The math that we take for granted for rendering 3D was being invented, real time, to create this video. (Ed’s credited for having working out that math to handle things like texture mapping, 3D anti-aliasing and z-buffering.)

The story behind the video and how it was found recently is pretty cool too. Props to Robby Ingebretsen for sharing this!

40 Year Old 3D Computer Graphics (Pixar, 1972) from Robby Ingebretsen on Vimeo.

How does GC, work, generally? Why is it important? The GC inside of the CLR is of a specfic type – ephemeral, concurrent (the server version has always been concuurent and now with Background GC on the client in CLR 4, GC is concurrent on the client as well, but there are differences…)

NOTE: I only had the PCF file provided by work, and the group password was encrypted. If you know your group password, then you can just run VPNC directly or write a conf file yourself.

My setup:

• Fedora 12 x86_64
• Running in VirtualBox 4.1.6 with bridged networking (I didn’t try it with NAT)
• Connecting to a Cisco VPN server at work

Connecting:

1. Install VPNC (`sudo yum install vpnc` in Fedora)
2. Download the pcf2vpnc Perl script (cached)
3. Convert your Cisco PCF file to VPNC conf format: `perl pcf2vpnc company.pcf vpnc.conf`
4. Connect to the VPN server: `sudo vpnc ./vpnc.conf` (you will be prompted for you username and password)
5. (optional) Run `ifconfig` to see the tunnel interface that was created

eth0     Link encap:Ethernet  HWaddr 08:00:DE:AD:BE:EF
         inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
         ...

lo       Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         ...

tun0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
         inet addr:10.200.100.1  P-t-P:10.220.116.219  Mask:255.255.255.255
         ...

Disconnecting:

1. Run `sudo vpnc-disconnect` (don’t forget the `sudo`)

That’s it. Cheers!

The picture below shows the 2 most common configurations for a Netem box:

I’ve always used the first configuration, but it doesn’t really matter.

1. Find a Suitable System

• Any “reasonable” machine that can run Fedora 14 (I use an old Pentium 4 box since I don’t need to simulate a high-speed link)
• It must have 2 network interfaces
• It’s nice to use a smaller box if you want it to be portable

2. Install bridge-utils

Make sure you are root, and run:

brctl

to see if bridge-utils is installed. If it isn’t, run:

yum install bridge-utils.

3. Bridge the 2 Network Interfaces

First make sure to clear the network configuration for your interfaces:

ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0

Then create the bridge and bring it up:

brctl addbr br0
brctl setfd br0 0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up

Note that we disable the forwarding delay (‘setfd’). This makes the bridge pass traffic through it immediately instead of the configured delay time.

One final set I had to perform is disabling kernel-level filtering on the bridge. This is done by writing 0 to the bridge nodes under proc:

for f in /proc/sys/net/bridge-*; do echo 0 > $f; done

Note: If for some reason none of this works for you, check out the Linux Foundation page on network bridging.

4. Configure Netem

Netem is actually used in conjunction with the Traffic Control application, tc. I’m not going to go into detail here, but suffice it to say that tc allows you to do packet shaping and adjust packet scheduling. Check out the tc man page for more information.

tc allows you to specify the “queueing discipline” (or “qdisc” for short) used for sending outbound packets on an interface (the fact that it operates on outbound packets only is important to remember). Basically, a qdisc defines how outbound packets are ordered and sent. To view the current qdisc setup on your box, type:

tc qdisc

The default qdisc is pfifo_fast. We’re going to change this to use a combination of Netem and Token Bucket Filter.

Note: For the following examples, I assume eth0 is connected to the network (client-side), and eth1 is directly connected to the server.

Limiting Bandwidth

The Token Bucket Filter (tbf) is used to limit how much data can exit the network interface per second… perfect for simulating WAN bandwidth limitations. Let’s assume we want to emulate a client-side WAN connection of 768kbps down and 128kbps up. Assuming the server is connected to eth1, the eth1 interface receives inbound traffic from the server and eth0 sends that traffic outbound to the client. Since we know the a qdisc works on outbound traffic only, we need to limit eth0 for our download speed of 768kbps. Conversely, we configure eth1 for our upload speed of 128kbps.

tc qdisc replace dev eth0 root handle 1:0 tbf rate 768kbit burst 2048 latency 100ms

tc qdisc replace dev eth1 root handle 2:0 tbf rate 128kbit burst 2048 latency 100ms

We use the ‘replace’ command to overwrite any qdisc setting that’s there (you can use the ‘del’ command to simple remove qdiscs). We set the qdisc as the ‘root‘ of the tree, and configure the tbf ‘rate‘ accordingly. The ‘burst‘ and ‘latency‘ parameters control the initial number of tokens in the bucket and how long queued packet can hang around before being dropped, respectively.

Adding Latency

We can append qdiscs that will allows us to use different tools to control how our simulated WAN behaves. In this example, I’ll use Netem to artifically add 57ms of latency to the download connection with a random variantion of +/- 13ms:

tc qdisc add dev eth0 parent 1:1 handle 10: netem delay 57ms 13ms

And So Much More…

The Netem page on the Linux Foundation website has many other great examples, so there’s no point in me copying them here. If you’ve made it this far and are still interested, I highly encourage you to check out their page.

ct>

Here’s a copy of the video if it is ever removed (13MB, 3gp).

For example, here’s what the raw image looks like with the micro-lens:

If you zoom in, you can see the tiny micro-images:

Using the micro-images, one can calculate the ray vectors for the incoming light rays. This allows software to change the depth-of-field or the focal point of the image. The 2 pictures below show the processed image with different planes in focus:

This is pretty powerful stuff, especially when coupled with the GPU and CUDA. Adobe did a cool demo at GTC 2010 during the keynote where they do the image manipulation in real-time using the GPU… worth watching if you’re interested.

Here’s a copy of the research paper (PDF)

Wrong.

I think Bruce Schneier described it best (paraphrased): Cryptography is like having a really strong front door on your house… 2 foot thick steal, blast proof, the whole 9 yards. A thief isn’t going to try and break through your front door… they’ll just climb through a window!

Security is about the whole system; not just the crypto. xkcd summed it up nicely:

It displayed remarkable facility with cultural trivia (“This action flick starring Roy Scheider in a high-tech police helicopter was also briefly a TV series” — “What is ‘Blue Thunder’?”), science (“The greyhound originated more than 5,000 years ago in this African country, where it was used to hunt gazelles” — “What is Egypt?”) and sophisticated wordplay (“Classic candy bar that’s a female Supreme Court justice” — “What is Baby Ruth Ginsburg?”).

Software firms and university scientists have produced question-answering systems for years, but these have mostly been limited to simply phrased questions. Nobody ever tackled “Jeopardy!” because experts assumed that even for the latest artificial intelligence, the game was simply too hard: the clues are too puzzling and allusive, and the breadth of trivia is too wide.

With Watson, I.B.M. claims it has cracked the problem — and aims to prove as much on national TV. The producers of “Jeopardy!” have agreed to pit Watson against some of the game’s best former players as early as this fall (emphasis mine). To test Watson’s capabilities against actual humans, I.B.M.’s scientists began holding live matches last winter.

I’d definitely watch that episode… especially if Watson was pitted against Ken Jennings.

Under the hood:

[IBM's] main breakthrough was not the design of any single, brilliant new technique for analyzing language. Indeed, many of the statistical techniques Watson employs were already well known by computer scientists. One important thing that makes Watson so different is its enormous speed and memory. Taking advantage of I.B.M.’s supercomputing heft, Ferrucci’s team input millions of documents into Watson to build up its knowledge base — including, he says, “books, reference material, any sort of dictionary, thesauri, folksonomies, taxonomies, encyclopedias, any kind of reference material you can imagine getting your hands on or licensing. Novels, bibles, plays.”

The full article is worth the read.

A shot of 80-90 feet — even at night and in rolling seas — is a cakewalk for DevGru SEALs.

“These guys can put three rounds onto the head of a quarter at that range,” Allen told me.

…A multi-thousand ton destroyer is a pretty stable platform in any but the most tumultuous sea states and makes dialing in a shot on an admittedly tossing life raft more doable — a smart platform for the Team to operate from. …

I think the American public doesn’t fully appreciate the talent of these teams. Props to SEAL Team VI!

Analogy is a typographic clock which fuses the immediacy of digital with the visual-spatial quality of analogue into a hybrid format. It presents an everyday object with a fresh twist.

Click on the image below to visit his site and download it. Enjoy!

• 500 x 750 JPEG
• 500 x 750 PNG

First, I made sure to disable access control from outside the chroot (warning: make sure you understand the security implications of this!):

[dev]$ xhost + localhost
localhost being added to access control list

Next, I entered the chroot’d environment and attempted to run the application, but it failed with the following error:

[chroot]$ valkyrie
valkyrie: cannot connect to X server 127.0.0.1:0.0

The problem is that the X server is configured by default NOT to listen for remote connections (usually on port 6000). I verified that this was the problem by leaving the chroot and trying to connect via telnet:

[dev]$ telnet 127.0.0.1 6000
Trying 127.0.0.1…
telnet: connect to address 127.0.0.1: Connection refused

The way to fix this on previous Fedora installations was to use gdmsetup. However, this is no longer available. Hunting through the KDE config files I found the solution: change the arguments passed to the X server after login in the kdmrc file.

NOTE: I’m using fluxbox as my desktop environment… KDE is used for the Fedora login screen, which is why we are messing with its config files.

[dev]$ sudo su
[root]# cd /etc/kde/kdm
[root]# cp kdmrc kdmrc.old
[root]# vi kdmrc

On my system, the problem was this line:

ServerArgsLocal=-br -nolisten tcp

I simply changed it to:

ServerArgLocal=-br

I restarted my X server and tried to connect with telnet again (this time with success):

[dev]$ telnet 127.0.0.1 6000
Trying 127.0.0.1…
Connected to 127.0.0.1.
Escape character is ‘^]’.

Then, I once again disabled X access control (`xhost + localhost`) and everything worked fine. Hope this helps!

EDITED 11/17/2008: Changed ‘xhost +’ to ‘xhost + localhost’

Of particular interest to me are the changes to DirectX 10, Media Foundation, and the new DirectX 11. Here are some highlights.

DirectX 11:

• “…resource creation and management has been optimized for multithreaded use, enabling more efficient dynamic texture management for streaming.”
• Several improvements have been made to the high-level shading language (HLSL), such as a limited form of dynamic linkage in shaders to improve specialization complexity, and object-oriented programming constructs like classes and interfaces.”

DirectX 10 improvements:

• “The pipeline also introduces the geometry shader stage, which offloads work entirely from the CPU to the GPU. This new stage enables you to create geometry, stream the data to memory, and render the geometry with no CPU interaction.”
• Predicated rendering performs occlusion culling to reduce the amount of geometry that is rendered. Instancing APIs can dramatically reduce the amount of geometry that needs to be transferred to the GPU by drawing multiple-instances of similar objects. Texture arrays enable the GPU to do texture swapping without CPU intervention.”

Media Foundation improvements:

• “…Media Foundation has been enhanced to provide better format support, including MPEG-4, as well as support for video capture devices and hardware codecs.”
• “In Windows 7, Media Foundation provides extensive format support that includes codecs for H.264 video, MJPEG, and MP3; new sources for MP4, 3GP, MPEG2-TS, and AVI; and new file sinks for MP4, 3GP, and MP3.”
• “In Windows Vista, Media Foundation exposed a relatively low-level set of APIs. These APIs are flexible, but may not be appropriate for performing tasks. Windows 7 adds new high-level APIs that make it simpler to write media applications in C++.”

Okay, now the large size (video source: D1 MPEG-4 30 fps):

Arthur C. Clark’s three “laws” of prediction:

1. When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.
2. The only way of discovering the limits of the possible is to venture a little way past them into the impossible.
3. Any sufficiently advanced technology is indistinguishable from magic.

The 3rd law was rephrased by NASA’s J. Porter Clark into one of my favorite quotes:

“Sufficiently advanced incompetence is indistinguishable from malice.”

A corollary to this is called Hanlon’s razor:

“Never attribute to malice that which can be adequately explained by stupidity.”

And while I’m on the subject, here’s a great quote from Albert Einstein:

“Only two things are infinite, the universe and human stupidity, and I’m not sure about the universe.”

Finally, German General Kurt von Hammerstein-Equord (what a name) shared these observations about the risks of human stupidity:

“I divide my officers into four classes; the clever, the lazy, the industrious, and the stupid. Each officer possesses at least two of these qualities. Those who are clever and industrious are fitted for the highest staff appointments. Use can be made of those who are stupid and lazy. The man who is clever and lazy however is for the very highest command; he has the temperament and nerves to deal with all situations. But whoever is stupid and industrious is a menace and must be removed immediately!”

According to the documentation, Midori will be built with an asynchronous-only architecture that is built for task concurrency and parallel use of local and distributed resources, with a distributed component-based and data-driven application model, and dynamic management of power and other resources.

The Midori documents foresee applications running across a multitude of topologies, ranging from client-server and multi-tier deployments to peer-to-peer at the edge, and in the cloud data center. Those topologies form a heterogeneous mesh where capabilities can exist at separate places.

In order to efficiently distribute applications across nodes, Midori will introduce a higher-level application model that abstracts the details of physical machines and processors. The model will be consistent for both the distributed and local concurrency layers, and it is internally known as Asynchronous Promise Architecture.

…operating system services, such as storage, would either be provided to the applications by the OS or be discovered across a trusted distributed environment.

The programming model and API are also changing to help developers develop in the new model (goodbye Win32):

The Midori documents indicate that the proposed OS would have a non-blocking object-oriented framework API. This would have strong notions of immutability—in the sense of objects that cannot be modified once created—and strive to foster application correctness through deep verifiability by using .NET programming languages.

The Midori programming model will tackle state management, which Microsoft admits in its documentation is a challenge in Windows, by migrating APIs, applications and developers to a constrained model.

Other objectives are eliminating dynamic loading and in-process extensions; developing a failure model based on reliable transactions, so the system understands exactly which processes are impacted by a cascading failure and how to restart the computation; and having a standard way of dealing with latency, asynchronous behavior and cancellation, throughout the stack.

To provide better modularity (and to support mobile devices), Midori will be a micro-kernel:

Unlike Windows, Microsoft intends for Midori to be componentized from the beginning to achieve performance and security benefits. It will have strong isolation boundaries and enforced contracts between components, to ensure that servicing one component will not cause others to fail, while keeping overhead minimal.

At its lowest level, Midori has two separate kernel layers: a microkernel comprised of unmanaged code that controls hardware and environment abstracts, and higher-level managed kernel services that provide the full set of operating system functionality.

There are a lot more gems in the article… definitely worth a read. Click HERE to read it.

(requires Adobe Flash plugin… click HERE to watch it on YouTube)

I found this information interesting:

• The application code is written mostly in Python (the web app is not the bottleneck… the database RPC is)
• They use Apache for page content and lighttpd for serving video
• Thumbnails are now served by Google’s BigTable
• They’re running SuSE Linux with MySQL
• HW RAID-10 across multiple disks was too slow. HW RAID-1 with SW RAID-0 was faster because the Linux I/O scheduler could see the multiple volumes and would therefore schedule more I/O

You can read a good summary of the talk HERE from the High Scalability website.

TechCruch has a good article of the YouTube API.

Interviewer: How big of an infrastructure do you have to support and maintain? It must be huge.

Reeg: Actually from a pure server footprint standpoint… we probably have fewer actual footprint servers because of techniques like virtualization that help us leverage one box to do multiple things.

Where it gets interesting is philosophically: We try to put [transaction] processing as close to our customers, the banks, as possible. When we talk about the global network, we have small servers that sit with the bank customers that connect to our network. What it does is it gives us intelligence there at the end of the network. So as a transaction comes through, we can take a look at that transaction and decide how do we best process that transaction for the benefit of all those four parties in the model.

As to processing, the majority of transactions we’re looking at relate to how do we process them as fast as possible in the most accurate way. The way to do that is by peer to peer: If you’re using your card in Europe, in London, say, and you swipe your card as you check out of hotel, we can route that transaction to the hotel’s acquiring bank in London directly to your issuing bank and get that message back for approval without ever going through St. Louis or some big data center in the middle of all that.

You can read the full article HERE.

—

Okay, THIS is funny because of the glaring security mistakes made by San Francisco’s Department of Technology (or Department of Ignorance, after this one). From the New York Times:

A disgruntled city computer engineer has virtually commandeered San Francisco’s new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail…

Prosecutors say Childs, who works in the Department of Technology… tampered with the city’s new FiberWAN (Wide Area Network), where records such as officials’ e-mails, city payroll files, confidential law enforcement documents and jail inmates’ bookings are stored.

Officials also said they feared that although Childs is in jail, he may have enabled a third party to access the system by telephone or other electronic device and order the destruction of hundreds of thousands of sensitive documents.

This is like security 101… you never give this much power to any single person. On critical systems like this, you always have check-and-balances, outside security code reviews, and strict audits. The S.F. DoT was basically driving around without insurance and got in an accident… I don’t feel sorry for them. It’s really sad how ignorant the world is about security (sigh).