HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797. The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named Strict-Transport-Security. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion. Websites using HSTS often do not accept clear text HTTP, either by rejecting connections over HTTP or systematically redirecting users to HTTPS (though this is not required by the specification). The consequence of this is that a user-agent not capable of doing TLS will not be able to connect to the site. The protection normally only applies after a user has visited the site at least once, relying on the principle of "trust on first use". The way this protection works is that when a user entering or selecting an HTTP (not HTTPS) URL to the site, the client, such as a Web browser, will automatically upgrade to HTTPS without making an HTTP request, thereby preventing any HTTP man-in-the-middle attack from occurring. To counteract this problem, an HSTS preload list maintained by Google Chrome and used by other major web browsers is maintained. If a domain is on this list, the browser skips the initial request and encrypts all communication immediately. Additional domains can be registered at no cost. == Specification history == The HSTS specification was published as RFC 6797 on 19 November 2012 after being approved on 2 October 2012 by the IESG for publication as a Proposed Standard RFC. The authors originally submitted it as an Internet Draft on 17 June 2010. With the conversion to an Internet Draft, the specification name was altered from "Strict Transport Security" (STS) to "HTTP Strict Transport Security", because the specification applies only to HTTP. The HTTP response header field defined in the HSTS specification however remains named "Strict-Transport-Security". The last so-called "community version" of the then-named "STS" specification was published on 18 December 2009, with revisions based on community feedback. The original draft specification by Jeff Hodges from PayPal, Collin Jackson, and Adam Barth was published on 18 September 2009. The HSTS specification is based on original work by Jackson and Barth as described in their paper "ForceHTTPS: Protecting High-Security Web Sites from Network Attacks". Additionally, HSTS is the realization of one facet of an overall vision for improving web security, put forward by Jeff Hodges and Andy Steingruebl in their 2010 paper The Need for Coherent Web Security Policy Framework(s). == HSTS mechanism overview == A server implements an HSTS policy by supplying a header over an HTTPS connection (HSTS headers over HTTP are ignored). For example, a server could send a header such that future requests to the domain for the next year (max-age is specified in seconds; 31,536,000 is equal to one non-leap year) use only HTTPS: Strict-Transport-Security: max-age=31536000. When a web application issues HSTS Policy to user agents, conformant user agents behave as follows: Automatically turn any insecure links referencing the web application into secure links (e.g. http://example.com/some/page/ will be modified to https://example.com/some/page/ before accessing the server). If the security of the connection cannot be ensured (e.g. the server's TLS certificate is not trusted), the user agent must terminate the connection and should not allow the user to access the web application. This helps protect web application users against some passive (eavesdropping) and active network attacks. A man-in-the-middle attacker has a greatly reduced ability to intercept requests and responses between a user and a web application server while the user's browser has HSTS Policy in effect for that web application. == Applicability == The most important security vulnerability that HSTS can fix is SSL-stripping man-in-the-middle attacks, first publicly introduced by Moxie Marlinspike in his 2009 BlackHat Federal talk "New Tricks For Defeating SSL In Practice". The SSL (and TLS) stripping attack works by transparently converting a secure HTTPS connection into a plain HTTP connection. The user can see that the connection is insecure, but crucially there is no way of knowing whether the connection should be secure. At the time of Marlinspike's talk, many websites did not use TLS/SSL, therefore there was no way of knowing (without prior knowledge) whether the use of plain HTTP was due to an attack, or simply because the website had not implemented TLS/SSL. Additionally, no warnings are presented to the user during the downgrade process, making the attack fairly subtle to all but the most vigilant. Marlinspike's sslstrip tool, presented at Black Hat DC 2009, fully automates the attack. HSTS addresses this problem by informing the browser that connections to the site should always use TLS/SSL. The HSTS header can be stripped by the attacker if this is the user's first visit. Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge attempt to limit this problem by including a "pre-loaded" list of HSTS sites. Unfortunately this solution cannot scale to include all websites on the internet. See limitations, below. HSTS can also help to prevent having one's cookie-based website login credentials stolen by widely available tools such as Firesheep. Because HSTS is time limited, it is sensitive to attacks involving shifting the victim's computer time e.g. using false NTP packets. == Limitations == The initial request remains unprotected from active attacks if it uses an insecure protocol such as plain HTTP or if the URI for the initial request was obtained over an insecure channel. The same applies to the first request after the activity period specified in the advertised HSTS Policy max-age (sites should set a period of several days or months depending on user activity and behavior). === Solutions with preload list === Google Chrome, Mozilla Firefox, and Internet Explorer/Microsoft Edge address this limitation by implementing a "HSTS preloaded list", which is a list that contains known sites supporting HSTS. This list is distributed with the browser so that it uses HTTPS for the initial request to the listed sites as well. As previously mentioned, these pre-loaded lists cannot scale to cover the entire Web. A potential solution might be achieved by using DNS records to declare HSTS Policy, and accessing them securely via DNSSEC, optionally with certificate fingerprints to ensure validity (which requires running a validating resolver to avoid last mile issues). Junade Ali has noted that HSTS is ineffective against the use of false domains; by using DNS-based attacks, it is possible for a man-in-the-middle interceptor to serve traffic from an artificial domain which is not on the HSTS Preload list, this can be made possible by DNS Spoofing Attacks, or simply a domain name that misleadingly resembles the real domain name such as www.example.org instead of www.example.com. Even with an HSTS preloaded list, HSTS cannot prevent advanced attacks against TLS itself, such as the BEAST or CRIME attacks introduced by Juliano Rizzo and Thai Duong. Attacks against TLS itself are orthogonal to HSTS policy enforcement. Neither can it protect against attacks on the server - if someone compromises it, it will happily serve any content over TLS. === Privacy issues === HSTS can be used to near-indelibly tag visiting browsers with recoverable identifying data (supercookies) which can persist in and out of browser "incognito" privacy modes. By creating a web page that makes multiple HTTP requests to selected domains, for example, if twenty browser requests to twenty different domains are used, theoretically over one million visitors can be distinguished (220) due to the resulting requests arriving via HTTP vs. HTTPS; the latter being the previously recorded binary "bits" established earlier via HSTS headers. == Browser support == Chromium and Google Chrome since version 4.0.211.0 Firefox since version 4; with Firefox 17, Mozilla integrates a list of websites supporting HSTS. Opera since version 12 Safari since OS X Mavericks (version 10.9, late 2013) Internet Explorer 11 on Windows 8.1 and Windows 7 with KB3058515 installed (Released as a Windows Update in June 2015) Microsoft Edge and Internet Explorer 11 on Windows 10 BlackBerry 10 Browser and WebView since BlackBerry OS 10.3.3. == Deployment best practices == Depending on the actual deployment there are certain threats (e.g. cookie injection attacks) t
Naked Objects for .NET
Naked Objects for .NET or Naked Objects MVC is a software framework that builds upon the ASP.NET MVC framework. As the name suggests, the framework synthesizes two architectural patterns: naked objects and model–view–controller (MVC). These two patterns have been considered as antithetical. However, Trygve Reenskaug (the inventor of the MVC pattern) has made it clear that he does not see it that way, in his foreword to Richard Pawson's PhD thesis on the Naked Objects pattern. The Naked Objects MVC framework will take a domain model (written as Plain Old CLR Objects) and render it as a complete HTML application without the need for writing any user interface code - by means of a small set of generic View and Controller classes. The framework uses reflection rather than code generation. The developer may then choose to create customised Views and/or Controllers, using standard ASP.NET MVC patterns, for use where the generic user interface is not suitable.
Android Auto
Android Auto is a mobile app developed by Google to mirror features of a smartphone (or other Android device) on a car's dashboard information and entertainment head unit. Once an Android device is paired with the car's head unit, the system can mirror some apps on the vehicle's display. Supported apps include GPS mapping and navigation, music playback, SMS, telephone, and Web search. The system supports both touchscreen and button-controlled head units. Hands-free operation through voice commands is available and recommended to reduce driver distraction. Android Auto is part of the Open Automotive Alliance, a joint effort of 28 automobile manufacturers, with Nvidia as tech supplier, available in 36 countries. == History == Android Auto was revealed at Google I/O 2014. The app was released to the public on March 19, 2015. In November 2016, Google implemented an app that would run the Android Auto UI on the mobile device. In July 2019, Android Auto received its first major UI rework, which among other changes, brought an app drawer to Android Auto for the first time. Google also announced that the app's ability to be used on a phone would be discontinued in favor of Google Assistant's drive mode. In December 2020, Google announced the expansion of Android Auto to 36 additional countries in Europe, Indonesia, and more. In April 2021, Android Auto launched in Belgium, Denmark, Netherlands, Norway, Portugal, and Sweden. Google announced in May 2022 a user interface redesign for Android Auto, codenamed CoolWalk, which aims to simplify the app's usage, and make it more adaptable to screens of different orientations and aspect ratios. The redesign incorporates a new split-screen layout, where Google Maps can be displayed alongside a music player. CoolWalk was originally slated to launch in Q3 2022. In June 2022, Android Auto no longer ran directly on a mobile device; the app permitting this was decommissioned, in favor of a Driving Mode built into the Google Assistant app for a similar purpose. In November 2022, the CoolWalk user interface was released in Android Auto's beta program. == Functionality == Android Auto is software that can be utilized from an Android mobile device, acting as a vehicle's dashboard head unit. Once the user's Android device is connected to the vehicle, the head unit will serve as an external display for the Android device, presenting supported software in a car-specific user interface provided by the Android Auto app. In Android Auto's first iterations, the device was required to be connected via USB to the car. For some time, starting in November 2016, Google added the option to run Android Auto as a regular app on an Android device, allowing users to choose whether to use Android Auto on a personal phone or tablet, rather than on a compatible automotive head unit. This app was decommissioned in June 2022 in favor of a Driving Mode built into the Google Assistant app. At CES 2018, Google confirmed that the Google Assistant would be coming to Android Auto later in the year. An Android Auto SDK has been released, allowing third parties to modify their apps to work with Android Auto; initially, only APIs for music and messaging apps were available. == Head unit support == In May 2015, Hyundai became the first manufacturer to offer Android Auto support, making it first available in the 2015 Hyundai Sonata. Automobile manufacturers that will offer Android Auto support in their cars include Abarth, Acura, Alfa Romeo, Aston Martin, Audi, Bentley, Buick, BMW, BYD, Cadillac, Chevrolet, Chrysler, Citroën, Dodge, Ferrari, Fiat, Ford, GMC, Genesis, Holden, Honda, Hyundai, Infiniti, Jaguar Land Rover, Jeep, Kia, Lamborghini, Lexus, Lincoln, Mahindra and Mahindra, Maserati, Maybach, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Opel, Peugeot, Porsche, RAM, Renault, SEAT, Škoda, SsangYong, Subaru, Suzuki, Tata Motors Cars, Toyota, Volkswagen and Volvo. Additionally, aftermarket car-audio systems supporting Android Auto add the technology into host vehicles, including Pioneer, Kenwood, Panasonic, and Sony. == Criticism == In May 2019, Italy filed an antitrust complaint targeting Android Auto, citing a Google policy of allowing third-parties to only offer media and messaging apps on the platform, preventing Enel from offering an app for locating vehicle charging stations. Google announced a new SDK, to be released to select partners in August 2020 and made generally available by the end of the year. == Availability == As of December 2025, Android Auto is available in 46 countries:
Kurt Keutzer
Kurt Keutzer (born November 9, 1955) is an American computer scientist. == Early life and education == Kurt Keutzer grew up in Indianapolis, Indiana. He earned a bachelor's degree in mathematics from Maharishi University of Management (formerly Mararishi International University) in 1978, and a PhD in computer science from Indiana University Bloomington in 1984. == Career == Keutzer joined Bell Labs in 1984, where he worked on logic synthesis. In 1991, he joined the electronic design automation company Synopsys, where he was promoted to chief technology officer. He subsequently joined the University of California, Berkeley as a professor in 1998. His research at Berkeley has focused on the intersection of high performance computing and machine learning. Working with a number of graduate students at Berkeley, Keutzer developed FireCaffe, which scaled the training of deep neural networks to over 100 GPUs. Later, with LARS and LAMB optimizers, they scaled it to over 1000 servers. Keutzer and his students also developed deep neural networks such as SqueezeNet, SqueezeDet, and SqueezeSeg, which can run efficiently on mobile devices. Keutzer co-founded DeepScale with his PhD student Forrest Iandola in 2015, and Keutzer served as the company's chief strategy officer. The firm was focused on developing deep neural networks for advanced driver assistance systems in passenger cars. On October 1, 2019, electric vehicle manufacturer Tesla, Inc. purchased DeepScale to augment and accelerate its self-driving vehicle work. == Honors and awards == Keutzer was named a Fellow of the IEEE in 1996. Recipient of DAC Most Influential Paper (MIP) award (24th DAC, 1987) for his "Dagon: technology binding and local optimization by DAG matching” publication. == Books by Keutzer == 1988. Dwight Hill, Don Shugard, John Fishburn, and Kurt Keutzer. Algorithms and Techniques for VLSI Layout Synthesis. Springer. 1994. Srinivas Devadas, Abhijit Ghosh, and Kurt Keutzer. Logic Synthesis. McGraw-Hill. 2002. David Chinnery and Kurt Keutzer. Closing the Gap Between ASIC & Custom: Tools and Techniques for High-Performance ASIC Design. Springer. (2nd edition appeared in 2007.) 2004. Pinhong Chen, Desmond A. Kirkpatrick, and Kurt Keutzer. Static Crosstalk-Noise Analysis: For Deep Sub-Micron Digital Designs. Springer. 2005. Matthias Gries and Kurt Keutzer. Building ASIPs: The Mescal Methodology. Springer.
How to Choose an AI Sales Assistant
In search of the best AI sales assistant? An AI sales assistant is software that uses machine learning to help you get more done — it turns a rough idea into a polished result in seconds. When choosing one, weigh output quality, pricing, export formats, and how well it fits the tools you already use. Whether you are a beginner or a pro, the right AI sales assistant slots into your workflow and pays for itself fast. Below we compare features, pricing, and real output so you can choose with confidence.
Physics-informed neural networks
In machine learning, physics-informed neural networks (PINNs), also referred to as theory-trained neural networks (TTNs), are a type of universal function approximator that can embed the knowledge of any physical laws that govern a given data-set in the learning process, and can be described by partial differential equations (PDEs). Low data availability for some biological and engineering problems limit the robustness of conventional machine learning models used for these applications. The prior knowledge of general physical laws acts in the training of neural networks (NNs) as a regularization agent that limits the space of admissible solutions, increasing the generalizability of the function approximation. This way, embedding this prior information into a neural network results in enhancing the information content of the available data, facilitating the learning algorithm to capture the right solution and to generalize well even with a low amount of training examples. Because they process continuous spatial and time coordinates and output continuous PDE solutions, they can be categorized as neural fields. == Function approximation == Most of the physical laws that govern the dynamics of a system can be described by partial differential equations. For example, the Navier–Stokes equations are a set of partial differential equations derived from the conservation laws (i.e., conservation of mass, momentum, and energy) that govern fluid mechanics. The solution of the Navier–Stokes equations with appropriate initial and boundary conditions allows the quantification of flow dynamics in a precisely defined geometry. However, these equations cannot be solved exactly and therefore numerical methods must be used (such as finite differences, finite elements and finite volumes). In this setting, these governing equations must be solved while accounting for prior assumptions, linearization, and adequate time and space discretization. Recently, solving the governing partial differential equations of physical phenomena using deep learning has emerged as a new field of scientific machine learning (SciML), leveraging the universal approximation theorem and high expressivity of neural networks. In general, deep neural networks could approximate any high-dimensional function given that sufficient training data are supplied. However, such networks do not consider the physical characteristics underlying the problem, and the level of approximation accuracy provided by them is still heavily dependent on careful specifications of the problem geometry as well as the initial and boundary conditions. Without this preliminary information, the solution is not unique and may lose physical correctness. To remedy this, Physics-Informed Neural Networks (PINNs) leverage governing physical equations in neural network training. Namely, PINNs are designed to be trained to satisfy the given training data as well as the imposed governing equations. In this fashion, a neural network can be guided with training datasets that do not necessarily need to be large or complete. An accurate solution of partial differential equations can potentially be found without knowing the boundary conditions. Therefore, with some knowledge about the physical characteristics of the problem and some form of training data (even sparse and incomplete), PINNs may be used for finding an optimal solution with high fidelity. PINNs can be applied to a wide range of problems in computational science, and are a pioneering technology leading to the development of new classes of numerical solvers for PDEs. PINNs can be thought of as a mesh-free alternative to traditional approaches (e.g., CFD for fluid dynamics), and new data-driven approaches for model inversion and system identification. Notably, a trained PINN network can be used to predict values on simulation grids of different resolutions without needing to be retrained. Additionally, the derivatives used in the partial differential equations can be computed using automatic differentiation (AD), which is assessed to be superior to numerical or symbolic differentiation. == Modeling and computation == A general nonlinear partial differential equation can be written as: u t + N [ u ; λ ] = 0 , x ∈ Ω , t ∈ [ 0 , T ] {\displaystyle u_{t}+{\mathcal {N}}[u;\lambda ]=0,\quad x\in \Omega ,\quad t\in [0,T]} where u ( t , x ) {\displaystyle u(t,x)} denotes the solution, N [ ⋅ ; λ ] {\displaystyle {\mathcal {N}}[\cdot ;\lambda ]} is a nonlinear operator parameterized by λ {\displaystyle \lambda } , and Ω {\displaystyle \Omega } is a subset of R D {\displaystyle \mathbb {R} ^{D}} . This general form of governing equations summarizes a wide range of problems in mathematical physics, such as conservative laws, diffusion process, advection-diffusion systems, and kinetic equations. Given noisy measurements of a generic dynamic system described by the equation above, PINNs can be designed to solve two classes of problems: data-driven solutions of partial differential equations data-driven discovery of partial differential equations === Data-driven solution of partial differential equations === The data-driven solution of PDE computes the hidden state u ( t , x ) {\displaystyle u(t,x)} of the system given boundary data and/or measurements z {\displaystyle z} , and fixed model parameters λ {\displaystyle \lambda } . We solve: u t + N [ u ] = 0 , x ∈ Ω , t ∈ [ 0 , T ] {\displaystyle u_{t}+{\mathcal {N}}[u]=0,\quad x\in \Omega ,\quad t\in [0,T]} . by defining the residual f ( t , x ) {\displaystyle f(t,x)} as: f := u t + N [ u ] {\displaystyle f:=u_{t}+{\mathcal {N}}[u]} , and approximating u ( t , x ) {\displaystyle u(t,x)} by a deep neural network. This network can be differentiated using automatic differentiation. The parameters of u ( t , x ) {\displaystyle u(t,x)} and f ( t , x ) {\displaystyle f(t,x)} can be then learned by minimizing the following loss function L tot {\displaystyle L_{\text{tot}}} : L tot = L u + L f {\displaystyle L_{\text{tot}}=L_{u}+L_{f}} where: L u = ‖ u − z ‖ Γ {\displaystyle L_{u}=\Vert u-z\Vert _{\Gamma }} is the error between the PINN u ( t , x ) {\displaystyle u(t,x)} and the set of boundary conditions and measured data on the set of points Γ {\displaystyle \Gamma } where the boundary conditions and data are defined. L f = ‖ f ‖ Γ {\displaystyle L_{f}=\Vert f\Vert _{\Gamma }} is the mean-squared error of the residual function. This second term encourages the PINN to learn the structural information expressed by the PDE during the training process. This approach has been used to yield computationally efficient physics-informed surrogate models with applications in the forecasting of physical processes, model predictive control, multi-physics and multi-scale modeling, and simulation. It has been shown to converge to the solution of the PDE. === Data-driven discovery of partial differential equations === Given noisy and incomplete measurements z {\displaystyle z} of the state of the system, the data-driven discovery of PDEs results in computing the unknown state u ( t , x ) {\displaystyle u(t,x)} and learning model parameters λ {\displaystyle \lambda } that best describe the observed data: u t + N [ u ; λ ] = 0 , x ∈ Ω , t ∈ [ 0 , T ] {\displaystyle u_{t}+{\mathcal {N}}[u;\lambda ]=0,\quad x\in \Omega ,\quad t\in [0,T]} By defining f ( t , x ) {\displaystyle f(t,x)} as: f := u t + N [ u ; λ ] = 0 {\displaystyle f:=u_{t}+{\mathcal {N}}[u;\lambda ]=0} , and approximating u ( t , x ) {\displaystyle u(t,x)} by a deep neural network, f ( t , x ) {\displaystyle f(t,x)} results in a PINN. This network can be derived using automatic differentiation. The parameters of u ( t , x ) {\displaystyle u(t,x)} and f ( t , x ) {\displaystyle f(t,x)} , together with the parameter λ {\displaystyle \lambda } of the differential operator can be then learned by minimizing the following loss function L tot {\displaystyle L_{\text{tot}}} : L tot = L u + L f {\displaystyle L_{\text{tot}}=L_{u}+L_{f}} where: L u = ‖ u − z ‖ Γ {\displaystyle L_{u}=\Vert u-z\Vert _{\Gamma }} , with u {\displaystyle u} and z {\displaystyle z} state solutions and measurements at sparse location Γ {\displaystyle \Gamma } , respectively. L f = ‖ f ‖ Γ {\displaystyle L_{f}=\Vert f\Vert _{\Gamma }} is the residual function. This second term requires the structured information represented by the partial differential equations to be satisfied in the training process. This strategy allows for discovering dynamic models described by nonlinear PDEs assembling computationally efficient and fully differentiable surrogate models that may find application in predictive forecasting, control, and data assimilation. == Extensions and applications == === For piece-wise function approximation === PINNs are unable to approximate PDEs that have strong non-linearity or sharp gradients (such as those that commonly occur in practical fluid flow problems). Piecewise approximation has been an old practic
Selmer Bringsjord
Selmer Bringsjord (born November 24, 1958) is a professor of computer science and cognitive science and a former chair of the Department of Cognitive Science at Rensselaer Polytechnic Institute. He also holds an appointment in the Lally School of Management & Technology and teaches artificial Intelligence (AI), formal logic, human and machine reasoning, and philosophy of AI. == Biography == Bringsjord's education includes a B.A. in philosophy from the University of Pennsylvania and a Ph.D. in philosophy from Brown University, where he studied under Roderick Chisholm. He conducts research in AI as the director of the Rensselaer AI & Reasoning (RAIR) Laboratory. He specializes in the logico-mathematical and philosophical foundations of AI and cognitive science, and in collaboratively building AI systems on the basis of computational logic. Bringsjord believes that "the human mind will forever be superior to AI", and that "much of what many humans do for a living will be better done by indefatigable machines who require not a cent in pay". Bringsjord has stated that the "ultimate growth industry will be building smarter and smarter such machines on the one hand, and philosophizing about whether they are truly conscious and free on the other". Bringsjord has an argument for P = NP using digital physics. Other research includes developing a new computational-logic framework allowing the formalization of deliberative multi-agent "mindreading" as applied to the realm of nuclear strategy, with the goal of creating a model and simulation to enable reliable prediction. He has published an opinion piece advocating for counter-terrorism security ensured by pervasive, all-seeing sensors; automated reasoners; and autonomous, lethal robots. Bringsjord received a National Science Foundation award to research Social Robotics and the Covey Award for the advancement of philosophy of computing awarded by the International Association for Computing And Philosophy, among several others prizes. == Books authored == with Yang, Y. Mental Metalogic: A New, Unifying Theory of Human and Machine Reasoning (Mahwah, NJ: Lawrence Erlbaum).(2007) with Zenzen, M. Superminds: People Harness Hypercomputation, and More (Dordrecht, The Netherlands: Kluwer). (2003) ISBN 978-1402010958 with Ferrucci, D. Artificial Intelligence and Literary Creativity: Inside the Mind of Brutus, A Storytelling Machine (Mahwah, NJ: Lawrence Erlbaum).(2000) Abortion: A Dialogue (Indianapolis, IN: Hackett).(1997) What Robots Can and Can’t Be (Dordrecht, The Netherlands: Kluwer).(1992) Soft Wars (New York, NY: Penguin USA). A novel.(1991)