Welcome to the October 22, 2008 edition of ACM TechNews, providing timely information for IT professionals three times a week.
HEADLINES AT A GLANCE
U.S. Innovation: On the Skids
Computerworld (10/20/08) Anthes, Gary
The United States' global technological competitiveness has been slipping for the past 10 years, primarily because of a shift away from long-term basic technological and scientific research while other countries step up their research and development efforts. "We have a significant diminution of industrial long-term research in IT, and we have seen one of the major federal sources of IT research--[the Defense Advanced Research Projects Agency (DARPA)]--essentially withdraw from a lot of that," notes Google chief Internet evangelist Vinton Cerf. Carnegie Mellon University professor David Farber says the industry has offshored a lot of its research, cutting U.S. scientists off from some of the best jobs. Critics say that DARPA has concentrated its research on short-term requirements for homeland security and warfare, while the American Association for the Advancement of Science (AAAS) warns in a recent bulletin to its members that federal investment in basic and applied research would decline in real terms for the fifth consecutive year under the fiscal year 2009 budget proposal. The AAAS also notes that other nations, such as Korea and China, are increasing government research by 10 percent or more yearly. Cerf argues that people should become comfortable with the notion that China and other nations will catch up to the United States in terms of technology on the strength of their higher populations, and he favors cross-border collaboration between scientists and engineers. He also suggests that the incoming administration encourage immigration by the most skilled science and engineering students, while University of California, Los Angeles professor Leonard Kleinrock is concerned about how campus researchers are modifying their approach to research in order to capture short-term federal funding. "A lot of people are resorting to simulation, and that's fine, except they don't stop to ask what's behind the results they get," he says. "They are not being pushed to get a fundamental understanding; they are looking for the answers now, for this system, for today."
Newcastle Scientists Help Microsoft and Yahoo Improve Online Security
Newcastle University (10/21/08)
Newcastle University computer scientists have cracked the Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) security systems used by Micosoft's and Yahoo's email systems, exposing a widespread vulnerability. Both companies believed their systems were secure enough to stop widespread abuse by spammers, but the researchers have demonstrated a method for solving the security puzzles, says professor Jeff Yan, who will present his findings at the ACM Computer and Communications Security Conference, which takes place October 27-31, in Alexandria, Virginia. Yan says his research shows that computers are able to solve CAPTCHAs with greater ease than previously thought. Using a desktop computer, Yan and Ph.D. student Salah El Ahmad used a seven-step method, taking less than 80 milliseconds, to remove the arcs that link letters in CAPTCHAs to make them hard to isolate, and then identified the characters in the right order. The researchers were able to isolate each of the eight characters more than 90 percent of the time, and solve the puzzles correctly 60 percent of the time. The best line of defense, Yan says, appears to be allowing the characters to touch or overlap each other, juxtaposing characters in any direction to make it harder to tell real characters and other "noise" apart, and randomizing the width of the characters.
Microsoft Aims to Get More Touchy-Feely
CNet (10/20/08) Fried, Ina
At this week's User Interface Software and Technology conference, Microsoft will present several research papers that take the multitouch interface in Microsoft's Surface and expand it into new areas. Microsoft researcher Andy Wilson, who helped develop Surface, will discus how the same kind of physics engines used in three-dimensional games could help make surface computing more realistic. Multitouch computing is considered a significant advancement toward making computer objects feel more natural and tangible, but the illusion is challenged because all touch is treated with the same sensation. Wilson says if the physics engines were better, objects could be folded and twisted, or even torn like a piece of paper. "How can we enhance the interaction model so we don't fall into this trap of thinking of every contact as a discrete point?" Wilson asks. In his paper, Wilson suggests a few possible interactions, demonstrating how a user can grasp a solid object and interact with it, like rolling a ball, or fold or tear an onscreen piece of cloth. Meanwhile, researchers from Microsoft's Cambridge, England, lab will demonstrate a technology called SecondLight that allows a surface computer to project two images, one on the computer's surface and another at some point in the air. The projected images can alternate faster than the eye can detect, making both images appear solid. Such an imaging system could be used for games or for medical images.
Keyboard Sniffers to Steal Data
BBC News (10/21/08)
Doctoral students Martin Vuagnoux and Sylvain Pasini from the Security and Cryptography Laboratory at the Swiss Ecole Polytechnique Federale de Lausanne (EPFL) were able to monitor what people type by analyzing the electromagnetic signals produced by every keystroke. The EPFL students developed four attacks that will work on a variety of computer keyboards, leading them to declare that keyboards are not safe to transmit sensitive information. Vuagnoux and Pasini tested 11 keyboards that connected to a computer through either a USB or PS/2 socket, though the attacks also work on keyboards embedded in laptops. Each keyboard tested was vulnerable to at least one of the four attacks they developed, with one of the attacks being effective at a distance of 20 meters. The students used a radio antenna to fully or partially recover keystrokes by detecting the electromagnetic radiation emitted when keys are pressed. The research builds on previous work by University of Cambridge computer scientist Markus Kuhn, who explored ways of using electromagnetic emanations to eavesdrop and steal useful information.
The Data-Centric Gambit
Computing Community Consortium (10/20/08) Hellerstein, Joel
University of California, Berkeley computer science professor Joel Hellerstein discusses the inevitability of a massive surge of machine-produced data driving what he terms an "industrial revolution" in which most sizable organizations are seeking cheap ways to save and mine their logs. Meanwhile, software development has become exceedingly complex with the advent of cloud computing infrastructure and the emergence of multicore architectures. "Given this background, what excites me these days is that the trend may bring some new solutions to the crisis, in a surprisingly organic way," Hellerstein writes. He points to the likely prosperity and possible convergence of the SQL programming language and Google's MapReduce framework, noting that "rather than trying to unravel an algorithm into separate threads, [SQL and MapReduce programmers] focus on chopping up sets of input data into pieces, which get pumped through copies of a single sequential program running asynchronously on each processor." Hellerstein observes that in the last five to 10 years the set-oriented, data-centric approach has been making headway beyond the boundaries of batch-oriented data parallelism, and that support of work on declarative data-centric languages for a variety of domain-specific tasks has increased. Applications where these languages are manifesting themselves include networking and distributed systems, natural language processing, compiler analysis, modular robotics, security, and video games. Hellerstein lists machine learning as another application where parallelism and distribution is apparently aided by data-centric declarative programming. "What excites me here is that the main positive trend in parallel programming--the one driven by the industrial revolution of data, the one with programmer feet on the street--that trend feeds into this promising new generation of much richer data-centric languages," the author concludes.
Intel Commits $120 Million to Science Programs
EE Times (10/20/08) LaPedus, Mark
Intel says it will provide $120 million over the next decade to fuel more interest in math and science among young students. The $120 million is the largest single commitment from Intel ever, the company says, and will extend its title sponsorship of the Intel Science Talent Search through 2016 and the Intel International Science and Engineering Fair through 2019. The new funding will support a youth outreach program and an online science community and science fair alumni network. Intel annually invests more than $11 million to improve education and technology literacy worldwide. The new commitment was coupled with a national challenge to states to send more young people to the science competitions that support future innovators. In 2008, only 19 states had finalists participate in the Intel Science Talent Search. "I can't think of a more critical time to invest in math and science education," says Intel's Will Swope. "We will work with districts, schools, and teachers around the world to help get students excited and engaged in math and science--subjects that provide the foundation for innovation." International student participation in the Intel International Science & Engineering Fair, which currently accounts for about 30 percent of participants, will be increased as part of an outreach program that focuses on student research programs.
Robotic Ants Building Homes on Mars?
ICT Results (10/21/08)
The European Union-funded I-SWARM project is developing swarms of ant-sized robots that are able to reconfigure themselves and autonomously assemble into larger robots to perform difficult tasks. Planet exploration and colonization are just a few of the possible applications that swarm robots could perform, says Marc Szymanski, a robotics researcher at Germany's University of Karlsruhe, who is working on the project. Szymanski says small robots capable of working together could be used to explore Mars and even start building structures. He says that robots' ability to work together and adjust their responsibilities based on the obstacles they face, such as changes in the environment or the swarm's needs, makes them extremely versatile. Swarm robots could explore space or the deep ocean, perform repairs inside machinery, clean up pollution, or perform tests and provide treatment inside the human body. Deploying swarm robots for use in the real world is still a ways off, but the I-SWARM team did succeed in building robots that come close to resembling a programmable ant. The I-SWARM robots are able to communicate with each other and sense their environment, creating a type of collective perception. The robots use infrared to signal each other until the entire swarm has been informed.
Women in IT Delay Marriage, Motherhood to Advance Careers But Still Miss Top Jobs
CIO (10/16/08) Levinson, Meridith
One third of mid-level technical women have postponed motherhood to achieve their career goals, whereas only 18 percent of technical men reported doing the same, reports a new study from the Anita Borg Institute of Women and Technology and Stanford University's Michelle R. Clayman Institute for Gender Research. Women in mid-level IT jobs also are almost three times more likely than men to forgo having children completely. The study found that 9 percent of women said they decided against having children to focus on their careers, compared to 3.5 percent of men. About the same number of men and women postponed marriage to establish themselves professionally, but more women put their careers ahead of getting married for their whole lives, as 7.8 percent of women surveyed said they remained single to focus on their careers, compared to 2.5 percent of men. However, the study found that women are not benefiting from making significant personal sacrifices to advance their professional lives. Technical men are nearly three times more likely than technical women to hold an executive-level position in their companies. The study found that one reason women are passed over for promotions is because men view them as less technically competent, and as a result women are often given low-visibility tasks that are stereotypically feminine, such as support. The lack of visibility makes it more difficult for women to move up. Women interviewed for the study said that as much as their companies want to think of themselves as meritocracies, visibility, power, and influence are as important as merit and accomplishment in earning promotions.
Beware the Digital Zombies
New York Times (10/21/08) P. B1; Markoff, John
Networks of infected computers that can be used to send spam or launch denial of service attacks, known as botnets, continue to be a growing problem on the Internet. Microsoft's T.J. Campana recently demonstrated that an unprotected computer running an early version of Windows XP, and attached to the Internet, can be infected in only 30 seconds. In September, more than 500,000 computers were under the control of active zombie networks, according to botnet tracker shadowserver.org. While security experts have managed to reduce the number of machines in botnets to approximately 300,000 computers, that number is still double the number detected a year ago, and the actual number of zombie machines could be even larger. Microsoft's Richie Lai says the mean time to infection is less than five minutes. Any computer connected to the Internet is vulnerable, and security experts recommend PC owners run a variety of commercial malware detection programs to find infections, protect their machines behind firewalls, and install security patches for operating systems and applications. Even these precautions are no guarantee. Secunia recently tested a dozen leading PC security suites and found that the best one detected only 64 out of 300 software vulnerabilities that could be exploited to install malware. Botnet attacks even come with their own antivirus software, enabling the programs to take over a computer and remove any other malware competitors. Botnets also are becoming increasingly difficult to detect. Last year, botnets started using a technique called fast-flux, which generates a rapidly changing set of Internet addresses to make the botnet more difficult to locate and disrupt. Companies are now realizing that the only way to fight botnets and other computer crimes is to form a global alliance that crosses corporate and national boundaries.
Untangling Web Information
Technology Review (10/21/08) Naone, Erica
Despite the promise of Semantic Web technology, few products have been released so far. As a result, experts are focusing on the launch of Twine, a Web organizer based on semantic technology. Developed by Radar Networks, Twine is part bookmarking tool, social network, and recommendation engine. It is designed to help users gather, manage, and share online information on any area of interest. Although difficult for novices to use, Twine offers experienced users a powerful way to research a subject collaboratively, or find people with common interests. After creating an account, a user adds a Twine bookmarklet to his or her browser's bookmarks, and then adds items to his or her Twine page by clicking the bookmarklet while surfing the Web. Bookmarks also can be imported from a browser or from another bookmarking service. Twine uses machine learning and natural language processing to parse the contents of Web pages and extract key concepts, such as people, places, and organizations, from the pages that a user saves. The site then uses these concepts to link information and users, creating a bundle of bookmarks related to a particular topic. Twine also can automatically generate tags, descriptions, and summaries of bookmarked Web pages.
'Energy Scavenging' the Next Big Thing
ZDNet Asia (10/17/08) Prasad, Swati
Ganssle Group chief engineer Jack Ganssle believes that microprocessors capable of detecting and using energy from the environment could solve the world's energy problems. Ganssle says that in the future, embedded systems could revolutionize the energy industry, as power is scarce in countries such as India, but people still want mobile devices to be easily powered. To achieve this, mobile devices will use energy-scavenging technology to harness any energy source that is available in the environment, which could be energy radiated from power lines, or heat from a cup of coffee or a human body. He says the technology is attracting a lot of research. For example, in Japan, tips go down if a glass is allowed to be less than half empty, so many of the glasses come with embedded systems that alert servers when a glass is low. The drink inside the glass is cold, and the surrounding environment is warm, and the temperature difference is used to power the embedded system. Ganssle says energy scavenging is going to be "the next big thing," and in the future we are going to see less and less battery recharging. He also says that over the next five to 10 years we will see thousands of microprocessors that sense virtually everything, and as the costs of embedded systems goes down, it will become cost effective to build smart sensors to form mesh networks.
Rice Students Challenge Electronic Voting Machines
As part of an advanced computer science class, Rice University professor Dan Wallach is challenging his students to rig a voting machine. Wallach split his class into teams. During phase one, teams pretend to be unscrupulous programmers at a voting machine company by trying to make subtle changes to the machines' software that will alter the election's outcome without being detected by election officials. The second phase has teams playing the part of election software regulators by trying to certify the code submitted by another team during the first phase of the class. "What we've found is that it's very easy to insert subtle changes to the voting machine," Wallach says. "If someone has access and wants to do damage, it's very straightforward to do it." He says the experiment shows how vulnerable certain electronic-voting systems are. Wallach says the students often, but not always, are able to find the hacks, but that in real life it would probably be too late. "In the real world, voting machines' software is much larger and more complex than the Hack-a-Vote machine we use in class," Wallach says. "We have little reason to believe that the certification and testing process used on genuine voting machines would be able to catch the kind of malice that our students do in class."
Flower Robots for Your Home
ZDNet (10/16/08) Piquepaille, Roland
South Korean researchers have created a flower robot that acts like a real plant, featuring humidifying, oxygen-producing, aroma-emitting, and kinetic functions. The robotic plant also can interact with people when they approach, and "dance" when music is played. The flower robot was developed by researchers at Japan's Chonnam National University. When a person comes within a 40cm radius of the flower robot, a sensor detects the approach and the stem bends toward the person, with the buds coming into full bloom. If a person speaks louder than a certain level, the buds will open and the stem shakes slightly to suggest a greeting. The buds also open when the room lights up, and the plant dances when music is played. The researchers believe it will be possible to use robot gardens to create home networking systems. Chonnam professor Park Jong-Oh says his approach is "a fresh attempt to introduce the concept of plants, rather than humans or animals, to robot making."
National Cybersecurity Initiative R&D Effort Launched
Federal Computer Week (10/14/08) Bain, Ben
The National Science Foundation has issued a request for information (RFI), launching the National Cyber Leap Year, which was established to seek the most promising ideas for reducing vulnerabilities to cyberactivities by altering the cybersecurity landscape. The project seeks to create an integrated national approach to making cyberspace safe for "the American way of life." The project specifically aims to form a national research and development agenda that identifies the most promising technologies and determines how to bring those technologies to fruition. National Cyber Leap Year will run during fiscal 2009. In January, the Bush administration launched the Comprehensive National Cybersecurity Initiative, and while much of the initiative remains classified, officials have released more information on the scope and detail of the multiyear effort in recent months. NSF is seeking leap-ahead research and technology to reduce vulnerabilities due to asymmetric attacks in cyberspace. "Unlike many research agenda that aim for steady progress in the advancement of science, the leap-ahead effort seeks just a few revolutionary ideas with the potential to reshape the landscape," the RFI states. The first stage of the Leap Year project involves surveying the cybersecurity community for ideas. The second phase will involve a series of workshops to develop the best ideas.
Search Engines Show Off Their Social Side
New Scientist (10/11/08) Vol. 200, No. 2677, P. 24; Robson, David
Search engines are once again seeking to improve the quality of their results by incorporating the human factor. An example is Wikia Search, which lets any user annotate a set of search results and tweak their ranking. Kevin Ryan of Search Engine Watch notes that "you really need millions of people adding accurate information to the sites. But if lots of stupid people contribute, it's really the antithesis to the wisdom of crowds." A new generation of collaborative search engines that use previous searches performed by the user's trusted circle of friends on social networks to customize their results is being developed to address this issue. Some of these search engines aim to help groups more effectively execute Web searches by directing friends or colleagues toward the sites most pertinent to their group, while others are designed to adjust the ranking of a user's search results according to the interests of the user's friends. The PeerSpective Tool, for instance, analyzes a user's network of friends to tailor search results, sifting through the Web histories of network members to find relevant sites that have been visited by other users. The team behind PeerSpective has devised software to recognize a network's constituent social groups to prevent the results from becoming too diluted. Areas of the Web that Google and other major search engines are locked out of could be potentially accessed by such tools, according to PeerSpective developer Alan Mislove at Germany's Max Planck Institute for Software Systems.
Abstract News © Copyright 2008 INFORMATION, INC.
To submit feedback about ACM TechNews, contact: email@example.com
Change your Email Address for TechNews (log into myACM)