Welcome to the January 14, 2009 edition of ACM TechNews, providing timely information for IT professionals three times a week.
HEADLINES AT A GLANCE
How Do You Picture Yourself in a Virtual World?
University of Leicester (01/14/09)
The MOdelling Of SecondLife Environments (MOOSE) project is exploring the use of three-dimensional multi-user virtual environments for teaching digital photography in university courses. The University of Leicester's Beyond Distance Research Alliance is researching how groups of students can socialize and engage in virtual environments for more productive information and knowledge exchanges. Meanwhile, London South Bank University researchers have uncovered previously unknown perceptions of students' identity through avatars and are investigating how being known as an avatar affects group discussions and negotiations. Leicester's Matthew Wheeler says some students perceived missing body language and personal cues when communicating through an avatar. The lack of body language did not drastically affect the conversation because the students knew each other in real life and were able to identify each other based on the appearance of the avatar. Although universities are considering incorporating Second Life into their programs, the researchers say that many educators and students may find themselves lost in the virtual world. To create a usable virtual world, the MOOSE project will create a framework to encourage students' engagement and socialization in a virtual environment designed for learning, and build guidelines for developing students' transferable skills through Second Life.
Group Details 25 Most Dangerous Coding Errors Hackers Exploit
Computerworld (01/12/09) Vijayan, Jaikumar
A group of 35 high-profile organizations, including the U.S. Department of Homeland Security and the National Security Agency's Information Assurance Division, has released a list of the 25 most serious programming errors. The goal is to focus attention on dangerous software-development practices and ways to avoid those practices, according to officials at the SANS Institute, which coordinated the list's creation. Releasing the list is intended to give software buyers, developers, and training programs a tool to identify programming errors known to create serious security risks. The list will be adjusted as necessary to accommodate new or particularly dangerous programming errors that might arise. The list is divided into three classes. Nine errors on the list are categorized as insecure interactions between components, another nine are classified as risky resource management errors, and the rest are considered "porous defense" problems. The top two problems are improper input validation and improper output encoding errors, which are regularly made by numerous programmers and are believed to be responsible for the attacks that compromised hundreds of thousands of Web pages and databases in 2008. Other programming errors include a failure to preserve SQL query, Web page structures leading to SQL injection attacks, cross-site scripting vulnerabilities, buffer-overflow mistakes, and chatter error messages.
A Breakthrough in Imaging: Seeing a Virus in Three Dimensions
New York Times (01/13/09) P. D3; Markoff, John
IBM researchers have successfully captured a three-dimensional (3D) image of a virus for the first time. The researchers, based at IBM's Almaden Research Center, used magnetic resonance force microscopy (MRFM) to capture a 3D image of a tobacco mosaic virus with a spatial resolution down to four nanometers. MRFM uses an ultrasmall cantilever arm as a platform for specimens that are moved in and out of proximity of a tiny magnet. At extremely low temperatures, the researchers can measure the effect of the magnetic field on protons in the hydrogen atoms in the virus. By repeatedly switching the magnetic field, the researchers were able to cause a minute vibration in the cantilever arm, which was measured using a laser. Moving the virus through the magnetic field repeatedly allows a 3D image to be constructed from numerous two-dimensional samples. The researchers say the tool will help structural biologists working to unravel the structure and the interactions of proteins. MRFM will enable researchers to examine the proteins that make basic DNA structures and make images of interactions among biomolecules.
Voting Machine Audit Logs Raise More Questions About Lost Votes in CA Election
Wired News (01/13/09) Zetter, Kim
Computer audit logs, created by the Global Election Management System (GEMS) tabulation software from Premier Election Solutions, continue to raise questions about how the vote tabulation system lost ballots during the November U.S. election. The logs also raise doubts about the general reliability of voting system audit logs to record the events during an election and ensure the integrity of results. The logs are the focus of an investigation by California's secretary of state to determine why the GEMS tabulation system deleted 197 ballots from the tallies in Humboldt County during the November general election. However, instead of providing transparency into what occurred in the voting system, the GEMS logs have only further perplexed state investigators. Deputy secretary of state Lowell Finley says the logs are a foreign language to anyone other than a programmer, but University of Iowa computer scientist Doug Jones says the logs are no clearer to him. Jones says the audit logs could provide some assurances about an election if they were designed so a casual observer could understand them, but instead they are cryptic and obscure, destroying their value in terms of election transparency. The computer audit logs are supposed to track activity on a voting system to help officials investigate problems as they occur and ensure that no one tampers with the software. However, the GEMS logs do not provide a date or time stamp to indicate when events occurred, nor do they record when files are intentionally deleted from the system or unintentionally erased. Premier told state officials that a different log records deletions, but state officials were unable to find evidence of deletions in that log either.
Auto Gear-Change Bicycle: Computer Controlled Bicycle Gear Changes Optimize Power, Comfort
Researchers in the Department of Mechanical Engineering at National Defense University in Tashi, Taiwan, are developing a computer system for bicyclists that tells them when to change gears to optimize power while maintaining comfort. The researchers cite ergonomic studies that show cyclists can be in an optimum state while cycling with a fixed output power and peddling speed. The researchers developed an algorithm that provides cyclists with a gear shift strategy to maintain the optimal gear without sacrificing comfort. The algorithm, which has been tested in a simulation of a 12-speed bicycle, provides a gear-shifting sequence with minimal power losses and gear shifts. The algorithm will enable riders to operate the derailleur gearing system more easily, making riders more comfortable because they will be in the correct gear and shifting gears will be smoother. The researchers say the technology could eventually be extended to an entirely automatic mechanical gear-shifting system.
Government Spends Over $30 Million to Sharpen Cyber Security Saber
Network World (01/09/09)
The U.S. Defense Advanced Research Projects Agency recently named the major contractors that will develop the first phase of technologies aimed at dramatically improving cybersecurity as part of the $30 million National Cyber Range program. The projects will test a variety of technologies, including hot security systems that could modify or replace operating systems and kernels; local-area-network security tools and suites that could require modifying or replacing traditional network device operating systems; and new protocols that may replace portions or the entirety of today's protocol stacks. The projects also will research wide-area-network systems that operate on bandwidths currently not available commercially, and tactical networks that may include mobile ad hoc networks or maritime systems. The program's objectives include being able to offer the use of highly advanced test facilities, establishing an administration capable of certifying and accrediting new technology, and managing security and scheduling testing. "Addressing the vulnerabilities within our cyberinfrastructure must become our long-term national security and economic security priority," says U.S. Joint Interagency Cyber Task Force director Melissa Hathaway. "I don't believe that this is a single-year or even a multi-year investment--it's a multi-decade approach."
Internet Service Speed Is Fast-Track Issue for New Administration
Washington Post (01/13/09) P. D4; Kang, Cecilia
U.S. President-elect Barack Obama wants to provide everyone in the United States with access to high-speed Internet service and create thousands of jobs in the process, but experts are debating what qualifies as high-speed service. The Independent Telephone and Telecommunications Alliance says stimulus funding should be given to build networks in rural areas with speeds of 1.5 megabits per second (Mbps), which analysts say is not fast enough for high-quality video downloads or transferring other large files. The Communications Workers of America has called for incentives in rural and underserved areas to provide speeds of 3 Mbps, while members of the National Cable and Telecommunications Association have asked for incentives to help them extend their fastest service, which offers speeds of up to 50 Mbps. Groups such as the Public Knowledge and Free Press say that networks should not use stimulus funding for existing expansion plans, but instead the funding should be used to achieve Obama's goal of the "finest and most modern communications infrastructure in the world." Public interest groups say achieving that goal will require a stimulus plan with clear oversight that will encourage firms to build new networks that provide speeds as fast as those offered in better-connected nations such as Japan and South Korea. Public interest groups and some high-tech companies caution that simply calling for incremental upgrades that do not require significant rebuilds will not result in the creation of new jobs that Obama wants.
Pervasive Collaboration for Modern Business
ICT Results (01/12/09)
Researchers working on the European Union-funded inContext project have developed a software framework that could make virtual team organization far easier. The inContext project has created the pervasive collaboration service architecture (PCSA), a service-oriented architecture-based framework that uses mechanisms and algorithms to make business applications context aware and office coordination easier. Because inContext is designed as a service, anyone can use it, and it can be integrated into other software projects. PCSA also features autonomic computing technology, which enables it to identify specific types of emerging team interaction based on an analysis of previous interactions. "What is particularly unique about this project is that it focuses on the work of the team as a whole, and manages collaboration from that perspective; whereas efforts in the past have focused on the individual," says inContext project coordinator Schahram Dustdar. The project has developed services for managing short-messaging service, email, calendars, instant messaging, documents, scheduling, presence, location, and assignments. New elements can be added to the bundle of services as the need arises, allowing the system to grow over time.
Technology Review (01/12/09) Chu, Jennifer
Boston University researchers are developing an electronic sign language dictionary that will enable users to search for the definition of sign language gestures by demonstrating the gesture in front of a built-in camera. The technology could be used by parents of deaf children to better understand what their children are saying or by deaf people who want to use the Internet in their primary language. Boston University computer science professor Stan Sclaroff and linguistics professor Carol Neidle, who are developing the technology, say they hope to create a system that will allow anyone with a camera and an Internet connection to learn sign language and interact online using sign language. "This takes a lot of processing power, and trying to deal with sign language in different video qualities is very hard," says Georgia Institute of Technology Contextual Computing Group head Thad Starner, who is working on a sign language recognition system that uses sensors attached to gloves. To develop the system, Sclaroff and Neidle asked multiple signers to sign through 3,000 gestures in a studio equipped with four high-speed cameras, which were used to record front and side views and facial expressions. Neidle says smiles, frowns, and raised eyebrows are an understudied part of American Sign Language that could provide strong clues to a gesture's meaning. The signing sessions are analyzed to mark the start and finish of each sign and to identify key subgestures. Sclaroff uses that information to develop algorithms that can distinguish a signer's hand from the background and recognize hand position, shape, and movement patterns.
Operating on the Virtual Human
BBC News (01/12/09) Lever, Anna-Marie
Oxford University physiologist Peter Kohl believes surgeons will be using virtual reality to simulate alternative operations within 10 years. Computer models will enable surgeons to experiment on a virtual surgical table, discover the best way to proceed with a procedure, and also lead to faster operations. The Europe Union has been funding an effort to create biomedical models that simulate the human body structurally and functionally. "We have developed better tools to look at smaller parts of the puzzle in terms of structure and function," says Kohl, one of the principal investigators of the Virtual Physiological Human (VPH) initiative. "We now need to understand how the pieces interact with each other and the environment." Kohl acknowledges that some people will have their doubts about using a quantitative computer model to assess patients' surgical options. He says a thorough assessment of the computer predictions used for medical procedures will be needed to determine VPH's reliability.
Japan Researchers Unveil Robot Suit for Farmers
Agence France Presse (01/09/09)
Japanese researchers have developed a robot suit that assists farmers with harvesting. Researchers at the Tokyo University of Agriculture and Technology recently demonstrated the suit by having someone pull radishes from the ground and pick oranges from high branches. The robot suit has eight motors, 16 sensors, and weighs 55 pounds. Japan has an aging, shrinking farm industry, and the researchers believe the robot suit would help provide support for the leg muscles and joints of elderly farmers. "Human robotic technology is being applied to various industries but it has great potential in the agricultural industry, in which people have to bear a heavy burden," says professor Shigeki Toyama. Toyama says robotics will play an increasingly important role in farming, especially in Japan and Europe, where manual labor is costly and space is limited.
'Smart' Cameras Are Watching You
The Lantern (Ohio State University) (01/09/09) Gorder, Pam Frost
Ohio State University (OSU) researchers are developing a "smart" surveillance system that will be able to determine if a person on the street appears to be lost or is acting suspiciously. The goal is to create a network of smart video cameras that will allow officers to quickly and efficiently observe and monitor a wide area. "In my lab, we've always tried to develop technologies that would improve officers' situational awareness, and now we want to give that same kind of awareness to computers," says OSU professor James W. Davis. Davis says the goal is to analyze and model the behavior patterns of people and vehicles moving through a scene. "We are trying to automatically learn what typical activity patterns exist in the monitored area, and then have the system look for atypical patterns that may signal a person of interest," he says. The system will focus on where a person goes and what they do. The first algorithm expands the small field of view that traditional pan-tilt-zoom cameras provide by taking a series of snapshots from every direction within a camera's field of view and combining them into a 360-degree, high-resolution panorama. The operator can click anywhere on the picture and the camera will pan and tilt to that location for a live image. Another program will map locations onto an aerial map of the scene and then calculate where the view spaces of the security cameras overlap and determine the geo-referenced coordinates of each ground pixel in the panoramic image. A third program will use the aerial and panorama views for tracking people, which could be used to instruct a camera to follow specific people based on their behaviors.
DECT Cordless Phones No Longer Secure
Network World Canada (01/07/09) Judge, Peter; Meckbach, Greg
Researchers at the 25th Chaos Communications Congress in Berlin, Germany, recently demonstrated that they could eavesdrop on calls made using Digital Enhanced Cordless Telecommunications (DECT) wireless networks. "DECT really ought to be used for consumer applications and avoided by enterprises," says Info-Tech Research Group analyst Mark Tauschek. "Get rid of anything that you have that's based on DECT." The attack used a Linux laptop with a modified laptop card that can directly intercept calls and information, recording everything in a digital form. Even if encryption is turned on, the system can bypass it by pretending to be a base station that does not support encryption. Andreas Schuler, from the Dedected group, which demonstrated the attack, says if someone fakes being an unencrypted base station and DECT devices cannot get encryption to work, all the most popular phones will revert to unencrypted communications as the priority of manufacturers is interoperability not security. University of Luxembourg cryptographer and Dedected member Ralf-Philipp Weinmann says it is not clear whether the same method would work on debit card reading systems, since they may enforce the use of encryption or use higher level encryption such as secure sockets layer. Nevertheless, Tauschek says retailers that use wireless point-of-sale terminals should use a different standard that has better security features, such as the Advanced Encryption Standard.
Keeping Information Safe From Digital Spies
Daily Bruin (01/08/09) Bui, Sandy
As people become increasingly dependent on digital technology, security and privacy concerns will be growing issues for the next several decades, says Amit Sahai, the associate director of the Center for Information and Computation Security (CICS) at the University of California, Los Angeles (UCLA). UCLA professor Jens Palsberg predicts that 2009 will see an increasing number of headline stories on cyberterrorism, against both countries and multinational organizations. "More and more, people will wonder whether the increasing computerization of healthcare will make their most personal data be one cyberattack away from falling into the wrong hands," Palsberg says. "Pundits will call for the Obama administration to prepare the nation better for cyberattacks." Sahai notes that there have been some revolutionary breakthroughs in cybersecurity research in the past decade. CICS is developing new protective technologies, including functional encryption, biomedic-based encryptions, and reliable routing of the Internet. Sahai says functional encryption involves a sophisticated system in which multiple keys provide access to specific data. Artificial intelligence (AI), particularly machine learning, could potentially offer more secure systems that learn to automatically recognize patterns and objects, Sahai says. "In AI, traditionally these programs are usually trying to understand handwriting, or speech, or see objects like people or facial expressions," he says. "But in cybersecurity, some of the same ideas and algorithms can be used to identify viruses or spyware."
InfiniBand Goes the Distance
Campus Technology (01/08/09) Jackson, Joab
InfiniBand is better at transporting large data sets over long distances than high-speed TCP/IP, according to researchers at the Oak Ridge National Laboratory. An Energy Department team pitted InfiniBand connections against TCP/IP connections in a test of throughput over an 8,600-mile optical link. InfiniBand turned in an average throughput of 7.34 Gbps, while a tweaked high-throughput version of TCP, called HTCP, offered a peak throughput of 1.79 Gbps. The project was discussed in the paper "Wide-Area Performance Profiling of 10GigE and InfiniBand Technologies," which was presented at the recent SC08 conference. "The task of sustaining end-to-end throughput ... over thousands of miles still remains complex," the researchers wrote. InfiniBand "somewhat surprisingly offer[s] a potential alternate solution for wide-area data transport." High-performance computer systems often use InfiniBand interconnects, but the connections are not usually deployed to move large files over long distances.
Abstract News © Copyright 2009 INFORMATION, INC.
To submit feedback about ACM TechNews, contact: [email protected]
Change your Email Address for TechNews (log into myACM)