Forgot your password?
typodupeerror

Comment: Far from junk science... (Score 2) 166

If you read the article in PNAS ( http://www.pnas.org/content/ea... ) you can see that they consider the question of examination equivalence by only looking at previous studies that "were largely or solely limited to changes in the conduct of the regularly scheduled class or recitation sessions;" So based on what I have read in the paper I would classify this as very far from junk science.

Comment: Re:I've heard slashdot is behind the times... (Score 1) 166

The article (available at http://www.pnas.org/content/ea... ) is a meta-analysis of earlier studies. So this study can be seen as a validation of the earlier research rather than presenting something completely novel.

(One possible reason why lectures are still so common: It is a cheap teaching method that scales well with class size.)

Comment: Anecdotal evidence suggests... (Score 2) 166

... that it is easier to take cheap shots at research if you only read the slashdot summary rather than the actual publication.

So to answer your concerns I tracked down the publication in PNAS: http://www.pnas.org/content/ea...

To quote from the article:

The data we analyzed came from two types of studies: (i) randomized trials, where each student was randomly placed in a treatment; and (ii) quasirandom designs where students self-sorted into classes, blind to the treatment at the time of registering for the class

In other words, if I understand the article correctly, the authors only considered studies where active learning was contrasted with traditional lectures in the same course! Therefore it seems likely that active learning is a good idea, regardless of whether the topic is hard or easy. (By the way, active learning doesn't necessarily have to involve fun and games, although if a student, in general, doesn't think that learning is fun, perhaps he or she should consider doing something else...)

Comment: Re:Fluid Design... (Score 1) 1191

by tamyrlin (#45009771) Attached to: Come Try Out Slashdot's New Design (In Beta)
It is late here and I'm in a negative mood. However, the fact that at least one staff member seems to actually listen to the comments written here is a hopeful indication. (Also, the mock-ups on dropbox in the grandparent looks promising. I'll have to look into the Stylish plugin which I didn't know about before.)

Comment: Re:Oh F*CK That! (Score 1) 1191

by tamyrlin (#45009695) Attached to: Come Try Out Slashdot's New Design (In Beta)
I think the most damning thing about the new comment system is that I had to go back to the old version of the site to read through the comments in an efficient manner. (And I'm not talking about the fact that the "reply" button is not implemented yet...)

Also, the exact user id is mostly for bragging rights anyway, but it does give an indication as to whether the user is a long time user of slashdot or not. Although other indications such as the karma of the user might be more useful in most situations...

Comment: Ouch. (Score 1) 1191

by tamyrlin (#45009533) Attached to: Come Try Out Slashdot's New Design (In Beta)
I don't want to sound too negative, so I'll limit myself to my major concerns:

* The current version has very clear boundaries between stories in the form of the green bar. (Same for (expanded) comments.) With the new design it is simply harder to find these boundaries.
* Why all the wasted space in this new design? If I want a narrow column I'll just resize my web browser. The old layout was good because it allowed me to quickly scan through a lot of stories to select the ones that interested me. Same with comments. With the new design I need to scroll quite a bit more before having seen all the content.
* Speaking of comments, what is going on with the comment system? I hope the limited comment functionality (for example, lack of folding, etc) is just due to the fact that this is a beta.

Comment: In case of emergency: Grab the data from /dev/mem (Score 1) 506

by tamyrlin (#44674983) Attached to: The Greatest Keyboard Shortcut Ever
What is even more annoying is when the webserver serves up an error page after you have just written a very long comment (or similar) hit "post". My solution (in Linux) is to simply dump /dev/mem to /tmp/memorydump and then search this file for keywords present in the recently written form. While this is not a perfect solution, it has certainly saved me a lot of extra work in a few situations. (Nowadays I mostly write longer entries in emacs and cut&paste everything into the form to avoid this kind of issues.)

If you are going to try this out, note that you'll need to do this immediately, before the memory has been overwritten by another process. (And you obviously need to be root to be able to access /dev/mem in most situations.)

Comment: This has already been done. (On another(?) car.) (Score 3, Interesting) 390

by tamyrlin (#44385783) Attached to: Hackers Reveal Nasty New Car Attacks
There is at least one car model where researchers has been able to get access to the CAN bus and do all sorts of shenanigans through the following means:
  • * Specially crafted file on a CD inserted into the CD player
  • * Exploit weakness in the car bluetooth interface
  • * Exploit weakness in built in GSM modem

For the details, see http://www.autosec.org/pubs/cars-usenixsec2011.pdf. (Pretty scary reading. In this case they are also able to disable the brakes and they are also able to engage the brakes on only one of the front wheels for all sorts of "fun"...)

Comment: Re:I call BS (Score 1) 131

by tamyrlin (#43416907) Attached to: Hijacking Airplanes With an Android Phone
The problem seems to be (if I understand the article correctly) that for example the FMS can be hacked (presumably by buffer overflows or similar exploits) and then used to take over other functionality.

This seems similar to how a malformed RDS packet sent via FM radio can disable the brakes on a certain car: http://www.autosec.org/pubs/cars-usenixsec2011.pdf (among other things).

Exactly how similar these attacks are are difficult to ascertain as the presentation leaves a lot to be guessed, although the net-security report on his talk gives some more details.

Comment: This is even worse than car security (Score 2) 131

by tamyrlin (#43416491) Attached to: Hijacking Airplanes With an Android Phone
It seems that the aircraft industry is about as security conscious as the car industry. The following page at http://lwn.net/Articles/518923/ discusses how researchers were able to take almost complete control, including the breaks, but excluding the steering IIRC by for example the following attack vectors: Malware infested CD inserted into car stereo, malformed RDS package sent via FM radio, some sort of bluetooth hacking, etc. (Also the ODBC-II port of course, although that is cheating....)

At the time I read the lwn article and the associated papers I thought to myself that the car industry should learn security and stability from the aerospace industry. Unfortunately it now turns out that they seem to have done so :(

Comment: Re:Security implications do not look good (Score 2) 114

by tamyrlin (#43292985) Attached to: Enlightenment Terminal Allows Video Playback, PDF Viewing
In theory, yes. In practice no, if you consider the fact that ls might very well be exploitable through malware infested files in this scenario. (I think all sysadmins shudder at the thought that merely listing the contents of a directory with malware in it could be dangerous...)

However, there are ways around this. IIRC chrome decodes images inside a seccomp jail, causing an exploit in the image decoder to be very hard to use for anything except showing a a naughty image and eating CPU time. (I don't know if the enlightenment guys are doing this or not, but I hope they are considering it at least.)

Comment: Security implications do not look good (Score 3, Insightful) 114

by tamyrlin (#43290753) Attached to: Enlightenment Terminal Allows Video Playback, PDF Viewing
The demo video they have look really cool and I like any idea that improves the usability of the terminal. I just hope that they have some strategies in place to minimize the security impact of adding a large amount of potentially vulnerable code to a critical service such as the terminal (e.g., using securecomp or other mechanisms to sandbox the potentially vulnerable code).

Comment: Re:It will (Score 2) 605

by tamyrlin (#43083869) Attached to: Why Can't Intel Kill x86?
At least one x86 processor design has a special non-x86 programming mode. In the Datasheet for the VIA C3 you can find the following tidbit:

"When set to 1, the ALTINST bit in the FCR enables ex ecution of an alternate (not x86) instruction set. While setting this FCR bit is a privileged operation, ex ecuting the alternate instructions can be done from any protection level.

This alternate instruction set includes an extended set of integer, MMX, floating-point, and 3DNow! in- structions along with additional registers and so me more powerful instruction forms over the x86 instruction architecture. For example, in the alternat e instruction set, privileged functions can be used from any protection level, memory descriptor checki ng can be bypassed, and many x86 exceptions such as alignment check can be bypassed.

This alternate instruction set is intended for testing, debug, and special application usage. Accordingly, it is not documented for general usage. If you have a ju stified need for access to these instructions, contact your VIA representative. "

I have tried to find some details about this alternate instruction set but haven't been able to find anything unfortunately. (And I'm not so interested in this any longer as my remaining Via C3 machine is now only used for backups and does not require very high performance...) Anyway, I'm guessing that it didn't become very popular due to the fact that they kept the details secret.

A modem is a baudy house.

Working...