Article Archive

Could self-healing electronics slow down e-waste?

December 26, 2011 (posted by Ng Chong) - E-waste is not easily biodegradable and is laden with toxic substances such as arsenic, lead, mercury, cadmium, flame retardants, which poses a threat to human health and the environment if not properly disposed and recycled. It is the fastest-growing part of the world garbage stream, thanks in part to the short lifespan of most electronics. Self-healing materials developed at University of Illinois prSelf-healing electronicsomise to extend the longevity of electronic devices. At the heart of this biologically inspired behavior is the dispersion of tiny microcapsules, filled with a liquid metal on top of gold lines of circuits. A failure in the circuit causes the microcapsules in the path of the crack to rupture and release the liquid metal contained inside, restoring conductivity in a split microsecond, without human intervention. Read source article (Image credit: Scott White).

 

The Internet of Energy

December 17, 2011 (posted by Ng Chong) -  Following the mega-disaster of 2011/03/11 that put out of operation key nuclear power plants in Japan, adding intelligence to power utility networks has become one of the mosPower transmission linest sought after goals in energy management.  Founded in September, the Digital Grid Consortium has recently announced plans to build a granular, smart grid architecture that will be able to efficiently track and direct the flow of power units in any direction by tagging them with information similar to the way data packets are routed on the Internet.  For increased robustness against failure and manageability of power variations, the grid is partitioned into many autonomous cells that are interconnected by power routers to the backbone. Photo credit: © TebNad/iStockphoto

 

World's first terahertz frequency radio chip

December 3, 2011 (posted by Ng Chong) - Osaka University and Rohm have jointlyWord record radio chip developed a terahertz frequency radio chip measuring 1.5x3 mm, capable of a data transmission rate of 1.5 gigabits per second. Until now semiconductor devices operating in this high frequency band are generally large and their top speed is 0.1 gigabits per second. The researchers forecast that even higher bandwidths of up to 30 gigabits per second may be possible and the chip's production cost would come at US $1.30 per unit. Read source article from Physorg.com (Image credit: Rohm/Osaka University)

 

Could W3C's 'Do Not Track' put users in control of their privacy?

November 20, 2011 (posted by Ng Chong) - Online advertising is a multi-billion dollar industry.  To increase revenue, ADs are increasingly targeted at consumers based on data collected about their web browsing habits, W3C logousing such methods as click tracking and search terms.  Seeking a balance between the privacy concerns and demands for consumer data, W3C released in this month two draft speciffications that define how users can tell a website their privacy preferences and how a website should comply with the 'Do Not Track' settings.  Both Microsoft's IE9 and Firefox are expected to implement some flavor of 'Do Not Track', but there isn't any mechanism in place at this point to ensure that websites will always honor users' privacy settings.

 

Japan's K Computer is World's Fastest Supercomputer

November 5, 2011 (posted by Ng Chong) - The K Computer at the Riken Institute for Physical and Chemical Research in Kobe, Japan has broken its own world record, achieving a top speed of over 10 petaflops per second.  Back in June, when it became the world's fastest supercomputer, it revved up a peak performance of 8 petaflops per second which was three tK-Computerimes speedier than the previous world record held by China's Tianhe-1A according to the latest Top500 list.  It is more powerful than the next five systems on the list combined. Japan and China claim four of the top five spots on the list, while the United States run five of world's top 10 supercomputers.  The K Computer will retain its world status in the forthcoming release of the Top 500 list on November 14, according to Jack Dongarra, who oversees the list. Read more  (Photo credit: RIKEN)

 

W3C's XML encryption standard cracked

October 30, 2011 (posted by Ng Chong) - A team of security researchers claim to have broken XML encryption, which poses a real threat to many online transaction systems that depend on this standard for securing transmission of sensitive data. It is widely used in web service frameworks of major commercial and open-source organizations, Unlocked padlockincluding Apache, RedHat, IBM, Microsoft and Amazon.  The flaw lies in the cryptographic weakness in the cipher-block chaining (CBC) mode recommended by the W3C.  The researchers have demonstrated a practical attack on a major web service implementation based on the Apache Axis2 XML framework.   In addition to exploiting the uncovered flaw, the technique also requires the availability of an 'oracle', often provided in a web service implementation, which returns error messages when ciphertexts are incorrectly formed.  The standard has never been updated since its ratification in 2002.  The researchers don't believe that there is a simple fix but changing the standard.

 

UNU Calendar – automatic aggregation of online content from varied sources

October 23, 2011 - The UN University (UNU) is a global university with campuses around the world.  Each campus maintains their own website. Wouldn’t it be nice to have a facility where users can browse the present, past and future activities of UNU in one place? UNU Calendar
Relying on a manual process of information discovery and capture to compile the geographically dispersed content would add much undue burden to the UNU workforce.  The UNU Calendar project (http://portal.unu.edu/) looks into harvesting research and scholarly activity information from scattered, disparate UNU websites in a timely, efficient and transparent manner with as little human intervention as possible. Ng Chong of UNU Campus Computing Centre has developed computer algorithms and heuristics to meet this goal with a good degree of success.  Read more

 

Full-duplex breakthrough could double WiFi capacity without additional cell towers

October 16, 2011 (Posted by Ng Chong) - Full-duplex transmission refers to the ability to send and receive simultaneously. This effectively increases network throughput twofold.  Two-way communications over wireless networks were long thought impossible without using a different frequency to send and to listen. To see the challenge imagine what happens if two people speak to each other at the same time - neither can hear the other.Full-Duplex Wireless

A breakthrough from Rice University promises a practical solution that is not only possible to achieve full-duplex on a single frequency but also requires no new hardware on mobile devices. The key to the innovation is self-interference cancellation, which can be described as a mechanism used to silence locally the speaker's own sound in the analogy of two people speaking at the same time.  Read the full article

 

Next-generation defense against adaptive malware

October 9, 2011 (posted by Ng Chong) -  The possibility of predicting crime before it happens, populMinority-Report-Cool-UIarized by Steven Spielberg's Minority Report is no longer a far-fetched idea.  It is an active research area that has gone beyond the confines of crime fighting and crime prevention.  The same enthusiasm is manifested in the virus-antivirus arms race.  Read more ...

 

Augmenting touch screen with around-the-screen interactivity

September 27, 2011 (posted by Ng Chong) - Not satisfied with the size of your touch screen?  A team comprised of researchers from Intel, Microsoft and the University of Washington developed Portico, a tablet Portico: Tangible interaction on and around a tabletcomputer that extends on-screen interactivity to the space surrounding the tablet screen. See the video that demonstrates a number of proof-of-concept applications.  

 

 

Solving social challenges with crowdsourcing

September 3, 2011 (posted by Ng Chong) -  If you 've got your cell phone handy and if you 've got the right apps, you can be a better citizen by turning the mobile data you collect into civic action.  Stagnant waterSome of the new possibilities are coming from the Social App Lab at CITRIS, which develops free game-based apps that aim to harness the collective power of large-scale citizen participation in social issues.  Dengue Torpedo is one of their projects whose game objective is to earn points by identifying and destroying potential mosquito breeding places on a map, as well as recruiting new players.

 

Privacy watch: from cookies to supercookies

August 21, 2011 (posted by Ng Chong) - HTTP cookies are not new and many websites today would not work without them.  They are small plain-text files (up to 4KB) that are stored on your computer when instructed by the Web site you are visiting.  They are typically used to track information about you on your computer as well as to customize Web sites based on the state information collected. Cookies  The main concern with cookies is their stealth use without people's knowledge or permission in harmful ways.  Browsers provide various ways to block certain tracking cookies if desired. However, the advent of supercookies has radically changed the landscape of online privacy. Read more ...

 

A formula to optimize cloud costs

July 18, 2011 (posted by Ng Chong) -  Cloud computing offers a cornucopia of almost unlimited compute capacity.  But the instant scaling and addition of near-unlimited resources also means that cloud costs can quicklyCloud computing grow out of control, particularly for the heaviest users like research institutions.   Reseachers from Swinburne University of Technology who have been working with large raw data and intermediate data sets (which are derived from the initial data), developed a mathematical model and an intermediate data-dependency graph to reduce cloud usage charges. The solution can assist in finding a balance between storage and computation cost, and to advise on what intermediary data to keep in the cloud.   Read the full article.

 

Wildlife Enforcement Monitoring System Initiative Website Launched

July 10, 2011 - The working group of WEMS (Wildlife Enforcement Monitoring System) Initiative has launched an information website to facilitate dissemination of the activities and results of the project.  Image credit:  "United Nations Cloud for the Advancement of Information Ecosystem in Africa with a Special Focus on Wildlife Enforcement" by Ng Chong.  Connecting the dots

 

Uncovering botnets using DNS analysis and machine learning

June 26, 2011 (posted by Ng Chong) - Botnets rely on a host of tactics, including malicious, agile use of DNS such as by hiding themselves in new domain names to evade static blacklists and intruBotnet IMDDOSsion detection systems.  A dynamic domain name reputation model based on changes detected in the DNS infrastructure, focusing on the query characteristics and analysis of the domain network and zone features can lead to the early detection of botnets, according to research from the Georgia Institute of Technology. The researchers have reported recognition rates greater than 98 percent.  Read the full article

 

Who sends the most spam?

June 13, 2011 (posted by Ng Chong) -  Spam need no introduction.  Every day a deluge of spStop Spamam mail floods the Internet wasting countless computing and human resources.  Hijacked computers are spam havens and as their number continues to grow by leaps and bounds, the problem is not getting better.  Read more  

 

Wildlife Enforcement Monitoring System (WEMS)

May 29, 2011  - The Lusaka Agreement Task Force (LATF) in collaboration with the United Nations University and the Faculty of Geo-Information Science and Earth Observation (ITC) of the University of Twente organized a regional training on Wildlife Enforcement Monitoring System (WEMS). Read more

 

Audio CAPTCHAS Cracked

May 29, 2011 (posted by Ng Chong) - CAPTCHAS (short for Completely Automated Public Turing test to tell audio captcha Computers and Humans Apart) are often the  first line of defense to protect web forms from intrusive, automated attacks such as spambots. Read more

 

An Inexpensive Optical Multitouch System

May 18, 2011 (posted by Ng Chong) -  At the Computer Human Interaction conference in Vancouver, researchers from Texas A&M University showcased how their ZeroTouch system built using conventional infrared sensors turned a regular computer screen to a multitouch surface.  When stacking multiple layers of ZeroTouch, the researchers envisage that depth-sensing becomes possible to support 3-D multitouch experience.  Read more

 

Harnessing ubiquity for new designs

May 6, 2011 (posted by Ng Chong) - One fascinating form of scientific creativitAny wall touch-sensitive interfacey consists of looking for ways to transform something widely abundant into a unique outcome that is useful in our daily lives.  There are many manifestations of this type of human ingenuity in R&D.  Read more

 

 

Internet freedom

May 1, 2011 (posted by Ng Chong) - The Internet and its advances have enabled development and growth in all walks of life, for good or ill across the globe.  Internet technologies and open social networking are fueling citizen Freedomparticipation in promoting change in local governments and even protests and revolutions, like those that are sweeping across the Middle East and North Africa.  Unfortunately, the right to online freedom and information privacy is illusory when repressive governments impose censorship and blocking control on Internet communications to discourage their citizens from expressing freely online. Read more

 

Contour - an open source context-sensitive approach to user interface design

April 16, 2011 (posted by Ng Chong) - Traditionally,  data type and application have been locked in Contour context-sensitive UIa one-to-one static relationship. You access one type of data using a default application. It is very much an application-centric user environment where there is a single point of entry to your information regardless of user activities and personal usage patterns. The user interface (UI) has no awareness of user preferences for different contexts and activities.  Adapting the UI to the changing information context is the main idea behind the Contour project. Read more

 

What if a digital certificate authority gets hacked?

April 9, 2011 (posted by Ng Chong) - Secure communications and commerce on the Internet rely on encryption to Browser closed lock iconguarantee confidentiality and integrity of the interactions between websites and their visitors.  Secure websites' URLs begin with "https" and are typically identified with a closed lock icon on Web browsers. In addition to data encryption, these sites make use of a chain of digital certificates to prove their authenticity to Web browsers.  These certificates are issued and signed by a growing number of certificate authorities that browser makers trust.  According to the Electronic Frontier Foundation, there were 676 organizations issuing certificates as of December 2010. Read more

 

 

Free software for sensing seismic activities using your home computer

March 27, 2011 (posted by Ng Chong) - If you own a laptop, chances are that you QNC Sensor Mapalready have most of what you need to detect seismic activities. Modern laptops come with accelerometers that can detect sudden movement and prepare the hard drive for impact.  The same technology can be used to turn your computer into a seismic monitoring station for your area.  The pervasiveness of sudden-motion sensor and the abundance of aggregate idle time of computers connected to the Internet form the technological basis of the crowdsourcing initiative, Quake-Catcher Network.  The primary goal of this collaborative strong-motion seismic network is to support worldwide earthquake safety and earthquake education by utilizing the sensors in or attached to Internet-connected computers. Software for your computer and educational materials can be downloaded from the Quake-Catcher Network website.

 

Computer simulation shows the propagation of the deadly tsunami that devastated the east coast of Japan and beyond on March 11, 2011

March 21, 2011 (posted by Ng Chong)  Credit: National Oceanic and Atmospheric Administration (NOAA)'s Center for Tsunami Research. The real-time tsunami forecasting animation is based on the MOST model developed by Titov of PMEL and Synolakis of University of Southern California.  According to NOAA, the tsunami was registered at a tsunami detection buoy within approximately 25 minutes after the earthquake, which unfortunately left very little time for the coastal communities of Japan to perform a mass evacuation.

 

What is wrong with shortened links?

An example of a popular link-shortening service

March 05, 2011 (blurb by Ng Chong) - Link-shortening services are heavily used in popular sites like YouTube and Twitter.  Long URLs are hard to pass along and when they wrap multiple lines, they can break HTML formatting and become unclickable in many cases.   Shortened links prevent this problem and make input of long URLs efficient.  Some link-shortening services even offer web analytics capabilities.  According to a study conducted by the Foundation for Research and Technology and Microsoft Research, shortening services introduce a delay of less than half of a second, which has little impact on user experience.  However, the study warns the possibility of an overall performance degradation if usage continues to grow, which could eventually drive up the latency to a point that is perceptible by users.

Read the full article

 

Cryptography's holy grail?

February 4, 2011 (synopsis by Ng Chong) -  Public cloud computing offers enormous compute flexibility and scalabilty and is quickly becoming a viable alternative to building ySecure cloud - Credit: Technology Reviewour own data center.  However, security remains a concern when your cloud-resident application has to process private and sensitive data such as health records and financial transactions.  While encryption can be used to protect the end-to-end transmission between the local source and the cloud and keep the data secure at rest, the encrypted data is required to be decrypted first into clear text before any computations can be performed on them.  A new ground-breaking development known as homomorphic encryption could be a foundation to eliminate this security weakness and radically enhance security in distributed computing.

Read the full article

 

A new wave of wearable products

Wearable Computing

January 17, 2011 (synopsis by Ng Chong) - Hewlett-Packard (HP) is developing a working prototype of a lightweight, wearable device that can view digital maps and other data.  It will be built using a plastic film that is lighter and thinner than glass and can be stored in rolls.  "You can start thinking about putting electronic displays on things where you wouldn't ordinarily think of having them," says Arizona State University's Nick Colaneri, a scientist and director of the Flexible Display Center at Arizona State University. "How about a stack of thin displays that I can peel off and stick on things, sort of like a pad of Post-it notes?"

Read the full article

 

Faster and greener numerical simulations

January 3, 2011 (synopsis by Ng Chong) - Usage of Two-phase fluid flow with coupled particle droplets GPUs (graphics processing units) in high-performance computing is on the rise.  Multi-GPU based parallel  architectures not only accelerate computations but also are more energy efficient less than similar architectures using standard processors.   The Fraunhofer Institute for Algorithms and Scientific Computing (SCAI) and the University of Bonn have teamed up to develop parallel multi-GPUs software for numerical simulations, which are essential in industrial production such as the creation of new materials and simulation of material strength and fluid dynamics.

Read the full article

 

1760 PlayStation 3s power the 35th fastest supercomputer in the world

December 24, 2010 (synopsis by Ng Chong) - The Condor Cluster, developed by the U.S. Air Force Research Laboratory at WrightPatterson Air Force Base, consisting of 1760 Sony PlayStation 3s is the world's 35th fastest supercomputer and the world's 7th greenest supercomputer.  The Condor Cluster can deliver up to 1.5 GigaFLOPs and will be used to process high-resolution satellite images and enhance surveillance capabilities among other application areas. 

Read the full article

 

Solid State Banknotes

December 21, 2010 (synopsis by Ng Chong) - Researchers from Germany and Japan demonstrated a technique to incorporate electronic circuits in banknotes from a range of currencies without damaging the fragile surface of the banknotes.  Computation capabilities added to banknotes may one day be used to enhance the current anti-counterfeiting and tracking features.

Read the full article

 

Self-powered MicrochipsSource: Univerity of Twente

December 12, 2010 (synopsis by Ng Chong) - Researchers from Europe and Asia demonstrated the feasibility of integrating solar cell technology into electronics that have power requirements below 1 milliwatt. 

Read the full article

 

Open Petascale Libraries (OPL)

November 18, 2010 (synopsis by Ng Chong) - Supercomputers are being used in a range of scientific disciplines to study large-scale complex systems and expand our understanding of the origins of matter and the universe.  It has been a challenge for scientists to develop petascale-class supercomputing applications that can parallelize and coordinate the computations across a massive number of multi-core processors.  Fujitsu Laboratories of Europe recently launched an international effort to develop an open source mathematical library (Open Petascale Libraries) project that can serve as a development platform for petascale-class supercomputer applications. The OPL technology also will be used to build a next-generation supercomputer called the K computer, which is being developed in Japan. 

Read the full article

Graduate students build a 33 Teraflop GPU Cluster

November 11, 2010 (synopsis by Ng Chong) -  Watch how a group of students from University of Illinois built ahttp://gladiator.ncsa.illinois.edu/vidcasts/greengpu/greengpu.jpg supercomputer using Nvidia's C2050 GPU (Graphics Processor Unit, traditionally used for rendering graphics).  With a recorded performance at 33.6 teraflops and 938 megaflops per watt captured third place in the Green500 competition, a ranking of the world's most energy-efficient supercomputers. China's Tianhe-IA (meaning Milky Way in Chinese), a CPU-GPU hybrid was ranked the fastest supercomputer in the world.

Intelligent Traffic Lights

September 15, 2010 (synopsis by Ng Chong) - Researchers at TU Dresden's Institute of Transport & Economics and ETH Zurich developed a self-organizing traffic light control solution to ease traffic congestion using traffic-responsive operating rules based on real-time traffic conditions.  Unlike the classical cycle-based coordination of traffic lights, which are less adaptive to random or irregular traffic flow variations, the new technique uses decentralized optimization strategies to determine how long lights should stay green and how one set of lights would after others to respond.  Computer simulations show that lights operating this way would achieve a reduction in overall traffic times by 10 percent to 30 percent.

Read the full article

Secure Cloud Computing

August 2, 2010 (synopsis by Ng Chong) - The pay-as-you-go model of cloud computing is attractive but it is not for everyone and every application.  Studies have shown that the number one obstacle for widespread adoption is security.  A project launched at the University of Texas at Dallas aims to provide a secure cloud environment using a number of open source tools, including Apache’s Hadoop distributed file system, Google’s Mapreduce and the University of Cambridge’s XEN Virtual Machine monitor as the infrastructure foundation.

Read the full article

Robot to the Rescue

July 30, 2010 (synopsis by Ng Chong) -  QUNICE, a rescue robot developed at Chiba Institute of Technology, using infrared and carbon sensors enable it to sniff out disaster survivors trapped under rubblQUINICEe and build 3D maps of a quake ravaged site as it crawls.  Its tank-like design makes it ready to climb tough terrains and slopes as steep as 82 degrees.  It has a robotic arm that can be tele-operated to deliver first-aid supplies and cellphones to victims. 

Read the full article

Japan's Grape-DR is the World's Most Energy Efficient Supercomputer

July 8, 2010 (synopsis by Ng Chong) - Grape-DR, developed by the University of Tokyo and the National Astronomical Observatory of Japan was ranked first in Little Green500 List.  Grape-DR has a computing performance of 24.67 TFLOPS and a performance per unit power consumption of 815.43 MFLOPS/W compared to the 773 MFLOPS/W of the second-ranked IBM supercomputer system located in Germany.  The supercomputer system combines 64 pairs of Intel's Core i7-920 microprocessors and a board with 4 Grape-DR accelerator chips, which enhances the total computing performance by about 5 times.

Read the full article

Cloud Computing 1.0 meets science

June 18, 2010 - Early performance results of using the U.S. Department of Energy's Magellan cloud computing testbed for scientific computations suggest that commercially available clouds are not fast enough for science. "For the more traditional MPI (message passing interface) applications there were significant slowdowns, over a factor of 10," says National Energy Research Scientific Computing's Kathy Yelick.

Read the full article

Effects of long term use of multitouch devices on healthSource ACM: a thin form-factor interactive surface technology

June 8, 2010 -  When the keyboard was designed as a computer input device, little was known and thought about the potential long term health hazards associated with typing.  Some studies have shown that repetitive high volume data entry requiring intensive keyboard activities can lead to damages on the tendons that run from the hands to the forearms.  With multitouch interaction becoming the default input method for the nascent computing devices (e.g., iPad), scientists at Arizona State University are gearing up to investigate the potential musculoskeletal stresses the prolonged use of multitouch systems can place on our bodies.  The results of this study can provide substantive refinement feedback to the design of multitouch systems.

Read the full article.

The Jaguar SupercomputerChina's Dawning Nebulae is World's Second Fastest Supercomputer 

May 31, 2010 -  The Dawning Nebulae based at the newly built National Supercomputing Center in Shenzhen, China, with sustained computing speed measuring at 1.27 PFlop/s against the 1.75 PFlop/s world record achieved by the Cray Jaguar supercomputer,  claimed the second place in the latest semiannual ranking of the world's fastest 500 computers.   Nebulae is based on chips from Intel and Nvidia. China is expected to challenge the US dominance in supercomputing with their next system, which will be built using Chinese designed components.  

Read the full article

ICANN CEO resists to the call for UN control of Internet Addresses

May 25, 2010 -  No end in sight to the ongoing debate about whether the United Nations would be in a better position to coordinate the Internet's naming system than ICANN, which has until recently reported solely to theICANN U.S. government.  

Countries such as Iran and Brazil have repeatedly advocated for a global body like the United Nations to run the Internet. However, ICANN CEO Rod Beckstrom warns that "Multilateral state control could make ICANN less nimble and therefore less likely to quickly develop technologies such as Arabic-language domain names that feed rapidly expanding Internet demand.".

Read the full article

Using compute power from Amazon.com for cancer treatment 

May 12, 2010 -  Radiation therapy that targets tumors require complex calculations to map theCloud  cacm.acm.org precise area to be treated with as little damage as possible to surrounding healthy tissue.  These calculations can take hundreds of hours of processing on sophisticated computers, which are often unattainable for clinics to buy and maintain.  

Clouds provide a powerful compute infrastructure at a modest cost and are a catalyst for innovation.  Researchers at University of New Mexico turned to cloud computing when they learned that clinics could buy computer time at $0.10 an hour from Amazon.com. They reduced the problem into pieces that could run on 200 nodes.  This approach, if successful, can lead to more effective and lower cost radiation treatments with fewer side effects for patients. 

Read the full article

Is Amazon EC2 Really What You Need?

I like the concept of Amazon EC2, which allows you to rent computing power by the hour.  Amazon AWSTheir entry level spec is called 'small', and costs $0.12 per hour for a Windows server based instance at their cheapest data center in Virginia USA, it provides you with the following:

    * 1.7 GB memory
    * 1 EC2 Compute Unit (1 virtual core with 1 EC2 Compute Unit)
    * 160 GB instance storage

Ok, everyone knows what 1.7GB of memory is, and 160GB of disk space.  But what is an EC2 Compute Unit?

They describe that as "equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor", which unfortunately does not help much.

I set out to find out exactly how much power that is, by using PassMark's PerformanceTest 7.0.  By running that on a few machines I had access to, and Amazon's small EC2 I could get an idea how much processing power you can get for $0.12 per hour (about $87 per month).  Here are the results:

Core i7 920 @ 2.667Ghz - Passmark Score 5,706
Intel Dual-Core E5200 @ 2.50GHz - Passmark Score 1,574
Intel Pentium Dual E2180 @ 2.00GHz - Passmark Score 1,270
Intel Atom D510 @ 1.66GHz - Passmark Score 663
Amazon Small @ 1 Ec2 - Passmark Score 343

These scores are based on PassMark's CPU test only, and were not designed to test all aspects of the computer.  With so much variation between disks, network and video performance I was really only interested in the raw CPU power.

The results were disappointing to say the least.  You can purchase an entire computer based on Intel's Atom processor for $300 - $400 on the market right now (no monitor or keyboard).  That much financial outlay will get you a machine with nearly twice the CPU power of Amazon's small EC2.

It would take you nearly 17 of these Amazon small EC2 computers to provide you with the same level of CPU power of a single i7 920 processor.  So, if you want the i7 computing power on Amazon's cloud it would cost you $1,468.80 per month.  With numbers like that you really need to do your homework, if you require something that is CPU intensive for long periods vs. burst usage for only a few hours you may be better off buying than renting.

Nintend Wii Remote

Nintendo Wii remote in the classroom

May 5, 2010 - If learning is to be fun, turning Nintendo's Wii remote into a teaching tool in a computer engineering course is certainly one step in this direction.  Students at Iowa State University are writing software that enables the Wii remote to send data collected through its sensors about spinning pedals of a bicycle to a computer instead of a game console, and turn that into useful information about cadence and rider's movement and efficiency.

Read the full article

Mind-reading Devices by 2020?

April 22, 2010 - The Japanese government, in partnership with the private sector and univerities aims to develop mind-reading consumer electronics and robots in 10 years. Electronic AFB Filedevices and robots would have a brain-machine interface to detect and analyze the brain waves and brain blood flow patterns to respond or make a suggestion to users' wishes.  For example, a person wearing a sensor-mounted headset would be able to control a TV or send text messages "telepathically".

Read the full article

Stealing what Google knows about you

April 21, 2010 - In an era when giving away some of our privacy means more onGoogle personalized suggestionsline convenience, we are increasingly enticed not to think about that our privacy could be at risk.  Personalized services on the Internet, such as, Google's auto suggest feature, rely on personal information that they capture about the user. The concern is that if this information is not properly protected, it could be hijacked for malicious purposes.

In a test of Google's privacy protections, a group of researchers were able to reconstruct users' Web search histories by intercepting cookies from Google's Web History service.  This was possible because certain elements of search queries employed by this service were sent in clear text over the Internet.  The report mentioned that Google responded responsibly to this vulnerability by always encrypting the communications related to the Web History service. However, the researchers noted that search suggestions available on  mobile phones remain vulnerable. 

You can monitor a maintained list of vulnerable services hereRead the full article

Unlimited High Performance Cloud Storage?

Unlimited High Performance Cloud Storage?A new product has hit the market, with unlimited storage in the cloud combined with local network caching to maximize performance and reliabality.  Impressive technology, will it take off?

Read full post about this new storage concept.

Combining pen and touch interactions in a new user interface design

April 12, 2010 -  Touch interfaces, through gestures, such as, holding, tapping, dragging and crossing, allow users to manipulate objects onscreen, for example, zooming in and out of an image.  However, many actions that we perform with computer objects, like images, require certain level of precisiTouch+Pen interfaceon, which are not possible with touch interactions. A  research project called Manual Deskterity goes beyond just touch by enabling simultaneous pen and touch inputs. A short video demonstrates how touch and pen interactions can complement each other.  For example, one hand holding an image onscreen while another hand using a pen to annotate the image or perform other actions, such as a precision cut. 

When is it coming to mobile devices?

Read the full article

Replicating ColdFusion Configuration Within A Cluster

ColdFusion LogoIf you have multiple ColdFusion servers in a cluster, keeping the configuration in sync can be quite a bit of work, especially after a server melt down.

Read Full Post...

Intel Multicore Processor

New technique allows inherently serial programs run faster

April 5, 2010 - Despite continuing advances in processor architecture and technology, highly serial programs, like word processors and Web browsers are difficult to benefit from the parallel processing power of multi-core processors, which are common in today's computers.  These applications consist of many steps that must be run one after another, making them difficult to run on more than one core at a time.   Although the execution logic is rather sequential, the memory operations and management associated with many of the progam steps is repetitive and parallelizable.  Researchers have found that by offloading dynamic memory management to a separate thread, common computer programs can run up to 20% faster.  The new technique also opens avenues to incorporate new security measures in memory management without having any impact on the program's performance.

Read the full article

PeopleSoft Enterprise Documentation - On Kindle!

Oracle LogoIf you are an Amazon Kindle user, and an Oracle PeopleSoft user you may be interested in knowing that Oracle has released a number of documents specifically formatted to your Kindle.  Always nice to see things being relased in new formats, thanks Oracle.

Secure one-click access - no user ID and password required

April 5, 2010 - Imagine you can securely authenticate to an online site without having to type your user ID and password. All you need to do is to open the login page on any computer, and scan a 2D image code with the aid of your smartphone, which is running a special software.  This is exactly the new approach a group of computer scientists from Tubingen University are proposing.  Such a solution will not only save users the trouble of memorizing and entering login credentials when accessing a password protected site, but it also solves the common security threat problem posed by keyloggers, trojans that can steal user passwords for malicious purposes.

Read the full article

Green CampusNew world record in energy-efficient sorting algorithm 

March 26, 2010 - Using low computing power processors and fast SSD (Solid State Disks), scientists achieved an impressive energy efficiency record of 0.2 kWh to sort 1TB of data, which is 3 to 4 times more power economical than the previous record set by the team from Stanford University. Sorting was chosen as it is a core step in data processing and analysis.

The result highlights the importance of the design of fast algorithms in an increasingly energy hungry world. The use of low processing power but energy efficient hardware can be compensated by fast algorithms. 

Read the full article

Adobe Flash

HTML 5 - a challenge to Flash

March 23, 2010 - An estimated 98% of the computers connected to the Internet have the Adobe Flash Plugin installed. Experts point to HTML 5, a nascent open Web standard, still in the draft process as a strong challenger to the ubiquitous status of Flash.  Browsers with full support for HTML 5 bring advanced rich media and interactive capabilities to end users without the burden of downloading and installing any plug-ins. 

Less dependency on browser plugins makes the Web a more robust and flexible development platform to deliver quality video streaming experience and highly interactive applications.  HTML 5 will permit developers to use Javascript and CSS to achieve a more seamless integration of the rich media elements (e.g., video player) into their website designs. 

There is little doubt that HTML 5 will not be widely supported, but it remains to be seen how it will be implemented in the different browsers and how they fare in terms of performance with respect to each other and Flash.

Read the full article

VoIP delays may mean information leak

February 25, 2010 - The benefits of VoIP are numerous, to name a few, calls are cheaper as it uses the Internet as the backbone, rather than PSTN lines which you pay for each minute of usage; richer and more sophisticated user experience, like visual voicemail, calling by clicking a link on a website or from an integrated application and  location-independent lifetime phone numbers.

A less known application area is steganography.  Researchers at Warsaw University of Technology in Poland have demonstrated that it is possible to manipulate voice streams to embed secret information in certain packets. In fact, one technique known as LACK (Lost Audio Packet Steganography) can be used to hide information in certain deliberately delayed packets, which a normal receiver will discard but a LACK-aware receiver can detect and recover the secret information from the altered VoIP stream. Their study shows that the intentional packet delays are not easy to distinguish from routine packet delays and drops. 

Read the full article.

Unmasking the anonymous user

February 23, 2010 -  A new form of attack is threatening to make it harder for users to hide their identity when browsing the Web. A group of researchers from Vienna University of Technology have developed the “de-anonymization” attack to discover the identity of the user behind the browser by stealing the browser history and probing for previous visits to social networking sites.  If you are a member of a social network (e.g., Facebook), your identity can be revealed when you visit a malicious site that contains the de-anonymization code.  

Traces about the victim’s fingerprint are often encoded in the URL itself.  For example, the Facebook application URLs contain the user ID and group ID:  

   http://www.facebook.com/ajax/profile/picture/upload.php?id=[userID]+
   http://www.facebook.com/group.php?gid=[groupID]&v=info&ref=nf+

A successful attack would need to have access to the history containing visited links to a social networking site, which supports member directory and group directory searches.

The researchers carried out a proof-of-concept attack against Xing, a German social network with a membership of over 8 million users, achieving a success rate of 42%. 

There is currently no fix for the attack.  All the mainstream browsers are vulnerable but you can reduce the risk by turning off browser history or using a private browsing mode.

Read the full article

Working Under Heavy Loads

If you have ever developed a web based application that has to operate under heavy loads (several hundred simultaneous users or more) you know it is not the same as building an application for only a handful of users.

Under load you run into all types of interesting problems, such as memory space corruption, record locking in databases and general performance issues of a single machine.  Load balancing (software or hardware) can allow you to spread your application over a number of CPUs which can help with the heavy lifting.

Hip Hop For PHPWhat if you could squeeze as much as 50% more out of your existing CPUs!  That would be a great benefit to your application and reduce the number of servers you need.  Or keep the same number of servers and let your users reap the benefits.

According to a recent blog posting by Facebook, they have released an open source PHP code transformer.  You develop your applications in PHP as normal and prior to deployment you can transform the code with HipHop for PHP into compiled C++.  The Facebook team has been using the technology for a while, and have seen CPU reductions by as much as 50%.  If you are a PHP developer looking to improve your application performance this is something you will want to investigate.

Protecting yourself from a $120,000 phone bill

In January 2009 a company in Australia suffered a massive phone bill of about $120,000 when their VOIP telephone server was compromised.  Unfortunately this sort of thing happens more than you might think.  How are these phone systems being hacked?

It is actually quite easy if the administrators for the office phone system do not take the necessary precautions.  A LOT of people use the same password for their phones as the extension number.  So if they have extension number 104 they use the same password - not very smart. Setting a more complex password would probably have prevented the attack.

Will a firewall protect you from the bad guys?

Probably not...  Most VOIP phone systems have either SIP or AIX2 ports open so they can communicate with Internet based phone service providers.  Attackers looking to use your phone server to make phone calls roam the Internet looking for victims, those who use a password that matches their extension are the easiest targets.

The open source community makes adjustments

Free PBXAn update to FreePBX, which is used to power many Asterisk based phone systems (including Trixbox & PBX in a Flash) has added two new security features to aid phone administrators with increasing security on their extension numbers.

The first enhancement is a new module that requires all extension passwords contain at least two numbers and two letters.  This seemingly simple change in itself will significantly reduce the chances of a hacker guessing your extension password.

The second, more powerful change is the ability to add a network IP address or address range for every extension (as of version 2.5.1.1)  Even if someone attempts to hack your system by guessing your password, if they are not doing it from the IP range you specify they will not be able to make any calls.

The combination of these two new features really will make the life of hackers a lot harder to make phone calls on your dime, and they will quickly move on to the next phone server they find unprotected.

 

The world's smartest computer wins Jeopardy's best players

IBM Watson

February 17, 2010 (posted by Ng Chong) -  For many years AI (Artificial Intelligence) has epitomized its prowess in mathematical games and puzzles.  AI astonished the world when IBM's Deep Blue supercomputer became the world's best chess player after defeating the World Chess Champion, Garry Kasparov.  It may seem that this victory has narrowed the gap between human intelligence and machine intelligence, but arguably it is the sheer speed at which Deep Blue computes what-if chess moves that makes a difference in the man versus machine face-off. 

Read more

 

An Asterisk Failover Solution?

Asterisk

We have been looking at ways to implement Asterisk based phone systems with some level of redundancy.  We already have one Asterisk phone system that uses a cluster for load balancing and redundancy... but the system as implemented is a bit expensive as it was developed by some Asterisk consultants.

We are looking to put Asterisk in some smaller offices, and don't need real time load balancing.  With support of these new systems being remote having a machine standing by is a nice idea, especially if it can be done for minimum cost.

Today I found FLIP1405 which is a fairly simple script that will allow a pair of Asterisk servers run in an active/passive configuration.  The important configuration files are copied between the servers on a regular interval and when one server stops working the second server will automatically take over.

So if the primary server gets shut down, or looses a hard disk the second server should come up quickly and take over.

Machine over Mind?

February 2010 - IBM Pioneer Arthur Samuels built the world's first chess-playing machine that could learn from experience in the 1950s. Forty years later, IBM's Deep Blue became the first machine to defeat chess champion Garry Kasparov in a full match.  The high performance computer capable of evaluating 200 million positions per second gave Deep Blue the advantage on a chess board.  Upcoming IBM supercomputer, codenamed Watson aiming to rival human contestants on America's quiz show, Jeopardy will make this restricted form of artificial intelligence pale in comparison.

Unlike the mathematically well-defined chess game, the Jeopardy-playing machine has to make use of the massive parallelism power to deal with real-world ambiguity and complexity in natural language questions, over vast domains of knowledge.  In the contest, if a player buzzes in and gets a wrong answer, he or she is penalized. Therefore, the competition demands high speed in processing natural language questions and computing the confidence and accuracy relationships in answers constructed from the knowledge bank.  

Will computers one day pass the Turing test?

Read more

Security with CFQUERYPARAM & MS SQL Server

Here at United Nations University, we operate mostly in English.  We do however get involved with some Japanese and other official UN languages from time to time.

When developing database driven applications to support foreign languages some care must be taken to ensure the characters can be both inserted and retrieved successfully from the database.

If you attempt to insert high level ASCII characters or Unicode into a database it will default to the character set defined at the database level.  If you have a database defined using Latin collation, and you insert Japanese characters the encoding is lost and you will end up with gibberish.

One technique in MS SQL is to insert the string text with a capital N at the beginning of the string, like this:

insert into mytable
(id, text)
values
(4,N'δΎ‹')

The capital N before the string informs MS SQL to apply no collation and forces the server not to treat it as any particular language.  This solution works nice, you can input any character collation you wish and life is good.

Enter SCRIPT INJECTION attacks

Anyone who monitors their website logs has undoubtedly seen SCRIPT INJECTION attempts on their server.  It is basically a way for hackers to attack a website and try and gain control of the server itself or change the website content.

ColdFusion has a nice command called QFQUERYPARM which you can use to protect yourself from injection attacks by wrapping strings to be inserted into a database with this tag.  Just one problem, it does not work if you are using the N trick to store the data in a neutral language format.

Not using the CFQUERYPARM would mean you must leave your application vulnerable to attack, or come up with your own cleaning function to insert code into the database and be sure you are protected from attack.  Leaving yourself open is not fun, and developing your own cleaning function is not fun either.

An easy way around this problem lays in the advanced ODBC configuration of ColdFusion (confirmed to work in version 8 & 9).  By selecting the string format option, ColdFusion is then enabled for high ASCII characters and Unicode. 

That's it!  You do not need to specify the N character anymore, and it just works.  This allows you to use the CFQUERYPARAM without problems.  Your data will be inserted into the database safely, and you are protected against script injection at the same time.

One more tip!  Don't forget in order to store any characters outside of the defined collation you need to define the data type of the field as ntext, nvarchar etc.

Can Computer Vision Make Programming Easier?

January 2010 - Graphical user interfaces (GUIs) have made our interactions with a computer easier and much more intuitive than text-only interfaces.  Imagine you can write a program to automate GUI interactions by taking screenshots of what is on the screen (e.g., icons and browser windows) without having to know anything about the code behind the GUIs. What new applications come to you mind?

A group of researchers at MIT have developed a visual programming framework called Sikuli that uses computer vision algorithms to search specified GUI screenshot patterns on your computer and provides an API to control the GUI behaviors programmatically.  You can find a list of demo applications here

Sikuli IDE Toolbar

I would love to have a program to fill out a bunch of forms for me and automate testing of GUIs we build at Campus Computing Centre.

Adding intelligence to your email server

January 2Open Source Email Filtering Tool010- Email has become the most popular vehicle for online communications and data exchange. The explosion of email usage not only has led to increased traffic, but also ever larger email attachments.  To guard against abuse and lessen the burden on email servers, ICT departments have set limits on the size of messages.  This has created a market for tools that allow for distributing files, which would be too large for email to handle, most commonly by uploading them to a Web server via a Web form or an email client plug-in.  

If you are using Sendmail as MTA for your mail server, there is a very easy way to replace automatically an email attachment with a URL, whenever the size of the attachment has exceeded a predefined threshold.  UNU Campus Computing has had experience using a C/Perl-based filtering tool called MiMEDefang to do this and remove viruses from emails.  MMEDefang works with the Sendmail Milter API.

 

Someone may be easedropping your private cellphone calls

December 2009 - A German security expert published online a guide for cracking the encryption algortihm that protects the privacy of over 8 billion GSM standard cellphone conversations.  While the rationale of the disclosure is allegedly purely academic, it is raising questions about the legality of releasing the decryption know-how in the public domain and the possibility of organized crimes taking advantage of the proven security weakness and further evolving the public code book to steal sensitive data in business transactions. 

The 21-year old encryption code under threat known as A1/5, is a 64-bit strong encryption algorithm.  Experts agree that the wireless industry should see the crack as a a shot across the bow and should do more to protect the privacy of the mobile calls, such as increasing the key size to 128 bits.  Read more here.

Silver bullet to stop web site attacks?

An indeterminate number of web sites are in the crosshairs of hackers’ attack machineries every day.   Hackers use an array of evolving techniques and tactics to obtain access to your network.   One of the most common form of cyber hacking is denial-of-service (DoS) attack, which uses a large number of machines from multiple locations to swamp a site with more traffic than the victim server can handle.  There is an interesting article about DoS here.

In general, cryptographic tools can’t be used to thwart DoS attacks as they only make the server resources depletion problem worse, which is the very essence of what DoS attacks exploit.   On the bright side, scientists from University of Bristol, at ASIACRYPT 2009 (Japan), discuss about a defense framework based on cryptography, which promises to make web site attacks computationally impossible.   The central idea is to overload the adversary machine when the server resources drop below a certain level by demanding the client to construct puzzles and return both the puzzles and their solutions to the server before the server starts responding to the request of the client. 

 

Full article:  http://www.bris.ac.uk/news/2009/6746.html

Protect yourself against malicous sites on the Internet

Do you know that you can query Stopbadware (http://www.stopbadware.org/home/reportsearch) to find out if a site poses any danger to your computer?

There are abundant security resources here: http://badwarebusters.org/main/resources, including a free scan service to determine if an executable can pass a number of popular malware scanners.

Can ICT departments keep their jobs?

Within the UNU we are seeing an ever increasing number of users consuming Web 2.0 services outside our enterprise, many of them for free or very little cost.

I recently came across this article at computerweekly that has quite a few points that hit home.

And if IT fails to grasp the opportunities of Web 2.0, many businesses will simply subvert or sideline the function, he warns.

the marketing department of one large pharmaceutical company asked IT for a fancy Web 2.0 collaboration environment and was told it was on the roadmap, but would not be in place for another 23 months. So the marketing people, who needed the tool the following week, used an open web platform instead. Soon, they were sharing confidential drug discovery pipeline information between Asia, Europe and the US on hundreds of these collaborative platforms. And IT had no idea this was going on.

In the 'old days' users within an organization did not have much choice, use the platform and software provided by the organization.  It would have been difficult for users within an organization to accomplish the collaboration system across multiple offices without the support of the ICT department.

Now, when the ICT department can't deliver the requested service users only need a web browser and they can get their needs filled outside the organization quickly and cheaply.

Yes, the ICT departments of many organizations are having a harder time to satisfy their users. When there are large organizations developing software in the cloud, or as a service and offering them for free or little cost how can an organizations internal systems compete?

When your users start taking their work outside the office, lots of issues come up such as: security of organization data, data loss, providers go broke (is another tech bubble coming?) etc.  The issues are many, but do the benefits outweigh the potential costs?

If you are in the ICT field, check out the full article at computerweekly.  It will surely get your mind moving.  Interesting times ahead, for both users and ICT departments.

UNU & OpenID, has the time come?

Several years ago I read about something called OpenID, it seemed like something interesting but after doing some investigation it seemed like no one was using it.  At the time there was not much drive to do anything with it, since deployment was so sparse.

Advance a few years, and it seems like we have actually fallen behind as millions of people now have OpenID accounts, since some of the Internet's largest players such as Google, six apart, Yahoo, WordPress, facebook, Verisign, AOL and thousands of smaller organizations have all started using OpenID.

The Campus Computing Centre has been working towards a vision of a UNU Global Office, under which all staff have a single username & password to access internal services.  Having a single password helps simplify things for users, and hopefully prevents a yellow sticky note from hanging off their monitor (those in ICT departments know what I am talking about!).

All this account/password synchronization is taking place within the organization, however at the same time our users are consuming outside services as well.  When users go outside the UNU walls to consume web services, it defeats our objective of offering a single username/password to them.

We are still in the testing stage, but we are investigating the UNU operating our own OpenID server where all UNU staff would automatically have an OpenID account backed by their UNU credentials.  When accessing an external service supporting OpenID authentication, our users would be able to benefit from being able to use their OpenID to authenticate and not have to remember another username/password combination.

While we have not tested it yet, we suspect that we can go so far as to have single sign on direct to the users desktop so the sign in process would be seamless for them.  So not only would they not have to remember a new username, they would not even have to sign in to use services hosted externally, simply supplying their OpenID would be enough.

The concepts are very interesting with OpenID and we look forward to exploring all of them.

Rogue DHCP servers on your network

If your network is properly secured, there is less chance for an authorized DHCP server to turn up in your own turf.  Arguably, when it comes to security, no risk is too small to be ignored.  Even in the best possible scenario, the DHCP service of a Linux host can be inadvertently put into operation. 

Prevention and detection are close cousins.  Prevention means that we have to be able to detect rogue DHCP servers.  One easy way is to use a swissknife scanning tool, like NMAP.   We know that DHCPS is running on UDP port 67.  Thus, we can use the following command to loop through your network address space to track down the presence of DHCP servers: nmap -sU -p67.

In an enterprise network environment, there are some more advanced features at our disposal.  For example, you can turn on DHCP snooping on switches and VLANs, which relies on the concepts of trusted and untrusted ports.  In situations where certain key packets are maliciously discarded, the arp inspection feature should prove useful.