AI Generator Detector

AI Generator Detector — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

Cloud Security Alliance

Cloud Security Alliance (CSA) is a not-for-profit organization with the mission to "promote the use of best practices for providing security assurance within cloud computing, artificial intelligence and to provide education on the uses of cloud computing to help secure all other forms of computing." The CSA has over 80,000 individual members worldwide. The CSA gained significant reputability in 2011 when the American Presidential Administration selected the CSA Summit as the venue for announcing the federal government’s cloud computing strategy. == History == The CSA was formed in December 2008 as a coalition by individuals who saw the need to provide objective enterprise user guidance on the adoption and use of cloud computing. Its initial work product, Security Guidance for Critical Areas of Focus in Cloud Computing, was put together in a Wiki-style by dozens of volunteers. In 2014, the Chairman of the Board of the CSA was Dave Cullinane, VP of Global Security and Privacy for Catalina Marketing, St. Petersburg, Florida, and former CISO for eBay. Cullinane has said, "If you have an application exposed to the Internet that will allow people to make money, it will be probed." == Profile == In 2009, the Cloud Security Alliance incorporated in Nevada as a Corporation and achieved US Federal 501(c)6 non-profit status. It is registered as a Foreign Non-Profit Corporation in Washington. == Policy maker support == The CSA works to support a number of global policy makers in their focus on cloud security initiatives including the National Institute of Standards and Technology (NIST), European Commission, Singapore Government, and other data protection authorities. In March 2012, the CSA was selected to partner with three of Europe’s largest research centers (CERN, EMBL and ESA) to launch Helix Nebula – The Science Cloud. == Size == The Cloud Security Alliance employs roughly sixty full-time and contract staff worldwide. It has several thousand active volunteers participating in research, working groups and chapters at any time. == Membership == According to CSA, they are a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing, and providing education on the uses of Cloud Computing to help secure all other forms of computing. === Individuals === Individuals who are interested in cloud computing and have experience to assist in making it more secure receive a complimentary individual membership based on a minimum level of participation. === Chapters === The Cloud Security Alliance has a network of chapters worldwide. Chapters are separate legal entities from the Cloud Security Alliance, but operate within guidelines set down by the Cloud Security Alliance In the United States, Chapters may elect to benefit from the non-profit tax shield that the Cloud Security Alliance has. Chapters are encouraged to hold local meetings and participate in areas of research. Chapter activities are coordinated by the Cloud Security Alliance worldwide. === International scope === There are separate legal entities in Europe and Asia Pacific, called Cloud Security Alliance (Europe), a Scottish company in the United Kingdom, and Cloud Security Alliance Asia Pacific Ltd, in Singapore. Each legal entity is responsible for overseeing all Cloud Security Alliance-related activities in their respective regions. These legal entities operate under an agreement with Cloud Security Alliance that give it oversight power and have separate Boards of Directors. Both are companies Limited By Guarantee. The Managing Directors of each are members of the Executive Team of Cloud Security Alliance. == Areas of research == The Cloud Security Alliance has 25+ active working groups. Key areas of research include cloud standards, certification, education and training, guidance and tools, global reach, and driving innovation. Security Guidance for Critical Areas of Focus in Cloud Computing. Foundational best practices for securing cloud computing. Top Threats to Cloud Computing. Helps organizations make educated risk management decisions regarding their cloud adoption strategies. GRC (Governance, Risk and Compliance) Stack. A toolkit for key stakeholders to instrument and assess clouds against industry established best practices, standards and critical compliance requirements. Cloud Controls Matrix (CCM). Security controls framework for cloud provider and cloud consumers. CloudTrust Protocol. The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers. Consensus Assessments Initiative Research. Tools and processes to perform consistent measurements of cloud providers. Software Defined Perimeter. A proposed security framework that can be deployed to protect application infrastructure from network-based attacks. It will incorporate standards from organizations such as OASIS and NIST and security concepts from organizations like the U.S. DoD into an integrated framework. == Working groups and initiatives == Mobile Working Group Big Data Working Group Security as a Service Working Group Trusted Cloud Initiative CloudAudit CloudCERT CloudSIRT Cloud Metrics Security, Trust and Assurance Registry (STAR) Cloud Data Governance Turbot (business) Blockchain/Distributed Ledger
Read more →
Hit-testing

In computer graphics programming, hit-testing (hit detection, picking, or pick correlation) is the process of determining whether a user-controlled cursor (such as a mouse cursor or touch-point on a touch-screen interface) intersects a given graphical object (such as a shape, line, or curve) drawn on the screen. Hit-testing may be performed on the movement or activation of a mouse or other pointing device. Hit-testing is used by GUI environments to respond to user actions, such as selecting a menu item or a target in a game based on its visual location. In web programming languages such as HTML, SVG, and CSS, this is associated with the concept of pointer-events (e.g. user-initiated cursor movement or object selection). Collision detection is a related concept for detecting intersections of two or more different graphical objects, rather than intersection of a cursor with one or more graphical objects. == Algorithm == There are many different algorithms that may be used to perform hit-testing, with different performance or accuracy outcomes. One common hit-test algorithm for axis aligned bounding boxes. A key idea is that the box being tested must be either entirely above, entirely below, entirely to the right or left of the current box. If this is not possible, they are colliding. Example logic is presented in the pseudo-code below: In Python:
Read more →
Attack path management

Attack path management is a cybersecurity technique that involves the continuous discovery, mapping, and risk assessment of identity-based attack paths. Attack path management is distinct from other computer security mitigation strategies in that it does not rely on finding individual attack paths through vulnerabilities, exploits, or offensive testing. Rather, attack path management techniques analyze all attack paths present in an environment based on active identity management policies, authentication configurations, and active authenticated "sessions" between objects. == Overview == Attack path management relies on concepts such as mapping and removing attack paths, identifying attack path choke points, and remediation of attack paths. Identity-based attacks are present in most publicly disclosed breaches, whether through social engineering to gain initial access to Active Directories or lateral movement for privilege escalation. Attackers require privileges to attack an environment’s most sensitive segments. Attack path management often involves removing out-of-date privileges and privilege assignments given to overly large groups. In attack path management, attack graphs are used to represent how a network of machines’ security is vulnerable to attack. The nodes in an attack graph represent principals and other objects such as machines, accounts, and security groups. The edges in an attack graph represent the links and relationships between nodes. Some nodes are easy to penetrate due to short paths from regular users to domain admins, resulting in focal points of concentrated network traffic, which are known as attack path choke points. Attack graphs are often analyzed using algorithms and visualization. Attack path management also identifies tier 0 assets, which are considered the most vulnerable because they have direct or indirect control of an Active Directory or Microsoft Entra ID environment.
Read more →
Sprite multiplexing

Sprite multiplexing is a computer graphics technique where additional sprites (moving images) can be drawn on the screen, beyond the nominal maximum. It is largely historical, applicable principally to older hardware, where limited resources (such as CPU speed and memory) meant only a relatively small number of sprites were supported. On the other hand, it is also true that without multiplexing, the sprite circuitry would be idle much of the time, and limited resources were wasted. == Description == The sprite multiplexing technique is based on the idea that while the hardware may only support a finite number of sprites, it is sometimes possible to re-use the same sprite "slots" more than once per frame or scan line. The program will first use the hardware to draw one or more sprite(s), as normal. Before the next frame (or next scanline) needs to be drawn, the software reprograms the hardware to display additional sprites, in other positions. For example, the Nintendo Entertainment System explicitly supports hardware sprite multiplexing, where it has 64 hardware sprites, but is only capable of rendering 8 of them per scanline. On the older Atari 2600, sprite multiplexing was not intentionally designed in, but programmers discovered they could reset the TIA graphics chip to draw additional sprites on the same scanline. The sprite multiplexing technique relies on the program being able to identify what part of the video screen is being drawn at the moment, or being triggered by the video hardware to run a subroutine at the crucial moment. The programmer must carefully consider the layout of the screen. If the video graphics hardware is not reprogrammed in time for the extra sprites to be displayed, they will not appear, or will be drawn incorrectly. Modern video graphics hardware typically does not use hardware sprites, since modern computer systems do not have the kind of limitations that sprite hardware is designed to circumvent. == Implementations == Systems that allow the programmer to employ the sprite multiplexing technique include: Atari 2600 Atari 8-bit computers Amiga Commodore 64 MSX Nintendo Entertainment System Super Nintendo Entertainment System Master System Sega Genesis/Mega Drive
Read more →
EyeOS

eyeOS was a web desktop for cloud computing, whose main purpose is to enable collaboration and communication among users. It is mainly written in PHP, XML, and JavaScript. It is a private-cloud application platform with a web-based desktop interface. eyeOS delivers a whole desktop from the cloud with file management, personal management information tools, and collaborative tools, with the integration of the client's applications. == History == The first publicly available eyeOS version was released on August 1, 2005, as eyeOS 0.6.0 in Olesa de Montserrat, Barcelona (Spain). A worldwide community of developers soon took part in the project and helped improve it by translating, testing, and developing it. After two years of development, the eyeOS Team published eyeOS 1.0 on June 4, 2007. Compared with previous versions, eyeOS 1.0 introduced a complete reorganization of the code and some new web technologies, like eyeSoft, a portage-based web software installation system. Moreover, eyeOS also included the eyeOS Toolkit, a set of libraries allowing easy and fast development of new web applications. With the release of eyeOS 1.1 on July 2, 2007, eyeOS changed its license and migrated from GNU GPL Version 2 to Version 3. Version 1.2 was released just a month after the 1.1 version and integrated full compatibility with Microsoft Word files. eyeOS 1.5 Gala was released on January 15, 2008. This version was the first to support both Microsoft Office and OpenOffice.org file formats for documents, presentations, and spreadsheets. With this version, eyeOS also gained the ability to import and export documents in both formats using server-side scripting. eyeOS 1.6 was released on April 25, 2008, and included many improvements such as synchronization with local computers, drag and drop, a mobile version, and more. eyeOS 1.8 Lars was released on January 7, 2009, and featured a completely rewritten file manager and a new sound API to develop media-rich applications. Later, on April 1, 2009, 1.8.5 was released with a new default theme and some rewritten apps, such as the Word Processor and the Address Book. On July 13, 2009, 1.8.6 was released with an interface for the iPhone and a new version of eyeMail with support for POP3 and IMAP. eyeOS 1.9 was released on December 29, 2009. It was followed up with the 1.9.0.1 release with minor fixes on February 18, 2010. These releases were the last of the "classic desktop" interfaces. A major re-work was completed in March 2010, now called eyeOS 2.x. However, a small group of eyeOS developers still maintain the code within the eyeOS forum, where support is provided, but the eyeOS group itself has stopped active 1.x development. It is now available as the On-eye project on GitHub. Active development was halted on 1.x as of February 3, 2010. eyeOS 2.0 release took place on March 3, 2010. This was a total restructure of the operating system. The 2.x stable is the new series of eyeOS, which is in active development and will replace 1.x as stable in a few months. It includes live collaboration and more social capabilities than eyeOS 1.x. eyeOS then released 2.2.0.0 on July 28, 2010. On December 14, 2010, a working group inside the eyeOS open-source development community began the structure development and further upgrade of eyeOS 1.9.x. The group's main goal is to continue the work eyeOS has stopped on 1.9.x. eyeOS released 2.5 on May 17, 2011. This was the last release under an open source license. It is available on SourceForge for download under another project called eyeOS 2.5 Open Source Version. On April 1, 2014, Telefónica announced their acquisition of eyeOS. eyeOS would maintain its headquarters in the Catalonia, Spain, where their staff would continue to work but now as part of Telefónica. After its integration into Telefónica, eyeOS would continue to function as an independent subsidiary under CEO Michel Kisfaludi. == Structure and API == For developers, EyeOS provides the eyeOS Toolkit, a set of libraries and functions to develop applications for eyeOS. Using the integrated Portage-based eyeSoft system, one can create their own repository for eyeOS and distribute applications through it. Each core part of the desktop is its own application, using JavaScript to send server commands as the user interacts. As actions are performed using AJAX (such as launching an application), it sends event information to the server. The server then sends back tasks for the client to do in XML format, such as drawing a widget. On the server, eyeOS uses XML files to store information. This makes it simple for a user to set up on the server, as it requires zero configuration other than the account information for the first user, making it simple to deploy. To avoid bottlenecks that flat files present, each user's information and settings are stored in different files, preventing resource starvation from occurring, though this in turn may create issues in high volume user environments due to host operating system open file descriptor limits. == Professional edition == A Professional Edition of eyeOS was launched on September 15, 2011, as an operating system for businesses. It uses a new version number and was released under version 1.0 instead of continuing with the next version number in the open source project. The Professional Edition retains the web desktop interface used by the open source version while targeting enterprise users. A host of new features designed for enterprises, like file sharing and synchronization (called eyeSync), Active Directory/LDAP connectivity, system-wide administration controls, and a local file execution tool called eyeRun were introduced. A new suite of Web Apps (a mail client, calendar, instant messaging, and collaboration tools) was also introduced, specific to the enterprise edition for the web desktop. With eyeOS Professional Edition 1.1, a to-do task manager tool, Citrix XenApp integration, and a Facebook like 'wall' for collaboration were introduced. == Awards == 2007 – Received the Softpedia's Pick award. 2007 – Finalist at SourceForge's 2007 Community Choice Awards at the "Best Project" category. The winner for that category was 7-Zip. 2007 – Won the Yahoo! Spain Web Revelation award in the Technology category. 2008 – Finalist for the Webware 100 awards by CNET, under the "Browsing" category. 2008 – Finalist at the SourceForge's 2008 Community Choice Awards at the "Most Likely to Change the World" category. The winner for that category was Linux. 2009 – Selected Project of the Month (August 2009) by SourceForge. 2009 – BMW Innovation Award. 2010 – Winner of Accelera (Ernst & Young). 2010 – Asturias & Girona Spanish Prince award “IMPULSA”. 2011 – Winner of MIT's TR35 award as Innovator of the Year in Spain. == Community == eyeOS community is formed with the eyeOS forums, which reached 10,000 members on April 4, 2008; the eyeOS wiki; and the eyeOS Application Communities, available at the eyeOS-Apps website, hosted and provided by openDesktop.org as well as Softpedia.
Read more →
Triller (app)

Triller is an American video-sharing social networking service that was first released for iOS and Android in 2015. The service allowed users to create and share short-form videos, including videos set to, or automatically synchronized to, music using artificial intelligence technology. It initially operated as a video editing app before adding social networking features. Triller gained prominence in 2020 as a competitor to the similar Chinese-owned app TikTok, mainly in the United States and India (after the service was banned in the latter country). The app's success would allow its parent company to expand into sports broadcasting and promotion; including the distribution of pay-per-view boxing events under the Triller Fight Club banner (such as Mike Tyson vs. Roy Jones Jr. and Jake Paul vs. Ben Askren) that incorporated live music performances and appearances by various celebrities and entertainment personalities. == History == === Launch and early years === Triller was launched in 2015 by co-founders David Leiberman and Sammy Rubin. The app was originally positioned as a video editor, using artificial intelligence to automatically edit distinct clips into music videos. They later launched Triller Famous, a page within the app that featured curated selections of user videos. In 2016, the app was purchased by Carnegie Technologies and converted into a social networking service by allowing users to follow each other and share their videos publicly. In 2019, Ryan Kavanaugh's Proxima Media made a majority investment. It is headquartered in Los Angeles, California, and is currently led by CEO Mahi de Silva. === Media exposure and controversies === On June 29, 2020, Government of India banned TikTok, among other apps stating that they were "prejudicial to [the] sovereignty and integrity" of India. Triller, which had planned to enter into the Indian market by the end of 2020, saw a spike from less than 1 million users to over 30 million users in the country overnight. In July 2020, Triller sued ByteDance, the Chinese parent company of TikTok, for infringing patents relating to video editing. In response, TikTok and ByteDance filed a lawsuit against Triller, alleging the litigation initiated by Triller has "cast a cloud" over TikTok's reputation and business dealings. That Summer, U.S. president Donald Trump signed an executive order which threatened to ban TikTok from operating within the United States, citing threats to national security, unless it was sold by ByteDance. The Trump administration stated that TikTok had until November 12, 2020, to assure the administration that the app did not pose any national security threats to the U.S. Following this order and news of possible purchases of TikTok's American operations by companies such as Oracle, Triller jumped from number 198 to number one in the App Store in the U.S., while TikTok dropped down to number three. The discussions surrounding TikTok's potential ban in the United States caused popular TikTok stars, including Charli D’Amelio and her family, to join Triller. Trump joined Triller himself and posted his first video on August 15, 2020. The video received over a million views within hours. On August 12, 2020, Triller partnered with B2B music company 7digital, which will provide Triller with access to its catalogue of 80 million tracks and automatically report usage data to Sony Music, Warner Music Group, Universal Music Group and Merlin Network. The number of Triller's app installations came under scrutiny when third-party analytics firm Apptopia estimated only 52 million lifetime installations of the app by August 2020, while Triller claimed 250 million. Triller threatened to sue Apptopia for publishing the report. By October 2020, Triller claimed to serve 100 million active monthly users, but this number was quickly disputed by six former employees interviewed by Business Insider. Within a few weeks of Triller's claim, employees shared screenshots of the company's internal analytics that showed less than 2.5 million active monthly users. On October 2, 2020, Triller signed licensing deals with the rights societies PRS for Music, GEMA, STIM and IMRO, and the publishers Concord, Downtown and Peermusic. On February 5, 2021, Universal Music Group (UMG) pulled its library from Triller, citing unpaid music royalties. They alleged that Triller "shamefully withheld payments owed to our artists" and refused to negotiate future music licensing. Triller responded with the assertion that "relevant artists" were already partnered with Triller, so a deal with UMG was unnecessary. The two companies reached an expanded licensing agreement in May 2021. On March 24, 2021, Triller signed a licensing agreement with the National Music Publishers' Association. == Features == The Triller app allows users to create music videos, skits, and lip-sync videos containing background music. The app's spotlight feature is its special auto-editing tool, which uses artificial intelligence to automatically stitch separate video clips together without the user having to do it themselves. The separate video clips are created to the same background music, but users are able to shoot multiple takes with different filters or edits each time. Once the auto-editing tool stitches the individual clips together, users can rearrange and replace clips as desired. Users can also customize videos by applying filters and text. When creating a video, users can choose to make a "music video" or a "social video". A "music video" allows users to add music and trim the audio to personal preference. Unlike the music video option, a "social video" does not require the user to add music in the background. The app's auto-editing tool is only used when making music videos, as it uses the background track to help arrange and synchronize the clips. Users can also link their accounts with Apple Music or Spotify to integrate their playlists. Incomplete videos that are yet to be shared appear in a user's "Projects" folder. Once finalized, a video can be shared with other users of the app or through social media platforms such as Facebook, Instagram, Twitter (X), WhatsApp, and YouTube. Any video on Triller can also be downloaded or shared through links, text messages, or direct messaging to other users within the app. The app is divided into three video feeds, consisting of videos from creators that the user follows, the "Social" feed (which showcases trending videos and those by verified users), and the "Music" feed (which exclusively features music videos). Triller accounts can be made either public or private. When the account is public, any user can view the videos on that account. When the account is private, only approved users can view the videos on that account. Users with private accounts can change the privacy settings of individual videos on their accounts from private to public, making the selected videos viewable to anyone on the app. In accordance with online child privacy laws in the United States, children under the age of 13 must receive parental consent in order to create an account on Triller. == User characteristics and behavior == In August 2020, Triller reported that it had been downloaded over 250 million times worldwide with average rating of 4.00. Mobile analytics firm Apptopia disputed the numbers and claimed they were inflated, suggesting that the app had only been downloaded 52 million times since it first launched in 2015. Apptopia pulled the report after Triller threatened to sue the company. The app has been downloaded 23.8 million times in the U.S., with users spending an average of more than 20 minutes per day. A large number of downloads come from India, where TikTok has been banned, as well as from various European and African countries. In October 2020, Triller CEO Mike Lu stated that the app has 100 million monthly active users (MAU). In February 2021, Billboard reported that Triller had "reported higher numbers of monthly active users to the public than it reports to [music] rights holders." CEO Lu argued that "there is no legal definition" of monthly and daily active users, and that "if someone is trying to compare TikTok's MAU/DAU to ours—which means they are saying we have the same definition of MAU/DAU—there is an inherent misunderstanding about Triller's business and business model. It’s like trying to compare a fish and a bicycle." In a public statement, Lu denied that the company had inflated its user metrics. Triller has attracted celebrity users like Chance the Rapper, King Von, LIl Tecca, Lil Mosey, Justin Bieber, Marshmello, The Weeknd, Alicia Keys, Cardi B, Eminem, Post Malone and Kevin Hart. The app is also used by TikTok stars such as Charli D’Amelio, Josh Richards, Noah Beck, Griffin Johnson, and Dixie D’Amelio. Triller has offered large sums of money, company equity, and advisory roles to encourage prominent TikTok users to move to Triller, such as The Sway Boys. Sway House member J
Read more →
MY F.C.

MY F.C. is a freemium app designed to organise and administer football teams. It is developed by MY F.C. Limited, a private company headquartered in Auckland, New Zealand. The app allows users to build a team by adding players and from there they can create trainings and matches, keep up with relevant news in the curated newsfeed, record statistics both individually and team based, follow the games live in the match-centre. The app also features integrated lineup builder with custom team kits. == History == Founders Sam Jenkins, Mike Simpson and Sam Jasper started MY F.C. in 2015 to help them "run their football lives". The app was launched on Android and iOS on 14 February 2017. == Accolades == MY F.C. won the first place prize at Bank of New Zealand Start-up Alley 2017 competition that aims to discover New Zealand start-ups who are doing innovative work and ready to establish themselves as long-term, sustainable businesses. The prize package included $15,000 and a trip to San Francisco.
Read more →
TeaOnHer

TeaOnHer is a male-oriented dating surveillance mobile app that allows men to anonymously rate and comment on women they are dating. It was set up in response to the existence of Tea, a female-oriented dating app that allowed women to rate and comment on men. In 2025, Cosmopolitian magazine described it as America's second most popular mobile app, with it being the second most popular app in the lifestyle section of Apple's App Store. The TeaOnHer app has fewer features than the rival Tea app, focusing instead on anonymous commenting. It is listed as having been developed by a company called Newville Media Corporation. TechCrunch reported in 2025 that TeaOnHer had leaked credentials of some of its users.
Read more →
Score bug

A score bug is a digital on-screen graphic which is displayed in a broadcast of a sporting event, displaying the current score and other statistics. It is similar in function to a scoreboard, and is usually placed at either the top or lower third of the television screen. == History == The concept of a persistent score bug was devised by Sky Sports head David Hill, who was dissatisfied over having to wait to see what the score was after tuning into a football match in-progress. The score bug was introduced when Sky launched its coverage of the then newly-formed English Premier League in August 1992. Hill's boss repeatedly demanded that the graphic be removed, describing it as the "stupidest thing [he] had ever seen". Hill defied the boss's demands and kept the graphic in place. ITV introduced a score bug at the start of the 1993–94 football season, and the BBC introduced a score bug towards the end of 1993. The concept was introduced to the United States by ABC Sports and ESPN during coverage of the 1994 FIFA World Cup. Their justification for the graphic was to provide a location for a rotating series of sponsor logos, in order to allow matches to air without commercial interruption. With the acquisition of rights to the National Football League (NFL) by BSkyB's American sibling Fox (a fellow venture of Rupert Murdoch), Hill became the first president of Fox Sports. Under Hill's leadership, Fox introduced a version of the score bug branded as the "Fox Box", which was part of its inaugural season of NFL coverage in 1994. Variety criticized it as an "annoying see-through clock and score graphic" and expressed concern for people "who actually watched the beginning of the game and would rather have their screen clear of graphics". Hill even received a death threat from an irate viewer, with a specific emphasis on him being a "foreigner", but the score bug soon became a ubiquitous feature for American football broadcasts, along with almost all American sports broadcasts in the years that followed. Dick Ebersol of NBC Sports initially opposed the idea of a score bug, as he thought that fans would dislike seeing more graphics on the screen and would change the channel from blowout games if the score was constantly being displayed. Since the 2010s, the on-air design and positioning of some score bugs have been influenced by the needs of Internet video (especially when viewing an event on devices with smaller screens), including bugs noticeably larger than prior iterations designed with television viewing in mind, or designs primarily kept towards the bottom-center of the screen (easing the ability for the bug to remain visible when highlights are cropped for square videos posted on social media). == Details == Score bugs used in team sports typically include the names of both teams, an abbreviation of the team's name, and/or the team's logo; for individual sports, they include the names of individual competitors. In sports where a game clock or playing periods are used, those are generally also displayed as part of the score bug. Some broadcasts also include teams' win-loss records. In 2024, ESPN experimented with adding a persistent win probability meter to its bug in Major League Baseball, which was based on input from its statisticians. === Variations === In addition to the above information, score bugs in some sports include additional information: In baseball, score bugs display the current inning, number of outs, the pitch clock if applicable, and a graphic displaying which bases are occupied; and usually include names of the current pitcher and batter, the pitcher's pitch count, and the number of balls and strikes accrued by the batter. In basketball, score bugs generally include the shot clock, the number of fouls accrued by each team, and whether a team is in the bonus. In cricket, score bugs often take the form of larger dashboards across the bottom of the screen, displaying the current team up and their number of runs, wickets, and overs, a display showing the runs scored and number of balls faced by the current batting partnership, and statistics for the opposing team's bowler (including the number of wickets scored and runs given up). In American football, score bugs usually include the play clock and the down and distance of the current play; they also incorporate graphics indicating when a penalty flag has been thrown. In ice hockey, score bugs display when a penalty or power play is in effect, and often include the number of shots on goal accrued by each team. In golf, Fox popularized the display of a persistent leaderboard graphic in the bottom-right of the screen, usually displaying the top 5. ==== Racing ==== Telecasts of automobile races often include a score bug with the current positions of participants, statistics such as distance behind the leader, and the remaining distance or number of laps. In the mid-2010s, NASCAR broadcasters such as Fox began to transition from horizontal tickers to vertical leaderboards (also referred to as "pylons", in reference to the physical scoring pylons at). The CW differentiated itself by using a horizontal display that divides the field into multiple columns along the bottom of the screen.
Read more →
Random (software)

Random was an iOS mobile app that used algorithms and human-curation to create an adaptive interface to the Internet. The app served a remix of relevance and serendipity that allowed people to find diverse topics and interesting content that they might not have encountered otherwise. Random did not require a login or sign-up - the use of the app was anonymous. The app was powered by an artificial intelligence that learned from direct and indirect user interactions inside the app. While learning and adapting to a person, Random created a unique anonymous choice profile that was then used for recommending topics and content. The app didn't recommend the same content twice. == User interface == Random's user interface was made of ever-changing topic blocks that contained keywords and images. By choosing any of the blocks, the user would see related web content. By closing the web content, the user could access new related topics. The user interface allowed people to get more information about a specific topic area or then just leap freely from topic to topic. The content recommended by Random could be any type of web content, varying from news articles to long-form stories and from photographs to videos. Every user of the Random was curating content for other users by using the app. == History == Random was launched in March 2014. The startup was backed by Skype co-founder Janus Friis. The Random app received a strong reception from the likes of The New York Times, TechCrunch, New Scientist, Vice, and other leading publications. The app went on to gain traction with an active and loyal user community of several hundreds of thousands. This was not enough to support the free app model the team strongly believed in, and the service was terminated in December 2015. == Reception == Various reviews in media have emphasized that Random enables people to break their filter bubble and find diverse content they might not find elsewhere. Alan Henry of Lifehacker wrote: "Random... breaks you out by intentionally guiding you to new topics and interesting articles at sites you may not otherwise read." Vice Motherboard's Claire Evans says that: "Random never turns into a filter bubble, because it perpetually injects the irrational into my experience… in a cocktail of relevancy and serendipity." The app has been said to have a unique, minimalistic user experience. Kit Eaton of The New York Times commented that Random "let's you browse the news in a different way to all the other news sites you've probably ever used." Mashable reviewed Random by concluding that the "app may be one of the most simple content-discovery apps on the market."
Read more →
Ray tracing (graphics)

In 3D computer graphics, ray tracing is a technique for modeling light transport for use in a wide variety of rendering algorithms for generating digital images. On a spectrum of computational cost and visual fidelity, ray tracing-based rendering techniques, such as ray casting, recursive ray tracing, distribution ray tracing, photon mapping and path tracing, are generally slower and higher fidelity than scanline rendering methods. Thus, ray tracing was first deployed in applications where taking a relatively long time to render could be tolerated, such as still CGI images, and film and television visual effects (VFX), but was less suited to real-time applications such as video games, where speed is critical in rendering each frame. Since 2018, however, hardware acceleration for real-time ray tracing has become standard on new commercial graphics cards, and graphics APIs have followed suit, allowing developers to use hybrid ray tracing and rasterization-based rendering in games and other real-time applications with a lesser hit to frame render times. Ray tracing is capable of simulating a variety of optical effects, such as reflection, refraction, soft shadows, scattering, depth of field, motion blur, caustics, ambient occlusion and dispersion phenomena (such as chromatic aberration). It can also be used to trace the path of sound waves in a similar fashion to light waves, making it a viable option for more immersive sound design in video games by rendering realistic reverberation and echoes. In fact, any physical wave or particle phenomenon with approximately linear motion can be simulated with ray tracing. Ray tracing–based rendering techniques that sample light over a domain typically generate multiple rays and often rely on denoising to reduce the resulting noise. == History == The idea of ray tracing comes from as early as the 16th century, when it was described by Albrecht Dürer, who is credited for its invention. Dürer described multiple techniques for projecting 3-D scenes onto an image plane. Some of these project chosen geometry onto the image plane, as is done with rasterization today. Others determine what geometry is visible along a given ray, as is done with ray tracing. Using a computer for ray tracing to generate shaded pictures was first accomplished by Arthur Appel in 1968. Appel used ray tracing for primary visibility (determining the closest surface to the camera at each image point) by tracing a ray through each point to be shaded into the scene to identify the visible surface. The closest surface intersected by the ray was the visible one. This non-recursive ray tracing-based rendering algorithm is today called "ray casting". His algorithm then traced secondary rays to the light source from each point being shaded to determine whether the point was in shadow or not. Later, in 1971, Goldstein and Nagel of MAGI (Mathematical Applications Group, Inc.) published "3-D Visual Simulation", wherein ray tracing was used to make shaded pictures of solids. At the ray-surface intersection point found, they computed the surface normal and, knowing the position of the light source, computed the brightness of the pixel on the screen. Their publication describes a short (30-second) film "made using the University of Maryland's display hardware outfitted with a 16mm camera. The film showed the helicopter and a simple ground-level gun emplacement. The helicopter was programmed to undergo a series of maneuvers including turns, take-offs, and landings, etc., until it eventually is shot down and crashed." A CDC 6600 computer was used. MAGI produced an animation video called MAGI/SynthaVision Sampler in 1974. Another early instance of ray casting came in 1976, when Scott Roth created a flip book animation in Bob Sproull's computer graphics course at Caltech. The scanned pages are shown as a video in the accompanying image. Roth's computer program noted an edge point at a pixel location if the ray intersected a bounded plane different from that of its neighbors. Of course, a ray could intersect multiple planes in space, but only the surface point closest to the camera was noted as visible. The platform was a DEC PDP-10, a Tektronix storage-tube display, and a printer which would create an image of the display on rolling thermal paper. Roth extended the framework, introduced the term ray casting in the context of computer graphics and solid modeling, and in 1982 published his work while at GM Research Labs. Turner Whitted was the first to show recursive ray tracing for mirror reflection and for refraction through translucent objects, with an angle determined by the solid's index of refraction, and to use ray tracing for anti-aliasing. Whitted also showed ray traced shadows. He produced a recursive ray traced film called The Compleat Angler in 1979 while an engineer at Bell Labs. Whitted's deeply recursive ray tracing algorithm reframed rendering from being primarily a matter of surface visibility determination to being a matter of light transport. His paper inspired a series of subsequent work by others that included distribution ray tracing and finally unbiased path tracing, which provides the rendering equation framework that has allowed computer-generated imagery to be faithful to reality. For decades, global illumination in major films using computer-generated imagery was approximated with additional lights. Ray tracing-based rendering eventually changed that by enabling physically based light transport. Early feature films rendered entirely using path tracing include Monster House (2006), Cloudy with a Chance of Meatballs (2009), and Monsters University (2013). == Algorithm overview == Optical ray tracing describes a method for producing visual images constructed in 3D computer graphics environments, with more photorealism than either ray casting or scanline rendering techniques. It works by tracing a path from an imaginary eye through each pixel in a virtual screen, and calculating the color of the object visible through it. Scenes in ray tracing are described mathematically by a programmer or by a visual artist (normally using intermediary tools). Scenes may also incorporate data from images and models captured by means such as digital photography. Typically, each ray must be tested for intersection with some subset of all the objects in the scene. Once the nearest object has been identified, the algorithm will estimate the incoming light at the point of intersection, examine the material properties of the object, and combine this information to calculate the final color of the pixel. Certain illumination algorithms and reflective or translucent materials may require more rays to be re-cast into the scene. It may at first seem counterintuitive or "backward" to send rays away from the camera, rather than into it (as actual light does in reality), but doing so is many orders of magnitude more efficient. Since the overwhelming majority of light rays from a given light source do not make it directly into the viewer's eye, a "forward" simulation could potentially waste a tremendous amount of computation on light paths that are never recorded. Therefore, the shortcut taken in ray tracing is to presuppose that a given ray intersects the view frame. After either a maximum number of reflections or a ray traveling a certain distance without intersection, the ray ceases to travel and the pixel's value is updated. === Calculate rays for rectangular viewport === On input we have (in calculation we use vector normalization and cross product): E ∈ R 3 {\displaystyle E\in \mathbb {R^{3}} } eye position T ∈ R 3 {\displaystyle T\in \mathbb {R^{3}} } target position θ ∈ [ 0 , π ] {\displaystyle \theta \in [0,\pi ]} field of view - for humans, we can assume ≈ π / 2 rad = 90 ∘ {\displaystyle \approx \pi /2{\text{ rad}}=90^{\circ }} m , k ∈ N {\displaystyle m,k\in \mathbb {N} } numbers of square pixels on viewport vertical and horizontal direction i , j ∈ N , 1 ≤ i ≤ k ∧ 1 ≤ j ≤ m {\displaystyle i,j\in \mathbb {N} ,1\leq i\leq k\land 1\leq j\leq m} numbers of actual pixel v → ∈ R 3 {\displaystyle {\vec {v}}\in \mathbb {R^{3}} } vertical vector which indicates where is up and down, usually v → = [ 0 , 1 , 0 ] {\displaystyle {\vec {v}}=[0,1,0]} - roll component which determine viewport rotation around point C (where the axis of rotation is the ET section) The idea is to find the position of each viewport pixel center P i j {\displaystyle P_{ij}} which allows us to find the line going from eye E {\displaystyle E} through that pixel and finally get the ray described by point E {\displaystyle E} and vector R → i j = P i j − E {\displaystyle {\vec {R}}_{ij}=P_{ij}-E} (or its normalization r → i j {\displaystyle {\vec {r}}_{ij}} ). First we need to find the coordinates of the bottom left viewport pixel P 1 m {\displaystyle P_{1m}} and find the next pixel by making a shift along directions parallel to viewport (vectors b → n {\displaystyle {\vec {b}}_{n
Read more →
Hekaton (database)

Hekaton (also known as SQL Server In-Memory OLTP) is an in-memory database for OLTP workloads built into Microsoft SQL Server. Hekaton was designed in collaboration with Microsoft Research and was released in SQL Server 2014. Traditional RDBMS systems were designed when memory resources were expensive, and were optimized for disk storage. Hekaton is instead optimized for a working set stored entirely in main memory, but is still accessible via T-SQL like normal tables. It is fundamentally different from the "DBCC PINTABLE" feature in earlier SQL Server versions. Hekaton was announced at the Professional Association for SQL Server (PASS) conference 2012.
Read more →
Chasys Photo

Chasys Photo (previously called Chasys Draw Artist, then Chasys Draw IES) is a suite of applications including a layer-based raster graphics editor with adjustment layers, linked layers, timeline and frame-based animation, icon editing, image stacking and comprehensive plug-in support (Chasys Draw IES Artist), a fast multi-threaded image file converter (Chasys Draw IES Converter) and a fast image viewer (Chasys Draw IES Viewer), with RAW image support in all components. It supports the native file formats of several competitors including Adobe Photoshop, Affinity Photo, Corel Photo-Paint, GIMP, Krita, Paint.NET and PaintShop Pro, and the whole suite is designed to make effective use of multi-core processors, touch-screens and pen-input devices. The software is developed by John Paul Chacha in Nairobi, Kenya. Chasys Draw IES is currently released as freeware, and is available for computers running Microsoft Windows operating systems. It is available in three distributions: the standard distro, a portable version and a Microsoft Store version. The suite is coded in a blend of C, C++ and assembly language. It runs on x86 processors and supports the MMX, SSE, SSE2, S-SSE3, and SSE4.1 instruction sets. == History == Chasys Draw is a project that was started in November 2001 by John Paul Chacha, mostly as a hobby than anything else. The original Chasys Draw was a rather simple bitmap editor done in Visual Basic, a lot like MS Paint save for its ability to do gradients. This application underwent many changes, eventually leading up to Chasys Draw 5. This was the first version to have its own native format, referred to simply as CD5. Major updates to the graphics code in May 2002 resulted in Chasys Draw DTFx (Direct Tool eFfects). The new graphics code being referred to here was actually a miniature bitmap abstraction engine that allowed for fast per-pixel operations and direct image buffer access (much as the DIB engine does for GDI). The engine was named JpDRAW. This version was also done in VB, but was much faster than all the previous versions. The new graphics code allowed for more tools to be implemented than was ever possible before. Later on in 2002, the developer decided to completely abandon VB as a programming platform and moved all the code to C/C++. The move to C/C++ allowed the development of a full-fledged graphics engine which was named JpDRAW2. Chasys was renamed to Chasys Draw Artist, and the CD5 image format was also updated to reflect the new features. By coincidence, the module that implemented the file format was the fifth module to be added, so the format was called Chasys Draw module 5, retaining the .cd5 file extension. First public release In April 2004, Chasys Draw Artist was released to the public via the internet for the first time (version 1.27). The release was done via betanews). In 2005, Chasys Draw underwent major user interface changes as well as internal changes. By December of that year, the project had reached version 1.63. This was the first version to introduce advanced features such as anti-aliasing. It was also the first version with full support for alpha channels. The CD5 image format was also upgraded to version 2, adding advanced compression, full alpha channels, encryption and metadata. Version 1.63 was the first version to win an IEEE (Kenya chapter) award in ICT. The "chazy-glass" interface, from which the all later versions' user interfaces borrowed, was introduced in version 1.80. Chasys Draw Artist adopted photo editing features in version 2.01. Comprehensive tutorials were added and many features were re-designed to make them easier to use. Multi-threading was introduced to accelerate some tasks, such as the improved auto-save engine. Utilities such as a converter and browser were added. Version 2.43 of Chasys Draw Artist was quietly released to the public in late 2007 without any announcements. It featured many fixes to the formal version 2.42, as well as many new features. The quiet release was due to a decision to re-build Chasys Draw Artist from scratch, while still continuing support for the old architecture. An experimental version 2.45 was released only to beta-testers for the purpose of testing new technologies that would be included in the new architecture and was officially withdrawn in May 2008. During the time when the versions 2.43~2.45 were being released, work was underway to create a new layer-based Chasys Draw, which was released as Chasys Draw IES (Image Editing Suite), with the initial version number 2.50. A new multi-layer tag-based image format was created to support layering and blending modes; this was named CD5 v3. The next version introduced animation and multi-resolution support as editing modes, and the next one brought in an unlimited undo engine, new plug-ins and several internal fixes. Further development led to the introduction of super-resolution and image stacking, support for video and video capture, Anti-aliasing, metadata save and restore, a "Pen and Path" tool, physical measurement specification, and a video sequence composer engine. The user interface was enhanced with adaptive scrolling and the auto-save engine was optimized. Some memory management was added for machines with low RAM. By version 2.60, Chasys Draw IES was capable of loading Photoshop's PSD files, as well as load and save JPEG 2000. This version also had shell integration with thumbnails and application-level support for multi-monitor display setups. Metadata was extended to support save, restore and scaling for text formatting and path data. There was also a new palette with exchangeable swatches, loadable from all kinds of palette files. A slicing tool for web and user interface design was also included. A C++ code module output for inline image generation was added, as was a constrained recolor brush. The concept of a "fully anti-aliased work-flow" was introduced in version 2.62, in which all drawing and selection tools were anti-aliased by default. Support for Photoshop plug-ins using Adobe's 8bf format was added in version 2.66, allowing users to utilize thousands of free plug-ins available online. Equivalents for the Pantone palettes (PMS 100 to 814-2x) were added, and the "Just-in-Time" memory compressor significantly reduced the editor's memory requirements. First freeware release Chasys Draw IES went freeware on 6 June 2009. With the coming of the freeware IES, two blending modes (Hue and Chroma) were added. Textures were improved to allow multiple layer-based textures. The TextArt G3 engine was enhanced with LINK metadata, and alpha shift was improved. IES 2.72 added the Luma Wand tool, fixed PNG and TIFF transparency issues, and fixed Smart-Paste transparency. IES 2.74 introduced alpha protection, and 2.75 followed with a new adjustments engine that faced out many effects implemented by the effects engine. The adjustments engine was designed to appeal to experienced image editors. IES 2.76 introduced a new transform engine and the Resizer for IES plug-in supporting multi-core and 18 scaling methods, including customizable windowed Sinc interpolation. IES 2.77 added Greyscale with Tint adjustment, separated the Lock and Click-Thru layer properties, extended the Cloning Brush with three options (this, below and composite) and also extended the Color Picker with multiple point sampling. IES 3.01 brought a new look and many breakthrough tools to the suite. It was geared toward touch and was fully compatible with Windows 7. The toolbox was reorganized, with some tools being grouped and new ones added. Some message boxes were replaced with a new popup system, and the working of the workspace was changed to use a back-blitter, which enabled the addition of new blending modes, Screen and Mask. The printing interface was modified and given accurate proofing. Alpha Function Adjustment was added and a new Anti-Quantization Engine included for all adjustments to remove the need for 16 bits per channel editing. An internal clipboard was created to cater for copying images that are too large for the Windows clipboard, and translucency full-page gradients added. Some new tutorials were added and keyboard shortcuts made configurable. IES 3.05 brought the power of custom full-page gradients to the suite, supporting .ggr, .grd and .gra gradients. New gradient styles were included, as was support for Adobe color tables (.act), palette previewing, point color editing and a highly improved TextArt engine. Digital lightroom IES 3.11 was introduced on 14 December 2009. It was done on a new development base and added a new application, raw-Input. This was a RAW image format processor based on dcraw. This application allowed the use of Chasys Draw IES in processing digital negatives, which are popular with professional photographers. Chasys Draw IES 3.24 was released with a re-designed user interface, powered by a higher performance graphics core and better memory management. A history palette w
Read more →
WebGPU Shading Language

WebGPU Shading Language (WGSL, internet media type: text/wgsl) is a high-level shading language and the normative shader language for the WebGPU API on the web. WGSL's syntax is influenced by Rust and is designed with strong static validation, explicit resource binding, and portability in mind for secure execution in browsers. In web contexts, WebGPU implementations accept WGSL source and perform compilation to platform-specific intermediate forms (for example, to SPIR‑V, DXIL, or MSL via the user agent), but such backends are not exposed to web content. == History and background == Graphics on the web historically used WebGL, with shaders written in GLSL ES. As applications demanded more modern GPU features and finer control over compute and graphics pipelines, the W3C's GPU for the Web Community Group and Working Group created WebGPU and its companion shading language, WGSL, to provide a secure, portable model suitable for the web platform. WGSL was developed to be human-readable, avoid undefined behavior common in legacy shading languages, and align closely with WebGPU's resource and validation model. == Design goals == WGSL's design emphasizes: Safety and determinism suitable for web security constraints (extensive static validation and well-defined semantics). Portability across diverse GPU backends via an abstract resource model shared with WebGPU. Readability and explicitness (no preprocessor, minimal implicit conversions, explicit address spaces and bindings). Alignment with modern GPU features (compute, storage buffers, textures, atomics) while retaining a familiar C/Rust-like syntax. == Language overview == === Types and values === Core scalar types include bool, i32, u32, and f32. Vectors (e.g., vec2, vec3, vec4) and matrices (up to 4×4) are available for floating-point element types. Optional f16 (half precision) may be enabled via a WebGPU feature; availability is implementation-dependent. Atomic types (atomic, atomic) support limited atomic operations in qualified address spaces. === Variables and address spaces === Variables are declared with let (immutable), var (mutable), or const (compile-time constant). Storage classes (address spaces) include function, private, workgroup, uniform, and storage with read or read_write access as applicable. WGSL defines explicit layout and alignment rules; attributes such as @align, @size, and @stride control data layout for buffer interoperability. === Functions and control flow === Functions use explicit parameter and return types. Control flow includes if, switch, for, while, and loop constructs, with break/continue. Recursion is disallowed; entry-point call graphs must be acyclic. === Entry points and attributes === Shaders define stage entry points with @vertex, @fragment, or @compute. Attributes annotate bindings and interfaces, including @group, @binding (resource binding), @location (user-defined I/O), @builtin (stage built-ins such as position or global_invocation_id), @interpolate, and @workgroup_size. === Resources === WGSL exposes buffers (uniform, storage), textures (sampled, storage, and multisampled variants), and samplers (filtering/non-filtering/comparison). The binding model is explicit via descriptor sets called groups and bindings, matching WebGPU's pipeline layout model. == Compilation and validation == Browsers compile WGSL to platform-appropriate representations and native driver formats; the specific compilation pipeline is not observable by web content. WGSL source undergoes strict parsing and static validation, and WebGPU enforces robust resource access rules to avoid out-of-bounds memory hazards, contributing to predictable behavior across implementations. == Shader stages == WGSL supports three pipeline stages: vertex, fragment, and compute. === Vertex shaders === Vertex shaders transform per-vertex inputs and produce values for rasterization, including a clip-space position written to the position builtin. ==== Example ==== === Fragment shaders === Fragment shaders run per-fragment and compute color (and optionally depth) outputs written to color attachments. ==== Example ==== If half-precision (vec4h, shorthand for vec4) is desired, the code must be prefaced with a enable f16; statement. === Compute shaders === Compute shaders run in workgroups and are used for general-purpose GPU computations. ==== Example ==== == Differences from GLSL and HLSL == Compared with legacy shading languages, WGSL: Omits a preprocessor and requires explicit types and conversions. Uses explicit address spaces and binding annotations aligned with WebGPU's model. Enforces strict validation to avoid undefined behavior common in other shading languages. Defines a portable, web-focused feature set; 16-bit types and other features are opt-in and may depend on device capabilities.
Read more →
SCADA Strangelove

SCADA Strangelove is an independent group of information security researchers founded in 2012, focused on security assessment of industrial control systems (ICS) and SCADA. == Activities == Main fields of research include: Discovery of 0-day vulnerabilities in cyber physical systems and coordinated vulnerability disclosure; Security assessment of ICS protocols and development suites; Identification of publicly Internet-connected ICS components and secure it with help of proper authorities; Development of security hardening guides for ICS software; Mapping cybersecurity on to functional safety; Awareness control and delivery of information regarding the actual security state of ICS systems. SCADA Strangelove's interests expand further than classic ICS components and covers various embedded systems, however, and encompass smart home components, solar panels, wind turbines, SmartGrid as well as other areas. == Projects == Group members have and continue to develop and publish numerous open source tools for scanning, fingerprinting, security evaluation and password bruteforcing for ICS devices. These devices work over industrial protocols such as modbus, Siemens S7, MMS, ISO EC 60870, ProfiNet. In 2014 Shodan used some of the published tools for building a map of ICS devices which is publicly available on the Internet. Open source security assessment frameworks, such as THC Hydra, Metasploit, and DigitalBond Redpoint have used Shodan-developed tools and techniques. The group has published security-hardening guidelines for industrial solutions based on Siemens SIMATIC WinCC and WinCC Flexible. The guidelines contain detailed security configuration walk-throughs, descriptions of internal security features and appropriate best practices. Among the group’s more noticeable projects is Choo Choo PWN (CCP) also named the Critical Infrastructure Attack (CIA). This is an interactive laboratory built upon ICS software and hardware used in real world. Every system is connected to a toy city infrastructure, which includes factories, railroads and other facilities. The laboratory has been demonstrated at various conferences including PHDays, Power of Community, and 30C3. Primarily the laboratory is used for the discovery of new vulnerabilities and for evaluation of security mechanisms, however it is also used for workshops and other educational activities. At Positive Hack Days IV, contestants found several 0-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric, and in specific ICS hardware RTU PET-7000 during the ICS vulnerability discovery challenge. The group supports Secure Open SmartGrid (SCADASOS) project to find and fix vulnerabilities in intellectual power grid components such as photovoltaic power station, wind turbine, power inverter. More than 80 000 industrial devices were discovered and isolated from the Internet in 2015. == Appearances == Group members are frequently seen presenting at conferences like CCC, SCADA Security Scientific Symposium, Positive Hack Days. Most notable talks are: === 29C3 === An overview of vulnerabilities discovered in the widely distributed Siemens SIMATIC WinCC software and tools that are implemented for searching ICS on the Internet. === PHDays === This talk consisted of an overview of vulnerabilities discovered in various systems produced by ABB, Emerson, Honeywell and Siemens and was presented at PHDays III and PHDays IV. === Confidence 2014 === Implications of security research aimed at realization of various industrial network protocols Profinet, Modbus, DNP3, IEC 61850-8-1 (MMS), IEC (International Electrotechnical Commission) 61870-5-101/104, FTE (Fault Tolerant Ethernet), Siemens S7. === PacSec 2014 === Presentations of security research showing the impact of radio and 3G/4G networks on the security of mobile devices as well as on industrial equipment. === 31C3 === Analysis of security architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. === 32C3 === Cybersecurity assessment of railway signaling systems such as Automatic Train Control (ATC), Computer-based interlocking (CBI) and European Train Control System (ETCS). === China Internet Security Conference 2016 === In "Greater China Cyber Threat Landscape" keynote by Sergey Gordeychik an overview of vulnerabilities, attacks and cyber-security incidents in Greater China region was presented. === Recon 2017 === In talk "Hopeless: Relay Protection for Substation Automation" by Kirill Nesterov and Alexander Tlyapov security analysis results of key Digital Substation component - Relay Protection Terminals was presented. Vulnerabilities, including remote code execution in Siemens SIPROTEC, General Electric Line Distance Relay, NARI and ABB protective relays was presented. == Philosophy == All names, catchwords and graphical elements refer to Stanley Kubrick’s film, Dr. Strangelove. In their talks, group members often refer to Cold War events such as the Caribbean Crisis, and draw parallels between nuclear arms race and the current escalation of cyberwar. Group members follow the approach of “responsible disclosure” and “ready to wait for years, while vendor is patching the vulnerability”. Public exploits for discovered vulnerabilities are not published. This is on account of the longevity of ICS and by implication the long process of patching ICS. However, conflicts still happen, notably in 2012 when the talk at DEF CON was called off due to a dispute of persistent weaknesses in Siemens industrial software.
Read more →