The Way series is a trilogy of science fiction novels and one short story by American author Greg Bear published from 1985 to 1999. The first novel was Eon (1985), followed by a sequel, Eternity and a prequel, Legacy. It also includes The Way of All Ghosts, a short story that falls between Legacy and Eon. == Novels == === Eon === Eon chronicles the appearance and discovery of the Thistledown, and its subsequent effect on humanity. In the early 21st century, the United States and the USSR are on the verge of nuclear war. In that tense political climate, an asteroid appears out of near space after an unusual supernova and settles into an extremely elliptical orbit near Earth orbit. The two nations each try to claim this mysterious object, which appears to be a virtual duplicate of Juno. It is hollow and contains seven vast terraformed chambers. Two of the chambers contain cities long abandoned by human beings who seemed to come from Earth's future. The asteroid is called the Thistledown by its builders. A startling discovery is that it is bigger inside than outside. The seventh chamber appears to stretch into infinity. The human inhabitants of the Thistledown come from an alternate timeline, approximately 1000 years in the future. In their timeline, human civilization was nearly destroyed by the "Death", a calamitous World War involving nuclear weapons. The Death occurred at approximately the same time as the appearance of the Thistledown in the present time. Its presence threatens to cause the Death to occur on the current timeline as well. An expedition is sent down the seemingly infinite seventh chamber (The "Way", as it is known) where it encounters the descendants of humanity. The high technology of this civilization, known as the Hexamon, has control over genetic engineering, human augmentation, and matter itself. The Hexamon includes several alien species who have come to live with humanity's descendants. The Hexamon itself is at war with an alien race known as the Jarts from further down the corridor still. In 2007, CGSociety organised a "CG Challenge" based upon Eon === Eternity === Jarts, politics, and technology make up the second book in the series: Eternity. The Jart religion is based on the preservation of all data, which encompasses all life forms, past and present, and sending that data to the Jarts' future masters, their descendants. === Legacy === In the third book (a prequel, set in the time before Eon), Legacy, soldier Olmy ap Sennon is sent to spy on a group of dissidents who have used the spacetime tunnel of "the Way" (introduced in Eon) to colonize the alien world of Lamarckia, a planet with an ecosystem that learns from its changed environment in a way that resembles Lamarckian evolution. Its plants and animals turn out to actually be parts of continent-sized organisms. === "The Way of All Ghosts" === In the short story "The Way of All Ghosts" soldier Olmy ap Sennon is sent to close a lesion that formed out of a wayward gate into perfection. This story was published in 1999 in Far Horizons. == Fictional history of the Thistledown == Within the universe of The Way, the Thistledown is an asteroid starship built by hollowing out Juno and fitting it with mass-driver (rail gun) engines and thermonuclear drives. Inside the asteroid, seven giant "Chambers" are built, of which two host cities for the inhabitants, while others host machinery and recreation areas. The asteroid is prepared 500 years in the future, as told in Bear's novel Eon, and is engaged on a multi-generational journey to Epsilon Eridani, around which a habitable planet is known to circle. The journey is meant to take 60 years, as the ship can only maintain a velocity of 20% the speed of light. This limitation is removed after the technology of the Thistledown was improved to include inertial dampeners, allowing higher accelerations. Inhabiting the Thistledown are the best and brightest of Earth, who are quite diverse both culturally and politically. The Thistledown's society includes one transcendent genius, Konrad Korzenowski, whose preference for living in the Thistledown as compared with an outer universe, causes him to experiment with closed-geodesic space time in the Seventh Chamber, 20 years into the Thistledown's voyage. The results of his experiments are shattering in the extreme: He creates a unique pocket universe: The Way. == The Way == === Origin === The eponymous Way is an extension of the 7th Chamber, and was formed in the novels using the machinery of the 6th Chamber. This machinery is a selective inertial damper, developed by engineers within the Thistledown with twofold purpose—to permit the Thistledown to accelerate to the limit of its engines (up to 99% the speed of light) and to selectively dampen inertia within the vessel, e.g., water within waterways, high velocity train systems. The inertial dampening machinery within the 6th Chamber is anchored to the structure of the Thistledown, equally spaced around the chamber at the vertices of a regular heptagon. === Creation === At the creation, and rejoining of the Way to the Thistledown, the character Konrad Korzenowski and his engineers designed and 'built' the Way out of the in-folded geodesics of the inertial dampening field of the 6th Chamber machinery. This is described in the books by first considering the inertial dampening field: Within the Thistledown, the field envelops the asteroid, effectively isolating it from the Einsteinian Metrical Frame, permitting relative inertia to be ignored. The Thistledown was, at the time of activation, isolated from its continuum, but only selectively. Its matter and energy anchored it to its continuum and relative time, but its geometry and quantum entanglement had been strained by the inertial dampener, thus making it susceptible to superspace distortions, and therefore it could be affected by them negatively. Korzenowski, having been influenced by the earlier work of Vazquez on Earth, and in developing her work within the Thistledown, planned a radical extension of the inertial field of the 6th Chamber - effectively extending the field away to an infinite extent within the 7th Chamber. In order to do this effectively, he and his engineers modified a set of semi-sentient field calibration tools to build the first Clavicles. Unlike the field calibration tools from which they were descended, the Clavicles possessed the ability not only to manipulate the field, but extend it as an extension of the will of the operator. Already radical enough, Korzenowski and his team went further. By extending the field of the 6th Chamber from within the 7th Chamber of the Thistledown, they could then directly access what Vasquez had calculated within her own work—alternate world lines as non-gravity bent geodesics of superspace. Korzenowski thus 'felt' superspace within the 7th Chamber, selecting the infinite selection of possible alternate pocket universes accessible by the Clavicle to form, as a sheer act of will, the Way from his designs and his vision. The resulting structure was constructed, not of matter, but of previously in-folded superspace vectors now infinitely extended. (in the manner of Schwarzschild folded geometry, or of an asymptotic curve.) The Way was thus opened. The Way's geometry also gave rise to the Flaw - as superspace geometry of the field boundary was extended infinitely, so the folded geodesics of the field unfold in the geometric centre of the Way to form a singularity. This singularity, the Flaw, rests within the Way's plasma tube (which in turn is sustained by the Flaw). The Flaw 'produces' gravity by actively repulsing matter away from itself in an acceleration at the square of the distance away from itself. In addition, any object encircling the Flaw, and then exerting pressure against it, experiences this pressure as a translation force along the Flaw's length perpendicular to the direction of force. The motion thus induced is controllable by the angle at which an annular ring enclosure is pressed against the Flaw. The same spatial transform also can be used to turn tip turbines in order to generate electricity. The Flaw permits a violation of the First Law of Thermodynamics, therefore defining the Way as a perpetual motion machine of the First Order, making energy out of nothing. === Early history === The Way, as formed, was described by Bear as being in vacuum and did not consist of matter within its infinite length. Due to extremely slight ambiguity involved in its creation, the synchronicity between time within the Way, and within the Thistledown, was not exact. Thus, the Engineers spend two decades working to correct these faults using the Clavicles to manipulate the junction between Way and Thistledown. During this period, ambition led Korzenowksi to use the clavicle to open the first exploratory gate within the way, leading to the universe of the Jarts. Though the gate to Jart world was closed, the advanced Jarts neve
Clipping (computer graphics)
Clipping, in the context of computer graphics, is a method to selectively enable or disable rendering operations within a defined region of interest. Mathematically, clipping can be described using the terminology of constructive geometry. A rendering algorithm only draws pixels in the intersection between the clip region and the scene model. Lines and surfaces outside the view volume (aka. frustum) are removed. Clip regions are commonly specified to improve render performance. Pixels that will be drawn are said to be within the clip region. Pixels that will not be drawn are outside the clip region. More informally, pixels that will not be drawn are said to be "clipped." == In 2D graphics == In two-dimensional graphics, a clip region may be defined so that pixels are only drawn within the boundaries of a window or frame. Clip regions can also be used to selectively control pixel rendering for aesthetic or artistic purposes. In many implementations, the final clip region is the composite (or intersection) of one or more application-defined shapes, as well as any system hardware constraints In one example application, consider an image editing program. A user application may render the image into a viewport. As the user zooms and scrolls to view a smaller portion of the image, the application can set a clip boundary so that pixels outside the viewport are not rendered. In addition, GUI widgets, overlays, and other windows or frames may obscure some pixels from the original image. In this sense, the clip region is the composite of the application-defined "user clip" and the "device clip" enforced by the system's software and hardware implementation. Application software can take advantage of this clip information to save computation time, energy, and memory, avoiding work related to pixels that aren't visible. == In 3D graphics == In three-dimensional graphics, the terminology of clipping can be used to describe many related features. Typically, "clipping" refers to operations in the plane that work with rectangular shapes, and "culling" refers to more general methods to selectively process scene model elements. This terminology is not rigid, and exact usage varies among many sources. Scene model elements include geometric primitives: points or vertices; line segments or edges; polygons or faces; and more abstract model objects such as curves, splines, surfaces, and even text. In complicated scene models, individual elements may be selectively disabled (clipped) for reasons including visibility within the viewport (frustum culling); orientation (backface culling), obscuration by other scene or model elements (occlusion culling, depth- or "z" clipping). Sophisticated algorithms exist to efficiently detect and perform such clipping. Many optimized clipping methods rely on specific hardware acceleration logic provided by a graphics processing unit (GPU). The concept of clipping can be extended to higher dimensionality using methods of abstract algebraic geometry. === Near clipping === Beyond projection of vertices & 2D clipping, near clipping is required to correctly rasterise 3D primitives; this is because vertices may have been projected behind the eye. Near clipping ensures that all the vertices used have valid 2D coordinates. Together with far-clipping it also helps prevent overflow of depth-buffer values. Some early texture mapping hardware (using forward texture mapping) in video games suffered from complications associated with near clipping and UV coordinates. === Occlusion clipping (Z- or depth clipping) === In 3D computer graphics, "Z" often refers to the depth axis in the system of coordinates centered at the viewport origin: "Z" is used interchangeably with "depth", and conceptually corresponds to the distance "into the virtual screen." In this coordinate system, "X" and "Y" therefore refer to a conventional cartesian coordinate system laid out on the user's screen or viewport. This viewport is defined by the geometry of the viewing frustum, and parameterizes the field of view. Z-clipping, or depth clipping, refers to techniques that selectively render certain scene objects based on their depth relative to the screen. Most graphics toolkits allow the programmer to specify a "near" and "far" clip depth, and only portions of objects between those two planes are displayed. A creative application programmer can use this method to render visualizations of the interior of a 3D object in the scene. For example, a medical imaging application could use this technique to render the organs inside a human body. A video game programmer can use clipping information to accelerate game logic. For example, a tall wall or building that occludes other game entities can save GPU time that would otherwise be spent transforming and texturing items in the rear areas of the scene; and a tightly integrated software program can use this same information to save CPU time by optimizing out game logic for objects that aren't seen by the player. == Algorithms == Line clipping algorithms: Cohen–Sutherland Liang–Barsky Fast-clipping Cyrus–Beck Nicholl–Lee–Nicholl Skala O(lg N) algorithm Polygon clipping algorithms: Greiner–Hormann Sutherland–Hodgman Weiler–Atherton Vatti Rendering methodologies Painter's algorithm
Knapsack cryptosystems
Knapsack cryptosystems are cryptosystems whose security is based on the hardness of solving the knapsack problem. They remain quite unpopular because simple versions of these algorithms have been broken for several decades. However, that type of cryptosystem is a good candidate for post-quantum cryptography. The most famous knapsack cryptosystem is the Merkle-Hellman Public Key Cryptosystem, one of the first public key cryptosystems, published the same year as the RSA cryptosystem. However, this system has been broken by several attacks: one from Shamir, one by Adleman, and the low density attack. However, there exist modern knapsack cryptosystems that are considered secure so far: among them is Nasako-Murakami 2006. Knapsack cryptosystems, when not subject to classical cryptoanalysis, are believed to be difficult even for quantum computers. That is not the case for systems that rely on factoring large integers, like RSA, or computing discrete logarithms, like ECDSA, problems solved in polynomial time with Shor's algorithm.
Cryptographic Module Testing Laboratory
Cryptographic Module Testing Laboratory (CMTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct cryptographic module evaluations for conformance to the FIPS 140-2 U.S. Government standard. The National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP) accredits CMTLs to meet Cryptographic Module Validation Program (CMVP) standards and procedures. This has been replaced by FIPS 140-2 and the Cryptographic Module Validation Program (CMVP). == CMTL requirements == These laboratories must meet the following requirements: NIST Handbook 150, NVLAP Procedures and General Requirements NIST Handbook 150-17 Information Technology Security Testing - Cryptographic Module Testing NVLAP Specific Operations Checklist for Cryptographic Module Testing == FIPS 140-2 in relation to the Common Criteria == A CMTL can also be a Common Criteria (CC) Testing Laboratory (CCTL). The CC and FIPS 140-2 are different in the abstractness and focus of evaluation. FIPS 140-2 testing is against a defined cryptographic module and provides a suite of conformance tests to four FIPS 140 security levels. FIPS 140-2 describes the requirements for cryptographic modules and includes such areas as physical security, key management, self tests, roles and services, etc. The standard was initially developed in 1994 - prior to the development of the CC. The CC is an evaluation against a Protection Profile (PP), or security target (ST). Typically, a PP covers a broad range of products. A CC evaluation does not supersede or replace a validation to either FIPS 140-1, FIPS140-2 or FIPS 140-3. The four security levels in FIPS 140-1 and FIPS 140-2 do not map directly to specific CC EALs or to CC functional requirements. A CC certificate cannot be a substitute for a FIPS 140-1 or FIPS 140-2 certificate. If the operational environment is a modifiable operational environment, the operating system requirements of the Common Criteria are applicable at FIPS Security Levels 2 and above. FIPS 140-1 required evaluated operating systems that referenced the Trusted Computer System Evaluation Criteria (TCSEC) classes C2, B1 and B2. However, TCSEC is no longer in use and has been replaced by the Common Criteria. Consequently, FIPS 140-2 now references the Common Criteria. FIPS 140-2 or FIPS 140-3 validation efforts can be in some parts reused in Common Criteria evaluations, specifically in areas related to entropy source and cryptographic algorithms.
Pinoy baiting
Pinoy baiting is a phrase that has been used to refer to acts by non-Filipino individuals, usually celebrities or YouTubers, of posting content online purportedly with the intention of getting the attention of Filipinos, by being surprised about the Philippines or its people. Pinoy baiters are defined as giving superficial and allegedly insincere praises and similar reactions that give recognition to the Philippines or its people. Subsequent responses by Filipinos to what have been referred to as acts of Pinoy baiting have been criticized as a form of cultural cringe. This criticism would subsequently give the advice that Filipinos should not constantly require validation from non-Filipinos about themselves or their country. == Pinoy baiting mediums == === Reaction videos === On social media such as YouTube, channels with specific focus on showing their reaction towards and opinions about certain videos or topics are called reaction channels. Reaction videos are very popular and require minimal effort to create, and thus made it easy for alleged Pinoy baiting to thrive within this video-making genre. === Travel vlogs === Vlogging, short for video blogging, grew in popularity in the 2020s. Most of the popular alleged Pinoy-baiting channels tend to be vlog channels, normally following the same script under such titles as "The Philippines changed us/me", "First impression of the Philippines", "Is this really Manila?" and "Filipinos are such Kind/Good People!", and made while travelling to touristy areas such as Boracay or Bonifacio Global City and taste-testing the fast food chain Jollibee, among others. == Criticism of the phrase == Philippines-based Korean vlogger Jessica Lee had been accused by some YouTube viewers of engaging in Pinoy baiting. In a response vlog, Lee acknowledged that there may be individuals engaging in this "business strategy" of gaining views and subscribers from one of the largest communities online. However, she questioned the objectivity of some use of the phrase, citing any vlogging subject as fair game for a negative impression of being a "baiting" tool for the vlogger treating of that subject. She also invoked vloggers' freedom to choose whatever subject they want to talk about in a deep or shallow manner, while enjoining citizens to exercise their free-market right to unfollow vloggers they hate and follow those vloggers that "make them happy". She also gave her critics an explanation why she ended up vlogging about Philippine and Filipino subjects.
Continuous Exposure Management
Continuous Exposure Management (CEM) is a cybersecurity approach that provides continuous, real-time monitoring, assessment, and prioritization of an organization’s security vulnerabilities and exposures. CEM focuses on identifying and mitigating risks by analyzing attack paths and providing recommendations, ensuring organizations maintain a resilient cybersecurity posture. == Overview == CEM platforms enable organizations to detect and remediate cybersecurity exposures, such as vulnerabilities, misconfigurations and weak credentials, across their entire ecosystem, including on-premises, cloud environments, and hybrid infrastructures. By simulating potential attack scenarios and mapping attack paths, these platforms help organizations understand how exposures could be exploited and which ones pose the greatest risk to critical assets. The XM Cyber Continuous Exposure Management platform, for example, integrates automated attack path mapping and contextual risk analysis, allowing security teams to prioritize remediation efforts effectively. In 2023, the platform uncovered over 40 million exposures affecting 11.5 million critical business entities. As cyber threats evolve, CEM platforms are becoming indispensable for modern enterprises. According to Gartner, organizations implementing continuous exposure management are three times less likely to experience a breach by 2026. In addition to risk mapping and simulation, some CEM approaches incorporate automated security validation to verify the exploitability of identified vulnerabilities. Platforms such as Pentera utilize automated security testing to emulate real-world adversary behavior across the network, identifying how security gaps could be leveraged to gain access to critical assets. This process aims to move beyond theoretical risk assessments by providing empirical evidence of exposure, allowing security teams to focus remediation efforts on validated attack vectors. By integrating this validation phase into the broader exposure management lifecycle, organizations can refine their prioritization strategies based on the actual effectiveness of their existing security controls and the proven reachability of their most sensitive data. == Key features == CEM platforms are designed to address the dynamic nature of cybersecurity risks through the following features: Attack Path Simulation: Continuously maps attack paths to critical assets, highlighting exploitable exposures and chokepoints. Risk Prioritization: Focuses on exposures with the highest impact on critical assets, ensuring efficient allocation of resources. Remediation Guidance: Provides clear, actionable recommendations to resolve exposures and strengthen defenses. Integration with Existing Tools: Seamlessly works with Security Information and Event Management (SIEM), ticketing, and Security Orchestration, Automation, and Response (SOAR) systems. Real-time Monitoring: Offers continuous visibility into exposures, ensuring that new ones are quickly identified and addressed.
Eduroam
eduroam (a portmanteau of education and roaming) is an international Wi-Fi internet access roaming service for users in research, higher education and further education. It provides researchers, teachers, and students network access when visiting an institution other than their own. Users are authenticated with credentials from their home institution, regardless of the location of the eduroam access point. Authorization to access the Internet and other resources are handled by the visited institution. Users do not have to pay to use eduroam. In some countries, Internet access via eduroam is also available at other locations than the participating institutions, e.g. in libraries, public buildings, railway stations, city centres and airports. It is also available at many primary and secondary education institutions in Brazil and the US. == History == The eduroam initiative started in 2002 when during the preparations for the creation of TERENA's task force TF-Mobility, Klaas Wierenga of SURFnet shared the idea of combining a RADIUS-based infrastructure with IEEE 802.1X technology to provide roaming network access across research and education networks. Initially, the service was joined by institutions in the Netherlands, Germany, Finland, Portugal, Croatia and the United Kingdom. Later, other NRENs in Europe embraced the idea and started joining the infrastructure, which was then called eduroam. Since 2004, the European Union co-funded further research and development work related to the eduroam service through the GN2 and GN3 projects. From September 2007, the European Union also funded through these projects the continued operation and maintenance of the eduroam service at the European level. The first non-European country to join eduroam was Australia, in December 2004. In Canada, eduroam started as an initiative of the University of British Columbia, which was later taken over by CANARIE as a service of its Canadian Access Federation. In the United States, eduroam was initially a pilot project between the National Science Foundation and the University of Tennessee (UTK). In 2012, Internet2 announced the addition of eduroam to its NET+ service offerings. AnyRoam LLC, a private company, was formed by former UTK staff to serve as an Internet2 active corporate member administering the US top-level servers. In 2021, Internet2 assumed direct management of the eduroam service for US-based organizations. == Technology == The eduroam service uses IEEE 802.1X as the authentication method and a hierarchical system of RADIUS servers. The hierarchy typically consists of RADIUS servers at the participating institutions, national RADIUS servers run by the National Roaming Operators, and regional top-level RADIUS servers for individual world regions. In some cases, institutions contact each other directly via DNS lookups () When a user visits a remote institution, the user's device presents their credentials to the local RADIUS server. That RADIUS server discovers that it is not responsible for the realm of the user's home institution and proxies the access request to another RADIUS server, typically the national RADIUS server. If the visited institution is in a different country than the home institution, the request is in turn proxied to the regional top-level RADIUS server, and then to the national RADIUS server of the user's home country. That national server forwards the credentials to the home institution, where they are verified. The RADIUS response travels back over the proxy-hierarchy to the visited institution and the user is granted access. In eduroam, the user credentials are always presented in the form of an EAP method (). The EAP method is responsible for ensuring that the users credentials are secure, and private. The users credentials can then travel via a number of intermediate servers, not under the control of the home institution of the user. This requirement limits the types of EAP methods that can be used. EAP methods which do not provide for security or privacy of user credentials cannot be used in eduroam. The most commonly used EAP methods in eduroam are EAP-TLS, PEAP, and EAP-TTLS. The methods used generally fall into two broad categories: those that use credentials in the form of some public-key mechanism with certificates and those that use so-called tunnelled authentication with "inner" passwords or other credentials. Most institutions use a tunnelled authentication method that requires a server certificate. These server certificates are used to set up a secure tunnel between the mobile device and the authentication server, through which the user credentials (e.g. name and password) are securely transported. A complication arises if the user's home institution does not use a two-letter country-code top-level domain as part of its realm, but a generic top-level domain such as .edu or .org. By inspection of such realms, it is not possible to determine which national RADIUS server the request should be routed to. Such domains will thus, by default, fail to work in international roaming. The workaround for this problem involves the creation of exceptions in the international RADIUS request routing tables; however, this workaround does not scale as the number of exception entries grows. Several solutions have been proposed to eliminate this workaround in the future, the most promising of which is RADIUS over TLS with Dynamic Discovery, which does not rely on static routing tables inside a RADIUS server configuration to route requests to their proper destination. Instead, the participating institution adds one NAPTR DNS resource record to its own domain's DNS zone, which states by which server eduroam authentication for the domain is handled. == Governance == GÉANT has established a lightweight global governance structure. Recognising the large variety in the organisation and funding of research and education (networking) in different countries and regions, rules imposed on the operations of eduroam are limited to technical and administrative requirements that are necessary to ensure the smooth and secure operations of eduroam worldwide. Moreover, the eduroam operators have the leading role in creating and maintaining the rules of the global eduroam governance. The Global eduroam Governance Committee (GeGC) has the central role in the global eduroam governance structure. While its structure has evolved over time, it presently has three representatives from each of five regions — mirroring those used by the Regional Internet registries — serving a two-year term. In addition, GÉANT may appoint one or more experts as non-voting members of the GeGC. == Geographical deployment == eduroam is available at selected locations in countries with a National Roaming Operator that has signed the eduroam Compliance Statement. Those sixty-seven countries are listed below. In addition, there may be pilot deployments in countries that are in the process of joining eduroam. === Middle East === eduroam is deployed in: === Europe === The NRENs that are members of the consortium of the GN3 project have joined the European eduroam confederation by signing the confederation's policy that requires its members to comply with a set of technical and organisational requirements, which are more specific than those in the global eduroam Compliance Statement. As a consequence, eduroam is deployed in the following countries: In addition, three NRENs that are associate members of the consortium of the GN3 project without voting rights joined the European eduroam confederation; they represent Belarus (UIIP), Moldova (RENAM) and Russia (Joint Supercomputer Center of the Russian Academy of Sciences). Finally, five NRENs not involved in the GN3 project joined the European eduroam confederation on a voluntary basis, enabling the deployment of the service in: The European top-level RADIUS servers are operated by SURFnet and Forskningsnettet. === Asia-Pacific === eduroam is deployed in the following countries and economies: The Asia-Pacific top-level RADIUS servers are operated by AARNet and by the University of Hong Kong. === North America === eduroam is deployed in: === Latin America === eduroam is deployed in: === Africa === eduroam is deployed in: The inter-African RADIUS servers are operated by West-African research and education network WACREN, the UbuntuNet Alliance and TENET.