Association for Computing Machinery
Welcome to the December 31, 2008 edition of ACM TechNews, providing timely information for IT professionals three times a week.

Please Note: In observance of New Year's, TechNews will not publish on Friday, Jan. 2. Publication will resume Monday, Jan. 5.


Experts Uncover Weakness in Internet Security
Ecole Polytechnique Federale de Lausanne (12/30/08) Luy, Florence

Security researchers in Europe and California have discovered a vulnerability in the Internet digital certificate infrastructure that could allow attackers to forge certificates that are trusted by all common Web browsers. The weakness makes it possible to impersonate secure Web sites and email servers to perform undetectable phishing attacks. Whenever a small padlock appears in a browser window, the Web site being visited is secured using a digital certificate from a Certification Authority (CA). To ensure the certificate is authentic, the browser verifies the signature using cryptographic algorithms. The researchers discovered that one of these algorithms, known as MD5, can be misused. The first known flaw in the MD5 algorithm was presented in 2004 at the annual Crypto cryptography conference by Chinese researchers, who performed a collision attack and created two different messages with the same digital signature. The initial attack was severely limited, but a much stronger collision attack has been found by the European and California researchers. The new method proves it is possible to create a rogue CA that is trusted by all major Web browsers. A rogue CA, combined with a known vulnerability in the Domain Name System protocol, could allow attackers to launch virtually undetectable phishing attacks. The researchers say MD5 can no longer be trusted as a secure cryptographic algorithm for use in digital signatures and certificates. Arjen Lenstra, head of EPFL's Laboratory for Cryptologic Algorithms, says the developers of the major Internet browsers have been informed of the vulnerability.

First U.S. Technology Officer Will Have Hands Full
USA Today (12/30/08) P. 4A; Lawrence, Jill

U.S. President-elect Barack Obama has promised to appoint a U.S. chief technology officer (CTO), but there appears to be a disparity between the Obama transition team's view of what the officer's responsibilities are and what tech enthusiasts would like them to be. As defined on the transition team's Web site, the U.S. CTO will ensure that federal computer networks are secure and that agencies "use best-in-class technologies and share best practices." Others want the CTO to be an Internet evangelist who participates in every practical and policy aspect of government, accorded the same authority and influence as the White House national security adviser. Among the priorities suggested for the officer by scores of people on the site is making the Internet widely accessible and guaranteeing net neutrality, ensuring privacy, rethinking copyright law, and repealing the Patriot Act. Yochai Benkler of Harvard's Berkman Center for Internet and Society says two distinct jobs are being knotted together by the discussion of the CTO's responsibilities: Bringing the federal technology infrastructure up to speed and developing plans across all sectors to cultivate and sustain American technological preeminence in the 21st century. "A lot of people are projecting the second onto the first because there is so much thirst for something like the second," he says. The Obama administration has said that it is dedicated to using technology to share federal data and activities with citizens. Among Obama's campaign promises was the online placement of video and transcripts of agency meetings and the posting of non-emergency legislation on the White House site for five days of public comment prior to signing. Of more immediate concern to the tech community are issues such as the provision of broadband to U.S. citizens and U.S. households without Internet access.
View Full Article - May Require Free Registration | Return to Headlines

Writing the Web's Future in Numerous Languages
New York Times (12/31/08) P. B1; Sorid, Daniel

The globalization of the Web has inspired a wave of entrepreneurs looking to make the Internet more multi-lingual. For example, Indian engineer Ram Prakash Hanumanthappa has developed Quillpad, an online service for typing in 10 South Asian Languages. Users spell out words of local languages phonetically in Roman letters and the program converts them into the local-language script. Hanumanthappa notes that only about 10 percent of the Indian population speaks English proficiently, and even many college-educated Indians prefer to converse in their native tongues in everyday situations. "You've got to give them an opportunity to express themselves correctly, rather than make a fool out of themselves and forcing them to use English," he says. U.S. technology companies are spending millions of dollars building and developing foreign language Web sites and services. Yahoo! and Google have introduced more than a dozen services to encourage Web users in India to search, blog, chat, and learn in their native languages. Microsoft has built its Windows Live bundle of online consumer services in seven Indian languages. "Gone are the days in which you can launch a Web site in English and assume that readers from around the globe are going to look to you simply because of the content you’re providing," says JupiterResearch analyst Zia Daniell Wigder.

The 9 Hottest Skills for '09
Computerworld (12/30/08) Hoffman, Thomas

Even with a struggling economy and record unemployment, certain IT skills will be in high demand in the coming year. Programming and application development will be the most in-demand skills in 2009, concludes Computerworld's annual Forecast survey. For example, demand for SAP skills remains high because an increasing number of companies want to establish global ERP systems. Help desk and technical support are the second most in-demand skills, especially for people with a variety of technical expertise and customer-service abilities. Project managers with a strong track record also will be in high demand, particularly if they can demonstrate the ability to finish a project on time or under budget. The increasingly widespread use of voice, email, video, instant messaging, and other communications systems will keep networking skills in high demand as well, and network convergence projects will increase demand for workers with network security and data privacy skills. Demand for business intelligence specialists, including people with data mining, data warehousing, and data management knowledge, will be high due to the desire to be able to analyze customer and sales data. IT professionals with security skills also are needed, particularly for those with networking and wireless security skills. Web 2.0 skills also are in demand, thanks to the continuing expansion of business-to-business connections and the increasing use of social networking sites and applications in the corporate environment.

Internet Providers Move to Shape Broadband Push
Wall Street Journal (12/30/08) P. A3; Sharma, Amol

U.S. President-elect Barack Obama and Congressional lawmakers want to improve the quality and availability of high-speed Web access in the United States. Some of the issues under consideration include what speed Congress should define as broadband, and whether government money should be used only in areas that have no broadband access or if money should be used to subsidize upgrades to existing networks. Large cable operators want the FCC to increase its definition of broadband download speed to about five megabits per second, about 6.5 times as fast as the current definition. Internet service providers also want to receive incentives to build out next-generation services to underserved areas where there is only a single broadband provider or broadband is not widely available. Download speeds that qualify as next-generation broadband would probably be around 40 to 50 megabits per second, according to sources close to the discussion. Equipment manufacturers also would benefit from widespread network upgrades. Calix CEO Carl Russo says Congress should define broadband as 10 megabits per second so any networks built now will support any broadband-heavy applications that arise in the future, such as high-definition video. "Remember, you only get to do this once, so you want to build the widest highway possible," Russo says.

Wanted: More Science and Math Teachers in the US
Christian Science Monitor (12/29/08) P. 2; Teicher, Stacy

During the next decade U.S. schools are expected to need at least 200,000 new science and math teachers, and many districts already face shortages. In at least 10 states, fewer than six out of 10 middle school science teachers were certified when the Council of Chief School Officers complied a report last year. Recruiting people with an aptitude for science to teach in schools is difficult, and keeping them in school long enough to develop a talent for teaching also is challenging. Angelo Collins, executive director of the Knowles Science Teaching Foundation (KSTF), which offers fellowships for teachers in science and math, says schools are in desperate need of more qualified teachers, partially because of retirement, overcrowded classrooms, and people teaching out of their field. Programs that offer new teachers financial incentives, mentors, and access to other new teachers for advice have been highly successful, and could be available on a larger scale if U.S. President-elect Barack Obama successfully executes his education proposals. Obama wants 40,000 scholarships to draw undergraduates and professionals looking to change their careers into high-need schools, with a special emphasis on math and science education. In addition to tuition assistance and summer stipends, KSTF offers professional-development support for new teachers. Out of the 128 fellowships that KSTF has awarded since 2002, fewer than 20 individuals have left teaching, Collins says.

Making Digital Maps More Current and Accurate
ICT Results (12/26/08)

European researchers are developing methods for updating digital map systems and correcting errors and anomalies in existing map databases. The European Union-supported ActMAP project, for example, has developed a system for online, incremental updates of map databases using wireless technology. Meanwhile, FeedMAP, which is designed to work in a loop with ActMAP, uses data from cars on the road to correct errors in existing digital maps. When the roads do not match a digital map, the irregularities are automatically compiled into a report that is sent to roadside sensors and relayed to the digital map supplier. Verification of the irregularity is done by map centers and other information sources, says ERTICO's Maxime Flament. FeedMAP also could be used in advanced driver assistance systems (ADAS), including adaptive speed recommendations that advise drivers on speed limits in upcoming sections, and speed deviation detection to update recommendations based on driver behavior. "The complete FeedMAP/ActMAP loop of map data is the next cornerstone for map-based applications, such as navigation and ADAS safety," Flament says. BMW Research and Technology's Jan Loewenau says the various digital map projects build on existing automotive technology. "Automotive manufacturers already offer connected services in their vehicles, therefore the basic communication infrastructure is available for sending and receiving map data," he says.

Virtual World Research, Part 1: Place to Experiment
Linux Insider (12/30/08) Baker, Pam

University and government researchers are using virtual worlds to conduct research. "My general perspective is that virtual worlds are at least as real as many parts of the so-called real world," says National Science Foundation human-centered computing program director William Sims Bainbridge. Bainbridge recently held a scientific conference in a World of Warcraft (WoW) virtual world to discuss research in game worlds. None of the participants who attended the conference had to travel or buy any additional hardware, although newer members to WoW were unable to reach some areas due to their low virtual-character level. "Key advantages to virtual world experimentation include the ability to conduct research on sensitive issues, including ethical and even racial dilemmas," says Frost & Sullivan analyst Aimee M. Roberts. "Additionally, due to the nature of virtual worlds, experiments can be conducted with greater flexibility than those conducted in the real world." Research in the virtual world can include experiments that no longer can be ethically conducted in the real world. One such experiment is a modern adaptation of the controversial 1960s psychological experiment conducted by Stanley Milgram, which asked subjects to administer shocks of increasing voltage when an individual, who would fake being shocked, incorrectly recalled a pair of words. Another use of virtual world research is the Children's Memorial Hospital in Chicago's three-dimensional virtual hospital, which is used to practice emergency drills for real-life responses.

He Creates Ways of Seeing Information
Boston Globe (12/29/08) Baker, Billy

Computer scientist and mathematician Martin Wattenberg's data visualization research focuses on culturally significant data, ranging from the popularity of baby names to the history of edits on Wikipedia, to create illuminating images. Wattenberg's images will be displayed at the Museum of Modern Art in Boston, and will be the featured exhibition for a two-month installation on outdoor screens in Harvard Square as part of the Lumen Eclipse public art project. In 2002, Wattenberg became a founding member of IBM's Visual Communication Lab, and started exploring the emotional potential of data visualization. "Not all data is interesting," he says. "The art is pointing the telescope at the right set of data." When naming his second child, Wattenberg would propose names and his wife would find statistics on the popularity of those names on the Social Security Web site, which eventually led Wattenberg to create an interactive visualization for a baby-name book his wife wrote to chart name popularity over time. Wattenberg recently started working with an IBM colleague on two large public projects. Many Eyes is a Web site that allows users to upload data and create interactive visualizations to contribute to a cultural conversation. Fleshmap explores the relationship between the body and its visual and verbal representation.

UT-Arlington Project That Could Improve the Lives of Blind People Is Short $300,000
Star-Telegram (TX) (12/29/08) Trainor, Gene

Researchers from the University of Texas at Arlington, the University of Texas at San Antonio, and the Southwestern Medical Center have developed Intelligent Eyes, a wearable device that could help sight-impaired people navigate their environment. Intelligent Eyes is a system of cameras, computer chips, software, and audio equipment that could be built for about $100. The researchers say that its low cost could allow it to be widely used, but they need at least $300,000 to develop a demonstration model. Intelligent Eyes users wear glasses that contain a camera in each lens to replicate human eyes. The cameras send information to a digital signal processor in a device worn on the body, which contains software that processes data from the user's surroundings. The information is wirelessly sent to an earphone attached to the glasses, and a verbal description of the surroundings is provided for the user. UT-Arlington professor Jean Gao says the system can identify non-moving and major moving obstacles that most people encounter, such as other people, animals, and vehicles. The system also can tell the difference between a sedan and a SUV. However, it cannot identify some obstacles, such as a glass wall, so canes still would be needed. The current system is too bulky to be worn practically, so the researchers requested a $300,000 National Science Foundation grant to make the system slimmer, but were turned down. The researchers have since made some improvements to the device and plan to request a grant again early next year.

Cognitive Computing: Building a Machine that can Learn from Experience
University of Wisconsin-Madison (12/17/08) Smith, Susan Lampert

University of Wisconsin-Madison psychiatrist Giulio Tononi is working with scientists from Columbia University and IBM to develop software for a thinking computer, while nanotechnology and supercomputing experts from Cornell University, Stanford University, and the University of California-Merced are developing the hardware. The collaborative effort has been awarded a $4.9 million grant from the Defense Advanced Research Projects Agency for the first phase of DARPA's Systems of Neuromorphic Adaptive Plastic Scalable Electronics project. The goal is to create a computer capable of sorting multiple streams of changing data to find patterns and make logical decisions. The finished cognitive computer must also be no larger than the size of a small mammal's brain and use as little power as a 100-watt light bulb. Although the project draws inspiration from the brain's architecture and function, Tononi says that it not possible or desirable to recreate the entire structure of the brain down to the synapse level. "A lot of the work will be to determine what kinds of neurons are crucial and which ones we can do without," he says. Value and reward systems are important, and learning is crucial because a cognitive computer must be able to learn from experience. Tononi says the artificial brain will need to be able to change as it learns from experience, and the design will most likely convey information using electrical impulses modeled after the spiking neurons found in mammal brains.

Rowan Engineering Team Develops Facial Recognition Software
South Jersey Courier-Post (12/22/08)

Rowan University students have developed software that can read facial expressions. Jessica Dennis and Michael Ulrich used photos from the Japanese Female Facial Expression (JAFFE) Database to measure eyebrow height and width, mouth height and width, and other indicators such as how wide eyes open and jaw lines. "A computer can only deal with numbers," says Rowan professor Shreekanth Mandayam. "If you can get a small set of numbers that correspond, for instance, to a happy or angry expression, you can automate the program's decision-making process about future images it is shown." The students trained the software on the photos, then tested it using photos from JAFFE, photos of people at Rowan University, and other recognizable subjects. Dennis and Ulrich say the software has an overall 76.5 percent accuracy rate for recognizing expressions of anger, disgust, fear, happiness, neutrality, sadness, and surprise. They say the software has applications in human-computer interactions, face-image compression, synthetic-face animation, videoconferencing, and crowd control.

Cracking a Tough Nut for the Semiconductor Industry
NIST Tech Beat (12/23/08)

Modifying nanoindentation materials test equipment can help manufacturers determine the mechanical strength of the insulating films of high-performance integrated circuits. Researchers at the National Institute of Standards and Technology (NIST) have given the probe a sharper and more accurate point for pressing and then observing how much pressure it takes to deform materials. They also have used a new fracture mechanics model to account for indentation force, film thickness, film stress, and the elastic properties of the film and the silicon substrate. The approach has enabled the team to assess the fracture toughness as well as film thickness for spontaneous fracture. Insulating films have become more porous with nanoscale voids and fragile as integrated circuit features have gotten smaller, and the inability to measure resistance to fracture has had a negative impact on manufacturing yields and the reliability of devices. NIST says the technique should improve manufacturing, and the semiconductor industry will be able to use the method with current equipment.

Surviving the Exaflood
Economist Technology Quarterly (12/08) Vol. 389, No. 8609, P. 26

Experts, market research firms, and others have been sounding warnings about the Internet being overwhelmed by an ever-mounting load of online traffic, barring aggressive infrastructure expansions. Brett Swanson with the Progress and Freedom Foundation says that new technologies capable of producing very large volumes of traffic--video-sharing sites, online gaming, videoconferencing, and IPTV among them--are "swelling tributaries funneling into the exaflood." However, University of Minnesota computer scientist Andrew Odlyzko counters that the rate of online traffic growth actually appears to be on the wane rather than on the rise, as suggested by data collated by the Minnesota Internet Traffic Studies project. Odlyzko says Internet traffic more or less doubled annually until about five years ago, while today the growth rate is closer to 50 percent to 60 percent. He argues that too little Internet traffic growth may turn out to be a bigger threat to the industry than too much, as a continued decline will choke demand for faster connections from operators and new equipment from vendors. Although TeleGeography estimates that international traffic growth surpassed capacity growth for several years after 2002, the reverse was observed in 2007 and 2008 as investment accelerated. In the past couple of years significant investment has been committed to last-mile infrastructure throughout the world, which experts say further reduces the likelihood of an exaflood overload.

Keeping Track
Fraunhofer-Gesellschaft (12/08)

Researchers at the Fraunhofer Institute for Integrated Circuits IIS have collaborated with European partners on LocON, software that offers automatic gate-free access control for people, vehicles, and other objects at high-risk facilities such as an airport. LocON is designed to permanently locate all persons and objects by radio. "The security staff watches the entire airfield on a huge monitor," says Fraunhofer's Rene Dunkler. "LocON recognizes everything that moves on the airfield and is authorized to do so--in real time." LocON requires that all employees wear an electronic identity badge that transmits a radio signal of their location and identification to the platform, and vehicles, air freight containers, and other objects would be equipped with a tag that emits radio signals as well. The platform is able to process different types of radio positioning signals, including GPS and RFID, Dunkler says. LocON could be combined with video surveillance systems to provide an automatic comparison of motion profiles, such as those of people moving around aircrafts and fueling vehicles. A LocON pilot is slated for airports in Portugal.

Abstract News © Copyright 2008 INFORMATION, INC.
Powered by Information, Inc.

To submit feedback about ACM TechNews, contact: [email protected]

Change your Email Address for TechNews (log into myACM)