UMBC ebiquity

Archive for the 'GENERAL' Category

First Baltimore Hackathon, 19-21 Nov 2010

November 3rd, 2010, by Tim Finin, posted in Conferences, GENERAL, Technology

The First Baltimore Hackathon will take place on Friday and Saturday, November 19-20, 2010 at Beehive Baltimore, 2400 Boston St, on the 3rd floor of the Emerging Technology Center.

Come to build a hardware or software project — from idea to prototype — in a weekend either individually or as part of a team! While you are hacking, you’ll enjoy free food and coffee and be eligible to win prizes and awards! If you are interested, sign up and use the Baltimore Hackathon wiki to share ideas and build a team or to list yourself as available to join an existing team.

Check out the TechinBaltimore Google group for more information and discussion about the hackathon and related technology events in and around Baltimore.

The Maverick Meerkat is here

October 10th, 2010, by Krishnamurthy Viswanathan, posted in GENERAL

Today is the 10th day of the 10th month of year ’10. Canonical, today released Ubuntu 10.10 (Maverick Meerkat), sidestepping its usual Thursday release. Go to to give it a spin. As usual, you can download it for free and burn it on a CD. It has all the great features that we are used to, plus a couple of cool new ones. Remember that you can always use the ISO to try out all the features in the new release without installing it.

The new Ubiquity installer has been redesigned to be easier to use and it also installs drivers and download updates even as it is installing the OS.  Their new service, Ubuntu One offers 2 GB of free “personal cloud” space to users, and also provides sharing and syncing options . A beta for the Microsoft Windows client is set to begin soon.

The server edition of Ubuntu 10.10 is touted as “the default open-source choice for cloud computing.” You can also try Ubuntu 10.10 server on Amazon EC2 for an hour, free.

New Facebook Groups Considered Harmful

October 7th, 2010, by Tim Finin, posted in Facebook, Privacy, Security, Social, Social media

Facebook has rolled out a new version of groups announced on the Facebook blog.

“Until now, Facebook has made it easy to share with all of your friends or with everyone, but there hasn’t been a simple way to create and maintain a space for sharing with the small communities of people in your life, like your roommates, classmates, co-workers and family.

Today we’re announcing a completely overhauled, brand new version of Groups. It’s a simple way to stay up to date with small groups of your friends and to share things with only them in a private space. The default setting is Closed, which means only members see what’s going on in a group.”

There are three kinds of groups: open, closed and secret. Open groups have public membership listings and public content. Private ones have public membership but public but private content. For secret groups, both the membership and content are private.

A key part of the idea is that the group members collectively define who is in the group, spreading the work of setting up and maintaining the group over many people.

But a serious issue with the new Facebook group framework is that a member can unilaterally add any of their friends to a group. No confirmation is required by the person being added. This was raised as an issue by Jason Calacanis.

The constraint that one can only add Facebook friend to a group he belongs to does offer some protection against ending up in unwanted groups (e.g., by spammers). But it could still lead to problems. I could, for example, create a closed group named Crazy people who smell bad and add all of my friends without their consent. Since the group is not secret like this one, anyone can see who is in the group. Worse yet, I could then leave the group. (By the way, let me know if you want to join any of these groups).

While this might just be an annoying prank, it could spin out of control — what might happen if one of your so called friends adds you to the new, closed “Al-Queda lovers” group?

The good news is that this should be easy to fix. After all, Facebook does require confirmation for the friend relation and has a mechanism for recommending that friends like pages or try apps. Either mechanism would work for inviting others to join groups.

We have started working with a new group-centric secure information sharing model being developed by Ravi Sandhu and others as a foundation for better access and privacy contols in social media systems. It seems like a great match.

See update.

How the DC Internet voting pilot was hacked

October 6th, 2010, by Tim Finin, posted in cybersecurity, Security, Social

University of Michigan professor J. Alex Halderman explains how his research group compromised the Washington DC online voting pilot in his blog post, Hacking the D.C. Internet Voting Pilot.

“The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they’ve invited the public to evaluate the system’s security and usability. … Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots. In this post, I’ll describe what we did, how we did it, and what it means for Internet voting.”

The problem was a shell-injection vulnerability that involved the procedure used to upload absentee ballots. Halderman concludes

“The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We’ve found a number of other problems in the system, and everything we’ve seen suggests that the design is brittle: one small mistake can completely compromise its security. I described above how a small error in file-extension handling left the system open to exploitation. If this particular problem had not existed, I’m confident that we would have found another way to attack the system.”

Secret message in the Canadian Governor General coat of arms?

October 4th, 2010, by Tim Finin, posted in GENERAL

Personal coat of arms of David Johnson, Governor General of CanadaSlashdot highlights another mystery today — what’s the meaning of the binary sequence along the bottom of the personal coat of arms of David Johnston, Canada’s new Governor-General.

“As de facto head of state and the Queen’s representative in Canada he is required to design a personal coat of arms. One modern detail has attracted particular attention – a 33-digit palindromic binary stream at the base. Efforts to decode the meaning of the number using ASCII, Morse, grouping by 3/11 and other theories has so far come up empty (right now it’s a toss up between random, the phone number 683-077-0643 and Morse code for ‘send help – trapped in a coat of arms factory.’) Is 110010111001001010100100111010011 the combination to his luggage, or just a random stream of digits?”

Here’s a theory that I hope might be true. As an educator and former president of a university known for its strength in computer science, maybe he is trying to interest Canadian children in mathematics and computer science by giving them a an intriguing puzzle to work on.

Taintdroid catches Android apps that leak private user data

September 30th, 2010, by Tim Finin, posted in Mobile Computing, Privacy, Security, Social

Ars Technica has an an article on bad Android apps, Some Android apps caught covertly sending GPS data to advertisers.

“The results of a study conducted by researchers from Duke University, Penn State University, and Intel Labs have revealed that a significant number of popular Android applications transmit private user data to advertising networks without explicitly asking or informing the user. The researchers developed a piece of software called TaintDroid that uses dynamic taint analysis to detect and report when applications are sending potentially sensitive information to remote servers.

They used TaintDroid to test 30 popular free Android applications selected at random from the Android market and found that half were sending private information to advertising servers, including the user’s location and phone number. In some cases, they found that applications were relaying GPS coordinates to remote advertising network servers as frequently as every 30 seconds, even when not displaying advertisements. These findings raise concern about the extent to which mobile platforms can insulate users from unwanted invasions of privacy.”

TaintDroid is an experimental system that “analyses how private information is obtained and released by applications ‘downloaded’ to consumer phones”. A paper on the system will be presented at the 2010 USENIX Symposium on Operating Systems Design and Implementation later this month.

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, OSDI, October 2010.

The project, Realtime Privacy Monitoring on Smartphones has a good overview site with a FAQ and demo.

This is just one example of a rich and complex area full of trade-offs. We want our systems and devices to be smarter and to really understand us — our preferences, context, activities, interests, intentions, and pretty much everything short of our hopes and dreams. We then want them to use this knowledge to better serve us — selecting music, turing the ringer on and off, alerting us to relevant news, etc. Developing this technology is neither easy nor cheap and the developers have to profit from creating it. Extracting personal information that can be used or sold is one model — just as Google and others do to provide better ad placement on the Web.

Here’s a quote from the Ars Technical article that resonated with me.

“As Google says in its list of best practices that developers should adopt for data collection, providing users with easy access to a clear and unambiguous privacy policy is really important.”

We, and many others, are trying to prepare for the next step — when users can define their own privacy policies and these will be understood and enforced by their devices.

Banned Books Week

September 27th, 2010, by Krishnamurthy Viswanathan, posted in Books

The Banned Books Week (BBW) is an annual event that celebrates the “freedom to read”.  The campaign was started in 1982 and is held during the last week of September. The United States campaign, sponsored amongst others, by the American Library Association “highlights the benefits of free and open access to information while drawing attention to the harms of censorship by spotlighting actual or attempted bannings of books across the United States.” [1]

During this week, the Amnesty International directs attention to “the plight of individuals who are persecuted because of the writings that they produce, circulate or read”. [2]

The idea behind the event is to promote intellectual freedom: it encourages individuals to read books that have been challenged due to the unorthodox viewpoints expressed in these works of literature. Every year, the American Library Association’s Office for Intellectual Freedom records attempts by individuals and groups to ban books from libraries and classrooms. If you thought that censorship was a thing of the past, take a look at the Top Ten Most Frequently Challenged Books of 2009.  At-least 46 of the Radcliffe Publishing Course Top 100 Novels of the 20th Century have been targeted. The list includes acclaimed classics such as Catcher in the Rye, and To Kill a Mockingbird.

While some books are banned or restricted, a majority of them are not banned due to the efforts of librarians, booksellers, students, teachers, and the reading community at large. It is due to events like these that attention is drawn to the dangers of imposing restrictions on the availability of information in our world.

UMBC Linux Users Group Installfest, Fri 9/24/2010,The Commons

September 20th, 2010, by Tim Finin, posted in GENERAL

Got Linux? Let your computer know who is boss! The UMBC Linux Users Group (LUG) is holding a Linux Installfest from 10:30am to 4:30pm on Friday 24 September in the Main Street concourse of the UMBC Commons. Bring your computer and the LUG experts will help you install Linux on it in addition to your current operating system.

Proofiness: when mathematics turns to the dark side

September 18th, 2010, by Tim Finin, posted in GENERAL

This sounds like a book worth reading, Proofiness – The Dark Arts of Mathematical Deception by Charles Seife. It is reviewed in tomorrow’s New York Times — Fibbing With Numbers.

It goes without saying that what you learn in a book like this should only be used for defensive purposes. Do not turn to the Dark Side!

The book reminds me of the classic How to Lie with Statistics published in the 1950s.

What are the hottest areas for a career in IT?

September 7th, 2010, by Tim Finin, posted in AI, GENERAL

According to a recent post in the Microsoft Careers JobsBlog the top three hottest new majors for a career in technology are

  • Data Mining/Machine Learning/AI/Natural Language Processing
  • Business Intelligence/Competitive Intelligence
  • Analytics/Statistics, specifically Web Analytics, A/B Testing and
    statistical analysis

Happily these are all strengths of the IT programs at UMBC. In fact, we have placed a large number of graduates at leading edge technology companies in the past few years, including Microsoft, Google, Amazon, IBM, and Yahoo.

Middle-earth dictionary attack

August 24th, 2010, by Tim Finin, posted in Humor, Security

Middle-earth dictionary attack

Middle earth dictionary attack

Probability-based processor might speed AI applications

August 18th, 2010, by Tim Finin, posted in GENERAL, Semantic Web, Social media

Lyric Semiconductor LEC chipAnalog computers were a hot idea — in the 1950s! But I find this intriguing because I’ve come around to the position that a lot of our human “intelligence” is the result of acquiring and using probabilistic models. So supporting this in hardware might be a big win, especially for low-cost, low-power devices. It will also support lots of other common tasks in social computing, image processing and language technology.

Technology review has a short article, A New Kind of Microchip, on computer chip being developed by Lyric Semiconductor that process signals representing probabilities rather than digital bits.

“A computer chip that performs calculations using probabilities, instead of binary logic, could accelerate everything from online banking systems to the flash memory in smart phones and other gadgets. … And because that kind of math is at the core of many products, there are many potential applications. “To take one example, Amazon’s recommendations to you are based on probability,” says Vigoda. “Any time you buy [from] them, the fraud check on your credit card is also probability [based], and when they e-mail your confirmation, it passes through a spam filter that also uses probability.”

All those examples involve comparing different data to find the most likely fit. Implementing the math needed to do this is simpler with a chip that works with probabilities, says Vigoda, allowing smaller chips to do the same job at a faster rate. A processor that dramatically speeds up such probability-based calculations could find all kinds of uses.”

Lyric’s chip is called LEC and was developed with support from DARPA. It is 30 times smaller in size than current digital error correction technology according to Wired. Although small it yields “a Pentium’s worth of computation,” according to Lyric CEO Vigoda. His 2003 dissertation at MIT was on a related topic, Analog Logic: Continuous-Time Analog Circuits for Statistical Signal Processing.

You can also read about the LEC chip in a story in yesterday’s NYT, A Chip That Digests Data and Calculates the Odds.

You are currently browsing the archives for the GENERAL category.

  Home | Archive | Login | Feed