Association for Computing Machinery
Welcome to the February 14, 2011 edition of ACM TechNews, providing timely information for IT professionals three times a week.

Also, please download our new ACM TechNews iPhone App from the iTunes Store by clicking here and our new ACM TechNews iPad App by clicking here.


'Rural Sourcing' Offers Way to Keep Jobs at Home
Atlanta Journal-Constitution (02/11/11) David Markiewicz

Rural Sourcing Inc. (RSI) represents a growing trend that is helping to keep information technology (IT) jobs in the United States by locating them in smaller cities instead of outsourcing them to foreign countries. RSI is one of about 20 U.S. companies that offer U.S.-based businesses a cost-effective alternative to outsourcing. Although per hour wage and benefit costs for an IT worker are about double in the United States what they would be for an overseas worker, the overall cost of outsourcing ends up being closer to the rural sourcing cost after factors such as long-distance travel, management oversight, communication and cultural breakdowns, and geopolitical issues are taken into account. "It shouldn't be surprising to see more ... IT activities go to wherever there is a labor source that is cost competitive and has all the near-shore advantages," says University of California, Davis professor Martin Kenney, a member of ACM's Job Migration Task Force. The key to rural sourcing success is finding locations where the quality of life is high but the cost of living is low, and that have nearby universities or technical colleges to produce a stream of high-quality workers.

CMU and IBM Collaborate on Open Computing System for Advancing Research on Question Answering
Carnegie Mellon University (02/11/11) Byron Spice

IBM is collaborating with eight universities, including Carnegie Mellon University, the Massachusetts Institute of Technology, the University of Texas at Austin, the University of Southern California, Rensselaer Polytechnic Institute, SUNY Albany, the University of Trento, and the University of Massachusetts Amherst to advance the Question Answering (QA) technology that is the foundation of IBM's Watson computing system. "IBM Watson is the first step in how computers will be designed and built differently and will be able to learn, and with the help of Carnegie Mellon we will continue to advance the QA technologies that are the backbone of this system," says IBM Watson project leader David Ferrucci. The collaboration, known as the Open Advancement of Question-Answering Initiative, involves a modular software architecture and a common set of measurement standards, which will enable researchers to compare different types of QA software side by side. "We are glad to be collaborating with such distinguished universities and experts in their respective fields who can contribute to the advancement of QA technologies that help enable the Watson system," Ferrucci says.

A Father Knows Best: Vint Cerf Re-Thinks the Internet in Stanford Talk
Stanford University (02/11/11) Andrew Myers

Google chief Internet evangelist Vint Cerf, who helped develop the Internet in the 1970s, recently gave a speech at Stanford University in which he discussed the need to rethink the Internet to handle the growing demand of smartphones and the emerging Internet of things, in which nearly every electronic device would be networked. Cerf says the Internet of things could lead to breakthroughs in energy efficiency and other issues that face modern society. "The Internet was just not designed for the way we use it today," he says. "We had no way to anticipate billions of personal computers, much less smartphones that are far smarter and infinitely more mobile than the classroom-size computers of the time." The Internet protocol (IP) naming system developed by Cerf and Bob Kahn allows for about 1 billion IP addresses, but Cerf says the world needs billions of IP addresses as personal computers and smartphones become more common and widely distributed. Internet security is another area where the modern system is failing. The modern practice is to create firewalls to protect against outside forces, but Cerf says firewalls are leaky and prone to attack from within. As security improves, developers need to be careful to maintain user freedom, he says. The fact that the Internet allows people to gather and publish information with the option to remain anonymous has been a driving force behind the Internet, he notes.

Dumped On by Data: Scientists Say a Deluge Is Drowning Research
The Chronicle of Higher Education (02/10/11) Josh Fischman

A vast amount of the data that is generated ends up going to waste because of a dearth of data libraries, not enough support from federal research agencies, and a lack of academic credit for sharing data sets, according to a series of articles in the journal Science. A major difficulty is the sheer diversity of data and how complicated it can be to compare it. O.J. Reichman, a researcher at the University of California at Santa Barbara's National Center for Ecological Analysis and Synthesis, says scientists ought to devise a common language for tagging their data. "It's become more urgent to do this because of the pressing environmental questions, like the effects of climate change, that we are being called on to answer," he says. "And the ability to access more than one set of measurement or interactions will make the science better." Scientists currently store their own data, which means that the data vanishes when they retire or pass away--an issue that adds urgency to the need to develop shared-data libraries. In the Science papers, researchers referred to examples of small, shared-data libraries that could be scaled up, while University of Texas at Austin professor Timothy B. Rowe believes the National Institutes of Health, the National Science Foundation, and other agencies should support similar efforts much more extensively than they have been doing.

Powerful New Ways to Electronically Mine Published Research May Lead to New Scientific Breakthroughs
University of Chicago (02/10/11) William Harms

University of Chicago researchers are exploring how metaknowledge can be used to better understand science's social context and the biases that can affect research findings. "The computational production and consumption of metaknowledge will allow researchers and policymakers to leverage more scientific knowledge--explicit, implicit, contextual--in their efforts to advance science," say Chicago researchers James Evans and Jacob Foster. Metaknowledge researchers are using natural language processing technologies, such as machine reading, information extraction, and automatic summarization, to find previously hidden meaning in data. For example, Google researchers used computational content analysis to uncover the emergence of influenza epidemics by tracking relevant Google searches, a process that was faster than methods used by public health officials. Metaknowledge also has led to the possibility of implicit assumptions that could form the foundation of scientific conclusions, known as ghost theories, even if scientists are unaware of them. Scientific ideas can become entrenched when studies continue to produce conclusions that have been previously established by well-known scholars, a trend that can be uncovered by using metaknowledge, according to the researchers.

The Cyberweapon That Could Take Down the Internet
New Scientist (02/11/11) Jacob Aron

University of Minnesota researchers have developed a cyberweapon that turns the structure of the Internet against itself, but ultimately could be used to make the Internet more secure. Minnesota's Max Schuchard and colleagues built on the ZMW attack, which disrupts the connection between two routers by interfering with the Border Gateway Protocol (BGP) to make it seem as if links are offline, spreading the disruption through the entire Internet. The method uses a large botnet to develop a map of the connections between computers, identify a common link, and launch a ZMW attack that can bring down the entire system. As the system routes traffic around the disrupted link, the attack would launch again, disrupting a different connection. Eventually, every router in the world would be receiving more updates than it could handle. "Once this attack got launched, it wouldn't be solved by technical means, but by network operators actually talking to each other," Schuchard says. However, the researchers predict that this type of attack would never be launched by malicious hackers because mapping the network is such a technically complex job, and the botnet needed would be so large that it is more likely to be rented out for a profit. Although simulations show that current BGP defenses cannot protect against this attack, a solution could be to send BGP updates via a different network.
View Full Article - May Require Free Registration | Return to Headlines

A Workshop on Sustainability & IT
Computing Community Consortium (02/10/11) Erwin Gianchandani

The U.S. National Science Foundation's CISE Directorate and the Computing Community Consortium recently co-sponsored a workshop that brought together about 60 researchers, program managers, and other technology experts to discuss new fundamental high-risk, high-reward computer science and engineering research opportunities that have yet to receive substantial attention or funding. The workshop consisted of three sessions, covering topics such topics as cyber-physical systems, human-computer interaction, big data, modeling and simulations, application domains, transparency of models, and systems integration. Researchers also offered presentations on several ongoing large-scale projects. For example, Cornell University's Carla Gomes discussed her Expeditions project on computational sustainability, the University of Minnesota's Vipin Kumar described his Expeditions project on climate modeling, Georgia Tech's Michael Meyer presented information on how new research could influence the future of the transportation system, and the University of California, Irvine's Bill Tomlinson discussed combining technology with basic human needs.

IPhone Attack Reveals Passwords in Six Minutes
Computerworld (02/10/11) Martyn Williams

Fraunhofer Institute Secure Information Technology researchers have developed a method to find the passwords stored in locked iPhones and iPads in just six minutes by targeting keychain, Apple's password management system. The first step is jailbreaking the phone with existing software tools, then installing an SSH server that allows other software to be run on the device. Finally, the keychain access script needs to be copied to the phone, which uses components already in the phone to discover details about its passwords. The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, according to the researchers. "As soon as attackers are in the possession of an iPhone or iPad and have removed the device's SIM card, they can get a hold of email passwords and access codes to corporate VPNs and WLANs as well," the researchers say. The attack could pose a significant threat to companies that allow employees to use iPhones on corporate networks, because it also can reveal network access codes.

Fresh Advice on Building Safer Software
Government Computer News (02/08/11) William Jackson

The Software Assurance Forum for Excellence in Code (SAFECode) recently released the second edition of "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today," a set of guidelines based on real-world tools that reflects advancements in software security. "The second edition of the paper aims to disseminate the new knowledge SAFECode has gathered and provide new tools and improved guidance for those implementing the paper's recommended practices," says SAFECode executive director Paul Kurtz. The new edition contains more information on each best practice, using Common Weakness Enumeration (CWE) references to identify software weaknesses addressed by each specific practice. "By mapping our recommended practices to CWE, we wish to provide a more detailed illustration of the security issues these practices aim to resolve and a more precise starting point for interested parties to learn more," the paper says. The guidelines are designed to serve as a platform of practices, already employed by member companies, that have demonstrated efficacy.

New Supercomputers Boost Imaging Grunt
ZDNet Australia (02/08/11) Colin Ho

IBM recently announced that the Australian Synchrotron and Monash University has purchased two supercomputers, to be use in collaboration with the Commonwealth Scientific and Industrial Research Organisation (CSIRO) and the Victorian Government, to create a near real-time atomic-level imaging and visualization facility. The supercomputers will enable researchers to study objects at an atomic level, create three-dimensional images, and process large amounts of data collected by the program. The joint Monash-CSIRO program, called the Multi-modal Australian ScienceS Imaging and Visualisation Environment (MASSIVE) facility, will study a variety of topics, ranging from biology to geology. "The unique nature of these facilities is the focus on imaging and visualization," says Monash University's Wojtek Goscinski. The merger of atomic-level detail and semi-real-time analysis makes MASSIVE an important move forward for scientific research, says Australian Synchrotron director Andrew Peele.

Tracking the Botnet's DNS Trail
Dark Reading (02/08/11) Kelly Jackson Higgins

Mapping trends in Domain Name System (DNS) queries offers an easier way to pinpoint botnets and root out their command and control (C&C) infrastructure. University of Minnesota professor Zhi-Li Zhang and his research team mapped all of the failed DNS queries and then extracted the most dominant subgraphs. "The key challenges here are that there might be a variety of reasons that DNS queries may fail, so how can we identify failures that are likely caused by bots?" Zhang asks. "And there may exist multiple botnets, [so] is it possible for us to identify bots that belong to each botnet or similar class of botnets?" The researchers are developing ways to detect botnets in near real time by using machine learning and before signatures are developed for characterizing the botnets. The researchers will combine the mapping technique with an existing method of DNS fast-flux detection that examines the patterns and distribution of alphabetic characters in a domain to determine if it is malicious. The researchers say that combining the two methods should provide more powerful detection capabilities.

Meet Affetto, a Child Robot With Realistic Facial Expressions
IEEE Spectrum (02/08/11) Norri Kageki

Affetto is a child-like robot platform developed by Japanese researchers that will be used to study the early stages of human social development. Affetto can mimic the facial expressions of a young child between the ages of one and two, says Osaka University professor Minoru Asada. The robot has the ability to make a limited number of realistic facial expressions, which should make it easier for humans to interact with it in a more natural way. Previous efforts to use robotics to better understand human intelligence and human-robot interactions have been hindered by robots' lack of realistic appearance and ability to share feelings non-verbally. Osaka University's Hisashi Ishihara and Yuichiro Yoshikawa from the Department of Adaptive Machine Systems assisted Asada in developing Affetto.

Abstract News © Copyright 2011 INFORMATION, INC.
Powered by Information, Inc.

To submit feedback about ACM TechNews, contact:
Current ACM Members: Unsubscribe/Change your email subscription by logging in at myACM.
Non-Members: Unsubscribe

About ACM | Contact us | Boards & Committees | Press Room | Membership | Privacy Policy | Code of Ethics | System Availability | Copyright © 2014, ACM, Inc.