Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



IT Support Pro Tells Why He Hates Live Chat

tucuxi Depends heavily on user type (228 comments)

A technically-savvy (eg.: Bob McHacker) user should be a lot easier to communicate with via chat than a non-technical user (eg.: Joe Sixpack).

To start with, expert users typically type almost as fast as they speak (seriously: if any of you out there work in IT for a living and cannot touch-type, it is an investment well worth it). As others have pointed out above, both user and helper can multitask; and many computer tasks end up involving huge amounts of staring at a progress bar. You can copy&paste error messages and links back and forth. You can actually think your answers through while you type them, and not waste anyone's time with errr, uhh, yeah, and other "are you alive/i am alive" on-the-phone protocol overhead.

In TFA, there is no coherent explanation of the type of support / users that this "Pro" is addressing. The article is less than a screenful of general ranting against not having the undivided attention of a user. Nothing to see here, move along.

about 2 years ago

Spanish Superjudge To Represent Assange

tucuxi Re:On extradition (196 comments)

You seem not to have RTFA - Garzon is to be Assange's defendant, not his prosecutor or judge. In the Pinochet case, he was to be the judge. Two very different roles.

about 2 years ago

Visual Studio Gets Achievements, Badges, Leaderboards

tucuxi Possible badges for good code (353 comments)

I for one would find these badges nice:

  • compiled without warnings (cumulative for "N times in a row")
  • doxygen-compliant comment coverage (percentage-wise cumulative)
  • safe programming practices (always compares constant == lvalue, initializes all values, ...)

On the other hand, IDEs like Netbeans and Eclipse are getting better and better at nagging users about such issues (and auto-generating code to fix many of them). Do we really need the badges?

more than 2 years ago

Teaching Programming Now Emphasizes Sharing

tucuxi Why optional? Peer review should be required! (132 comments)

If your students are motivated by "building cool stuff", sharing is great - they are trying to add the elements they find into their own designs. However, if your students are motivated buy "getting the passing grade", then sharing may become copy-pasting, and they will not retain any knowledge of the process. In real life, students are motivated, to a different degree, by building cool stuff, grades, and a host of other factors. My policy up to date has been "ideas sharing is fine, peering at screens and finding out how others did things is fine, but if I find evindence of significant copy-pasting, you will get a stern warning and/or a some sort of discipline". Works fine with undergrads learning compsci, especially once they learn that our in-house copy-pasting detection system is quite accurate at finding cases of badly-disguised cut&paste.

I am even going one step further, and *making* my students review each other's code (they get good grades for writing good reviews, not for receiving them, and reviews are anonymous, so there should be little incentive to 'cheat'). I find that far too many students are not exposed to a) the potential beauty and simplicity of good code vs. b) the horror that bad coding is to the unwary mind.

Does anyone know good systems to automate this peer-review for undergrad coding exercises?

more than 2 years ago

UK Police Buy Covert Cellphone Surveillance System

tucuxi The big question: oversight (103 comments)

This seems like a law-enforcement version of the WASP drone featured at last summer's Black Hat / Defcon

The big question is, since the technology has been available for a while, and is obviously useful for its stated purpose, that of oversight. Privacy-invading technologies will always exist, will always be useful for law-enforcement, and are due to increase the more we mesh our lives with technology. How will authorities deal with data filtering, retention, probable cause, and the opportunity for discovering wrongdoers vs. the invasion of people's privacy? That is the big question.

A somewhat-rosy scenario is detailed in Charlie Stross' Halting State series. The ugly scenario looks like 1984. Which one we choose depends on an educated public steering their politicians, instead of letting their politicians be steered by ??? and profit.

more than 2 years ago

Helping the FBI Track You

tucuxi Re:He should have politely requested a lawyer (193 comments)

You mean, the US police are nothing like the police in any of the twenty-ish countries that make up loosely-defined Europe - you are right. Most citizens in most countries of Europe are not frightened of their own police.

This isn't Europe where police investigations start with a beating: you just have to ask, politely, for a lawyer, and you hold all the cards.

This may have to do with the police not being as afraid of the citizens' carrying a gun, and thus not treating citizens as criminals-until-proven-innocent. Having been stopped by traffic police while visiting the US, my experience of being treated as a criminal was not nice at all; in my native European country, stepping out of the car and politely asking what is wrong is exactly what someone does when/if stopped...

more than 2 years ago

From Slaying Dragons To Dictators

tucuxi Re:LOL! "Iran's rigged election broke over Twitter (233 comments)

You make my point for me. Europe took centuries of warfare to WEAKEN religion into to social club it is today.

So you think that all countries are doomed to repeat the same mistakes for themselves, and that no-one can learn from their neighbors? Interesting point.

As for a "reformation of Islam requiring massive violence" and "casualties don't matter in religionist war", I object to both statements. Many muslims lead productive and integrated lives in western societies. Hell, some mostly muslim countries are not all that bad. Human nature is pretty much the same the world over, regardless of culture. Ignorance and desperation drive people to do stupid things, and religion is not an overarching cause for all the evils in the world. Even if it does share some of the blame.

One thing is believing in God, which most Iranians admittedly do, and another one is Iranians believing their current leaders try to put a spin on the latest rigged elections. Pacific transitions from highly devout authoritarian governments to democracies can happen -- witness the case in Spain after the fall of Franco.

more than 3 years ago

From Slaying Dragons To Dictators

tucuxi Re:I guess I'll come out and say it... (233 comments)

Ok, security through obscurity is false security -- but it can delay efforts long enough to make it worthwhile anyway. If it is hard enough to detect, then it may have a positive influence in making censorship harder. The technical problem is not so much in making the "censorable" content seem innocent (as you say, steganography+encryption can go a long way). The main problem is in establishing the connections to the "censorable" websites without getting caught. Doing so requires the use of proxies, and since anyone accessing the proxies may be doing something illegal, the censors will blacklist any proxies they find (and do bad things to people caught using them). Therefore, most of the effort will probably be concentrated on making proxy access seem legit, and minimizing the risk of the entire list of available proxies being discovered.

The first thing the censors will do is to try to grab a copy of the software, install it locally, and audit all network connections in and out. They can automate this, and anything outside of expected behavior will be a candidate for blacklisting. If they manage to find a reliable pattern, they will be able to stop the use of the program entirely (assuming they have the necessary sort of high-throughput deep-packet inspection firewalls in place).

The only real differences between censors and censored is that (a) hopefully, there are many more potential censored (although drowned in a sea of otherwise innocent chatter) than censors and (b), some would-be good guys are presumably known to the developers. Any solution will have to play on these strengths to make the proxy list really hard to compromise. For instance, bootstrapping a copy of Haystack may require submitting the nonce of an un-compromised user; this would make blacklisting the whole operation a lot harder, and would make breaches by censors easily self-healing. Just pray there is no easy pattern to identify Haystack users.

Incidentally, an Iranian friend of mine says that authorities there use a very low-tech, but very effective way to keep people off the bad stuff. Keep bandwith very low. That way, additional layers can make things slow down to a crawl, and finding needles in the logs becomes a much easier task.

more than 3 years ago

From Slaying Dragons To Dictators

tucuxi Re:US Funding And Interference (233 comments)

Hilarious! Yep, it was 'word of mouth' and not US funding and agents working inside of Iran.

So the fact that the US is indeed willing to fund agents in Iran means that there cannot be any Iranis that are genuinely pissed about having their election stolen? Great logic there, Anonymous.

No matter what you think, many 20-year old Iranians are pretty fed up with the regime telling them all those things that they cannot do, and find that being blatantly lied to and manhandled by authorities that preach morality and restraint is insulting.

more than 3 years ago

From Slaying Dragons To Dictators

tucuxi Re:Proxy Ban? (233 comments)

Vote this guy up. He actually seems to have a clue on the problem.

If Haystack works as advertised, the Iranian censors will surely be eager to run a copy and run all possible traces on it to see what is going on. Somehow, Haystack-running computer must be able to place encrypted payloads into seemingly harmless requests, get them to servers that can reroute them to their adequate destinations, and convert the replies from those servers into encrypted messages inside seemingly harmless page requests. Making this undetectable is a truly tall order.

Finally, even though I also like the idea of OSS (and am also genuinely curious about their approach), I understand that if their method will not work if authorities know the exact workings, obscurity is marginally better than nothing.

more than 3 years ago

From Slaying Dragons To Dictators

tucuxi Re:LOL! "Iran's rigged election broke over Twitter (233 comments)

NONE of the revolutionary examples you cite were revolts against _religious_fanatic_ masters.

Pretty much all European monarchies were theocracies, in the sense that the monarch claimed to be chosen by God, and received strong legitimization from the Church (when not actively leading it). Many other regimes have had close ties with their local faiths and fallen. Ok, no big upheavals in Islamic countries -- but they do not have such a long span of post-colonialism and post-cold war history.

The Iranians aren't going anywhere, because Iran is far too comfortable for revolt. Revolutions don't usually happen when there is no freedom, they happen when there isn't enough food. Nothing to see here.

I question your knowledge of Irani life. I happen to know a few Iranians, and the feelings after the last rigged elections were pretty high. Even if sudden revolt is very unlikely (unless the regime really goofs up), erosion is steadily under way. Without an "outer enemy" to blame everything on and with higher levels of education, a huge mass of 20-somethings is feeling cheated by their current leaders.

I don't care if Iran revolts or not. Democracy would just make them a more efficient enemy of non-Islamic nations. They don't "want to become Europe", they just want a piece of the current pie.

I don't confuse these people with secular humans. They were chanting "God is Great" during their protests. Invoking superstition isn't progress.

Ah, another devout follower of The Clash of Civilizations. Either with us or against us, attaboy. Two things I find amusing about your post. First, the idea that no understanding is possible with others of a different religion. 100-year wars were fought between Catholics and Protestants, but we got over it, and now we can speak of Europe, and are more prosperous than ever. Why can't Islamic-majority societies function alongside other nations? In fact, many of them already do - today's Indonesia is mostly Islamic, but does not seem to threaten your sensibilities. Second, the idea that Western society is completely secular. Just look at the ties between conservative parties (say, Republicans in the US) and local religious zealots.

Finally, according to Kapuciski's book on the Iranian Revolution, the cry of "Allahu Akbar" was traditionally chanted during those protests, as defiance of the Shah's authority and against the (US backed) Shah's brutal regime of oppression and terror, which seemed to exceed the worse Latin-American standards . In this sense, it may reflect less religions fanaticism and more of an official protest slogan against much of the same phenomenon. Something like "give us back our Revolution".

more than 3 years ago

Ray Kurzweil Does Not Understand the Brain

tucuxi Re:PZ Myers does not understand computers ... (830 comments)

you don't need to simulate electrons in a semi-conductive material at specific temperatures in order to build a complete working emulator for an old computer

You do, if you have no idea what the higher levels are all about. Our knowledge of how the brain works (hell, even of the biochemistry of a single cell) is so poor that we cannot yet discard "lower details" if we want to get a working system. So finding upper bounds by looking at the lower level of the picture is not such a bad idea.

Myers does not raise any objections to code or data "quantity" -- the big hurdle is that vital part of the system is outside the DNA, and we are only beginning to explore it. Read up on epigenetics.

more than 3 years ago

Ray Kurzweil Does Not Understand the Brain

tucuxi Re:A biologist doesn't understand programming (830 comments)

Following your example, even if 50 Mbits of compressed VHDL can encode a processor's architecture, that is nowhere near getting you a computer. Not without a host of environmental factors, such as how the VHDL gets translated into actual hardware, the minute characteristics of the substrate that you will use to create that hardware, and the surrounding machinery to power it and keep it happy. And, if you solve these problems and get a CPU that is technically capable of running programs, you still haven't got much further - without inputs, outputs, and some sort of basic startup code, all you have is a complex brick.

Up to now, I have played on the analogies. Now for the differences. We designed VHDL, and we designed our computers, so that they would be comprehensible to us. But DNA is not a "human-friendly" language. It is an ugly biochemical mess of spaghetti code, with genes having multiple functions and toggling each other on and off all over the place. Modularity in programs is necessary to keep the program's flow in our limited memories, so that we can work with them. Nature has no such limitations -- anything that pops up and happens to work (or simply has a knack to mess other things if it goes missing) will stay.

And, the main point of TFA, VHDL is mostly self-contained -- but evolved DNA is shaped by, and responds to, all sorts of environmental triggers. Think about it -- if the blind process of evolution, which tends to follow the easiest favorable path available, finds that it can rely on a somewhat predictable environment to provide many of the key inputs for building something, why not do so?. Yes, it may not be modular, but Nature gives not a fig about elegant coding. If it works, ship it (or rather, it will ship itself successfully). Even worse, there are no comments in this code. So, to recap TFA and raddan's comments: DNA is both code and data, and very incomplete code and data at that. The VHDL analogy is not that bad -- if it could take into account all sorts of downloaded firmware at random intervals. I fully aggree with the article. Kurzweil has no feet to stand on. I am fairly optimistic that great advances will be made, but I really doubt I will live to see "uploads". And I'm in my early thirties.

more than 3 years ago

Could Crowdsourcing Help the SEC Detect Fraud?

tucuxi Re:Campbell's Law (148 comments)

As far as I understand it, cannot be applied here:

"The more any quantitative social indicator is used for social decision-making, the more subject it will be to corruption pressures and the more apt it will be to distort and corrupt the social processes it is intended to monitor."

No quantitative social indicator here. If you are trying to imply that if there are incentives for profit people may behave dishonorably, by golly, you are right. I can thing of the three profit-related types of problems:

  • evildoers bury evidence of evildoing (hiding)
  • evildoers try to bolster false evidence of evildoing (planting)
  • evildoers try to swamp the site with irrelevant stuff (denial-of-service)

All three of these can be solved with well though-out moderation and rate-limiting. In any case, I really cannot see how opening up information for public scrutiny can be bad for the public, as long as the information is factually accurate and no private personal information manages to slip through.

The worse thing that can happen is that nobody turns up to actually look at this data. Being from an academic background, I can assure you that many academics would be happy to get their hands on real-world data with things to find in it. For companies, proving that the arch-nemesis has bad accounts can be a bargaining point -- and an incentive to keep clean accounts. Journalists would be happy to get their hands on more stories. The list goes on.

more than 3 years ago

Could Crowdsourcing Help the SEC Detect Fraud?

tucuxi Re:Crowdsourcing already doesn't work (Groklaw) (148 comments)

So this makes transparency a bad thing?

I would argue the opposite. The more facts you can collect that prove that things need fixing, the more likely you will be to convince others to your point of view. Access to the data cannot only "help" SEC to fix problems, it can also force them to do so, given a high enough level of public outcry.

more than 3 years ago

Could Crowdsourcing Help the SEC Detect Fraud?

tucuxi Yes, transparency can help detect fraud (148 comments)

This much is obvious - the more transparent an institution, the easier it is for outsiders to find fraud or other problems. Where privacy is not an issue, I wholeheartedly support making as much data as possible available (in analysis-friendly formats) to as many people as possible. is a great initiative. On the other hand, while it is good to open things up to fresh air and external review, blindly trusting on "the crowd" to do your work for your poor, understaffed self does not sound like due diligence. The key word in the title is "help". Staff professionals are expected to pick the most promising traces and do full investigations that lead to prosecution. With more transparency, public opinion will hopefully badger them on if they falter.

The article itself talks about moderation systems that allow the crowd to separate wheat (real cases of fraud) from chaff. In many crowdsourcing initiatives, a bad moderation system has resulted in a swamp of duplicate suggestions and some great internet humor, but little of actual value. A worse risk is that of concerted action by special interest group minorities, which could bury findings considered "negative" by group members and bolster those that furthered the group's agenda, giving this agenda a false legitimacy by appearing to come from "the crowd".

more than 3 years ago

How Easy Is It To Cheat In CS?

tucuxi Plagiarism, opportunity, and raising the bar (684 comments)

Think of it as a lock on a door. The door can still be opened by somebody who is motivated enough, but the fact that there is a lock raises the bar, and makes the trade-off less favorable to the would-be cheater. Leaving the door unlocked, on the other hand, punishes those that are honest, and can make them re-evaluate their honesty (hey, look, everyone is doing it!).

Asking questions on how things work in your code is another measure that raises the bar. As a TA, I applied both: an automated plagiarism detection program ( - GPL'd and entirely client-side, unlike MOSS) and individual, written exams with very concrete questions regarding the code (eg.: "describe the data-structure you used to implement feature X" or "which of your methods would you need to alter to implement feature Y"). The exams were very short, and intended to be filled just after the code had been turned in, so that there was not a lot to memorize.

It was still possible for someone to cheat -- but, hopefully, it would have required so much effort as to be not worth the trouble.

more than 4 years ago

How Easy Is It To Cheat In CS?

tucuxi A program that uses NCD to detect plagiarism (684 comments)

You don't need a specialized parser lol. Just strip out variable names, comments, and whitespace, then just use zip. zip A, zip B, zip AB. Compare sizes.

The technical term is Normalized Compression Distance, and, on source code, it works even better when you tokenize the programs first (so that whitespace, identifier names and comments cease to be a factor).

Here is a program that does just that, and has pretty graphs showing who is way more similar to whom than chance would have it: . It is in active use in several courses at Spanish universities.

more than 4 years ago

MIT Offers Picture-Centric Programming To the Masses With Sikuli

tucuxi Think executable step-by-step tutorials (154 comments)

Sikuli is certainly not commercial-grade UI testing software. It was never intended to be, this is academic software written to explore ideas, rather than to polish them to perfection. Also, it is not a "general" programming language. The previous posters that compared it to video-programming are right: not all programs have to target complicated algorithms and data-structures, there is plenty of space for automating "simple stuff".

As an idea, I find the readability of the code particularly interesting. Sikuli code is about the closest you can come to self-explanatory, step-by-step instructions on how to achieve whatever a particular program does. Add a few comments to the most arcane steps, publish those programs to an online repository, and presto! executable step-by-step tutorials.

Yes, the developers may have to address the variability of themes on people's desktops. It is certainly possible to do so (for instance, by keeping a list of mappings from any of a set of "supported" themes to a "canonical" theme, which would be used in all examples), but, as far as ideas go, I really think that Sikuli is a very refreshing idea.

more than 4 years ago

Fair Use Affirmed In Turnitin Case

tucuxi Re:Plagiarism takes yet another hit (315 comments)

I've fantasized with asking my students to use a VCS to submit their code as it gets written. Of course, in Computer Science, this would be educational beyond the "controlling their times" sense. And could be used as a collaboration tool within each student team.

The only thing keeping me back is the maintenance headache.I would have to setup accounts for each student, and build the initial projects, too; yes, this can be partially automated. And the extra burden of explaining how to use the system (they only learn about VCSs, in an abstract way, in their 7th semester...)

more than 5 years ago



European patent for "Shannon-secure" encryption algorithm without one-time pad

tucuxi tucuxi writes  |  about a year and a half ago

tucuxi (1146347) writes "Multiple reports in Spain of a new encryption method which, according to its author, provides "double Shannon secure symmetrical encryption" (google translation of one of the news items). The patent application is available online (everything but the abstract is in Spanish). In the application, the inventor claims that Shannon's one-time pad was not really necessary for perfect security, completely disregarding that, were he right, his scheme would allow unlimited, lossless compression. As a Spaniard, I am dumbfounded at so many newspapers taking this snake-oil for granted, and at the European Patent Office for not seeing through the gibberish."


tucuxi has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account