Welcome to the April 9, 2014 edition of ACM TechNews, providing timely information for IT professionals three times a week.
Updated versions of the ACM TechNews mobile apps are available for Android phones and tablets (click here) and for iPhones (click here) and iPads (click here).
HEADLINES AT A GLANCE
Major Bug Called 'Heartbleed' Exposes Internet Data
The Washington Post (04/09/14) Lindsey Bever
Researchers at Google and Codenomicon say a security flaw dubbed Heartbleed has exposed millions of usernames, passwords, and potentially credit card numbers during the more than two years it went undetected. They say the flaw is particularly dangerous because it was found in OpenSSL software, which is used to secure at least 500,000 servers, and can access contents in a server's memory where private data is stored. Experts say Heartbleed could be the worst bug ever detected because it is embedded in code designed to keep servers secure. "We attacked ourselves from outside, without leaving a trace," write Codenomicon's researchers. "Without using any privileged information or credentials, we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails, and business critical documents and communication." Although companies now are scrambling to fix the bug, it is not clear how much damage has been done. “You should care about this because--whether you realize it or not--a hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL," says Johns Hopkins University professor Matthew Green. "And for better or for worse, industry's reliance on OpenSSL is only increasing."
Group Seeks to Align Curricula With Skills Needed in High-Demand Fields
The Chronicle of Higher Education (04/09/14) Katherine Mangan
The National STEM Consortium outlined a plan to offer five new training programs to colleges to close the gap between the skills employers need and those students are learning, at the annual meeting of the American Association of Community Colleges. The consortium has been allocated a $20-million grant from the U.S. Labor Department to develop the program, which initially will concentrate on composites, mechatronics, environmental technology, cybertechnology, and electric vehicle technology. The customizable curricula are freely available to colleges online, and the one-year certificate programs require full-time attendance from students and give preference to veterans. Under the program, students reacquaint themselves with math, reading, and computer skills as part of their technical courses. The National STEM Consortium sifts through the numerous industry credential specifications to create curricula incorporating specific skills that are highly valued across a wide range of companies. Faculty members developing the curricula tour factories and interview employers, while national and local governing boards check to ensure the skills being taught align with local businesses' requirements.
Technology's Man Problem
The New York Times (04/06/14) Claire Cain Miller
Feelings of being underrepresented and ostracized are common among women in technology fields such as computer engineering, and the issue of persuading more women to choose tech careers is problematic. In 2012, only 18 percent of computer-science college graduates were female, versus 37 percent in 1985, according to the National Center for Women & Information Technology. Harvard Business School research says more than half the women who join the computer engineering field exit by midcareer, and many computer engineering professionals blame this trend on a sexist, misogynist, alpha-male culture. The tech industry is concerned about the lack of female pros for several reasons, including a profound dearth of candidates to fill available computing jobs, as well as the limited appeal of industry products designed by men. "Women are increasingly consumers; they're not going to like products that don't work for them," warns Stanford University professor Londa Schiebinger. Google CEO Larry Page commented last year that prioritizing the recruitment of women will accelerate the rate of worldwide tech production by more than twofold. Making tech culture more amenable to women is an unsettled issue, and many stress the importance of hiring female engineers at a company's founding and including women in management and in all job interviews.
Stanford Computer Scientists Learn to Predict Which Photos Will Go Viral on Facebook
Stanford Report (CA) (04/03/14) Tom Abate
Stanford University researchers have developed a method for predicting which photos on Facebook will go viral. Their method involves studying cascades, the term used to describe photos or videos being shared multiple times. According to recent data provided by Facebook, only one in 20 photos posted on the social network gets shared even once, and just one in 4,000 gets more than 500 shares. The researchers were able to predict when a photo cascade would double in shares with 80-percent accuracy. The researchers began by analyzing 150,000 Facebook photos, each of which had been shared at least five times. The researchers initially found that, at any given point in a cascade, there was a 50-percent chance the number of shares would double. The researchers then looked for variables that might help them predict doubling events more accurately than a coin toss, including the rate and speed at which photos were shared, as well as the structure of sharing. The algorithm became more accurate the more times a photo was shared, as photos shared hundreds of times had an accuracy rate of 88 percent.
'Unbreakable' Security Codes Inspired by Nature
Lancaster University (04/03/14)
Scientists at Lancaster University have patented a new method of encrypting confidential information that was inspired by the time-varying nature of the cardio-respiratory coupling functions recently discovered in humans. The encryption method is based on a mathematical model of how the heart and lungs coordinate their rhythms by passing information between each other. "This promises an encryption scheme that is so nearly unbreakable that it will be equally unwelcome to Internet criminals and official eavesdroppers," says Lancaster's Peter McClintock. The approach offers an infinite number of choices for the secret encryption key shared between the sender and receiver, making it virtually impossible for hackers and eavesdroppers to crack the code. McClintock says the method also is resistant to interference from the random fluctuations or noise that affects all communications systems. Moreover, several different information streams can be sent simultaneously. The transmission capability would enable all digital devices in the home, for example, to operate on one encryption key instead of dozens of different ones.
Personal Touch Signature Makes Mobile Devices More Secure
Georgia Tech News Center (04/07/14) Jason Maderer
Georgia Institute of Technology researchers have developed LatentGesture, a computer security system that continuously monitors how a user taps and swipes a mobile device. If the movements do not match the owner's tendencies, the system recognizes the differences and can be programmed to lock the device. During testing, the researchers found the system was nearly 98-percent accurate on a smartphone and 97-percent correct on tablets. "The system learns a person's 'touch signature,' then constantly compares it to how the current user is interacting with the device," says Georgia Tech professor Polo Chau. To test the system, the researchers set up a virtual form with a list of tasks for 20 volunteers. LatentGesture tracked their tendencies and created a profile for each user. The researchers then designated one user's signature as the "owner" of the device and repeated the tests. LatentGesture successfully matched the owner and flagged everyone else as unauthorized users. The researchers say LatentGesture's biggest advantage is that it can be programmed to run continuously in the background.
Instrument Science Preps for Exascale Era
HPC Wire (04/03/14) Tiffany Trader
Computation Institute director Ian Foster presented a white paper at the recent Big Data and Extreme-scale Computing workshop in which he posited that data volumes and velocities in the experimental and observational science communities are in some instances exceeding Moore's law to such a degree that these communities will soon need exascale-class computational environments to be productive. He says integrating some of the analysis work into the scientific instruments themselves could "greatly expand the impact of exascale technologies." Foster, who received the ACM High-Performance Parallel and Distributed Computing Achievement Award in 2012, outlines a scenario in which the instruments are embedded within a simulation model where instrument output is used to direct experimentation, and under such conditions, "interesting" features can be flagged as data is being generated, and then that output is digested as the experiment is running, further maturing the simulation model. Foster cites three areas that tie in more directly to scientific knowledge, including knowledge management and fusion, rapid knowledge-based response, and human-centered science processes. "Computational simulations capture the best available, but imperfect, theoretical understanding of reality; data from instruments provide the best available, but imperfect, observations of reality," Foster notes. "Confronting one with the other can help advance knowledge in a variety of ways."
Hackers Lurking in Vents and Soda Machines
The New York Times (04/08/14) Nicole Perlroth
Companies are rushing to identify and close security flaws in unlikely places, because hackers are exploiting overlooked vulnerabilities in third-party access points ranging from online restaurant menus to soda machines to heating and cooling systems. "We constantly run into situations where outside service providers connected remotely have the keys to the castle," notes FlowTraq CEO Vincent Berk. Third-party negligence was responsible for 23 percent of data breaches, according to a 2013 Ponemon Institute survey. Security researchers say hackers often do not have to plan elaborate intrusions to take advantage of third-party vulnerabilities, since the management software of various devices links directly to corporate networks. "The beauty is no one is looking there," says Crowdstrike's George Kurtz. "So it's very easy for the adversary to hide in these places." Security researchers also say attackers frequently target vendors because they tend to run older, susceptible security systems, while the devices often have the security settings turned off by default. Experts say under ideal conditions, corporations should deploy networks so third-party systems cannot access sensitive data, and remotely monitor the networks with advanced passwords and technology capable of spotting suspicious traffic. However, detecting attacks also requires the presence of skilled security staff.
To Create a Pipeline of STEM Workers in Virginia, Program Starts With Littlest Learners
Capital Business (04/06/14) Sarah Halzack
SySTEMic Solutions aims to get young Northern Virginia students to become passionate about science, technology, engineering, and mathematics (STEM), and in doing so boost the region's future economy. A 2013 Brookings Institution study found that 27.1 percent of jobs in the Washington, D.C., area require STEM knowledge, which means STEM jobs comprise a larger share of positions in the region than in every other metropolitan area in the United States except Silicon Valley. Moreover, the Washington area is poised to add 50,000 net new STEM jobs between 2013 and 2018, according to George Mason University's Stephen S. Fuller. These trends have motivated SySTEMic Solutions to create a pipeline of STEM workers for Virginia, starting with elementary school children and working to keep them consistently interested in the subject matter until they finish school and enter the workforce. The program expects to have 40,000 students in the STEM pipeline by 2016. SySTEMic Solutions is a unified effort involving businesses, chambers of commerce, higher education, and K-12 schools, and its supporters say it can make a greater impact than a disparate group of well-intentioned but isolated programs. The curriculum is influenced by a task force of Northern Virginia Community College faculty, curriculum specialists from the school divisions, and volunteers from local companies.
A Rainy Day Can Ruin an Online Restaurant Review
Georgia Tech News Center (04/02/14) Jason Maderer
The weather is the biggest outside factor on whether an online restaurant review will be positive or negative, according to researchers at the Georgia Institute of Technology and Yahoo Labs. The team came to the conclusion after analyzing 1.1 million online reviews for 840,000 restaurants in more than 32,000 cities across the United States. They discovered that reviews written on rainy or snowy days, or very cold or hot days, are more negative than those written on nice days. Demographic factors such as neighborhood diversity, education levels, and population density also have a significant impact. For example, areas with higher education levels tend to have significantly more reviews, and restaurants in busy cities are not likely to get as many complaints about wait times. "Our findings could help consumers better understand online reviews and ratings and help review sites calibrate recommendations," says Georgia Tech professor Eric Gilbert. "Outside factors apparently introduce bias in online ratings of a highly reviewed restaurant in big cities compared to a similar place in a rural area."
Off the Shelf, on the Skin: Stick-On Electronic Patches for Health Monitoring
University of Illinois News Bureau (04/03/14) Liz Ahlberg
Researchers at the University of Illinois at Urbana-Champaign (UIUC) and Northwestern University have developed thin, soft, stick-on patches that stretch and move with the skin and incorporate commercial, off-the-shelf chip-based electronics for sophisticated wireless health monitoring. The researchers say the patches could be used for daily health tracking, wirelessly sending updates to a cellphone or computer, and could revolutionize clinical monitoring such as EKG and EEG testing. "What is very important about this device is it is wirelessly powered and can send high-quality data about the human body to a computer, in real time," says Northwestern professor Yonggang Huang. During testing, the researchers found the wireless patch performed as well as conventional sensors, while being significantly more comfortable for patients. "There's a lot of value in complementing this specialized strategy with our new concepts in microfluidics and origami interconnects to enable compatibility with commercial off-the-shelf parts for accelerated development, reduced costs, and expanded options in device types," says UIUC professor John A. Rogers. The researchers note the integrated sensing systems could monitor health and help identify problems before the patient is aware of them.
Syracuse Amps Up Research Computing With Network Upgrade
Campus Technology (04/01/14) Rhea Kelly
Syracuse University has upgraded its network backbone from 10 GB to 40 GB and increased connectivity from the backbone to campus buildings from 1 GB to 10 GB. The university embarked on the project to support the expansion of a computing grid that taps the processing power of idle desktop computers from campus offices and labs and channels it into data-intensive research computing operations. OrangeGrid now provides more than 10,000 central-processing unit cores to researchers for overnight processing, nearly double the processing power available a year ago. The computing grid's power has contributed to research in protein folding, number factoring, drug molecular modeling and simulation, and long timescale dynamics. Syracuse uses the Berkeley Open Infrastructure for Network Computing to contribute to public science projects when OrangeGrid's computing resources are not utilized locally. The network infrastructure upgrade also will benefit Syracuse's Academic Virtual Hosting Environment. The computing tool uses idle disaster recovery hardware resources to support smaller-scale research computing tasks in a customized cloud.
Data Mining Uncovers 19th Century Britain's Fat Habit
The Conversation (04/03/14)
The Trading Consequences project, which includes history and computer science researchers from the University of Edinburgh, York University, and the University of St Andrews, has produced new insight into the hunger for sugar, coffee, and rubber in the 19th century, as well as how fat became a worldwide commodity. The researchers used text mining to open up more than 200,000 historic documents to investigate the trading of goods since the 19th century. At the end of the 18th century, the British started importing different kinds of fat to supply the expanding soap, candle, margarine, and explosives industries. Text mining made it possible to identify links between commodities, locations, and dates to uncover how commodities were discussed in space and time. In addition, information visualization was used to make the information accessible and explorable. When the two techniques are combined, the researchers say they can build a picture of how trade developed over time, based on dates or places mentioned in the records of a trading company operating several hundred years ago. For example, a location cloud visualization provides an overview of the most frequent locations that were mentioned in relation to a selected commodity, such as coffee, which helps build an picture of how the coffee trade spread.
Abstract News © Copyright 2014 INFORMATION, INC.
To submit feedback about ACM TechNews, contact: [email protected]
Current ACM Members: Unsubscribe/Change your email subscription by logging in at myACM.