and say "I can run on your hardware too." Then, he can turn to the PC guy, tell him "It's not too late," and then walk away.
It not funny though, the poor kid has just become an unsigned long. Hopefully another actor can give him a few pointers which he can store for future reference.
Maybe he meant ABBA? That was also developed during the mid-70s and early 80s.
Um, that's like adding dry wooden supports to a house that's on fire... not going to work.
You need some way of blocking the virus from exploiting the new T-cells as "fuel". This new virus is kind of like a fire ring; Burn/infect it first in a controlled way to stop the real fire/infection from spreading further.
Yes, this method is an obvious way to get some benefit from a small number of extra hardware threads. But it is *not* future proof. This approach may give good CPU utilization up to perhaps 10-20 threads, but after that it will start to take a big dive.
While they are obviously not doing anything that supercomputer programmers didn't invent 30 years ago, they are leading their industry into the future, err, present. Though the article details are pretty weak, its clear that they've already gone beyond the module-level threading (sound, AI, graphics), to something that sounds more like work queues. If done right, those can get you to hundreds of threads as seen on early supercomputers, although it doesn't sound like Valve is dealing with cache-sharing problems yet, which could cause problems far sooner. I'm hoping hardware + language extensions will help mitigate that somewhat, at least on the read-sharing side.
Personally, my bet is on languages like Haskell. Purely functional programming makes multithreading easy, and for the imperative bits it has transactional memory (no locks, no deadlocks, and finally composability even with multithreading). Haskell itself may be too slow, so we may need to find a non-lazy version (laziness is basically the biggest performance problem Haskell has) for it to be practical.
I think OCaml has a lot better chance of becoming mainstream than Haskell. For one thing, I know of programs written in OCaml that aren't written by members of the PL community. For Haskell, outside of compilers and libraries, the only thing I can think of is Darcs, and that project is having all sorts of issues with determining and fixing performance problems (I love darcs though!). I'm not sure a pure-lazy language will ever map well to a soft-realtime media app such as a game. Also, when you really need delayed evaluation (i.e. laziness), ML derivatives have closures and higher-order functions which allow you to implement it easily enough.
Yep. Valve finally hired a systems programmer, and now they can do threading. This is almost as revolutionary as hiring someone with a background in AI to work on AI, rather than hiring a graphics programmer to do AI.
The major problems with threads are lock/starvation (see the dining philosopher's problem and race conditions (you have A and B in separate concurrent threads but A needs to finish before B). Both of these problems are usually caused by coding errors.
When it first came up that game programmers were mystified with how they were going to use mutli-core processors, I didn't understand why it would be as hard as they claimed it would be. I've been writing graphics and multi-threaded software for years in support of my robotics work. The graphics and visibility algorithms that games employ can be quite complex, and these programmers eat those for breakfast. In comparison, threading doesn't really seem that bad; If you modularize your code and data, getting correct locking isn't that hard. Then I realized that these guys fell asleep in their Operating Systems class (after staying up working on Advanced Graphics), or their school was myopic like mine, and required you to take Graphics or AI or Operating Systems. A game programmer should take all three, but will pretty much always just take the first one. Hopefully that will change soon.
I'd say that what the US did in Afghanistan was both justified and well executed. We caught as many of the perpetrators as we could, and we freed a nation that for the most part didn't want to be under the ruthless Taliban rule. We also showed restraint with the Palestinians, still sending them the aid that keeps their country running, while they celebrated the attack like it was a national holiday. Of course, after electing Hezbollah, we finally rethought that aid...
Iraq, on the other hand, was neither correctly justified nor carried out well. It's also been sad to see North Korea and Iran be opportunistic about the situation. Politics is a bitch.
How long before they go after ewetube?
I know, that was baaaaad.
Regarding "Access", there's no reason they can't apply security at the granularity of categories; i.e. analyst X is only allowed access to items about Afghanistan and Pakistan, and won't be allowed to look up things on China or Russia. You can push that as far as you want in terms of compartmentalization to make it as fine as needed. The traditional paperwork for access to documents becomes paperwork for getting the access keys, so that can still be there. "Need to Know" is harder to model, but I'd expect this system is very aggressive at logging page views. If someone is consistently looking at things they don't need to know, it should turn up soon enough. As an aside, a software system becomes a great method for planting incorrect information for suspected leaks. A page can be modified quite easily depending on who is looking at it.
On the other hand, an electronic version such as this can easily log every page you've ever looked at. That's more difficult with paper. If done right, with the appropriate security compartmentalization, this could work very well for them; Let's just hope they listened to the NSA when designing it.
That said, leaders who fold under international pressure against nukes (like, Kadafi, for example) are lame.
Why? Because they are uncool? Let's see which nation is the most successful in the next 50 years; Libya, North Korea, or Iran. I know who my money is on. Kadafi did the smart thing, dropping his program in return for every other nation dropping whatever international beef it had with Libya. It's good for the people, and its good for stability in the government. Having nukes or a nuke program simply puts you on the target list of every nation that has nukes. Because of that, once you have more than a fledgling program, you have to build it up further, and dismantling it no longer becomes a real option.
They can easily lie to us in direct talks (so can we, for that matter), but they can't really lie while in front of China. China wields far too much power over NK. That's why they hate the idea of the six-party talks; When all the neighbors are included, there won't be a way to weasel out. Russia and China are content to move quite slowly however, as NK's annoyance of the US and Japan isn't seen as a negative. As an analogy, how much do you care if your neighbor's uncontrollable dog is threatening someone you don't like?
I never got around to actually downloading the evolved neural networks into robots, although all my source code is GPL'ed and posted at the above site.
Transfer doesn't tend to work that well, except as a starting point for further learning carried out on the physical robot. This is because simulation is never really that accurate, due both to numerical limitations, and the vast number of parameters that won't have the correct values with the idealized simulation models. This is the same reason that playing a racing video game will not make you into a race car driver -- training in simulation can be helpful, but is not a substitute for the real thing.
Ideally the simulation needs to run parallel to the agents in the world, learning to update its simulation model to match reality, while the agent intelligence learns in both simulation and in the real world. Of course, that's a really complicated experiment to set up and run, but someone will get there eventually.
Clearly we need to start adding testosterone to plastic. Then we can have male and female versions of soda bottles. The companies can charge extra for the "man's drink bottle" to offset the extra expense, as men won't want to be caught with the "women's drink bottle"[1]. I think I had better patent this...
[1] this logic might not work on male Mac users.
It would be a sign that they need more Windows developers and testers. I doubt many of the complainers helped out by testing one of the release candidates.
I've had exactly the opposite experience. Mozilla and Firefox2.0 have always been huge memory hogs for me, at least since tabs became available. I tend to open a fair number of tabs, and close them later. I could get Firefox 1.x to 3GB of virtual memory after running it for several days, even after applying all the memory saving tricks suggested on mozilla forums/wikis. This is far worse than I've ever heard from anyone else's descriptions. The latest version in Debian (1.99+patches) never seems to exceed 200 MB virtual and 100 MB real, which is fine for me given that I tend to open a lot of tabs.
Because people have pointed out this weakness for years.
That means we need to try harder to get this into the mainstream press. As Bruce Schneier might say, its an education problem, not a technical problem. Nader did a good job getting cars changed for safety, even though he was ignored (and ridiculed) for a while. He didn't have to push the boundaries of law in order to do it, either.
First, if you actually read my post, you'd see that I'm well aware that self-printed boarding passes have no meaningful security. That's why I don't use them -- it's a protest of sorts because I know that they are useless for any kind of authentication. Second, you want to use "you" in that sentence, not "yourself", which is pseudo-educated business speak.
we instally have idiots going 'They should have told someone in charge instead of telling everyone'.
Again, read my damned post. You tell people, then wait, then release said exploit if they don't listen. This person didn't even try. There's also many other options he could have explored -- such as making some example boarding passes (rather than a false boarding-pass service), or sending a stack of them to a local TV station or newspaper (preferably with the news team's names on it, to get their attention).
I hope someday you get stuck with some counterfeit bills, since after all, someone was just making a point about the security of printed money.I think it would have been more responsible on the researcher's part if he had simply announced that he could make fake boarding passes, rather than fielding a system for doing so. As an undergrad, I found some holes in our university IT system, and in the grading systems for two classes I took. Instead of exploiting it, I told the people in charge so they could fix it. There are cases where the person with the problem won't admit it, and wants you to keep it secret. In those cases you might eventually have to go forward and release an exploit to make people listen.
Security research is a good thing, and the self-printed boarding passes really are a joke (I never use them since I think they are a stupid idea). However, as an analogy, you don't need to rob an ATM in order to show a weakness in the US banking system. If you look at the default name for the boarding pass generator, you really can see how this guy is trolling for trouble. Somebody bit.
The Tivo case will remain no matter what. They forked their kernel off a long time ago. For the "Tivo issue" to be a real problem, we'd need to see other companies doing it too, and the market failing to correct things by itself (don't buy a locked-down machine). You wouldn't go buy a modern game console and expect to be able to start developing code on it, would you?
If tomorrow, the kernel switches all future development to GPL3, many of the embedded developers would fork at that point, and we'd lose all of their contributions. This would be causing real problems in order to avoid potential problems: MSFT/patents, SCO/IP, and Tivo/DRM. None of these problems have shown themselves to be a repeating issue, and until they are, many developers will remain unconvinced.
The GPL 1.x addressed a real problem that was already occurring at that point (distribution of binary software without the associated code). Although many people say it was "great foresight", there really wasn't any foresight at all... it addressed a real problem at the time. I would prefer if the GPL3 would wait until these potential problems have proven themselves to be real problems without a simpler solution.
How about gambling? Seems pretty addictive for some people, and certainly not helpful to their lives.