Tuesday, July 31, 2007
I make a lot of graphs...
Life's a bitch
Is the title of this blog sexist?
I don't know, and neither would anyone else in the SE faculty, apparently.
I just received my fourth (and final!) workterm report back from marking.
On Page 1, Reviewer A notes in pencil that my use of the politically-correct term "he or she" is awkward and has no place in a technical document.
On Page 5, Reviewer B notes in pen that my use of the term "man-month" is sexist and I should strive to find a gender-neutral term.
Fuck it, I passed.
I don't know, and neither would anyone else in the SE faculty, apparently.
I just received my fourth (and final!) workterm report back from marking.
On Page 1, Reviewer A notes in pencil that my use of the politically-correct term "he or she" is awkward and has no place in a technical document.
On Page 5, Reviewer B notes in pen that my use of the term "man-month" is sexist and I should strive to find a gender-neutral term.
Fuck it, I passed.
Sunday, July 29, 2007
CS452: Real-time Operating Systems
I've spent far too much of the last three months in the trains lab (well, also in the phones lab programming this monstrosity).
What were we doing in the trains lab? Writing a microkernel operating system for the x86 architecture (what most people have inside their computers). This was different from ECE354, where we wrote a monolithic operating system for the M68K architecture (the ones that powered early Macintosh PowerPCs).
The course is broken down into 7 assignments: 1 introductory one, 3 where you build the OS, and 3 where you write user programs to run on the OS to track trains and do something cool with them. Our final project was a 911 dispatch service that estimate train arrival times at callee locations. The final thing was on the order of 20,000 lines of code and took several hundred hours of development time.
Since two our of three of the group members were MSFT interns, we stole a few motifs from our corporate masters, inclulding this common sight during the early days of coding:
Our console window:
The track:
One of our group members, Nima, wrote some beautiful code that applied artificial intelligence (in the form of Bayesian networks) to give us a very robust, accurate train tracking subprocess that could even learn about the trains it was tracking over time. This video shows our OS tracking 7 trains simultaneously -- which is pretty damned impressive.
Real-time was a lot of work, but definitely one of the most satisfying courses I've taken. I attribute both to its "messiness" -- interacting with real-world, unreliable systems made the course a lot more difficult, but also a lot more rewarding.
That's not to say there weren't several times that I ended up saying "I hate my life" (usually, this would be during a 30-hour marathon of coding/debugging.) And I'm not the only one -- prior students have composed songs to express their frustration with the course requirements.
What were we doing in the trains lab? Writing a microkernel operating system for the x86 architecture (what most people have inside their computers). This was different from ECE354, where we wrote a monolithic operating system for the M68K architecture (the ones that powered early Macintosh PowerPCs).
The course is broken down into 7 assignments: 1 introductory one, 3 where you build the OS, and 3 where you write user programs to run on the OS to track trains and do something cool with them. Our final project was a 911 dispatch service that estimate train arrival times at callee locations. The final thing was on the order of 20,000 lines of code and took several hundred hours of development time.
Since two our of three of the group members were MSFT interns, we stole a few motifs from our corporate masters, inclulding this common sight during the early days of coding:
Our console window:
The track:
One of our group members, Nima, wrote some beautiful code that applied artificial intelligence (in the form of Bayesian networks) to give us a very robust, accurate train tracking subprocess that could even learn about the trains it was tracking over time. This video shows our OS tracking 7 trains simultaneously -- which is pretty damned impressive.
Real-time was a lot of work, but definitely one of the most satisfying courses I've taken. I attribute both to its "messiness" -- interacting with real-world, unreliable systems made the course a lot more difficult, but also a lot more rewarding.
That's not to say there weren't several times that I ended up saying "I hate my life" (usually, this would be during a 30-hour marathon of coding/debugging.) And I'm not the only one -- prior students have composed songs to express their frustration with the course requirements.
Monday, July 16, 2007
Ah, the long-beaked echidna
"Fears that one of the world’s rarest creatures had been driven to extinction have been allayed by a tribesman who told conservationists he had recently eaten one."
Monday, July 09, 2007
Richard M Stallman
RMS spoke at Waterloo recently. His topic: the role of copyright in light of advances in computer networks.
RMS is an engaging speaker. One thing I noticed immediately was his lack of hesitation - no ums or ahs to be heard anywhere during the 90 minute talk. He pointed out many flaws in arguments for prolonged copyright, chiefly that there is very little marginal incentive for the artist -- they're liable to be dead and won't care if their works are copyrighted.
That said, RMS is also a dangerous speaker. Not because his views don't mesh with mine, but because he doesn't play fair: he used rhetoric better suited to Internet trolls than to someone who has contributed so much to the computer science community.
Lines in particular that stood out:
- he asserted that Microsoft put in a backdoor for the NSA in Windows, circa 1999. This was widely debunked, including by noted cryptologist Bruce Schneier.
- he called the United States government a terrorist organization.
- he claimed Linus Torvalds wasn't interested in the rights and freedoms of users (while Linus doesn't see sufficient value in GPL v3 over GPL v2 to change the kernel licensing terms, surely that alone doesn't merit such a blanket statement?)
- he redefined "Digital Rights Management" as "Digital Restrictions Management"
- he suggested it should be a crime to cease supporting I/O devices
He also used the standard communications techniques -- negative, anthropomorphic words when describing things he didn't like (kill, strangle, tighten the chains).
Beyond the words, there was the content of his lecture, which seemed about on par for what I have read about RMS.
Firstly, he spent about fifteen minutes discussing why Linux should be called GNU/Linux. This part contained the accusation that Linus doesn't care about users' freedoms as well as calling the kernel only a smart part of an operating system. While it is technically true that the kernel is but one piece of the overall system, calling a 6,000,000 line piece of code "small" was ironically petty.
He then discussed his plans for copyright reform, motivating it through frequent reference to occasions when artists were not protected by copyright, but rather were harmed by their production company wielding a contract over their head. I fail to see how shortening the duration of copyright protects people from signing dangerously one-sided contracts.
He also proposed that copyright basically not be enforced for non-commercial, person-to-person sharing of music and videos. He claimed this would not harm Hollywood because
a) theatres and airlines, being commercial entities, would still pay royalties;
b) Hollywood's costs are artificially inflated (see Hollywood accounting on Wikipedia for more)
c) most Hollywood movies are crap, and use expensive special effects to cover up this fact. If movies earned less, they'd be forced to be less crap. I'm quoting him when I use the word crap.
I question the validity of the statement that says royalties will not be harmed. The triple release format of movies is what makes them profitable -- going first to theatres, then to rentals, then on sale. Since RMS advocates replacing advertising budgets with people advertising for the company -- by playing the work of art to their friends -- I assume this triple release model must be done away with. Instead, the work will be released to theatres and to the public simultaneously.
Which, in my mind, means people will set up free, public screenings with projectors. Which means no one will go to the theatres. Which means no income for the movie. (Unless, ironically, it used lots of special effects which would be best enjoyed in a theatre.)
Overall, the audience of some 300 students seemed to enjoy his talk. I enjoyed his alternative views but he came off as too much of a demagogue for me to take his views seriously.
RMS is an engaging speaker. One thing I noticed immediately was his lack of hesitation - no ums or ahs to be heard anywhere during the 90 minute talk. He pointed out many flaws in arguments for prolonged copyright, chiefly that there is very little marginal incentive for the artist -- they're liable to be dead and won't care if their works are copyrighted.
That said, RMS is also a dangerous speaker. Not because his views don't mesh with mine, but because he doesn't play fair: he used rhetoric better suited to Internet trolls than to someone who has contributed so much to the computer science community.
Lines in particular that stood out:
- he asserted that Microsoft put in a backdoor for the NSA in Windows, circa 1999. This was widely debunked, including by noted cryptologist Bruce Schneier.
- he called the United States government a terrorist organization.
- he claimed Linus Torvalds wasn't interested in the rights and freedoms of users (while Linus doesn't see sufficient value in GPL v3 over GPL v2 to change the kernel licensing terms, surely that alone doesn't merit such a blanket statement?)
- he redefined "Digital Rights Management" as "Digital Restrictions Management"
- he suggested it should be a crime to cease supporting I/O devices
He also used the standard communications techniques -- negative, anthropomorphic words when describing things he didn't like (kill, strangle, tighten the chains).
Beyond the words, there was the content of his lecture, which seemed about on par for what I have read about RMS.
Firstly, he spent about fifteen minutes discussing why Linux should be called GNU/Linux. This part contained the accusation that Linus doesn't care about users' freedoms as well as calling the kernel only a smart part of an operating system. While it is technically true that the kernel is but one piece of the overall system, calling a 6,000,000 line piece of code "small" was ironically petty.
He then discussed his plans for copyright reform, motivating it through frequent reference to occasions when artists were not protected by copyright, but rather were harmed by their production company wielding a contract over their head. I fail to see how shortening the duration of copyright protects people from signing dangerously one-sided contracts.
He also proposed that copyright basically not be enforced for non-commercial, person-to-person sharing of music and videos. He claimed this would not harm Hollywood because
a) theatres and airlines, being commercial entities, would still pay royalties;
b) Hollywood's costs are artificially inflated (see Hollywood accounting on Wikipedia for more)
c) most Hollywood movies are crap, and use expensive special effects to cover up this fact. If movies earned less, they'd be forced to be less crap. I'm quoting him when I use the word crap.
I question the validity of the statement that says royalties will not be harmed. The triple release format of movies is what makes them profitable -- going first to theatres, then to rentals, then on sale. Since RMS advocates replacing advertising budgets with people advertising for the company -- by playing the work of art to their friends -- I assume this triple release model must be done away with. Instead, the work will be released to theatres and to the public simultaneously.
Which, in my mind, means people will set up free, public screenings with projectors. Which means no one will go to the theatres. Which means no income for the movie. (Unless, ironically, it used lots of special effects which would be best enjoyed in a theatre.)
Overall, the audience of some 300 students seemed to enjoy his talk. I enjoyed his alternative views but he came off as too much of a demagogue for me to take his views seriously.
Security through more-fucking-work-for-the-user
Bank of America and TD Canada Trust have recently started using security questions to authenticate users in online sessions.
If you're not familiar with these, they go along the lines of this:
"Warning. We have detected you are trying to access your bank account. Please enter the name of your best man."
or
"Warning. We have detected you are trying to withdraw money. Please enter the city you were married in."
These questions are not only poorly chosen (thanks, BoA - lots of diversity with the wedding questions), they are often fairly weak as well (what university did you attend?).
When it comes down to it, they're still shared secrets.
And let's face it - this is a security measure meant to save us after a nefarious person has commandeered the following pieces of information:
1) the name of your bank
2) your username at the bank
3) your password for that account
The most likely way this person got my information was a keylogger they've quietly installed on my machine. If they can install software on my machine, they can just redirect me to a man-in-the-middle attack, and presto, my cocoon of security is gone.
But, "wait!" you cry, "it's not so bad! An MITM attack would show up as a phishy URL".
Unless they poisoned my DNS -- they have software running on my box, remember?
"But they couldn't spoof the SSL!"
Sure they could. They have software running on my box. They'll just whip up a key and shove it in the trusted store. They can even add a new Thawte certificate to sign it, while they're at it.
"But wait! You'd notice that they were asking you for your security question again! Since security questions are only used to verify suspicious activity, surely this would tip you off!"
Are you kidding me? In today's click-through world, no one thinks twice before replying to a prompt. And if you bothered to question it, you'd notice this little gem: "Notice: In response to a recent security analysis, we have flushed our cache of authentication and credential information. You may be prompted to enter your security question again. If you have any concerns, please call Bank of America at 1-(800)-EVIL-GUY."
The average user's eyes would glaze over, and they'd mindlessly tap in all their secrets.
I really, really can't wait until CardSpace becomes more accepted. In the meantime, I'd rather not have the hassle of extra hoops that provide a very thin veneer of security.
If you're not familiar with these, they go along the lines of this:
"Warning. We have detected you are trying to access your bank account. Please enter the name of your best man."
or
"Warning. We have detected you are trying to withdraw money. Please enter the city you were married in."
These questions are not only poorly chosen (thanks, BoA - lots of diversity with the wedding questions), they are often fairly weak as well (what university did you attend?).
When it comes down to it, they're still shared secrets.
And let's face it - this is a security measure meant to save us after a nefarious person has commandeered the following pieces of information:
1) the name of your bank
2) your username at the bank
3) your password for that account
The most likely way this person got my information was a keylogger they've quietly installed on my machine. If they can install software on my machine, they can just redirect me to a man-in-the-middle attack, and presto, my cocoon of security is gone.
But, "wait!" you cry, "it's not so bad! An MITM attack would show up as a phishy URL".
Unless they poisoned my DNS -- they have software running on my box, remember?
"But they couldn't spoof the SSL!"
Sure they could. They have software running on my box. They'll just whip up a key and shove it in the trusted store. They can even add a new Thawte certificate to sign it, while they're at it.
"But wait! You'd notice that they were asking you for your security question again! Since security questions are only used to verify suspicious activity, surely this would tip you off!"
Are you kidding me? In today's click-through world, no one thinks twice before replying to a prompt. And if you bothered to question it, you'd notice this little gem: "Notice: In response to a recent security analysis, we have flushed our cache of authentication and credential information. You may be prompted to enter your security question again. If you have any concerns, please call Bank of America at 1-(800)-EVIL-GUY."
The average user's eyes would glaze over, and they'd mindlessly tap in all their secrets.
I really, really can't wait until CardSpace becomes more accepted. In the meantime, I'd rather not have the hassle of extra hoops that provide a very thin veneer of security.