AI Apps Free

AI Apps Free — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

Predictive text

Predictive text is an input technology used where one key or button represents many letters, such as on the physical numeric keypads of mobile phones and in accessibility technologies. Each key press results in a prediction rather than repeatedly sequencing through the same group of "letters" it represents, in the same, invariable order. Predictive text could allow for an entire word to be input by a single keypress. Predictive text makes efficient use of fewer device keys to input writing into a text message, an e-mail, an address book, a calendar, and the like. The most widely used, general, predictive text systems are T9, iTap, eZiText, and LetterWise/WordWise. There are many ways to build a device that predicts text, but all predictive text systems have initial linguistic settings that offer predictions that are re-prioritized to adapt to each user. This learning adapts, by way of the device memory, to a user's disambiguating feedback that results in corrective key presses, such as pressing a "next" key to get to the intention. Most predictive text systems have a user database to facilitate this process. Theoretically the number of keystrokes required per desired character in the finished writing is, on average, comparable to using a keyboard. This is approximately true provided that all words used are in its database, punctuation is ignored, and no input mistakes are made when typing or spelling. The theoretical keystrokes per character, KSPC, of a keyboard is KSPC=1.00, and of multi-tap is KSPC=2.03. Eatoni's LetterWise is a predictive multi-tap hybrid, which when operating on a standard telephone keypad achieves KSPC=1.15 for English. The choice of which predictive text system is the best to use involves matching the user's preferred interface style, the user's level of learned ability to operate predictive text software, and the user's efficiency goal. There are various levels of risk in predictive text systems, versus multi-tap systems, because the predicted text that is automatically written provides the speed and mechanical efficiency benefit, which, if the user is not careful to review, results in transmitting misinformation. Predictive text systems take time to learn to use well, and so generally, a device's system has user options to set up the choice of multi-tap or any one of several schools of predictive text methods. == Background == Short message service (SMS) permits a mobile phone user to send text messages (also called messages, SMSes, texts, and txts) as a short message. The most common system of SMS text input is referred to as "multi-tap". Using multi-tap, a key is pressed multiple times to access the list of letters on that key. For instance, pressing the "2" key once displays an "a", twice displays a "b" and three times displays a "c". To enter two successive letters that are on the same key, the user must either pause or hit a "next" button. A user can type by pressing an alphanumeric keypad without looking at the electronic equipment display. Thus, multi-tap is easy to understand and can be used without any visual feedback. However, multi-tap is not very efficient, requiring potentially many keystrokes to enter a single letter. In ideal predictive text entry, all words used are in the dictionary, punctuation is ignored, no spelling mistakes are made, and no typing mistakes are made. The ideal dictionary would include all slang, proper nouns, abbreviations, URLs, foreign-language words and other user-unique words. This ideal circumstance gives predictive text software a reduction in the number of key strokes a user is required to enter a word. The user presses the number corresponding to each letter. As long as the word exists in the predictive text dictionary or is correctly disambiguated by non-dictionary systems, it will appear. For instance, pressing "4663" will typically be interpreted as the word good, provided that a linguistic database in English is currently in use, though alternatives such as home, hood and hoof are also valid interpretations of the sequence of key strokes. The most widely used systems of predictive text are Tegic's T9, Motorola's iTap, and the Eatoni Ergonomics' LetterWise and WordWise. T9 and iTap use dictionaries, but Eatoni Ergonomics' products use a disambiguation process, a set of statistical rules to recreate words from keystroke sequences. All predictive text systems require a linguistic database for every supported input language. == Dictionary vs. non-dictionary systems == Traditional disambiguation works by referencing a dictionary of commonly used words, though Eatoni offers a dictionaryless disambiguation system. In dictionary-based systems, as the user presses the number buttons, an algorithm searches the dictionary for a list of possible words that match the keypress combination and offers up the most probable choice. The user can then confirm the selection and move on, or use a key to cycle through the possible combinations. A non-dictionary system constructs words and other sequences of letters from the statistics of word parts. To attempt predictions of the intended result of keystrokes not yet entered, disambiguation may be combined with a word completion facility. Either system (disambiguation or predictive) may include a user database, which can be further classified as a "learning" system when words or phrases are entered into the user database without direct user intervention. The user database is for storing words or phrases that are not well disambiguated by the pre-supplied database. Some disambiguation systems further attempt to correct spelling, format text or perform other automatic rewrites, with the risky effect of either enhancing or frustrating user efforts to enter text. == History == The predictive text and autocomplete technology was invented out of necessities by Chinese scientists and linguists in the 1950s to solve the input inefficiency of the Chinese typewriter, as the typing process involved finding and selecting thousands of logographic characters on a tray, drastically slowing down the word processing speed. The actuating keys of the Chinese typewriter created by Lin Yutang in the 1940s included suggestions for the characters following the one selected. In 1951, the Chinese typesetter Zhang Jiying arranged Chinese characters in associative clusters, a precursor of modern predictive text entry, and broke speed records by doing so. Predictive entry of text from a telephone keypad has been known at least since the 1970s (Smith and Goodwin, 1971). Predictive text was mainly used to look up names in directories over the phone until mobile phone text messaging came into widespread use. == Example == On a typical phone keypad, if users wished to type the in a "multi-tap" keypad entry system, they would need to: Press 8 (tuv) once to select t. Press 4 (ghi) twice to select h. Press 3 (def) twice to select e. Meanwhile, in a phone with predictive text, they need only: Press 8 once to select the (tuv) group for the first character. Press 4 once to select the (ghi) group for the second character. Press 3 once to select the (def) group for the third character. The system updates the display as each keypress is entered, to show the most probable entry. In this example, prediction reduced the number of button presses from five to three. The effect is even greater with longer words and those composed of letters later in each key's sequence. A dictionary-based predictive system is based on the hope that the desired word is in the dictionary. That hope may be misplaced if the word differs in any way from common usage—in particular, if the word is not spelled or typed correctly, is slang, or is a proper noun. In these cases, some other mechanism must be used to enter the word. Furthermore, the simple dictionary approach fails with agglutinative languages, where a single word does not necessarily represent a single semantic entity. == Companies and products == Predictive text is developed and marketed in a variety of competing products, such as Nuance Communications's T9. Other products include Motorola's iTap; Eatoni Ergonomic's LetterWise (character, rather than word-based prediction); WordWise (word-based prediction without a dictionary); EQ3 (a QWERTY-like layout compatible with regular telephone keypads); Prevalent Devices's Phraze-It; Xrgomics' TenGO (a six-key reduced QWERTY keyboard system); Adaptxt (considers language, context, grammar and semantics); Lightkey (a predictive typing software for Windows); Clevertexting (statistical nature of the language, dictionaryless, dynamic key allocation); and Oizea Type (temporal ambiguity); Intelab's Tauto; WordLogic's Intelligent Input Platform™ (patented, layer-based advanced text prediction, includes multi-language dictionary, spell-check, built-in Web search); Google's Gboard. == Textonyms == Words produced by the same combination of keypresses have been called "textonyms"; also "txtonyms"; or "T9o
Read more →
Supertoroid

In geometry and computer graphics, a supertoroid or supertorus is usually understood to be a family of doughnut-like surfaces (technically, a topological torus) whose shape is defined by mathematical formulas similar to those that define the superellipsoids. The plural of "supertorus" is either supertori or supertoruses. The family was described and named by Alan Barr in 1994. Barr's supertoroids have been fairly popular in computer graphics as a convenient model for many objects, such as smooth frames for rectangular things. One quarter of a supertoroid can provide a smooth and seamless 90-degree joint between two superquadric cylinders. However, they are not algebraic surfaces (except in special cases). == Formulas == Alan Barr's supertoroids are defined by parametric equations similar to the trigonometric equations of the torus, except that the sine and cosine terms are raised to arbitrary powers. Namely, the generic point P(u, v) of the surface is given by P ( u , v ) = ( X ( u , v ) Y ( u , v ) Z ( u , v ) ) = ( ( a + C u s ) C v t ( b + C u s ) S v t S u s ) {\displaystyle P(u,v)=\left({\begin{array}{c}X(u,v)\\Y(u,v)\\Z(u,v)\end{array}}\right)=\left({\begin{array}{c}(a+C_{u}^{s})C_{v}^{t}\\(b+C_{u}^{s})S_{v}^{t}\\S_{u}^{s}\end{array}}\right)} where C θ ε = sgn ⁡ ( cos ⁡ θ ) | cos ⁡ θ | ε , S θ ε = sgn ⁡ ( sin ⁡ θ ) | sin ⁡ θ | ε , {\displaystyle {\begin{aligned}C_{\theta }^{\varepsilon }&=\operatorname {sgn} (\cos \theta )\,\left|\,\cos \theta \,\right|^{\varepsilon },\\S_{\theta }^{\varepsilon }&=\operatorname {sgn} (\sin \theta )\ \left|\,\sin \theta \ \right|^{\varepsilon },\end{aligned}}} sgn is the sign function, and the parameters u, v range from 0 to 360 degrees (0 to 2π radians). In these formulas, the parameter s > 0 controls the "squareness" of the vertical sections, t > 0 controls the squareness of the horizontal sections, and a, b ≥ 1 are the major radii in the x and y directions. With s = t = 1 and a = b = R one obtains the ordinary torus with major radius R and minor radius 1, with the center at the origin and rotational symmetry about the z-axis. In general, the supertorus defined as above spans the intervals: − ( a + 1 ) ≤ x ≤ + ( a + 1 ) − ( b + 1 ) ≤ y ≤ + ( b + 1 ) − 1 ≤ z ≤ + 1 {\displaystyle {\begin{array}{rcccl}-(a+1)&\leq &x&\leq &+(a+1)\\[4pt]-(b+1)&\leq &y&\leq &+(b+1)\\[4pt]-1&\leq &z&\leq &+1\end{array}}} The whole shape is symmetric about the planes x = 0, y = 0, and z = 0. The hole runs in the z direction and spans the intervals − ( a − 1 ) ≤ x ≤ + ( a − 1 ) − ( b − 1 ) ≤ y ≤ + ( b − 1 ) − ∞ ≤ z ≤ + ∞ {\displaystyle {\begin{array}{rcccl}-(a-1)&\leq &x&\leq &+(a-1)\\[4pt]-(b-1)&\leq &y&\leq &+(b-1)\\[4pt]-\infty &\leq &z&\leq &+\infty \end{array}}} A curve of constant u on this surface is a horizontal Lamé curve with exponent ⁠ 2 t , {\displaystyle {\tfrac {2}{t}},} ⁠ scaled in x and y and displaced in z. A curve of constant v, projected on the plane x = 0 or y = 0, is a Lamé curve with exponent ⁠ 2 s , {\displaystyle {\tfrac {2}{s}},} ⁠ scaled and horizontally shifted. If v = 0, the curve is planar and spans the intervals: a − 1 ≤ x ≤ a + 1 − 1 ≤ z ≤ + 1 {\displaystyle {\begin{array}{rcccl}a-1&\leq &x&\leq &a+1\\[4pt]-1&\leq &z&\leq &+1\end{array}}} and similarly if v = 90°, 180°, 270°. The curve is also planar if a = b. In general, if a ≠ b and v is not a multiple of 90 degrees, the curve of constant v will not be planar; and, conversely, a vertical plane section of the supertorus will not be a Lamé curve. The basic supertoroid shape defined above is often modified by non-uniform scaling to yield supertoroids of specific width, length, and vertical thickness. == Plotting code == The following GNU Octave code generates plots of a supertorus:
Read more →
Stop Motion Studio

Stop Motion Studio is a stop motion animation software developed by Cateater LLC. It is available as both an app for iOS and Android and as a software for Windows and Mac. Two versions of the software exist, the standard Stop Motion Studio for free, and the paid Stop Motion Studio Pro, which contains extra, more advanced features. The software is commonly used in brickfilming.
Read more →
Concurrency control

In information technology and computer science, especially in the fields of computer programming, operating systems, multiprocessors, and databases, concurrency control ensures that correct results for concurrent operations are generated, while getting those results as quickly as possible. Computer systems, both software and hardware, consist of modules, or components. Each component is designed to operate correctly, i.e., to obey or to meet certain consistency rules. When components that operate concurrently interact by messaging or by sharing accessed data (in memory or storage), a certain component's consistency may be violated by another component. The general area of concurrency control provides rules, methods, design methodologies, and theories to maintain the consistency of components operating concurrently while interacting, and thus the consistency and correctness of the whole system. Introducing concurrency control into a system means applying operation constraints which typically result in some performance reduction. Operation consistency and correctness should be achieved with as good as possible efficiency, without reducing performance below reasonable levels. Concurrency control can require significant additional complexity and overhead in a concurrent algorithm compared to the simpler sequential algorithm. For example, a failure in concurrency control can result in data corruption from torn read or write operations. == Concurrency control in databases == Comments: This section is applicable to all transactional systems, i.e., to all systems that use database transactions (atomic transactions; e.g., transactional objects in Systems management and in networks of smartphones which typically implement private, dedicated database systems), not only general-purpose database management systems (DBMSs). DBMSs need to deal also with concurrency control issues not typical just to database transactions but rather to operating systems in general. These issues (e.g., see Concurrency control in operating systems below) are out of the scope of this section. Concurrency control in Database management systems (DBMS; e.g., Bernstein et al. 1987, Weikum and Vossen 2001), other transactional objects, and related distributed applications (e.g., Grid computing and Cloud computing) ensures that database transactions are performed concurrently without violating the data integrity of the respective databases. Thus concurrency control is an essential element for correctness in any system where two database transactions or more, executed with time overlap, can access the same data, e.g., virtually in any general-purpose database system. Consequently, a vast body of related research has been accumulated since database systems emerged in the early 1970s. A well established concurrency control theory for database systems is outlined in the references mentioned above: serializability theory, which allows to effectively design and analyze concurrency control methods and mechanisms. An alternative theory for concurrency control of atomic transactions over abstract data types is presented in (Lynch et al. 1993), and not utilized below. This theory is more refined, complex, with a wider scope, and has been less utilized in the Database literature than the classical theory above. Each theory has its pros and cons, emphasis and insight. To some extent they are complementary, and their merging may be useful. To ensure correctness, a DBMS usually guarantees that only serializable transaction schedules are generated, unless serializability is intentionally relaxed to increase performance, but only in cases where application correctness is not harmed. For maintaining correctness in cases of failed (aborted) transactions (which can always happen for many reasons) schedules also need to have the recoverability (from abort) property. A DBMS also guarantees that no effect of committed transactions is lost, and no effect of aborted (rolled back) transactions remains in the related database. Overall transaction characterization is usually summarized by the ACID rules below. As databases have become distributed, or needed to cooperate in distributed environments (e.g., Federated databases in the early 1990, and Cloud computing currently), the effective distribution of concurrency control mechanisms has received special attention. === Database transaction and the ACID rules === The concept of a database transaction (or atomic transaction) has evolved in order to enable both a well understood database system behavior in a faulty environment where crashes can happen any time, and recovery from a crash to a well understood database state. A database transaction is a unit of work, typically encapsulating a number of operations over a database (e.g., reading a database object, writing, acquiring lock, etc.), an abstraction supported in database and also other systems. Each transaction has well defined boundaries in terms of which program/code executions are included in that transaction (determined by the transaction's programmer via special transaction commands). Every database transaction obeys the following rules (by support in the database system; i.e., a database system is designed to guarantee them for the transactions it runs): Atomicity - Either the effects of all or none of its operations remain ("all or nothing" semantics) when a transaction is completed (committed or aborted respectively). In other words, to the outside world a committed transaction appears (by its effects on the database) to be indivisible (atomic), and an aborted transaction does not affect the database at all. Either all the operations are done or none of them are. Consistency - Every transaction must leave the database in a consistent (correct) state, i.e., maintain the predetermined integrity rules of the database (constraints upon and among the database's objects). A transaction must transform a database from one consistent state to another consistent state (however, it is the responsibility of the transaction's programmer to make sure that the transaction itself is correct, i.e., performs correctly what it intends to perform (from the application's point of view) while the predefined integrity rules are enforced by the DBMS). Thus since a database can be normally changed only by transactions, all the database's states are consistent. Isolation - Transactions cannot interfere with each other (as an end result of their executions). Moreover, usually (depending on concurrency control method) the effects of an incomplete transaction are not even visible to another transaction. Providing isolation is the main goal of concurrency control. Durability - Effects of successful (committed) transactions must persist through crashes (typically by recording the transaction's effects and its commit event in a non-volatile memory). The concept of atomic transaction has been extended during the years to what has become Business transactions which actually implement types of Workflow and are not atomic. However also such enhanced transactions typically utilize atomic transactions as components. === Why is concurrency control needed? === If transactions are executed serially, i.e., sequentially with no overlap in time, no transaction concurrency exists. However, if concurrent transactions with interleaving operations are allowed in an uncontrolled manner, some unexpected, undesirable results may occur, such as: The lost update problem: A second transaction writes a second value of a data-item (datum) on top of a first value written by a first concurrent transaction, and the first value is lost to other transactions running concurrently which need, by their precedence, to read the first value. The transactions that have read the wrong value end with incorrect results. The dirty read problem: Transactions read a value written by a transaction that has been later aborted. This value disappears from the database upon abort, and should not have been read by any transaction ("dirty read"). The reading transactions end with incorrect results. The incorrect summary problem: While one transaction takes a summary over the values of all the instances of a repeated data-item, a second transaction updates some instances of that data-item. The resulting summary does not reflect a correct result for any (usually needed for correctness) precedence order between the two transactions (if one is executed before the other), but rather some random result, depending on the timing of the updates, and whether certain update results have been included in the summary or not. Most high-performance transactional systems need to run transactions concurrently to meet their performance requirements. Thus, without concurrency control such systems can neither provide correct results nor maintain their databases consistently. === Concurrency control mechanisms === ==== Categories ==== The main categories of concurrency control mechanis
Read more →
Manifold hypothesis

The manifold hypothesis posits that many high-dimensional data sets that occur in the real world actually lie along low-dimensional latent manifolds inside that high-dimensional space. As a consequence of the manifold hypothesis, many data sets that appear to initially require many variables to describe, can actually be described by a comparatively small number of variables, linked to the local coordinate system of the underlying manifold. It is suggested that this principle underpins the effectiveness of machine learning algorithms in describing high-dimensional data sets by considering a few common features. The manifold hypothesis is related to the effectiveness of nonlinear dimensionality reduction techniques in machine learning. Many techniques of dimensional reduction make the assumption that data lies along a low-dimensional submanifold, such as manifold sculpting, manifold alignment, and manifold regularization. The major implications of this hypothesis is that Machine learning models only have to fit relatively simple, low-dimensional, highly structured subspaces within their potential input space (latent manifolds). Within one of these manifolds, it's always possible to interpolate between two inputs, that is to say, morph one into another via a continuous path along which all points fall on the manifold. The ability to interpolate between samples is the key to generalization in deep learning. == The information geometry of statistical manifolds == An empirically-motivated approach to the manifold hypothesis focuses on its correspondence with an effective theory for manifold learning under the assumption that robust machine learning requires encoding the dataset of interest using methods for data compression. This perspective gradually emerged using the tools of information geometry thanks to the coordinated effort of scientists working on the efficient coding hypothesis, predictive coding and variational Bayesian methods. The argument for reasoning about the information geometry on the latent space of distributions rests upon the existence and uniqueness of the Fisher information metric. In this general setting, we are trying to find a stochastic embedding of a statistical manifold. From the perspective of dynamical systems, in the big data regime this manifold generally exhibits certain properties such as homeostasis: We can sample large amounts of data from the underlying generative process. Machine Learning experiments are reproducible, so the statistics of the generating process exhibit stationarity. In a sense made precise by theoretical neuroscientists working on the free energy principle, the statistical manifold in question possesses a Markov blanket.
Read more →
MY F.C.

MY F.C. is a freemium app designed to organise and administer football teams. It is developed by MY F.C. Limited, a private company headquartered in Auckland, New Zealand. The app allows users to build a team by adding players and from there they can create trainings and matches, keep up with relevant news in the curated newsfeed, record statistics both individually and team based, follow the games live in the match-centre. The app also features integrated lineup builder with custom team kits. == History == Founders Sam Jenkins, Mike Simpson and Sam Jasper started MY F.C. in 2015 to help them "run their football lives". The app was launched on Android and iOS on 14 February 2017. == Accolades == MY F.C. won the first place prize at Bank of New Zealand Start-up Alley 2017 competition that aims to discover New Zealand start-ups who are doing innovative work and ready to establish themselves as long-term, sustainable businesses. The prize package included $15,000 and a trip to San Francisco.
Read more →
Sanchar Saathi

Sanchar Saathi (lit. 'Communication Partner' or 'Communication Companion') is an Indian state-owned app and web portal, operated by the Department of Telecommunications, designed to assist Indian mobile users in tracking and blocking stolen or lost mobile devices. In late 2025, a government order requiring Sanchar Saathi to be pre-installed on all mobile devices sold nationwide, with explicit provisions on preventing users from deleting the app or disabling any of its broad functionalities, triggered widespread backlash. The order was subsequently withdrawn. == Background == The Telecommunications Act 2023 introduced an exceptionally broad definition of the term "telecommunications" and conferred wide-ranging powers on the government. Although the Department of Telecommunications (DoT) assured reporters that this definition would not be used to justify government overreach, a November 2024 amendment to the Telecom Cyber Security Rules expanded it further and introduced the concept of the Telecommunication Identifier User Entity (TIEU), enabling users to be personally identified through their phone numbers. Sanchar Saathi was launched amid a widespread rise in cybercrime and hacking, as part of the Indian government's effort to prevent stolen phones from being used for fraud and to promote a state-backed application. In an official statement, the DoT said, "India has big second-hand mobile device market. Cases have also been observed where stolen or blacklisted devices are being re-sold. It makes the purchaser abettor in crime and causes financial loss to them." == Launch == Sanchar Saathi was originally launched as a web portal in May 2023. It was later launched as a mobile app in January 2025. Describing itself as a "citizen-centric" safety tool, Sanchar Saathi allows users to check a device's IMEI, report and block lost or stolen phones, and flag suspected fraud communications. Under Sanchar Saathi's privacy policy, it can make and manage phone calls, view and send messages, read call logs, access photos and files, access the location and camera of the device in which the app is used, as well as read and write into the device's storage. According to official government data, by December 2025, the Sanchar Saathi app had helped recover more than 700,000 lost and stolen mobile devices across India. Users report around 2,000 fraud incidents through the app each day. == Pre-installation controversy == On 28 November 2025, the Bharatiya Janata Party government, led by prime minister Narendra Modi, privately ordered phone manufacturers, including Apple, Samsung, Xiaomi, Vivo, Oppo, among others, to pre-install the Sanchar Saathi app on new devices sold in the country, alongside mandating that old devices get issued a software update for the installation of the app. The order had a 90-day deadline and further included explicit provisions to ensure that the app is to be "readily visible and accessible to the end users at the time of first use or device setup" and that users should neither be able to delete the app nor disable or restrict any of its broad functionalities. The order caused widespread political backlash. K. C. Venugopal, a general secretary of the main opposition party, the Indian National Congress (or simply the Congress), called the order "beyond unconstitutional" and said, "A pre-loaded government app that cannot be uninstalled is a dystopian tool to monitor every Indian. It is a means to watch over every movement, interaction and decision of each citizen", adding, "Big Brother cannot watch us." Another Congress general secretary, Priyanka Gandhi, termed Sanchar Saathi a "snooping app", and attacked the government for "turning this country into a dictatorship". Uddhav Thackeray, former chief minister of Maharashtra, compared Sanchar Saathi to the Pegasus spyware. Sanjay Hegde, a senior advocate at the Supreme Court of India, said "Here in the garb of security, the intrusion is vast, unfettered, unguided and is totally disproportionate. The app ought to be struck down on that account". The Internet Freedom Foundation (IFF), an Indian digital rights advocacy organisation, said, "Forcing every smartphone to carry a permanent government app for a simple verification task is excessive and violates the Puttaswamy proportionality standard", referring to Puttaswamy v. Union of India, a 2017 landmark decision of the Supreme Court, which asserted that the right to privacy should be protected as a fundamental right. The IFF further said, "For this to work in practice, the app will almost certainly need system level or root level access, similar to carrier or OEM system apps, so that it cannot be disabled. That design choice erodes the protections that normally prevent one app from peering into the data of others, and turns Sanchar Saathi into a permanent, non-consensual point of access sitting inside the operating system of every Indian smartphone user." Moreover, the organisation said that while the app was being "framed as a benign IMEI checker", a server-side update could allow the app to engage in "client side scanning for 'banned' applications, flag VPN usage, correlate SIM activity, or trawl SMS logs in the name of fraud detection. Nothing in the order constrains these possibilities." In reaction to the controversy, Jyotiraditya Scindia, the union minister of communications, said, "There is no snooping or call monitoring", adding, "Obviously you can delete it. There is no problem. This is a matter of customer protection. It is not mandatory. If you don't want to register, and don't want to use the app, don't use it; don't register, and it will lay dormant." Scindia compared the app to other pre-installed mobile apps such as Google Maps, which he said could be deleted if users wished so. However, contrary to Scindia's statement, on many phone brands, such pre-installed apps cannot be deleted, although users can disable them. Furthermore, upon enquiry, Scindia did not clarify whether his remarks applied to the app after the order took effect, making no comment on the provision in the order that would prevent users from deleting the app. When Congress member Renuka Chowdhury submitted an adjournment motion notice in the Rajya Sabha seeking the suspension of all other matters to discuss the Sanchar Saathi issue, Kiren Rijiju, the union minister of parliamentary affairs, accused the opposition of "manufacturing issues" to stall session proceedings. By 2 December, it had been reported that Apple did not plan to comply with the order, citing privacy and security concerns for the iOS ecosystem and the fact that the order would violate its internal policy against the pre-installation of third-party software in iPhones. Although it was clarified that Apple did not intend to take the matter to court or publicly oppose the government, it was said that Apple "can't do this. Period." The order would have also required Google to create a custom version of Android solely for India which would include the Sanchar Saathi app, a requirement described to "not be acceptable to the company". Following the backlash, the order was revoked on 3 December 2025. In a press release, the government said, "Given Sanchar Saathi's increasing acceptance, Government has decided not to make the pre-installation mandatory for mobile manufacturers".
Read more →
Internet Security Awareness Training

Internet Security Awareness Training (ISAT) is the training given to members of an organization regarding the protection of various information assets of that organization. ISAT is a subset of general security awareness training (SAT). Even small and medium enterprises are generally recommended to provide such training, but organizations that need to comply with government regulations (e.g., the Gramm–Leach–Bliley Act, the Payment Card Industry Data Security Standard, Health Insurance Portability and Accountability Act, Sarbanes–Oxley Act) normally require formal ISAT for annually for all employees. Often such training is provided in the form of online courses. ISAT, also referred to as Security Education, Training, and Awareness (SETA), organizations train and create awareness of information security management within their environment. It is beneficial to organizations when employees are well trained and feel empowered to take important actions to protect themselves and organizational data. The SETA program target must be based on user roles within organizations and for positions that expose the organizations to increased risk levels, specialized courses must be required. == Coverage == There are general topics to cover for the training, but it is necessary for each organization to have a coverage strategy based on its needs, as this will ensure the training is practical and captures critical topics relevant to the organization. As the threat landscape changes very frequently, organizations should continuously review their training programs to ensure relevance with current trends. Topics covered in ISAT include: Appropriate methods for protecting sensitive information on personal computer systems, including password policy Various computer security concerns, including spam, malware, phishing, social engineering, etc. Consequences of failure to properly protect information, including potential job loss, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal law penalties. Being Internet Security Aware means you understand that there are people actively trying to steal data that is stored within your organization's computers. (This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts and other high-value IT assets.) That is why it is important to protect the assets of the organization and stop that from happening. The general scope should include topics such as password security, Email phishing, Social engineering, Mobile device security, Sensitive data security, and Business communications. In contrast, those requiring specialized knowledge are usually required to take technical and in-depth training courses. Suppose an organization determines that it is best to use one of the available training tools on the market, it must ensure it sets objectives that the training can meet, including confirming the training will provide employees with the knowledge to understand risks and the behaviors needed in managing them, actions to take to prevent or detect security incidents, using language easily understandable by the trainees, and ensuring the pricing is reasonable. Organizations are recommended to base ISAT training content on employee roles and their culture; the policy should guide that training for all employees and gave the following as examples of sources of reference materials: National Institute of Standards and Technology (NIST) Special Publication 800-50, Building an Information Technology Security Awareness and Training Program International Standards Organization (ISO) 27002:2013, Information technology—Security techniques—Code of practice for information security controls International Standards Organization (ISO) 27001:2013, Information technology — Security techniques — Information security management systems COBIT 5 Appendix F.2, Detailed Guidance: Services, Infrastructure and Applications Enabler, Security Awareness The training must focus on current threats specific to an organization and the impacts if that materializes as a result of user actions. Including practical examples and ways of dealing with scenarios help users know the appropriate measures to take. It is a good practice to periodically train customers of specific organizations on threats they face from people with malicious intentions. Coverage strategy for SAT should be driven by an organization's policy. It can help truly determine the level of depth of the training and where it should be conducted at a global level or business unit level, or a combination of both. A policy also empowers a responsible party within the organization to run the training. == Importance == Studies show that well-structured security awareness training can significantly reduce the likelihood of cyber incidents caused by human error. According to the Ponemon Institute, organizations that implement regular security training experience up to 70% fewer successful phishing attacks. Additionally, a 2023 Verizon Data Breach Investigations Report found that 74% of breaches involve the human element, highlighting the need for continuous education. Employees are key in whether organizations are breached or not; there must be a policy on creating awareness and training them on emerging threats and actions to take in safeguarding sensitive information and reporting any observed unusual activity within the corporate environment. Research has shown that SAT has helped reduce cyber-attacks within organizations, especially when it comes to phishing, as trainees learned to identify these attack modes and give them the self-assurance to take action appropriately. There is an increase in phishing attacks, and it has become increasingly important for people to understand how to these attacks work, and the actions required to prevent these and SAT has shown a significant impact on the number of successful phishing attacks against organizations. == Compliance Requirements == Various regulations and laws mandate SAT for organizations in specific industries, including the Gramm–Leach–Bliley Act (GLBA) for the financial services, the Federal Information Security Modernization Act of 2014 for federal agencies, and the European Union's General Data Protection Regulation (GDPR). === Federal Information Security Modernization Act === Employees and contractors in federal agencies are required to receive Security Awareness Training annually, and the program needs to address job-related information security risks linked that provide them with the knowledge to lessen security risks. === Health Insurance Portability and Accountability Act === The Health Insurance Portability and Accountability Act has the Security Rule, and Privacy Rule requiring the creation of a security awareness training program and ensuring employees are trained accordingly. === Payment Card Industry Data Security Standard === The Payment Card Industry Security Standards Council, the governing council for stakeholders in the payment industry, formed by American Express, Discover, JCB International, MasterCard, and Visa that developed the DSS as a requirement for the payment industry. Requirement 12.6 requires member organizations to institute a formal security awareness program. There is a published guide for organizations to adhere to when setting up the program. === US States Training Regulations === Some States mandate Security Awareness Training whiles other do not but simply recommend voluntary training. Among states that require the training for its employees include: Colorado (The Colorado Information Security Act, Colorado Revised Statutes 24-37.5-401 et seq.) Connecticut (13 FAM 301.1-1 Cyber Security Awareness Training (PS800)) Florida (Florida Statutes Chapter 282) Georgia (Executive Order GA E.O.182 mandated training within 90 days of issue) Illinois (Cook County) Indiana (IN H 1240) Louisiana (Louisiana Division of Administration, Office of Technology Services p. 52: LA H 633) Maryland (20-07 IT Security Policy) Montana (Mandatory cyber training for executive branch state employees) Nebraska Nevada (agency-by-agency state employee requirement - State Security Standard 123 – IT Security) New Hampshire New Jersey ( NJ A 1654) North Carolina Ohio (IT-15 - Security Awareness and Training) Pennsylvania Texas Utah Vermont Virginia West Virginia (WV Code Section 5A-6-4a) == Training Techniques == Below are some common training techniques, even though some can be blended depending on the operating environment: Interactive video training – This technique allows users to be trained using two-way interactive audio and video instruction. Web-based training – This method allows employees or users to take the training independently and usually has a testing component to determine if learning has taken place. If not, users can be allowed to retake the course and test to ensure there is a complete understanding
Read more →
Loebner Prize

The Loebner Prize was an annual competition in artificial intelligence that awarded prizes to the computer programs considered by the judges to be the most human-like. The format of the competition was that of a standard Turing test. In each round, a human judge simultaneously held textual conversations with a computer program and a human being via computer. Based upon the responses, the judge would attempt to determine which was which. The contest was launched in 1990 by Hugh Loebner in conjunction with the Cambridge Center for Behavioral Studies, Massachusetts, United States. In 2004 and 2005, it was held in Loebner's apartment in New York City. Within the field of artificial intelligence, the Loebner Prize is somewhat controversial; the most prominent critic, Marvin Minsky, called it a publicity stunt that does not help the field along. Beginning in 2014, it was organised by the AISB at Bletchley Park. It has also been associated with Flinders University, Dartmouth College, the Science Museum in London, University of Reading and Ulster University, Magee Campus, Derry, UK City of Culture. For the final 2019 competition, the format changed. There was no panel of judges. Instead, the chatbots were judged by the public and there were to be no human competitors. The prize has been reported as defunct as of 2020. == Prizes == Originally, $2,000 was awarded for the most human-seeming program in the competition. The prize was $3,000 in 2005 and $2,250 in 2006. In 2008, $3,000 was awarded. In addition, there were two one-time-only prizes that have never been awarded. $25,000 is offered for the first program that judges cannot distinguish from a real human and which can convince judges that the human is the computer program. $100,000 is the reward for the first program that judges cannot distinguish from a real human in a Turing test that includes deciphering and understanding text, visual, and auditory input. The competition was planned to end after the achievement of this prize. == Competition rules and restrictions == The rules varied over the years and early competitions featured restricted conversation Turing tests but since 1995 the discussion has been unrestricted. For the three entries in 2007, Robert Medeksza, Noah Duncan and Rollo Carpenter, some basic "screening questions" were used by the sponsor to evaluate the state of the technology. These included simple questions about the time, what round of the contest it is, etc.; general knowledge ("What is a hammer for?"); comparisons ("Which is faster, a train or a plane?"); and questions demonstrating memory for preceding parts of the same conversation. "All nouns, adjectives and verbs will come from a dictionary suitable for children or adolescents under the age of 12." Entries did not need to respond "intelligently" to the questions to be accepted. For the first time in 2008 the sponsor allowed introduction of a preliminary phase to the contest opening up the competition to previously disallowed web-based entries judged by a variety of invited interrogators. The available rules do not state how interrogators are selected or instructed. Interrogators (who judge the systems) have limited time: 5 minutes per entity in the 2003 competition, 20+ per pair in 2004–2007 competitions, 5 minutes to conduct simultaneous conversations with a human and the program in 2008–2009, increased to 25 minutes of simultaneous conversation since 2010. == Criticisms == The prize has long been scorned by experts in the field, for a variety of reasons. It is regarded by many as a publicity stunt. Marvin Minsky scathingly offered a "prize" to anyone who could stop the competition. Loebner responded by jokingly observing that Minsky's offering a prize to stop the competition effectively made him a co-sponsor. The rules of the competition have encouraged poorly qualified judges to make rapid judgements. Interactions between judges and competitors was originally very brief, for example effectively 2.5 mins of questioning, which permitted only a few questions. Questioning was initially restricted to a single topic of the contestant's choice, such as "whimsical conversation", a domain suiting standard chatbot tricks. Competition entrants do not aim at understanding or intelligence but resort to basic ELIZA style tricks, and successful entrants find deception and pretense is rewarded. == Contests == See article history for more details of some earlier contests. A very incomplete listing of a few of the contests: === 2003 === In 2003, the contest was organised by Professor Richard H. R. Harper and Dr. Lynne Hamill from the Digital World Research Centre at the University of Surrey. Although no bot passed the Turing test, the winner was Jabberwock, created by Juergen Pirner. Second was Elbot (Fred Roberts, Artificial Solutions). Third was Jabberwacky, (Rollo Carpenter). === 2006 === In 2006, the contest was organised by Tim Child (CEO of Televirtual) and Huma Shah. On August 30, the four finalists were announced: Rollo Carpenter Richard Churchill and Marie-Claire Jenkins Noah Duncan Robert Medeksza The contest was held on 17 September in the VR theatre, Torrington Place campus of University College London. The judges included the University of Reading's cybernetics professor, Kevin Warwick, a professor of artificial intelligence, John Barnden (specialist in metaphor research at the University of Birmingham), a barrister, Victoria Butler-Cole and a journalist, Graham Duncan-Rowe. The latter's experience of the event can be found in an article in Technology Review. The winner was 'Joan', based on Jabberwacky, both created by Rollo Carpenter. === 2007 === The 2007 competition was held on October 21 in New York City. The judges were: computer science professor Russ Abbott, philosophy professor Hartry Field, psychology assistant professor Clayton Curtis and English lecturer Scott Hutchins. No bot passed the Turing test, but the judges ranked the three contestants as follows: 1st: Robert Medeksza, creator of Ultra Hal 2nd: Noah Duncan, a private entry, creator of Cletus 3rd: Rollo Carpenter from Icogno, creator of Jabberwacky The winner received $2,250 and the annual medal. The runners-up received $250 each. === 2008 === The 2008 competition was organised by professor Kevin Warwick, coordinated by Huma Shah and held on October 12 at the University of Reading, UK. After testing by over one hundred judges during the preliminary phase, in June and July 2008, six finalists were selected from thirteen original entrant artificial conversational entities (ACEs). Five of those invited competed in the finals: Brother Jerome, Peter Cole and Benji Adams Elbot, Fred Roberts / Artificial Solutions Eugene Goostman, Vladimir Veselov, Eugene Demchenko and Sergey Ulasen Jabberwacky, Rollo Carpenter Ultra Hal, Robert Medeksza In the finals, each of the judges was given five minutes to conduct simultaneous, split-screen conversations with two hidden entities. Elbot of Artificial Solutions won the 2008 Loebner Prize bronze award, for most human-like artificial conversational entity, through fooling three of the twelve judges who interrogated it (in the human-parallel comparisons) into believing it was human. This is coming very close to the 30% traditionally required to consider that a program has actually passed the Turing test. Eugene Goostman and Ultra Hal both deceived one judge each that it was the human. Will Pavia, a journalist for The Times, has written about his experience; a Loebner finals' judge, he was deceived by Elbot and Eugene. Kevin Warwick and Huma Shah have reported on the parallel-paired Turing tests. === 2009 === The 2009 Loebner Prize Competition was held September 6, 2009, at the Brighton Centre, Brighton UK in conjunction with the Interspeech 2009 conference. The prize amount for 2009 was $3,000. Entrants were David Levy, Rollo Carpenter, and Mohan Embar, who finished in that order. The writer Brian Christian participated in the 2009 Loebner Prize Competition as a human confederate, and described his experiences at the competition in his book The Most Human Human. === 2010 === The 2010 Loebner Prize Competition was held on October 23 at California State University, Los Angeles. The 2010 competition was the 20th running of the contest. The winner was Bruce Wilcox with Suzette. === 2011 === The 2011 Loebner Prize Competition was held on October 19 at the University of Exeter, Devon, United Kingdom. The prize amount for 2011 was $4,000. The four finalists and their chatterbots were Bruce Wilcox (Rosette), Adeena Mignogna (Zoe), Mohan Embar (Chip Vivant) and Ron Lee (Tutor), who finished in that order. That year there was an addition of a panel of junior judges, namely Georgia-Mae Lindfield, William Dunne, Sam Keat and Kirill Jerdev. The results of the junior contest were markedly different from the main contest, with chatterbots Tutor and Zoe tying for first place and Chip Vivant and Rosette coming in third and fourt
Read more →
Simple interactive object extraction

Simple interactive object extraction (SIOX) is an algorithm for extracting foreground objects from color images and videos with very little user interaction. It has been implemented as "foreground selection" tool in the GIMP (since version 2.3.3), as part of the tracer tool in Inkscape (since 0.44pre3), and as function in ImageJ and Fiji (plug-in). Experimental implementations were also reported for Blender and Krita. Although the algorithm was originally designed for videos, virtually all implementations use SIOX primarily for still image segmentation. In fact, it is often said to be the current de facto standard for this task in the open-source world. Initially, a free hand selection tool is used to specify the region of interest. It must contain all foreground objects to extract and as few background as possible. The pixels outside the region of interest form the sure background while the inner region define a superset of the foreground, i.e. the unknown region. A so-called foreground brush is then used to mark representative foreground regions. The algorithm outputs a selection mask. The selection can be refined by either adding further foreground markings or by adding background markings using the background brush. Technically, the algorithm performs the following steps: Create a set of representative colors for sure foreground and sure background, the so-called color signatures. Assign all image points to foreground or background by a weighted nearest neighbor search in the color signatures. Apply some standard image processing operations like erode, dilate, and blur to remove artifacts. Find the connected foreground components that are either large enough or marked by the user. For video segmentation the sure background and sure foreground regions are learned from motion statistics. SIOX also features tools that allow sub-pixel accurate refinement of edges and high texture areas, the so-called "detail refinement brushes". As with all segmentation algorithms, there are always pictures where the algorithm does not yield perfect results. The most critical drawback of SIOX is the color dependence. Although many photos are well-separable by color, the algorithm cannot deal with camouflage. If the foreground and background share many identical shades of similar colors, the algorithm might give a result with parts missing or incorrectly classified foreground. SIOX performs about equally well on different benchmarks compared to graph-based segmentation methods, such as Grabcut. SIOX is, however, more noise robust and can therefore also be used for the segmentation of videos. Graph-based segmentation methods search for a minimum cut and therefore tend to not perform optimally with complex structures. The algorithm has initially been developed at the department of computer science at Freie Universitaet Berlin. The main developer, Gerald Friedland, is now faculty at the EECS department of the University of California at Berkeley and also a Principal Data Scientist at Lawrence Livermore National Lab. He continues to support the development through mentoring, e.g. in the Google Summer of Code.
Read more →
Confidential computing

Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology. The technology protects data in use by performing computations in a hardware-based trusted execution environment (TEE). Confidential data is released to the TEE only once it is assessed to be trustworthy. Different types of confidential computing define the level of data isolation used, whether virtual machine, application, or function, and the technology can be deployed in on-premise data centers, edge locations, or the public cloud. It is often compared with other privacy-enhancing computational techniques such as fully homomorphic encryption, secure multi-party computation, and Trusted Computing. Confidential computing is promoted by the Confidential Computing Consortium (CCC) industry group, whose membership includes major providers of the technology. == Properties == Trusted execution environments (TEEs) "prevent unauthorized access or modification of applications and data while they are in use, thereby increasing the security level of organizations that manage sensitive and regulated data". Trusted execution environments can be instantiated on a computer's processing components such as a central processing unit (CPU) or a graphics processing unit (GPU). In their various implementations, TEEs can provide different levels of isolation including virtual machine, individual application, or compute functions. Typically, data in use in a computer's compute components and memory exists in a decrypted state and can be vulnerable to examination or tampering by unauthorized software or administrators. According to the CCC, confidential computing protects data in use through a minimum of three properties: Data confidentiality: "Unauthorized entities cannot view data while it is in use within the TEE". Data integrity: "Unauthorized entities cannot add, remove, or alter data while it is in use within the TEE". Code integrity: "Unauthorized entities cannot add, remove, or alter code executing in the TEE". In addition to trusted execution environments, remote cryptographic attestation is an essential part of confidential computing. The attestation process assesses the trustworthiness of a system and helps ensure that confidential data is released to a TEE only after it presents verifiable evidence that it is genuine and operating with an acceptable security posture. It allows the verifying party to assess the trustworthiness of a confidential computing environment through an "authentic, accurate, and timely report about the software and data state" of that environment. "Hardware-based attestation schemes rely on a trusted hardware component and associated firmware to execute attestation routines in a secure environment". Without attestation, a compromised system could deceive others into trusting it, claim it is running certain software in a TEE, and potentially compromise the confidentiality or integrity of the data being processed or the integrity of the trusted code. == Technical approaches == Technical approaches to confidential computing may vary in which software, infrastructure and administrator elements are allowed to access confidential data. The "trust boundary," which circumscribes a trusted computing base (TCB), defines which elements have the potential to access confidential data, whether they are acting benignly or maliciously. Confidential computing implementations enforce the defined trust boundary at a specific level of data isolation. The three main types of confidential computing are: Virtual machine isolation Application isolation, also known as process isolation Function isolation, also known as library isolation Virtual machine isolation removes the elements controlled by the computer infrastructure or cloud provider, but allows potential data access by elements inside a virtual machine running on the infrastructure. Application or process isolation permits data access only by authorized software applications or processes. Function or library isolation is designed to permit data access only by authorized subroutines or modules within a larger application, blocking access by any other system element, including unauthorized code in the larger application. == Threat model == As confidential computing is concerned with the protection of data in use, only certain threat models can be addressed by this technique. Other types of attacks are better addressed by other privacy-enhancing technologies. === In scope === The following threat vectors are generally considered in scope for confidential computing: Software attacks: including attacks on the host’s software and firmware. This may include the operating system, hypervisor, BIOS, other software and workloads. Protocol attacks: including "attacks on protocols associated with attestation as well as workload and data transport". This includes vulnerabilities in the "provisioning or placement of the workload" or data that could cause a compromise. Cryptographic attacks: including "vulnerabilities found in ciphers and algorithms due to a number of factors, including mathematical breakthroughs, availability of computing power and new computing approaches such as quantum computing". The CCC notes several caveats in this threat vector, including relative difficulty of upgrading cryptographic algorithms in hardware and recommendations that software and firmware be kept up-to-date. A multi-faceted, defense-in-depth strategy is recommended as a best practice. Basic physical attacks: including cold boot attacks, bus and cache snooping and plugging attack devices into an existing port, such as a PCI Express slot or USB port. Basic upstream supply-chain attacks: including attacks that would compromise TEEs through changes such as added debugging ports. The degree and mechanism of protection against these threats varies with specific confidential computing implementations. === Out of scope === Threats generally defined as out of scope for confidential computing include: Sophisticated physical attacks: including physical attacks that "require long-term and/or invasive access to hardware" such as chip scraping techniques and electron microscope probes. Upstream hardware supply-chain attacks: including attacks on the CPU manufacturing process, CPU supply chain in key injection/generation during manufacture. Attacks on components of a host system that are not directly providing the capabilities of the trusted execution environment are also generally out-of-scope. Availability attacks: confidential computing is designed to protect the confidentiality and integrity of protected data and code. It does not address availability attacks such as Denial of Service or Distributed Denial of Service attacks. == Use cases == Confidential computing can be deployed in the public cloud, on-premise data centers, or distributed "edge" locations, including network nodes, branch offices, industrial systems and others. === Data privacy and security === Confidential computing protects the confidentiality and integrity of data and code from the infrastructure provider, unauthorized or malicious software and system administrators, and other cloud tenants, which may be a concern for organizations seeking control over sensitive or regulated data. The additional security capabilities offered by confidential computing can help accelerate the transition of more sensitive workloads to the cloud or edge locations. === Multi-party analytics === Confidential computing can enable multiple parties to engage in joint analysis using confidential or regulated data inside a TEE while preserving privacy and regulatory compliance. In this case, all parties benefit from the shared analysis, but no party's sensitive data or confidential code is exposed to the other parties or system host. Examples include multiple healthcare organizations contributing data to medical research, or multiple banks collaborating to identify financial fraud or money laundering. Oxford University researchers proposed the alternative paradigm called "Confidential Remote Computing" (CRC), which supports confidential operations in Trusted Execution Environments across endpoint computers considering multiple stakeholders as mutually distrustful data, algorithm and hardware providers. === Confidential generative AI === Confidential computing technologies can be applied to various stages of a generative AI deployments to help increase data or model privacy, security, and regulatory compliance. TEEs and remote attestation can protect the integrity of data during AI model training, keep
Read more →
Language-Theoretic Security

Language-theoretic security, or LangSec, is an approach to software security that focuses on input handling, complexity, and program design as strategies to improve the verifiability of computer programs. It was introduced in 2005 by Robert J. Hansen and Meredith L. Patterson at BlackHat and in 2011 by Len Sassaman and Patterson. It aims to create a formal description of which software is likely to have security vulnerabilities of particular classes, and why. It considers programs to have an inherent parser component, whether or not explicit, composed of that part of the program which operates on external input before that input is fully parsed. A central hypothesis of language-theoretic security is that vulnerabilities in software increase according to the computational power of the notional input-accepting automaton equivalent to this parser, using the definitions of automata theory. The lower bound on this computational power is the input language complexity of the program. The extent to which reducing this complexity is possible is a function of the specification of the communication protocol or file format the program takes as input. == Parsing as a security mechanism == The behaviour of a program is defined with reference to its expected input. Unexpected input being used by a program is a factor in numerous security bugs, including the so-called Android master key vulnerability (CVE-2013-4787), because accepting unexpected input renders the program's specification ambiguous. In that instance, the unexpected ambiguity came in the form of a ZIP file with duplicate filenames. If a program fully parses its input and only acts on input that unambiguously meets the specification, it follows that the program will avoid these types of vulnerabilities. This is an intentional inversion of the Postel principle. Accepting only unambiguous and valid input is a more formal requirement than input validation or sanitization, and narrows the number of possible but unanticipated program states that can be induced in an application via user input. Conversely, failure to do this is associated with security vulnerabilities. Input sanitization in particular is held to be an inadequate approach to avoiding malicious input because it inherently ignores context-sensitive properties of the input; it can therefore result in paradoxical effects, such as sanitization code activating otherwise inert cross-site scripting payloads in browsers. === Parser differentials === If the language of accepted program input is sufficiently simple, it is possible to verify that two implementations parse the same input language consistently. This is advantageous because it shows no parser differential exists between the two implementations. The requisite level of simplicity is theoretically that for which there is a solution to the equivalence problem. If the two parsers involved in CVE-2013-4787 were equivalent - that is, if they rendered the same output state given the same input state - the vulnerability could not have existed. One strategy for doing this is to publish machine-readable specifications of a format or protocol, and then use a parser generator to generate the parser code. An example of a parser generator built for this purpose is DaeDaLus. The combination of Lex with any of GNU Bison, ANTLR, or Yacc also accomplishes this. However, many parser generators allow the mixing of general purpose code with the parsing definitions, which weakens the guarantees provided by parsing. === Analysis of injection attacks === Injection attacks are generally the result of differences between the serializer (or "unparser") and the corresponding parser at a layer boundary in a system; therefore, they are a special case of parser differentials. In a SQL injection attack, for example, an attacker is able to cause the application with which they are interacting to serialize a SQL query that has different semantics than intended. In the simplest case where the payload ends a string and adds new code, the payload has crossed the code-data boundary in SQL. In language-theoretic security, this is treated as a bug in the serializer of the SQL query, which should instead be written in a way that constrains its possible outputs to those within the scope of the intended query. === Parser combinators === If a parser generator is not used, it is still possible to avoid implementation bugs by using parser combinator such as Nom to implement the parser code. This has the drawback of relying on a programmer correctly translating the specification into the language of the parser generator library, though this task is still less error-prone than hand-coding a parser. == Input format complexity == Complexity in computer programs is associated with security vulnerabilities. Within the domain of language-theoretic security, complexity is described with reference to the computational power of the abstract machine necessary to implement the program, or more particularly, to implement the parser for its input language. This complexity describes whether it is possible to show that there is no unintended or undesired functionality in the program which might be exploitable by an attacker. To be bounded in complexity, the program's input must be well-defined both in terms of form and of semantics. === Weird machines === A weird machine is a model of computation in a program that exists in parallel with, but is distinct from, the intended abstract model of computation in that program. Some classes of weird machine arise from the multi-layered nature of computer programs, or the context in which the programs run; others result from the unanticipated functionality a program has due to its complexity or to software bugs. The more complex the computation model of a program, the more likely it is to implement a weird machine. Depending on context, the weird machine may or may not be concretely useful for an attacker. Since the space of weird machines in the context of some program is the universe of all possible states that are not within the program's intended states, many exploited states including remote code execution and injection attacks belong to the domain of weird machines. A reduction in weird machines is therefore a likely correlate with reduced program vulnerability. === SafeDocs project === SafeDocs is a DARPA project undertaken in 2018 to take existing file formats, create safer subsets of them, and develop programming tools to work for the safer formats. The initial test case for this was PDF. The purpose of creating safer subsets in this case is to lower the minimum bound on parser complexity so that it becomes possible to create tools that will generate correct, normative parsers for them. == Relation to programming languages == The analytic framework of language-theoretic security assumes programs to be virtual machines that execute their input. A document that is read by an application is in this sense a form of machine code, in a generalization of the data as code idea, following the automata theory description of parsers. === Type-safe programming languages === Parsing input and serializing output are operations that consume one data type and emit another. A programming language can therefore check that data is correctly parsed and contains the expected structure by checking data types, and correct serializing (or unparsing) can be implemented as operations on the data types that are relevant to the program's output. This approach can be used to show that the recognizer and unparser patterns have been implemented. It is also possible to implement type checking across a distributed system to enforce parsing and unparsing of the expected structures and to verify that the assumptions made in designing the compositional properties of a distributed system have been followed. === Memory-safe programming languages === In the general case, spatial memory correctness is undecidable. If any proof of spatial memory correctness is to be made, it is therefore necessary to bound the complexity of the code. Interpreted languages such as Java and Python effectively accomplish this via runtime bounds checking, and frameworks for runtime bounds checking also exist for C. The effect of these strategies for spatial memory correctness are to create a halt state in place of a spatial memory correctness violation; therefore, it can be shown that the program will not violate spatial memory correctness, but in exchange, it cannot be shown in the general case that programs will not have runtime bounds checking exceptions. Some programming languages, such as Rust, accomplish this using borrow checking. The borrow checker acts to assure spatial memory correctness by compile-time reference counting. Code for which spatial memory correctness cannot be shown to not be violated therefore does not compile, inherently limiting the complexity of the spatial memory correctness of the program to what is decidable. Thi
Read more →
Auto-defrost

Auto-defrost, automatic defrost or self-defrosting is a technique which regularly defrosts the evaporator in a refrigerator or freezer. Appliances using this technique are often called frost free, frostless, or no-frost. == Mechanism == The defrost mechanism in a refrigerator heats the cooling element (evaporator coil) for a short period of time and melts the frost that has formed on it. The resulting water drains through a duct at the back of the unit. Defrosting is controlled by an electric or electronic timer. For every 6, 8, 10, 12 or 24 hours of compressor operation, it turns on a defrost heater for 15 minutes to half an hour. The defrost heater, having a typical power rating of 350W to 600W, is often mounted just below the evaporator in top and bottom-freezer models. It can also be located below and in the middle of the evaporator in side-by-side models. It may be protected from short circuits by means of fusible links. In older refrigerators, the timer runs continuously. In newer designs, the timer only runs while the compressor runs, so the longer the refrigerator door is closed, the less time the heater will run for and the more energy is saved. A defrost thermostat opens the heater circuit when the evaporator temperature rises above a preset temperature, 40°F (5°C) or more, thereby preventing excessive heating of the freezer compartment. The defrost timer is such that either the compressor or the defrost heater is on, but not both at the same time. Inside the freezer, air is circulated by means of one or more fans. In a typical design cold air from the freezer compartment is ducted to the fresh food compartment and circulated back into the freezer compartment. Air circulation helps sublimate any ice or frost that may form on frozen items in the freezer compartment. While defrosting, this fan is stopped to prevent heated-up air from reaching the food compartment. Instead of the normal cooling elements being embedded in the freezer liner, auto-defrost elements are behind or beneath the liner. This allows them to be heated for short periods of time to dispose of frost, without heating the contents of the freezer. Alternatively, some systems use the hot gas in the condenser to defrost the evaporator. This is done by means of a circuit that is cross-linked by a three-way valve. The hot gas quickly heats up the evaporator and defrosts it. This system is primarily used in commercial applications such as ice-cream displays. == Application == While this technique was originally applied to the refrigerator compartment, it was later used for freezer compartment as well. A combined refrigerator/freezer which applies self-defrosting to the refrigerator compartment only is usually called "partial frost free" or semi-automatic defrost (some brands call these "Auto Defrost" while Frigidaire referred to their semi-automatic models as "Cycla-Matic," Kelvinator often named these models as "Cyclic Defrost" ). These refrigerators usually have a pan underneath where water from the melted frost in the refrigerator section evaporates. Freezers with automatic defrosting and combined refrigerator/freezer units which also apply self defrosting to their freezer compartment are called "frost free". The latter usually feature an air connection between the two compartments with the air passage to the refrigerator compartment regulated by a damper. By this means, a controlled portion of the air coming from the freezer reaches the refrigerator. Some older models have no air circulation between their freezer and refrigerator sections. Instead, they use an independent cooling system (for example: an evaporator coil with a defrost heater and a circulating fan in the freezer and a cold-plate or open-coil evaporator in the refrigerator. "Frost-Free" refrigerator/freezer units usually use a heating element to defrost their evaporators, a pan to collect and evaporate water from the frost that melts from the cold plate and/or evaporator coil, a timer which turns off the compressor and turns on the defrost element usually from once to 4 times a day for periods usually ranging from 15 to 30 minutes, a defrost limiter thermostat that turns off the heating element before the temperature rises too much while the timer is still in its defrost phase. Some models also feature a drain heater to prevent ice from blocking the drain. Other early types of refrigerators also use hot gas defrost instead of electric heaters. These reverse the evaporator and condenser sides for the defrost cycle. Some newer refrigerator/freezer models have a computer that monitors how many times each door is opened and uses this data to control defrost scheduling thereby reducing power use. == Advantages == No need to manually defrost the frost buildup, therefore power consumption will not increase with time. Food packaging is easier to see. Most frozen food will not stick together. Smells are limited, especially in total frost-free appliances because the air always circulates. Better temperature management. == Disadvantages == The system can be more expensive to run when usage is high and if the fan continues or starts to run when the door is opened. A thermal cutout safety device is required to prevent overheating of the heating element. Increased electrical and mechanical complexity compared to a basic upright freezer or chest freezer, making it more prone to component failure. The temperature of the freezer contents rises during the defrosting cycles, especially if there is a light load in the freezer. This can cause "freezer burn" on articles placed in the freezer, from partially defrosting, then re-freezing On hot, humid days condensation will sometimes form around the refrigerator doors. Defrosting may not be completed by the time the defrost timer cycles back to normal operation (especially in hot, humid conditions with frequent door openings), leaving ice/frost on the evaporator coils. This condition can lead to "icing" which will interfere with the operation of the refrigerator. In laboratories, self-defrosting freezers must not be used to store certain delicate reagents such as enzymes, because the temperature cycling can degrade them. In addition, water can evaporate out of containers that do not have a very tight seal, altering the concentration of the reagents. Self-defrosting freezers should never be used to store flammable chemicals.
Read more →
VK Video

VK Video is an internet video hosting service launched by VK (formerly known as Mail.ru Group) in 2021. It is positioned as a Russian alternative to the international platform YouTube. == History == The "VK Video" service began operations on October 15, 2021, following the merger of video platforms belonging to the social networks "VKontakte" and "Odnoklassniki". The launch of "VK Video" was managed by a team of executives led by VKontakte CEO Marina Krasnova, who worked at the company until 2023. Its launch was intended as an alternative to the international platform YouTube, which Russian authorities sought to replace with "domestic analogs. Key differences of the Russian service became the presence of pirated materials. Videos from the American video hosting site were uploaded en masse to "VK Video," which even caused the service to be temporarily blocked by YouTube. From 2022, to attract users, VKontakte's management bet on working with famous bloggers, specifically purchasing the shows "What Happened Next?" (ChBD) and "Vnutri Lapenko". Among the bloggers recruited to promote the service was the popular video blogger Vlad A4. An additional advantage for creators was the availability of monetization, which had been unavailable on YouTube for users from the Russian Federation since 2022. In September 2023, a separate "VK Video" mobile app appeared. In total, by the end of 2023, the monthly audience of "VK Video" reached 67.9 million users (which is almost 30 million less than YouTube). In the summer of 2024, following the blocking of YouTube in Russia, the service's traffic grew sharply: in August, its audience increased by more than two times compared to July. In the same month, "VK Video" took second place in downloads among free apps in the App Store and third in Google Play. In December 2024, the service received its own domain: vkvideo.ru. For the first time, "VK Video" managed to surpass YouTube in monthly audience in Russia in July 2025: the Russian service attracted 76.4 million viewers, whereas YouTube's reach amounted to 74.9 million people. == Platform features == On "VK Video," a view is recorded from the first second, whereas on YouTube it is only from the thirtieth. At the same time, a significant portion of comments are left by bots. For videos from the platform's most popular bloggers, the engagement level (likes to views) does not reach 4%. The "Trends" section most often features videos from large channels where the ratio of likes to views does not exceed 2%. == Management == In April 2025, the post of General Director of "VK Video" was taken by Marianna Maksimovskaya. From June 2022 to July 2024, the development of the platform was led by Fyodor Yezhov, who was primarily responsible for its technical direction. == Awards == In 2023, VK Video was awarded the Runet Prize in the "Science, Technology and Innovation" category.
Read more →
Line Drawing System-1

LDS-1 (Line Drawing System-1) was a calligraphic (vector, rather than raster) display processor and display device created by Evans & Sutherland in 1969. This model was known as the first graphics device with a graphics processing unit. == Features == It was controlled by a variety of host computers. Straight lines were smoothly rendered in real-time animation. General principles of operation were similar to the systems used today: 4x4 transformation matrices, 1x4 vertices. Possible uses included flight simulation (in the product brochure there are screenshots of landing on a carrier), scientific imaging and GIS systems. == History == The first LDS-1 was shipped to the customer (BBN) in August 1969. Only a few of these systems were ever built. One was used by the Los Angeles Times as their first typesetting/layout computer. One went to NASA Ames Research Center for Human Factors Research. Another was bought by the Port Authority of New York to develop a tugboat pilot trainer for navigation in the harbor. The MIT Dynamic Modeling had one, and there was a program for viewing an ongoing game of Maze War.
Read more →