AI Code Janitor

AI Code Janitor — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

Object Data Management Group

The Object Data Management Group (ODMG) was conceived in the summer of 1991 at a breakfast with object database vendors that was organized by Rick Cattell of Sun Microsystems. In 1998, the ODMG changed its name from the Object Database Management Group to reflect the expansion of its efforts to include specifications for both object database and object–relational mapping products. The primary goal of the ODMG was to put forward a set of specifications that allowed a developer to write portable applications for object database and object–relational mapping products. In order to do that, the data schema, programming language bindings, and data manipulation and query languages needed to be portable. Between 1993 and 2001, the ODMG published five revisions to its specification. The last revision was ODMG version 3.0, after which the group disbanded. == Major components of the ODMG 3.0 specification == Object Model. This was based on the Object Management Group's Object Model. The OMG core model was designed to be a common denominator for object request brokers, object database systems, object programming languages, etc. The ODMG designed a profile by adding components to the OMG core object model. Object Specification Languages. The ODMG Object Definition Language (ODL) was used to define the object types that conform to the ODMG Object Model. The ODMG Object Interchange Format (OIF) was used to dump and load the current state to or from a file or set of files. Object Query Language (OQL). The ODMG OQL was a declarative (nonprocedural) language for query and updating. It used SQL as a basis, where possible, though OQL supports more powerful object-oriented capabilities. C++ Language Binding. This defined a C++ binding of the ODMG ODL and a C++ Object Manipulation Language (OML). The C++ ODL was expressed as a library that provides classes and functions to implement the concepts defined in the ODMG Object Model. The C++ OML syntax and semantics are those of standard C++ in the context of the standard class library. The C++ binding also provided a mechanism to invoke OQL. Smalltalk Language Binding. This defined the mapping between the ODMG ODL and Smalltalk, which was based on the OMG Smalltalk binding for the OMG Interface Definition Language (IDL). The Smalltalk binding also provided a mechanism to invoke OQL. Java Language Binding. This defined the binding between the ODMG ODL and the Java programming language as defined by the Java 2 Platform. The Java binding also provided a mechanism to invoke OQL. == Status == ODMG 3.0 was published in book form in 2000.[1] By 2001, most of the major object database and object-relational mapping vendors claimed conformance to the ODMG Java Language Binding. Compliance to the other components of the specification was mixed.[2] In 2001, the ODMG Java Language Binding was submitted to the Java Community Process as a basis for the Java Data Objects specification. The ODMG member companies then decided to concentrate their efforts on the Java Data Objects specification. As a result, the ODMG disbanded in 2001. In 2004, the Object Management Group (OMG) was granted the right to revise the ODMG 3.0 specification as an OMG specification by the copyright holder, Morgan Kaufmann Publishers. In February 2006, the OMG announced the formation of the Object Database Technology Working Group (ODBT WG) and plans to work on the 4th generation of an object database standard. == ODMG Compliant DBMS == Orient ODBMS: http://www.OrienTechnologies.com Objectivity/DB C++, Java and Smalltalk interfaces.
Read more →
Trazzler

Trazzler is a travel destination app that specializes in unique and local destinations. The initial concept was developed by Adam Rugel and Biz Stone in 2006 at Twitter's original offices under the name "71 miles". More than 10,000 writers and photographers have contributed and more than $350,000 in freelance contracts have been issued as a result of Trazzeler's weekly writing and photography contests. Investors in the company include SV Angel, AOL Founder Steve Case, and the Twitter founders, Evan Williams, Jack Dorsey, and Biz Stone. The company's partners are the City of Chicago, Hawaii Tourism Authority, Fairmont Hotels & Resorts, Salon.com, and Air New Zealand. Trazzler is designed for use on the iOS, Android, and Facebook.
Read more →
Vulnerability Discovery Model

A Vulnerability Discovery Model (VDM) uses discovery event data with software reliability models for predicting the same. A thorough presentation of VDM techniques is available in. Numerous model implementations are available in the MCMCBayes open source repository. Several VDM examples include: Alhazmi-Malaiya: Time based model (Alhazmi-Malaiya Logistic (AML) model) Alhazmi-Malaiya: Effort based model Rescorla: Quadratic Model and Exponential Model Anderson: Thermodynamic Model Kim: Weibull Model Linear Model Hump-Shaped Model Independent and Dependent Model Vulnerability Discovery Modeling using Bayesian model averaging Multivariate Vulnerability Discovery Models
Read more →
Database virtualization

Database virtualization is the decoupling of the database layer, which lies between the storage and application layers within the application stack. Virtualization of the database layer enables a shift away from the physical, toward the logical or virtual. Virtualization enables compute and storage resources to be pooled and allocated on demand. This enables both the sharing of single server resources for multi-tenancy, as well as the pooling of server resources into a single logical database or cluster. In both cases, database virtualization provides increased flexibility, more granular and efficient allocation of pooled resources, and more scalable computing. == Virtual data partitioning == The act of partitioning data stores as a database grows has been in use for several decades. There are two primary ways that data has been partitioned inside legacy data management systems: Shared-data databases: an architecture that assumes all database cluster nodes share a single partition. Inter-node communications are used to synchronize update activities performed by different nodes on the cluster. Shared-data data management systems are limited to single-digit node clusters. Shared-nothing databases: an architecture in which all data is segregated to internally managed partitions with clear, well-defined data location boundaries. Shared-nothing databases require manual partition management. In virtual partitioning, logical data is abstracted from physical data by autonomously creating and managing large numbers of data partitions (100s to 1000s). Because they are autonomously maintained, the resources required to manage the partitions are minimal. This kind of massive partitioning results in: Partitions that are small, efficiently managed, and load-balanced. Systems that do not require re-partitioning events to define additional partitions, even when the hardware is changed. “Shared-data” and “shared-nothing” architectures allow scalability through multiple data partitions and cross-partition querying and transaction processing without full partition scanning. == Horizontal data partitioning == Partitioning database sources from consumers is a fundamental concept. With greater numbers of database sources, inserting a horizontal data virtualization layer between the sources and consumers helps address this complexity. Rick van der Lans, the author of multiple books on SQL and relational databases, has defined data virtualization as "the process of offering data consumers a data access interface that hides the technical aspects of stored data, such as location, storage structure, API, access language, and storage technology." == Advantages == Added flexibility and agility for existing computing infrastructure. Enhanced database performance. Pooling and sharing computing resources, either splitting them (multi-tenancy) or combining them (clustering). Simplification of administration and management. Increased fault tolerance.
Read more →
Spectral shape analysis

Spectral shape analysis relies on the spectrum (eigenvalues and/or eigenfunctions) of the Laplace–Beltrami operator to compare and analyze geometric shapes. Since the spectrum of the Laplace–Beltrami operator is invariant under isometries, it is well suited for the analysis or retrieval of non-rigid shapes, i.e. bendable objects such as humans, animals, plants, etc. == Laplace == The Laplace–Beltrami operator is involved in many important differential equations, such as the heat equation and the wave equation. It can be defined on a Riemannian manifold as the divergence of the gradient of a real-valued function f: Δ f := div ⁡ grad ⁡ f . {\displaystyle \Delta f:=\operatorname {div} \operatorname {grad} f.} Its spectral components can be computed by solving the Helmholtz equation (or Laplacian eigenvalue problem): Δ φ i + λ i φ i = 0. {\displaystyle \Delta \varphi _{i}+\lambda _{i}\varphi _{i}=0.} The solutions are the eigenfunctions φ i {\displaystyle \varphi _{i}} (modes) and corresponding eigenvalues λ i {\displaystyle \lambda _{i}} , representing a diverging sequence of positive real numbers. The first eigenvalue is zero for closed domains or when using the Neumann boundary condition. For some shapes, the spectrum can be computed analytically (e.g. rectangle, flat torus, cylinder, disk or sphere). For the sphere, for example, the eigenfunctions are the spherical harmonics. The most important properties of the eigenvalues and eigenfunctions are that they are isometry invariants. In other words, if the shape is not stretched (e.g. a sheet of paper bent into the third dimension), the spectral values will not change. Bendable objects, like animals, plants and humans, can move into different body postures with only minimal stretching at the joints. The resulting shapes are called near-isometric and can be compared using spectral shape analysis. == Discretizations == Geometric shapes are often represented as 2D curved surfaces, 2D surface meshes (usually triangle meshes) or 3D solid objects (e.g. using voxels or tetrahedra meshes). The Helmholtz equation can be solved for all these cases. If a boundary exists, e.g. a square, or the volume of any 3D geometric shape, boundary conditions need to be specified. Several discretizations of the Laplace operator exist (see Discrete Laplace operator) for the different types of geometry representations. Many of these operators do not approximate well the underlying continuous operator. == Spectral shape descriptors == === ShapeDNA and its variants === The ShapeDNA is one of the first spectral shape descriptors. It is the normalized beginning sequence of the eigenvalues of the Laplace–Beltrami operator. Its main advantages are the simple representation (a vector of numbers) and comparison, scale invariance, and in spite of its simplicity a very good performance for shape retrieval of non-rigid shapes. Competitors of shapeDNA include singular values of Geodesic Distance Matrix (SD-GDM) and Reduced BiHarmonic Distance Matrix (R-BiHDM). However, the eigenvalues are global descriptors, therefore the shapeDNA and other global spectral descriptors cannot be used for local or partial shape analysis. === Global point signature (GPS) === The global point signature at a point x {\displaystyle x} is a vector of scaled eigenfunctions of the Laplace–Beltrami operator computed at x {\displaystyle x} (i.e. the spectral embedding of the shape). The GPS is a global feature in the sense that it cannot be used for partial shape matching. === Heat kernel signature (HKS) === The heat kernel signature makes use of the eigen-decomposition of the heat kernel: h t ( x , y ) = ∑ i = 0 ∞ exp ⁡ ( − λ i t ) φ i ( x ) φ i ( y ) . {\displaystyle h_{t}(x,y)=\sum _{i=0}^{\infty }\exp(-\lambda _{i}t)\varphi _{i}(x)\varphi _{i}(y).} For each point on the surface the diagonal of the heat kernel h t ( x , x ) {\displaystyle h_{t}(x,x)} is sampled at specific time values t j {\displaystyle t_{j}} and yields a local signature that can also be used for partial matching or symmetry detection. === Wave kernel signature (WKS) === The WKS follows a similar idea to the HKS, replacing the heat equation with the Schrödinger wave equation. === Improved wave kernel signature (IWKS) === The IWKS improves the WKS for non-rigid shape retrieval by introducing a new scaling function to the eigenvalues and aggregating a new curvature term. === Spectral graph wavelet signature (SGWS) === SGWS is a local descriptor that is not only isometric invariant, but also compact, easy to compute and combines the advantages of both band-pass and low-pass filters. An important facet of SGWS is the ability to combine the advantages of WKS and HKS into a single signature, while allowing a multiresolution representation of shapes. == Spectral Matching == The spectral decomposition of the graph Laplacian associated with complex shapes (see Discrete Laplace operator) provides eigenfunctions (modes) which are invariant to isometries. Each vertex on the shape could be uniquely represented with a combinations of the eigenmodal values at each point, sometimes called spectral coordinates: s ( x ) = ( φ 1 ( x ) , φ 2 ( x ) , … , φ N ( x ) ) for vertex x . {\displaystyle s(x)=(\varphi _{1}(x),\varphi _{2}(x),\ldots ,\varphi _{N}(x)){\text{ for vertex }}x.} Spectral matching consists of establishing the point correspondences by pairing vertices on different shapes that have the most similar spectral coordinates. Early work focused on sparse correspondences for stereoscopy. Computational efficiency now enables dense correspondences on full meshes, for instance between cortical surfaces. Spectral matching could also be used for complex non-rigid image registration, which is notably difficult when images have very large deformations. Such image registration methods based on spectral eigenmodal values indeed capture global shape characteristics, and contrast with conventional non-rigid image registration methods which are often based on local shape characteristics (e.g., image gradients).
Read more →
International Road Traffic and Accident Database

The International Road Traffic and Accident Database (IRTAD) is an initiative dedicated to compiling and analyzing global road crash data. It is managed by the International Transport Forum (ITF) under the auspices of its permanent working group, which specializes in road safety, commonly referred to as the IRTAD Group. The primary objective of IRTAD is to provide a robust empirical basis for international comparisons in the field of road safety and to offer data to support the formulation of effective road safety policies. == Data availability == A portion of the data gathered by IRTAD is accessible for free through the OECD statistics website, however the remaining data requires a subscription for access. == History == The IRTAD database was originally started in 1988 by Germany's Federal Institution for Roads (BASt) in response to demands for international comparative data. It was later taken over and expanded by the International Transport Forum and has grown to be an important resource for comparing road safety metrics between countries worldwide, although mostly in the developed world. Every year, the ITF publishes comparative and country-by-country road safety data gathered for the IRTAD database and analysed by the IRTAD Group in the ITF Road Safety Annual Report, informally known as "IRTAD Report". Over the years, the IRTAD acronym has come to stand not only for the database, but also for the Traffic Safety Data and Analysis Group (usually referred to as IRTAD Group). The IRTAD Group is the International Transport Forum's permanent working group on road safety. It consists of a group of international road safety experts drawn from national road administrations, road safety research institutes, International organizations, automobile associations, insurance companies, car manufacturers and other road safety stakeholders. The IRTAD Group is a major forum for international road safety collaboration and exchange of best practices. Its focus is on improving road safety data as a basis for targeting interventions that are effective in reducing the number of road deaths and serious traffic injuries. The work of IRTAD, among that of others, has spawned the creation of road safety observatories for different world regions: the Ibero-American Road Safety Observatory Archived 2020-06-28 at the Wayback Machine (OISEVI), the African Road Safety Observatory Archived 2020-06-10 at the Wayback Machine, and the South-East Asian Road Safety Observatory. The ITF supports OISEVI through the Spanish-language IRTAD-LAC database and is actively involved in the implementation of the African and South East-Asian observatories. The genesis of the road safety observatory movement dates back to 2008, when the ITF, via IRTAD, began to facilitate twinning between countries striving to improve their road safety record and countries with high road safety performance. The initial twinning was between Jamaica and the United Kingdom. This work was supported by the World Bank, the Inter-American Development Bank (IADB) and the FIA Foundation. The twinning between Argentina and Spain in 2011 led to the creation of OISEVI. To this day, the ITF supports OISEVI through the Spanish-language IRTAD-LAC database. In 2006, the ITF set up Safer City Streets, a global traffic safety network for cities that replicates the successful IRTAD approach for urban road safety.
Read more →
Sarpa (snakebite app)

Sarpa or SARPA (Snake Awareness, Rescue and Protection app) is a snakebite app, an application for mobile devices developed in India to provide rapid, life-saving help for victims of snakebite, which kill an estimated 58,000 people a year in India. The app provides information about snakes, gets fast aid for people bitten, and helps in the development of antivenoms. Similar systems developed in India include SnakeHub, Snake Lens, Snakepedia, Serpent and the Big Four Mapping Project. The apps provide rapid response to snakebite incidents, often in remote areas, using a network of volunteers managed by local wildlife departments; their use can save human lives by providing rapid medical care, and also snakes, by helping to avoid interaction between the species. In 2026, it was announced that the app had plans to offer real-time contact from doctors directly from the app to provide users with decision-making advice.
Read more →
Shape table

Shape tables are a feature of the Apple II ROMs which allows for manipulation of small images encoded as a series of vectors. An image (or shape) can be drawn in the high-resolution graphics mode—with scaling and rotation—via software routines in the ROM. Shape tables are supported via Applesoft BASIC and from machine code in the "Programmer's Aid" package that was bundled with the original Integer BASIC ROMs for that computer. Applesoft's high-resolution graphics routines were not optimized for speed, so shape tables were not typically used for performance-critical software such as games, which were typically written in assembly language and used pre-shifted bitmap shapes. Shape tables were used primarily for static shapes and sometimes for fancy text; Beagle Bros offered a number of fonts in Font Mechanic as Applesoft shape tables. == Technical details == The vectors of a two-dimensional graphic, each encoding a direction from the previous pixel along with a flag indicating whether the new pixel should be illuminated or not, were encoded up to three in a byte. These were stored in a table via the Monitor or the POKE command. From there, the graphic could be referenced by number (a table could contain up to 255 shapes), and built-in Applesoft routines permitted scaling, rotating, and drawing or erasing the shape. An XOR mode was also available to allow the shape to be visible on any color background; this had the advantage, also, of allowing the shape to be easily erased by redrawing it. Apple did not provide any utilities for creating shape tables; they had to be created by hand, usually by plotting on graph paper, then calculating the hexadecimal values and entering them into the computer. Beagle Bros created a shape table editing program, which eliminated the "number crunching", called Apple Mechanic, and a related program, Font Mechanic.
Read more →
Spreading activation

Spreading activation is a method for searching associative networks, biological and artificial neural networks, or semantic networks. The search process is initiated by labeling a set of source nodes (e.g. concepts in a semantic network) with weights or "activation" and then iteratively propagating or "spreading" that activation out to other nodes linked to the source nodes. Most often these "weights" are real values that decay as activation propagates through the network. When the weights are discrete this process is often referred to as marker passing. Activation may originate from alternate paths, identified by distinct markers, and terminate when two alternate paths reach the same node. However brain studies show that several different brain areas play an important role in semantic processing. Spreading activation in semantic networks as a model were invented in cognitive psychology to model the fan out effect. Spreading activation can also be applied in information retrieval, by means of a network of nodes representing documents and terms contained in those documents. == Cognitive psychology == As it relates to cognitive psychology, spreading activation is the theory of how the brain iterates through a network of associated ideas to retrieve specific information. The spreading activation theory presents the array of concepts within our memory as cognitive units, each consisting of a node and its associated elements or characteristics, all connected together by edges. A spreading activation network can be represented schematically, in a sort of web diagram with shorter lines between two nodes meaning the ideas are more closely related and will typically be associated more quickly to the original concept. In memory psychology, the spreading activation model holds that people organize their knowledge of the world based on their personal experiences, which in turn form the network of ideas that is the person's knowledge of the world. When a word (the target) is preceded by an associated word (the prime) in word recognition tasks, participants seem to perform better in the amount of time that it takes them to respond. For instance, subjects respond faster to the word "doctor" when it is preceded by "nurse" than when it is preceded by an unrelated word like "carrot". This semantic priming effect with words that are close in meaning within the cognitive network has been seen in a wide range of tasks given by experimenters, ranging from sentence verification to lexical decision and naming. As another example, if the original concept is "red" and the concept "vehicles" is primed, they are much more likely to say "fire engine" instead of something unrelated to vehicles, such as "cherries". If instead "fruits" was primed, they would likely name "cherries" and continue on from there. The activation of pathways in the network has everything to do with how closely linked two concepts are by meaning, as well as how a subject is primed. == Algorithm == A directed graph is populated by Nodes[ 1...N ] each having an associated activation value A [ i ] which is a real number in the range [0.0 ... 1.0]. A Link[ i, j ] connects source node[ i ] with target node[ j ]. Each edge has an associated weight W [ i, j ] usually a real number in the range [0.0 ... 1.0]. Parameters: Firing threshold F, a real number in the range [0.0 ... 1.0] Decay factor D, a real number in the range [0.0 ... 1.0] Steps: Initialize the graph setting all activation values A [ i ] to zero. Set one or more origin nodes to an initial activation value greater than the firing threshold F. A typical initial value is 1.0. For each unfired node [ i ] in the graph having an activation value A [ i ] greater than the node firing threshold F: For each Link [ i, j ] connecting the source node [ i ] with target node [ j ], adjust A [ j ] = A [ j ] + (A [ i ] W [ i, j ] D) where D is the decay factor. If a target node receives an adjustment to its activation value so that it would exceed 1.0, then set its new activation value to 1.0. Likewise maintain 0.0 as a lower bound on the target node's activation value should it receive an adjustment to below 0.0. Once a node has fired it may not fire again, although variations of the basic algorithm permit repeated firings and loops through the graph. Nodes receiving a new activation value that exceeds the firing threshold F are marked for firing on the next spreading activation cycle. If activation originates from more than one node, a variation of the algorithm permits marker passing to distinguish the paths by which activation is spread over the graph The procedure terminates when either there are no more nodes to fire or in the case of marker passing from multiple origins, when a node is reached from more than one path. Variations of the algorithm that permit repeated node firings and activation loops in the graph, terminate after a steady activation state, with respect to some delta, is reached, or when a maximum number of iterations is exceeded. == Examples ==
Read more →
Computer security compromised by hardware failure

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft. Computer security can be compromised by devices, such as keyboards, monitors or printers (thanks to electromagnetic or acoustic emanation for example) or by components of the computer, such as the memory, the network card or the processor (thanks to time or temperature analysis for example). == Devices == === Monitor === The monitor is the main device used to access data on a computer. It has been shown that monitors radiate or reflect data on their environment, potentially giving attackers access to information displayed on the monitor. ==== Electromagnetic emanations ==== Video display units radiate: narrowband harmonics of the digital clock signals; broadband harmonics of the various 'random' digital signals such as the video signal. Known as compromising emanations or TEMPEST radiation, a code word for a U.S. government programme aimed at attacking the problem, the electromagnetic broadcast of data has been a significant concern in sensitive computer applications. Eavesdroppers can reconstruct video screen content from radio frequency emanations. Each (radiated) harmonic of the video signal shows a remarkable resemblance to a broadcast TV signal. It is therefore possible to reconstruct the picture displayed on the video display unit from the radiated emission by means of a normal television receiver. If no preventive measures are taken, eavesdropping on a video display unit is possible at distances up to several hundreds of meters, using only a normal black-and-white TV receiver, a directional antenna and an antenna amplifier. It is even possible to pick up information from some types of video display units at a distance of over 1 kilometer. If more sophisticated receiving and decoding equipment is used, the maximum distance can be much greater. ==== Compromising reflections ==== What is displayed by the monitor is reflected on the environment. The time-varying diffuse reflections of the light emitted by a CRT monitor can be exploited to recover the original monitor image. This is an eavesdropping technique for spying at a distance on data that is displayed on an arbitrary computer screen, including the currently prevalent LCD monitors. The technique exploits reflections of the screen's optical emanations in various objects that one commonly finds close to the screen and uses those reflections to recover the original screen content. Such objects include eyeglasses, tea pots, spoons, plastic bottles, and even the eye of the user. This attack can be successfully mounted to spy on even small fonts using inexpensive, off-the-shelf equipment (less than 1500 dollars) from a distance of up to 10 meters. Relying on more expensive equipment allowed to conduct this attack from over 30 meters away, demonstrating that similar attacks are feasible from the other side of the street or from a close by building. Many objects that may be found at a usual workplace can be exploited to retrieve information on a computer's display by an outsider. Particularly good results were obtained from reflections in a user's eyeglasses or a tea pot located on the desk next to the screen. Reflections that stem from the eye of the user also provide good results. However, eyes are harder to spy on at a distance because they are fast-moving objects and require high exposure times. Using more expensive equipment with lower exposure times helps to remedy this problem. The reflections gathered from curved surfaces on close by objects indeed pose a substantial threat to the confidentiality of data displayed on the screen. Fully invalidating this threat without at the same time hiding the screen from the legitimate user seems difficult, without using curtains on the windows or similar forms of strong optical shielding. Most users, however, will not be aware of this risk and may not be willing to close the curtains on a nice day. The reflection of an object, a computer display, in a curved mirror creates a virtual image that is located behind the reflecting surface. For a flat mirror this virtual image has the same size and is located behind the mirror at the same distance as the original object. For curved mirrors, however, the situation is more complex. === Keyboard === ==== Electromagnetic emanations ==== Computer keyboards are often used to transmit confidential data such as passwords. Since they contain electronic components, keyboards emit electromagnetic waves. These emanations could reveal sensitive information such as keystrokes. Electromagnetic emanations have turned out to constitute a security threat to computer equipment. The figure below presents how a keystroke is retrieved and what material is necessary. The approach is to acquire the raw signal directly from the antenna and to process the entire captured electromagnetic spectrum. Thanks to this method, four different kinds of compromising electromagnetic emanations have been detected, generated by wired and wireless keyboards. These emissions lead to a full or a partial recovery of the keystrokes. The best practical attack fully recovered 95% of the keystrokes of a PS/2 keyboard at a distance up to 20 meters, even through walls. Because each keyboard has a specific fingerprint based on the clock frequency inconsistencies, it can determine the source keyboard of a compromising emanation, even if multiple keyboards from the same model are used at the same time. The four different kinds way of compromising electromagnetic emanations are described below. ===== The Falling Edge Transition Technique ===== When a key is pressed, released or held down, the keyboard sends a packet of information known as a scan code to the computer. The protocol used to transmit these scan codes is a bidirectional serial communication, based on four wires: Vcc (5 volts), ground, data and clock. Clock and data signals are identically generated. Hence, the compromising emanation detected is the combination of both signals. However, the edges of the data and the clock lines are not superposed. Thus, they can be easily separated to obtain independent signals. ===== The Generalized Transition Technique ===== The Falling Edge Transition attack is limited to a partial recovery of the keystrokes. This is a significant limitation. The GTT is a falling edge transition attack improved, which recover almost all keystrokes. Indeed, between two traces, there is exactly one data rising edge. If attackers are able to detect this transition, they can fully recover the keystrokes. ===== The Modulation Technique ===== Harmonics compromising electromagnetic emissions come from unintentional emanations such as radiations emitted by the clock, non-linear elements, crosstalk, ground pollution, etc. Determining theoretically the reasons of these compromising radiations is a very complex task. These harmonics correspond to a carrier of approximately 4 MHz which is very likely the internal clock of the micro-controller inside the keyboard. These harmonics are correlated with both clock and data signals, which describe modulated signals (in amplitude and frequency) and the full state of both clock and data signals. This means that the scan code can be completely recovered from these harmonics. ===== The Matrix Scan Technique ===== Keyboard manufacturers arrange the keys in a matrix. The keyboard controller, often an 8-bit processor, parses columns one-by-one and recovers the state of 8 keys at once. This matrix scan process can be described as 192 keys (some keys may not be used, for instance modern keyboards use 104/105 keys) arranged in 24 columns and 8 rows. These columns are continuously pulsed one-by-one for at least 3μs. Thus, these leads may act as an antenna and generate electromagnetic emanations. If an attacker is able to capture these emanations, he can easily recover the column of the pressed key. Even if this signal does not fully describe the pressed key, it still gives partial information on the transmitted scan code, i.e. the column number. Note that the matrix scan routine loops continuously. When no key is pressed, we still have a signal composed of multiple equidistant peaks. These emanations may be used to remotely detect the presence of powered computers. Concerning wireless keyboards, the wireless data burst transmission can be used as an electromagnetic trigger to detect exactly when a key is pressed, while the matrix s
Read more →
Sprayprinter

SprayPrinter is a device that attaches to aerosol paint cans whereby users can print images via Bluetooth from a smartphone onto a wall or almost any surface. == History == The technology behind SprayPrinter was developed by Mihkel Joala. He explained in a 2016 interview with New Atlas that his idea was inspired by the modern car engine and the Nintendo Wii console. "Engines nowadays use extremely fast valves to spray fuel to [the] combustion chamber," says Joala. "I realized I can use them to shoot paint with pinpoint accuracy." As of December 2021, the company appears to be no longer selling products. == Awards and Recognitions == In 2015, SprayPrinter received €8,000 from the Estonian prototyping contest Prototron for its initial prototype. In 2016, the SprayPrinter team won the grand prize of €30,000 from the televised pitching competition Ajujaht.
Read more →
VieON

VieON is an mobile application for television and video on demand provided by VieON Joint Stock Company (formerly Dzones), a subsidiary of DatVietVAC Media and Entertainment Group in Vietnam. The app was launched in 2020, featuring over 140 domestic and international television channels, original series, popular entertainment programs known nationwide, top-tier sports events and live streaming of major events. Additionally, VieON provides animated films, television series and television programs from various countries such as South Korea and China. == History == The application was planned for development in 2016, with the cooperation of strategic consulting partner BCG Digital Ventures from the United States. Prior to 2020, VieON was a rebranded version of VTVcab ON, a product managed by Vietnam Cable Television Corporation (VTVCab) and DatVietVAC. On June 15, 2020, after four years of research and testing, the new version of VieON was officially released by DatVietVAC Group, with Vie Channel Joint Stock Company as the business entity and service provider. This is considered the official launch date of the application. On July 21, 2023, VieON transitioned its business operations and service provision to VieON Joint Stock Company. In January 2024, VieON officially launched its global version, VieON Global, targeting Vietnamese users living abroad. == Background == According to Kantar Media Vietnam, up to 84% of Vietnamese people aged 15–54 use social media daily, and in a similar survey by Nielsen, 90% of respondents said they watch live TV weekly. Additionally, according to research organization Muvi, Southeast Asia's OTT market revenue could reach $650 million annually starting next year. Understanding this, DatVietVAC Group has planned to research and develop an OTT application, even though the Vietnamese market already has some major players such as FPT Play and the international giant Netflix. Additionally, DatVietVAC does not hide its ambition to make this application the number one entertainment channel for Vietnamese people.
Read more →
Qloo

Qloo (pronounced "clue") is a company that uses artificial intelligence (AI) to understand taste and cultural correlations. It provides companies with an application programming interface (API). It received funding from Leonardo DiCaprio, Elton John, Barry Sternlicht, Pierre Lagrange and others. Qloo establishes consumer preference correlations via machine learning across data spanning cultural domains including music, film, television, dining, nightlife, fashion, books, and travel. The recommender system uses AI to predict correlations for further applications. == History == Qloo was founded in 2012 by chief executive officer Alex Elias and chief operating officer Jay Alger. Qloo initially launched an app designed for consumers, allowing them to understand their own tastes and receive personalized recommendations. The company amassed several million users and built a large catalog of cultural entities and corresponding user sentiment. In 2012, Qloo raised $1.4 million in seed funding from investors including Cedric the Entertainer, and venture capital firm Kindler Capital. Qloo had a public beta release in November 2012 after its initial funding. In 2013, the company raised an additional $1.6 million from Cross Creek Pictures founding partner Tommy Thompson, and Samih Toukan and Hussam Khoury, founders of Maktoob, an Internet services company purchased by Yahoo! for $164 million in 2009. On November 14, 2013, a website and an iPhone app were announced. The company later released an Android app, and tablet versions, in mid-2014. In 2015, Twitter approached Qloo about powering personalized social feeds and targeted eCommerce ads on the platform based on what users were posting. Qloo developed an enterprise-grade API to support Twitter’s needs. Twitter ended up pivoting to enable brands to use the social platform for customer service and support, but Qloo was able to sell access to its cultural intelligence via API to many other enterprise clients, marking the official transition from a B2C company to a B2B company. In 2016, Qloo secured $4.5 million in venture capital investment. The $4.5 million was split between a number of investors, including Barry Sternlicht, Pierre Lagrange, and Leonardo DiCaprio. In July 2017, Qloo raised $6.5 million in funding rounds from AXA Strategic Ventures, and Elton John. Following the investment, the founders stated in an interview with Tech Crunch that they would use the investment to expand Qloo's database. They hoped the move would secure larger contracts with corporate clients. At the time, clients already included Fortune 500 companies such as Twitter, PepsiCo, and BMW. In 2019, the company announced that it had acquired cultural recommendation service TasteDive, with Alex Elias becoming chairman of TasteDive. In September 2019, Qloo was named among the Top 14 Artificial Intelligence APIs by ProgrammableWeb. In 2022, Qloo raised $15M in Series B funding from Eldridge and AXA Venture Partners, enabling the privacy-centric AI leader to expand its team of world-class data scientists, enrich its technology, and build on its sales channels in order to continue to offer premier insights into global consumer taste for Fortune 500 companies across the globe. Qloo was recognized as the "Best Decision Intelligence Company" at the 2023 AI Breakthrough Awards. Also in 2023, the company was awarded a Top Performer Award by SourceForge. As of 2024, Qloo is a three-time Inc. 5000 honoree: No. 360 (2022), No. 344 (2021), No. 187 (2020). Qloo raised $25 million Series C round on February 21, 2024. The round was led by AI Ventures with participation from AXA Venture Partners, Eldridge, and Moderne Ventures, allowing Qloo to address new commercial surface areas for Taste AI, including on-device learning and foundational models leveraging Qloo, as well as introduce self-service platform to make consumer and taste analytics available to small and mid-sized enterprises and individuals. Qloo also announced pursuing opportunistic M&A using its balance sheet along the lines of the TasteDive acquisition completed, which expanded Qloo's first-party data moat and corpus of cultural learning. This latest financing brought the total amount raised since the company's founding in 2012 to over $56 million. == Services and features == Qloo calls itself a cultural AI platform to provide real-time correlation data across domains of culture and entertainment including: film, music, television, dining, nightlife, fashion, books, and travel. Each category contains subcategories. Qloo’s knowledge of a user's taste in one category can be utilized to offer suggestions in other categories. Users then rate the suggestions, providing it with feedback for future suggestions. Qloo has partnerships with companies such as Expedia and iTunes. == Technology == Qloo’s Taste AI technology uses machine learning to decode and predict consumers’ interests, maintaining user anonymity. It is powered by 3.7 billion lifestyle entities (brands, music, film, TV, dining, nightlife, fashion, books, travel, and more) and trillions of anonymized consumer behavioral signals. Through AI, Qloo identifies patterns in these data signals, making predictions about how much interest a person or group has in a concept or thing. Central to Qloo’s technology are algorithms designed to detect and mitigate biases within datasets and models, allowing Qloo to assess the fairness of its AI systems with a focus on attributes such as age, gender, and race, enabling the company to fine-tune its AI models to align with their ethical standards. They also use visualization tools to probe the behavior of their AI models for conducting counterfactual analyses and for comparing the performances of the AI models across diverse demographic segments. Qloo’s Taste AI doesn’t collect or use any Personally Identifiable Information (PII). Instead, it derives recommendations for audience segments based on co-occurrences between lifestyle entities and anonymized behavioral signals. == Applications == Starbucks uses Qloo to create in-store music playlists tailored to specific neighborhoods. Hershey’s uses Qloo to customize the content of assorted candy bags. Michelin uses Qloo to serve recommendations in its Michelin Guide app. Netflix leverages Qloo’s technology to enhance merchandising by identifying actors who resonate with certain demographics. Qloo also works with PepsiCo, Samsung, The New York Mets, BuzzFeed, and Ticketmaster, Universal Music Group, and OOH advertising company JCDecaux.
Read more →
Unspent transaction output

In cryptocurrencies, an unspent transaction output (UTXO, often capitalized as UTxO) is a distinctive element in a subset of digital currency models. A UTXO represents a certain amount of cryptocurrency that has been authorized by a sender and is available to be spent by a recipient. The utilization of UTXOs in transaction processes is a key feature of many cryptocurrencies, but it primarily characterizes those implementing the UTXO model. UTXOs employ public key cryptography to ascertain and transfer ownership. More specifically, the recipient's public key is formatted into the UTXO, thereby limiting the capability to spend the UTXO to the account that can demonstrate ownership of the corresponding private key. A valid digital signature associated with the public key must be included for the UTXO to be spent. In the UTXO model, each unit of currency is treated as a discrete object. The history of a UTXO is documented only within the blocks where it is transferred. To ascertain the total balance of an account, one must scan each block to find the latest UTXOs linked to that account. While all nodes within a blockchain network must consent to the block history, the blocks relevant to an account's balance are unique to that account. UTXOs constitute a chain of ownership depicted as a series of digital signatures dating back to the coin's inception, regardless of whether the coin was minted via mining, staking, or another procedure determined by the cryptocurrency protocol. The UTXO model was invented for Bitcoin. Cardano uses an extended version of the UTXO model known as EUTXO. == Origins == The conceptual framework of the UTXO model can be traced back to Hal Finney's Reusable Proofs of Work proposal, which itself was based on Adam Back's 1997 Hashcash proposal. Bitcoin, released in 2009, was the first widespread implementation of the UTXO model in practice. == UTXO model vs. account Model == Cryptocurrencies that utilize the UTXO model function differently compared to those using the account model. In the UTXO model, individual units of cryptocurrency, termed as unspent transaction outputs (UTXOs), are transferred between users, analogous to the exchange of physical cash. This model impacts how transactions and ownership are recorded and verified within the blockchain network. The account model preserves a record of each account and its corresponding balance for every block added to the network. This setup enables quicker balance verification without the need to scan historical blocks, but it increases the raw size of each block (though data compression techniques can be utilized to alleviate this). However, both models necessitate the inspection of past blocks to fully authenticate the origin of coins. In the UTXO model, each object is immutable - units of coins cannot be 'edited' in the same way an account balance is modified when a transaction occurs. Rather, the balance is computed from the transaction history dating back to when the coins were first minted. This simplicity enhances security, as a UTXO either exists in its anticipated form or it does not. In contrast, the account model requires meticulous verification of the account's status during transactions, which can lead to oversights if not conducted correctly. In valid blockchain transactions, only unspent outputs (UTXOs) are permissible for funding subsequent transactions. This requirement is critical to prevent double-spending and fraud. Accordingly, inputs in a transaction are removed from the UTXO set, while outputs create new UTXOs that are added to the set. The holders of private keys, such as those with cryptocurrency wallets, can utilize these UTXOs for future transactions.
Read more →
SCADA Strangelove

SCADA Strangelove is an independent group of information security researchers founded in 2012, focused on security assessment of industrial control systems (ICS) and SCADA. == Activities == Main fields of research include: Discovery of 0-day vulnerabilities in cyber physical systems and coordinated vulnerability disclosure; Security assessment of ICS protocols and development suites; Identification of publicly Internet-connected ICS components and secure it with help of proper authorities; Development of security hardening guides for ICS software; Mapping cybersecurity on to functional safety; Awareness control and delivery of information regarding the actual security state of ICS systems. SCADA Strangelove's interests expand further than classic ICS components and covers various embedded systems, however, and encompass smart home components, solar panels, wind turbines, SmartGrid as well as other areas. == Projects == Group members have and continue to develop and publish numerous open source tools for scanning, fingerprinting, security evaluation and password bruteforcing for ICS devices. These devices work over industrial protocols such as modbus, Siemens S7, MMS, ISO EC 60870, ProfiNet. In 2014 Shodan used some of the published tools for building a map of ICS devices which is publicly available on the Internet. Open source security assessment frameworks, such as THC Hydra, Metasploit, and DigitalBond Redpoint have used Shodan-developed tools and techniques. The group has published security-hardening guidelines for industrial solutions based on Siemens SIMATIC WinCC and WinCC Flexible. The guidelines contain detailed security configuration walk-throughs, descriptions of internal security features and appropriate best practices. Among the group’s more noticeable projects is Choo Choo PWN (CCP) also named the Critical Infrastructure Attack (CIA). This is an interactive laboratory built upon ICS software and hardware used in real world. Every system is connected to a toy city infrastructure, which includes factories, railroads and other facilities. The laboratory has been demonstrated at various conferences including PHDays, Power of Community, and 30C3. Primarily the laboratory is used for the discovery of new vulnerabilities and for evaluation of security mechanisms, however it is also used for workshops and other educational activities. At Positive Hack Days IV, contestants found several 0-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric, and in specific ICS hardware RTU PET-7000 during the ICS vulnerability discovery challenge. The group supports Secure Open SmartGrid (SCADASOS) project to find and fix vulnerabilities in intellectual power grid components such as photovoltaic power station, wind turbine, power inverter. More than 80 000 industrial devices were discovered and isolated from the Internet in 2015. == Appearances == Group members are frequently seen presenting at conferences like CCC, SCADA Security Scientific Symposium, Positive Hack Days. Most notable talks are: === 29C3 === An overview of vulnerabilities discovered in the widely distributed Siemens SIMATIC WinCC software and tools that are implemented for searching ICS on the Internet. === PHDays === This talk consisted of an overview of vulnerabilities discovered in various systems produced by ABB, Emerson, Honeywell and Siemens and was presented at PHDays III and PHDays IV. === Confidence 2014 === Implications of security research aimed at realization of various industrial network protocols Profinet, Modbus, DNP3, IEC 61850-8-1 (MMS), IEC (International Electrotechnical Commission) 61870-5-101/104, FTE (Fault Tolerant Ethernet), Siemens S7. === PacSec 2014 === Presentations of security research showing the impact of radio and 3G/4G networks on the security of mobile devices as well as on industrial equipment. === 31C3 === Analysis of security architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. === 32C3 === Cybersecurity assessment of railway signaling systems such as Automatic Train Control (ATC), Computer-based interlocking (CBI) and European Train Control System (ETCS). === China Internet Security Conference 2016 === In "Greater China Cyber Threat Landscape" keynote by Sergey Gordeychik an overview of vulnerabilities, attacks and cyber-security incidents in Greater China region was presented. === Recon 2017 === In talk "Hopeless: Relay Protection for Substation Automation" by Kirill Nesterov and Alexander Tlyapov security analysis results of key Digital Substation component - Relay Protection Terminals was presented. Vulnerabilities, including remote code execution in Siemens SIPROTEC, General Electric Line Distance Relay, NARI and ABB protective relays was presented. == Philosophy == All names, catchwords and graphical elements refer to Stanley Kubrick’s film, Dr. Strangelove. In their talks, group members often refer to Cold War events such as the Caribbean Crisis, and draw parallels between nuclear arms race and the current escalation of cyberwar. Group members follow the approach of “responsible disclosure” and “ready to wait for years, while vendor is patching the vulnerability”. Public exploits for discovered vulnerabilities are not published. This is on account of the longevity of ICS and by implication the long process of patching ICS. However, conflicts still happen, notably in 2012 when the talk at DEF CON was called off due to a dispute of persistent weaknesses in Siemens industrial software.
Read more →