Association for Computing Machinery
Timely Topics for IT Professionals

About ACM TechNews

ACM TechNews is published every week on Monday, Wednesday, and Friday.


ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either AutoChoice Advisor or ACM. To send comments, please write to technews@hq.acm.org.
Volume 7, Issue 792:  Monday, May 16, 2005

  • "Researchers Reveal Holes in Grid"
    eWeek (05/13/05); Roberts, Paul F.

    Researchers from MIT's Computer Science and Artificial Intelligence Lab (CSAIL) and Lincoln Laboratory published a paper last week detailing how a simple computer worm could trigger a cascade failure in a grid or cluster environment by exploiting a vulnerability in the Secure Shell (SSH) remote access technology, a popular system in university and research networks. The researchers determined the information in the "known_hosts" SSH file is open to viewing, and hackers could use this information to compile lists of remote systems visited by other users through SSH. CSAIL researcher Will Stockwell says known_hosts data, along with a critical and widespread SSH flaw, could allow malware to rapidly locate and attempt to infect other known SSH-running systems. The MIT team accumulated over 8,000 unique addresses from known_hosts files on 92 systems, and researchers think hackers could collect many more with unrestricted access to machines where SSH is employed to manage other systems. Adding weight to the report is last year's hacks of machines on the TeraGrid and at Stanford University and the National Supercomputing Center, which experts traced to a compromised version of SSH. Speaking at the International Workshop on Cluster Security at last week's IEEE CCGrid conference, Lincoln Lab researcher and report co-author Stuart Schechter warned that a cascade failure caused by a SSH worm that traverses known_hosts files is a possibility, given the interconnection of supercomputing and cluster environments.
    Click Here to View Full Article

  • "Tech Firms Reach Out for Research"
    Pioneer Press (05/15/05); Suzukamo, Leslie Brooks

    Universities are taking on the role of research and development centers for U.S. technology companies that must increasingly face the realities of budget cuts and consolidation. Next-generation technologies are under development at facilities such as the University of Minnesota's Digital Technology Center (DTC), which director Andrew Odlyzko says was established to take the reins from industrial R&D labs being discarded in the name of efficiency. The DTC receives about $350,000 in funding a year from private industry, compared to $6.5 million from the National Science Foundation, the Homeland Security and Energy departments, and other federal agencies. Academic-industrial DTC projects include an effort to build a next-generation virtual reality tool that would enable architects to immerse themselves in their own blueprints; and the Center for Distributed Robotics' initiative to make robots capable of climbing stairs without human intervention, which Computer Science Department professor Stergios Roumaliotis says could be applied to search and rescue operations and planetary exploration. Another DTC project of interest is the powerwall, an array of computer monitors that produce movies from massive computations performed by Unisys computers. A key goal of the project is to vastly increase the machines' efficiency so that answers to problems can be generated off-the-cuff. "The beauty I see in the Digital Technology Center is how it acts as a catalyst in bringing together all the technology-related disciplines of the university in one common melding area," says Bill Rohde with Unisys Systems and Technology. However, experts such as Gartner's Jay Pultz are worried that universities are starting to embrace applied research at the expense of basic research.
    Click Here to View Full Article
    (Access to this site is free; however, first-time visitors must register.)

  • "Hey Google, Map This!"
    Wired News (05/16/05); Terdiman, Daniel

    Google Maps, Google's online map service, is being enhanced by tech-savvy developers for various applications. 3D graphic artist Paul Rademacher's HousingMaps hack allows home and rental shoppers to find available apartments by melding craigslist real estate listings with city maps from Google Maps in an easy-to-use interface. Whereas craigslist only supplies map information one apartment at a time, HousingMaps concurrently displays the locations of numerous listings in a given area. Rademacher says Web-based mapping applications are reasonably easy to work with because they operate within a browser, and adds that he selected Google Maps because its ability to overlay data directly on maps was particularly desirable. "If you're a developer with a neat idea for mapping stuff, Google Maps is perfect, because all the data is accessible," boasts Flickr co-founder Stewart Butterfield. Geobloggers integrates Google Maps with Flickr so users can locate pictures hosted by the photo-sharing service; users enter the longitude and latitude of their pictures' locations into Geobloggers and tag those images with the name of the city in Flickr, while a third site automatically retrieves the coordinates of any address plugged into Google Maps. Chicago resident Brian Armknecht uses Geobloggers to map out parts of the city he has covered photographically, and the hack also serves as a tool for establishing connections with other photographers in the Chicago area. Another hack combines Google Maps and traffic data from Traffic.com, while still another overlays public transit systems on maps of Chicago, New York, and Boston.
    Click Here to View Full Article

  • "Inventing Our Evolution"
    Washington Post (05/16/05) P. A1; Garreau, Joel

    In his book, "Radical Evolution: The Promise and Peril of Enhancing Our Minds, Our Bodies--and What It Means to Be Human," Joel Garreau notes that the interwoven fields of genetics, robotics, and nanotechnology are developing at an accelerated rate. He expects dramatic changes in human biology thanks to advances in these fields, although certain enhancements may be held back by ethical issues, especially those concerning the morality--or lack thereof--of human experimentation. Breakthroughs that may be harbingers of things to come include an implanted brain-computer interface that allows a paralyzed patient to move an artificial limb, which scientists hope will one day give people confined to wheelchairs the ability to walk again; IBM's Blue Gene/L supercomputer, a machine that can perform a thousand trillion operations per second and could perhaps reveal the secrets of protein folding and revolutionize health care, according to IBM Research's Paul Horn; and the Defense Advanced Research Projects Agency's (DARPA) Restorative Injury Repair program, whose goal is to make human tissue regeneration a reality. National Medal of Technology recipient and artificial intelligence pioneer Ray Kurzweil anticipates major augmentations over the next few decades, among them: The extension of life expectancy to at least 120 years, diagnostic nanobots that monitor for signs of illness in a person's bloodstream, and the prevention and reversal of most diseases. UCLA's Gregory Stock believes the decoding of the human genome will inevitably lead to genetic engineering, probably through the insertion of artificial chromosomes. Garreau muses that advancements to help the sick or make soldiers more effective--drugs that eliminate the need to sleep for long periods of time, for instance--could be embraced by society as lifestyle enhancements, a possibility that carries ethical questions.
    Click Here to View Full Article

  • "In War on Terrorism, New Cybersearch Tool Seeks Hidden Vulnerabilities"
    University at Buffalo Reporter (05/13/05); Goldbaum, Ellen

    Researchers at the University at Buffalo's School of Engineering and Applied Sciences have developed a prototype search engine designed to extract "hidden" information from public Web sites as part of an initiative to predict and stop potential terrorist activities. The system, whose development is funded by the Federal Aviation Administration and the National Science Foundation, uses the Unintended Information Revelation (UIR) search method as its foundation. Whereas existing search engines process individual documents according to the frequency with which a keyword appears in a single document, UIR looks for the optimal path linking a pair of seemingly unconnected concepts within numerous documents by building concept chain graphs, says UB computer science and engineering professor Rohini Srihari. Malicious intentions may not be evident in a single document or Web site, but could be concealed within a multitude of documents and exposed via a concept chain graph. "The concept chains show you what may be of interest, but the real intelligence here is gleaned from looking for patterns of interest," explains Srihari. "Once a pattern of interest is identified, then you can ask, 'Are there more patterns like this?'" The UB researchers developed the technique by using the chapters of the 9/11 Commission Report to set up ontologies. The search tool may eventually improve public Web searches, helping biomedical researchers, for example, more effectively explore links between genes, proteins, and disease.
    Click Here to View Full Article

  • "Strength in Numbers"
    TheFeature (05/16/05); Salz, Peggy Anne

    Mobile Internet users are not likely to utilize search engines unless mobile operators can figure out how to deliver better results, says search engine personalization researcher and University College Dublin computer science head Barry Smyth. His group has created new technology that learns the behavior of online communities without compromising individuals' privacy. He says the technology will deliver relevant results first, which is especially important given that most desktop users do not bother to scroll down past the top 10 Internet search results--and with their small screen sizes and limited interface, mobile users are likely to have far less patience to wade through irrelevant results. The University College Dublin approach first identifies an online community by their activity, such as users of a particular business news section; when these users consistently favor one result over another similarly worded by irrelevant results, the technology remembers that preference. In the case of the business news community, the search engine personalization layer would eventually learn "Michael Jordan" searches are for the CEO of EDS, not the basketball player. Importantly, the technology records the aggregate actions of the user communities, not those of individuals. In addition, the technology can be applied by the mobile operator as a layer on top of the Internet search engine so that it can be managed internally, instead of through partnerships with search companies or portals; this also allows mobile operators to target communities of interest with advertisements and special offers, says Smyth. Smyth also believes this technology can be leveraged to foster greater online community interactivity.
    Click Here to View Full Article

  • "Language of Computer Hobbyists Hits the Big Time"
    CNet (05/13/05); LaMonica, Martin

    Major software companies are adding support for scripting languages such as PHP, Perl, Python, and Ruby: Oracle is expected to announce a partnership with Zend Technologies to extend support for PHP applications linking to its namesake database, while IBM formed a similar partnership with Zend for its DB2 and Cloudscape databases earlier this year. And though Microsoft has not relied on open-source scripting languages in its products, updates to the company's Visual Studio development platform will see a low-end tool that simplifies C# and other Microsoft-supported languages for Web development; Microsoft has also hired Jython creator Jim Hugunin to add Python support to the .Net Common Language Runtime. Sun Microsystems's Coyote project aims to let people use Groovy, Jython, and other scripting languages with the NetBeans Java development platform. The software vendors are trying to tap into growing, grassroots demand for scripting languages, which are easier to use than Java, C, C++, and Visual Basic. Scripting languages are increasingly used to streamline in-house application development, and software companies see a rich market in people who use these applications, says Microsoft's Scott Guthrie. Despite their ease of use, critics say scripting languages pose maintenance problems, while others say scripting languages will co-exist with mainline languages. For instance, Sun, IBM, and the Apache Software Foundation are helping with the development of Groovy, which is specifically designed to complement Java, allowing new developers to use the Java platform and enhancing the productivity of Java experts.
    Click Here to View Full Article

  • "Digital Gizmos' Abilities Erupting"
    USA Today (05/16/05) P. 1B; Kessler, Michelle

    The convergence of computing, communications, and entertainment technologies is manifesting itself in new digital devices that enable entertainment to be played whenever, wherever, and however a consumer wants. This is an alarming prospect to an entertainment industry that fears content piracy, and an exciting development for gadget enthusiasts and other users of electronics. Electronics companies also welcome digital technology because it opens up their products to new and more creative uses. One example is Los Angeles resident Linda Abraham's employment of a digital audio recorder to archive her father's recollections of World War II, which she plans to upload onto her PC and email to her sister; the recordings could later be converted into a digital audio book using PC software. Transferring content between multiple devices and formats is difficult because widely accepted standards do not exist, although the tech industry acknowledges the problem and many companies are attempting to remedy it. The Bluetooth and wireless Universal Serial Bus (USB) trade groups have forged an alliance, and In-Stat connectivity analyst Joyce Putscher believes future consumer electronics will interoperate with various devices by having several of these technologies built-in. To stave off the theft of content that could injure their profitability, entertainment companies and other tech providers are "enhancing" products such as DVDs and cell phones with technology that limits or prevents the sharing of content among digital devices. Nevertheless, tech analysts are confident that halting the proliferation of digital electronics will be tough, given the technology's useful and entertaining aspects.
    Click Here to View Full Article

  • "Europe's $86 Billion Research Program to Create 925,000 Jobs, Says Report"
    EE Times (05/10/05); Clarke, Peter

    The next collaborative research plan of the European Union would create nearly 1 million jobs, while ending EU support for research and development would result in the loss of about 800,000 jobs and a 0.84 percent decline in the GDP, according to an impact assessment by the European Commission. The Seventh Framework Program (FP7) would run from 2007 to 2013, costing about $12.3 billion per year or about $86 billion total, and is projected to produce 925,000 new jobs across the continent by 2030. Doubling funding to such a level would help the European Union "to become the most competitive and dynamic knowledge-based economy in the world," which is the Lisbon agenda. Frameworks tend to include information technology as a key component, and nano-materials and production technologies are expected to be a key element of FP7. Keeping funding at current levels is not enough because of today's obstacles and a desire to implement the Lisbon strategy. FP7 would also help make research efforts in the EU more cohesive.
    Click Here to View Full Article

  • "Address Policies"
    CircleID (05/09/05); Huston, Geoff

    In November 2005, the World Summit on the Information Society will convene to discuss a number of topics related to Internet governance and resource management that national delegations and other interested parties have been working on for several years, writes Geoff Huston, Telstra's chief scientist and the executive director of the Internet Architecture Board as well as a member of the APNIC Executive Committee. One topic that will receive attention at the summit will be address distribution policy, specifically the ITU-T's proposal to make the allocation of IP addresses a competitive process by establishing national IPv6 address registries. The November 2004 proposal, introduced by Houlin Zhao of the ITU-T, would allow the organization to assign new national IPv6 address registries to compete against the existing system of Regional Internet Registries (RIRs). Specifically, each nation would receive an IPv6 address block that matches the needs of its population, then establish a national registry framework for the block, set policies for address management, and have their address registries compete with the RIS system. This proposal could cause several potential problems, due in part to the ITU-T's apparent assumption that IPv6 addresses are not only a global, public resource, but also a critical, network resource with almost infinite capacity. These assumptions could lead to a variety of problems, including confusing and diluted addressing policies, address hoarding, and threats to routing integrity and security, the stability of IPv6, and the public's common interest in one network. Stakeholder communities will likely discuss and debate the ITU-T's proposal and these potential concerns at the World Summit in November.
    Click Here to View Full Article

  • "SIGGRAPH Animation Festival Hits High Notes"
    HPC Wire (05/06/05) Vol. 14, No. 18

    This year's SIGGRAPH Computer Animation Festival will focus on scientific visualization while the SIGGRAPH Papers segment features 98 papers accepted from a field of 461 submissions. The computer animation festival will show 67 pieces, including a strong international and student contribution, says festival chair Samuel Lord Black. The festival highlights scientific visualization this year, and a special outreach was made to garner more pieces from the scientific community. "Our industry's roots are in this field, and I have long thought that there should be a stronger scientific representation in the Animation Festival," says Black. The SIGGRAPH 2005 Art Gallery received a record number of submissions this year--1,100 pieces. The theme is "Threading Time," and the computer graphics pieces play upon the audience's perception of time and place, says art gallery chair Linda Lauro-Lazin. The core of the SIGGRAPH meeting is the research papers, which this year represents a full spectrum of what is happening in the computer graphics world ranging from physics simulation to advanced video processing. Finally, the SIGGRAPH 2005 Exhibition serves as a platform for 225 exhibitors--universities, startups, research labs, and leading companies--who come to showcase new products and technologies. SIGGRAPH 2005 takes place July 31-August 4, 2005, in Los Angeles.
    Click Here to View Full Article

    For more information, or to register for SIGGRAPH 05, visit http://www.siggraph.org/s2005/.

  • "The Dangers of a Stressed-Out, Overworked DNS"
    Business 2.0 (05/11/05); Malik, Om

    Top companies on the Internet are increasingly being plagued by domain name system (DNS) outages. One of the most notable examples of this occurred on May 7 when Google went offline for 15 minutes, leaving Gmail users and fans of Google News scrambling to find out what had happened. DNS outages have also hit Comcast and Telstra, but many other large companies have chosen to keep their outages a secret. The DNS was not intended for the complexities of modern usage, says Paul Mockapetris, Nominum's chief scientist. "The important thing here is that while we think of reliability in the network as a problem of failed circuits and switches, most networks are beyond that, and now services and algorithms represent single points of failure," says Mockapetris. The DNS gets very little attention, despite the fact that hackers can hijack domain names and launch denial-of-service attacks against DNS machines. By placing malicious code in the DNS cache, hackers can also create fake Web sites of financial sites to redirect users and steal their consumer information. Infoblox's Richard Kagan says new technologies such as third-generation wireless and voice over Internet Protocol will place additional levels of stress on the DNS.
    Click Here to View Full Article

  • "Instant Messaging Falls Prey to Worms"
    New Scientist (05/14/05) Vol. 186, No. 2499, P. 26; Biever, Celeste

    Instant messaging (IM) technology is fertile new ground for hackers, according to experts. In 2001, 141 million people were using IM applications, but that number has since grown to 863 million people, making IM-based hacks more appealing. Security experts had hoped that limited approved contact lists would hinder IM-based attacks, but now worms are increasingly targeting linked email accounts. Compared to 2004, security company IMlogic reports a significant increase in IM-based worms in the first three months of this year. Attacks often use an application programming interface to detect Microsoft IM networks and spread malicious messages that look as if they are coming from a friend. However, clicking on the link automatically downloads a virus, giving hackers remote control over victims' computers. Some hacks are sophisticated, with code trained to chat with victims prior to sending the malicious link, though the chat is often fragmented and illogical. "It always shocks me how well these social engineering attacks end up working," says Nicholas Weaver, a security expert at the International Computer Science Institute in Berkeley, California. Hackers are also targeting IM applications via application vulnerabilities. Analysts say email viruses are still a bigger threat, but they that IM attacks continue to grow in popularity, and are potentially more dangerous since organizations are less prepared to fight them off. Although an estimated 80 percent of the U.S.'s 1,000 wealthiest companies maintain IM networks, just 10 percent use IM security safeguards.
    Click Here to View Full Article

  • "School Studies Effects of Internet Attacks"
    eWeek (05/09/05) Vol. 22, No. 19, P. 18; Roberts, Paul F.

    Iowa State University is using a new test laboratory to train students and local security professionals on cyberattacks and cyber-defense. The Internet Simulation Event and Attack Generation Environment (ISEAGE) is designed to recreate a cyberattack on any part of the Internet infrastructure, according to Doug Jacobson, director of information assurance at the university in Ames. Funded by a $500,000 grant from the Department of Justice, ISEAGE is comprised of a 64-processor cluster connected by high-speed switching gear and linked to a central disk storage system running Free BSD Unix; each processor can recreate 50 routing points. The processors give researchers the flexibility to reproduce network attacks, while ISEAGE's software tools also enable them to change traffic patterns, replay attacks in different configurations, and collect data. "We can make an attack look like it came from 1,000 computers, but we don't need 1,000 computers to do it," says Jacobson. ISEAGE will be used to model attacks on key infrastructure in cyberspace, and could help improve computer defense and forensics.
    Click Here to View Full Article

  • "Black Boxes Capture Car-Crash Data, Controversy"
    EDN Magazine (05/12/05) P. 33; Webb, Warren

    Motor vehicle black boxes, or event-data recorders, are seen as a boon to many parties affected by car crashes. Event recording can be used by automobile manufacturers to assess system performance and vehicle design to make passengers safer; by insurance investigators to speed up accident investigations, identify fraudulent claims, and improve risk management; by emergency-medical teams to facilitate better service with automatic location alerts and resource prioritization based on crash severity; by researchers to analyze accident causes and how aging, substance abuse, and medical disabilities affect drivers; by governments to redesign troublesome roadways and enhance traffic infrastructure; and by the public to spread awareness of dangerous driving habits. Event recording is a natural fit for auto racing, although NASCAR's collection of such data is a fairly recent development. ACLU attorneys say most drivers are unaware of the event recorders' presence, and insist that disclosing the data the devices collect constitutes privacy infringement. However, courts have repeatedly sided with insurance firms and opposition lawyers demanding that such information be used as evidence. The National Highway Traffic Safety Administration reports that teenage drivers--16-year-olds especially--are much more likely to be involved in vehicle collisions than adults, and there is a black box from Road Safety International that sounds an alarm when the motorist is driving in an unsafe manner. Meanwhile, the IEEE's recently released Motor Vehicle Event Data Recorder standard specifies protocols for recorder-output data compatibility and export, supplies a glossary of data elements, and details device survivability. IEEE 1616 Working Group Chairman Thomas Kowalick argues, "The reason why this kind of technology must be standard on all vehicles is simply this: Motor-vehicle black boxes speak for the victims."
    Click Here to View Full Article

  • "Getting R&D Back on Track"
    Chief Executive (05/05) No. 208, P. 24; Brody, William R.

    The U.S. research community is shrinking away from the type of long-term research bets that created numerous industries, writes Johns Hopkins University President and Council on Competitiveness National Innovation Initiative co-chair William Brody. Though it has been well known that corporate research is steering away from basic research in favor of applied research and development, that pullback is also occurring in many areas of academic research due to the federal budget deficit. Physical and information sciences, engineering, and medical research are all suffering, and revitalizing those disciplines requires a stronger national collective will. The problem is that many people have forgotten the benefits of investing for long-term goals and instead are eager to realize results after only a few years. Using the idea of "patient capital," the United States could offer enhanced research and development tax credits, or begin more heavily taxing short-term capital gains for shareholders, including pension funds and endowments. Another suggestion is to fully fund the education of undergraduate and graduate studies in technical fields instead of only offering loans. High school math and science teachers whose students pass advanced placement tests should also be rewarded with modest financial incentives, which would help encourage excellence. Finally, federal funding needs to be increased, and concerted in grand challenges on a scale similar to the Apollo missions. Efficient alternatives to fossil-based fuel sources would be a good example.
    Click Here to View Full Article

  • "What CIOs Need From IT Schools"
    MIS (05/05); Tsang, Susan

    A corporate landscape with greater emphasis on technology is breeding demand for IT workers with strong business skills, but an October 2004 CIO Insight survey finds that most employers consider college graduates ill-prepared for the realities of business IT careers. Seventy-four percent of respondents cite a lack of project management skills among graduates, while 71 percent point to little readiness for business operations. Institutions such as Bangkok University and Singapore Management University's (SMU) School of Information Systems are taking steps to improve the business savvy of their graduates by retooling their curricula in consultation with the business world. SMU Dean Steven Miller says educational institutions must not just train students to be employable, but also equip them with skills for long-term career growth. Bangkok University offers students two courses of study--a traditional computer science program focusing exclusively on technical issues, and a composite major that includes business and legal courses. The school also practices close cooperation with Microsoft, Sybase, and other companies to incorporate subjects such as networks, Java programming, databases, and mobile devices into the curricula. SMU's undergraduate IT degree is split into three components: A technology, design, and applications component; a non-IT "second major" elective in fields that include finance, marketing, management, supply chain operations, sociology, and corporate communications; and a common core component that concentrates on improving students' reading and writing skills. Miller cautions that neither graduates nor their employers should think that undergraduate IT programs will give students real-world business experience, and says employees' survivability and potential for growth will depend on a flexible mindset and mentors within the workforce.
    Click Here to View Full Article

  • "Sultan of Sound"
    IEEE Spectrum (05/05); Perry, Tekla S.

    Many voice communications technologies in use today are indebted to the pioneering work of James L. Flanagan, who will receive the 2005 IEEE Medal of Honor for his contributions. As a researcher at Bell Labs, Flanagan investigated vocoders based on formant frequencies and developed an artificial larynx in the late 1950s. During the following decade his group helped jump-start the field of signal processing by making physical measurements of oscilloscope-generated waveforms and feeding them into a computer, which inspired Flanagan to measure the movements of vocal cords to compute the vocal source's spectral properties; this supported new computer models of interaction between vocal cords and the vocal tract in an early instance of model-based coding. In the 1970s, Flanagan developed an adaptive differential pulse-code modulation methodology that increased the efficiency of conventional digital telephone transmission 100 percent, and later devised sub-band coding to raise efficiency an additional 100 percent. His research team focused on efficient cell phone speech coding in the 1980s; challenges he sought to tackle included efficient music coding, and members of the team to which he assigned this problem later developed the MPEG-1 Layer 3 audio coding format. Flanagan also pursued automatic speech recognition. As director of Rutgers University's Center for Advanced Information Processing, Flanagan continued development of the Human Machine Network, a teleconferencing system that lets users set up phone calls and raise computer displays without using their hands; he also concentrated on computer-controlled microphone arrays that selectively focus on a small area for audio pickup, which some companies now employ for conference telephony, albeit in a streamlined version. Flanagan says his central area of research is multimodal exchange, which requires a formal language scheme.
    Click Here to View Full Article