AI Art Modifier

AI Art Modifier — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

ClearForest

ClearForest was an Israeli software company that developed and marketed text analytics and text mining solutions. == History == Founded in 1998, ClearForest had its headquarters just outside Boston and a development center in Or Yehuda. The company was acquired by Reuters in April, 2007. It now markets its services under the names Calais, OpenCalais, and OneCalais. ClearForest was previously venture-backed; its last funding round was led by Greylock Ventures and closed in 2005. Other investors included DB Capital Partners, Pitango, Walden Israel, Booz Allen, JP Morgan Partners and HarbourVest Partners. On February 7, 2008 Reuters announced the launch of Open Calais, a named-entity recognition and semantic analysis service that uses ClearForest technology. On April 30, 2007, Reuters announced that it would acquire ClearForest. Sources estimate the acquisition to be for $25 Million. == Solutions and products == ClearForest offers several hosted solutions, including: OpenCalais, a free web service and open API (for commercial and non-commercial use) that performs named-entity recognition and enables automatic metadata generation using the ClearForest financial module. Semantic Web Services (SWS), an on-demand service that makes ClearForest's natural language processing tools available as a standard web service. A subset of ClearForest's capabilities is available via SWS at no cost. Gnosis, a free Firefox extension that uses SWS to analyze the content of a web page. Gnosis identifies named entities such as people, companies, organizations, geographies and products on the page being viewed. Gnosis also automatically processes pages from Wikipedia, providing additional links for people, geographies and other entities which were not explicitly linked within the subject article. Harvest, a real-time machine-readable news service that uses SWS to process a company's news and document feeds and return machine-readable information about people, companies, locations and over 200 other entities facts and events. ClearForest also offers Text Analytics solutions targeted at specific business problems, including: Equity valuation for hedge funds and alternative investments firms Metadata & database creation for publishers and information providers/services Tapping "voice of customer" for market and survey research firms Quality Early Warning for vehicle, capital equipment & durable goods manufacturers
Read more →
Ware report

Security Controls for Computer Systems, commonly called the Ware report, is a 1970 text by Willis Ware that was foundational in the field of computer security. == Development == A defense contractor in St. Louis, Missouri, had bought an IBM mainframe computer, which it was using for classified work on a fighter aircraft. To provide additional income, the contractor asked the Department of Defense (DoD) for permission to sell computer time on the mainframe to local businesses via remote terminals, while the classified work continued. At the time, the DoD did not have a policy to cover this. The DoD's Advanced Research Projects Agency (DARPA) asked Ware - a RAND employee - to chair a committee to examine and report on the feasibility of security controls for computer systems. The committee's report was a classified document given in January 1970 to the Defense Science Board (DSB), which had taken over the project from ARPA. After declassification, the report was published by RAND in October 1979. == Influence == The IEEE Computer Society said the report was widely circulated, and the IEEE Annals of the History of Computing said that it, together with Ware's 1967 Spring Joint Computer Conference session, marked the start of the field of computer security. The report influenced security certification standards and processes, especially in the banking and defense industries, where the report was instrumental in creating the Orange Book.
Read more →
Computer Dreams

Computer Dreams is a 1988 film created by Digital Vision Entertainment and released by MPI Home Video. Written, produced and directed by Geoffrey de Valois and hosted by Amanda Pays, it consists primarily of clips and behind-the-scenes work of early computer graphics animation. Notably included are Luxo Jr. and Red's Dream, the first two short films from Pixar. The film is an hour long and features an electronic score by Music Fantastic. It was revised and re-released on DVD as The History of Computer Animation, Volume 2. It won the Winner Gold Special Jury Award at the 1989 Houston International Film Festival, and the 1989 Golden Decade Award from the US Film & Video Festival. Music used includes: Gail Lennon - Desire, Gail Lennon - Like A Dream, Shandi Sinnamon - Making It,
Read more →
BeyondCorp

BeyondCorp is an implementation of zero-trust computer security concepts creating a zero trust network. It is created by Google. == Background == It was created in response to the 2009 Operation Aurora. An open source implementation inspired by Google's research paper on an access proxy is known as "transcend". Google documented its Zero Trust journey from 2014 to 2018 through a series of articles in the journal ;login:. Google called their ZT network "BeyondCorp". Google implemented a Zero Trust architecture on a large scale, and relied on user and device credentials, regardless of location. Data was encrypted and protected from managed devices. Unmanaged devices, such as BYOD, were not given access to the BeyondCorp resources. == Design and technology == BeyondCorp utilized a zero trust security model, which is a relatively new security model that it assumes that all devices and users are potentially compromised. This is in contrast to traditional security models, which rely on firewalls and other perimeter defenses to protect sensitive data. === Trust === The corporate network grants no inherent trust, and all internal apps are accessed via the BeyondCorp system, regardless of whether the user is in a Google office or working remotely. BeyondCorp is related to Zero Trust architecture as it implements a true Zero Trust network, where all access is granted on identity, device, and authentication, based on robust underlying device and identity data sources. BeyondCorp works by using a number of security policies including authentication, authorization, and access control to ensure that only authorized users can access corporate resources. Authentication verifies the identity of the user, authorization determines whether the user has permission to access the requested resource, and access control policies restrict what the user can do with the resource. ==== Trust Inferrer ==== One of the main components in BeyondCorp's implementation is the Trust Inferrer. The Trust Inferrer is a security component (typically software) that looks at information about a user's device, like a computer or phone, to decide how much it can be trusted to access certain resources like important company documents. The Trust Inferrer checks things like the security of the device, whether it has the right software installed, and if it belongs to an authorized user. Based on all this information, the Trust Inferrer decides what the device can access and what it can't. === Security mechanisms === Unlike traditional VPNs, BeyondCorp's access policies are based on information about a device, its state, and its associated user. BeyondCorp considers both internal networks and external networks to be completely untrusted, and gates access to applications by dynamically asserting and enforcing levels, or “tiers,” of access. === Device Inventory Database === BeyondCorp utilized a Device Inventory Database and Device Identity that uniquely identifies a device through a digital certificate. Any changes to the device are recorded in the Device Inventory Database. The certificate is used to uniquely identify a device; however, additional information is required to grant access privileges to a resource. === Access Control Engine === Another important component of BeyondCorp's implementation is the Access Control Engine. Think of this as the brain of the Zero Trust architecture. The Access Control Engine is like a traffic cop standing at an intersection. Its job is to make sure that only authorized devices and users are allowed to access specific resources (like files or applications) on the network. It checks the access policy (the rules that say who can access what), the device's state (like whether it has the right software updates or security settings), and the resources being requested. Then it makes a decision on whether to grant or deny access based on all of this information. It helps ensure that only the right people and devices are allowed access to the network, which helps keep things secure. The Access Control Engine utilizes the output from the Trust Inferrer and other data that is fed into its system. == Usage == One of the first things Google did to implement a Zero Trust architecture was to capture and analyze network traffic. The purpose of analyzing the traffic was to build a baseline of what typical network traffic looked like. In doing so, BeyondCorp also discovered unusual, unexpected, and unauthorized traffic. This was very useful because it gave the BeyondCorp engineers critical information that assisted them in reengineering the system in a secure manner. Some of the benefits BeyondCorp realized by adopting a Zero Trust architecture include the ability to allow their employees to work securely from any location. It reduces the risk of data breaches since data and applications are protected and users and devices are constantly being verified. The Zero Trust architecture is scalable and can be adapted to the changing needs of the businesses and their users. Especially relevant in today's work-from-home era, BeyondCorp allows employees to access enterprise resources securely from any location, without the need for traditional VPNs.
Read more →
Wrike

Wrike, Inc. is an American project management application service provider based in San Jose, California. Wrike also has offices in India, Dallas, Tallinn, Nicosia, Dublin, Tokyo, Melbourne, and Prague. == History == Wrike was founded in 2006 by Andrew Filev. Currently CEO at Wrike is Thomas Scott. Filev initially self-funded the company before later obtaining investor funding. Wrike released the beta version of its software (also called Wrike) in December 2006. The company then launched a new "Enterprise" platform in December 2013. In June 2015, Wrike announced the opening of an office in Dublin, Ireland and in 2016, Wrike launched a datacenter there to host data in compliance with local privacy regulations. In July 2016, Wrike announced the launch of Wrike for Marketers. That same year, Wrike's headquarters moved from Mountain View to San Jose, California. In January 2021, Citrix Systems announced its intention to acquire Wrike for $2.25 billion. The acquisition closed in March 2021. On January 31, 2022, it was announced that Citrix had been acquired in a $16.5 billion deal by affiliates of Vista Equity Partners and Evergreen Coast Capital. Citrix would merge with TIBCO Software, a Vista portfolio company to form Cloud Software Group (CSG). In September 2022, Wrike separated from Citrix Systems. In July 2023, Vista transferred ownership to Symphony Technology Group. == Investments == Wrike received $1 million in Angel funding in 2012 from TMT Investments. In October, 2013, Wrike secured $10 million in investment funding from Bain Capital. In May 2015, the company secured $15 million in a new round of funding. Investors included Scale Venture Partners, DCM Ventures, and Bain Capital. At that time, Wrike had 8,000 customers, 200 employees, and 30,000 new users each month. On November 29, 2018, Wrike signed a definitive agreement to receive a majority investment by Vista Equity Partners (“Vista”), a firm focused on software, data and technology-enabled businesses. == Software == The Wrike project management software is a Software-as-a-Service (SaaS) product with tools for managing projects, deadlines, schedules, and workflow processes. It includes collaboration features. The application is available in English, French, Spanish, German, Portuguese, Italian, Japanese and Russian. Wrike has triggers for task automation in workflow management. === Features === Wrike features a multi-pane UI and consists of features in two categories: project management, and team collaboration. According to Wrike, project management features are designed to help teams track dates and dependencies associated with projects, manage assignments and resources, and track time. These include an interactive Gantt chart, a workload view, and a sortable table that can be customized to store project data. The software includes a co-editing tool, discussion threads on tasks, and tools for attaching documents, editing them, and tracking their changes. Wrike uses an "inbox" feature and browser notifications to alert users of updates from their colleagues and dashboards for quick overviews of pending tasks. These updates are also available in Wrike's mobile apps on iOS and Android. Wrike has an optional feature set called "Wrike for Marketers" which has several tools for managing marketing workflows. In May 2012, Wrike announced the launch of a freemium version of its software for teams of up to 5 users. That year also saw the integration of a live text coeditor into its workspace to unify collaboration and task management. In late 2013 Wrike released a new feature set called Wrike Enterprise which included advanced analytics and other tools targeted at large business customers. Since then it has released several major updates to Wrike Enterprise, including a customizable spreadsheet called "Dynamic Platform" in late 2014 and custom workflows for teams in 2015. In July 2016, Wrike was updated with a set of add-on features under the name "Wrike for Marketers," which includes integrations with Adobe Photoshop, a tool for submitting requests, and proofing and approval tools for creative assets like videos and images. Wrike is available as native Android and iOS apps. Mobile apps include an interactive Gantt chart that syncs across devices. The apps are available offline, and sync when connection is restored. === Criticism === Critics said new users may have a learning curve with complex features. Wrike has 2,710 customers for an estimated 0.04% market share. Competitors include Google Workspace, Slack (software), and Quip (software).
Read more →
Microsoft Support Diagnostic Tool

The Microsoft Support Diagnostic Tool (MSDT) is a legacy service in Microsoft Windows that allows Microsoft technical support agents to analyze diagnostic data remotely for troubleshooting purposes. In April 2022 it was observed to have a security vulnerability that allowed remote code execution which was being exploited to attack computers in Russia and Belarus, and later against the Tibetan government in exile. Microsoft advised a temporary workaround of disabling the MSDT by editing the Windows registry. == Use == When contacting support the user is told to run MSDT and given a unique "passkey" which they enter. They are also given an "incident number" to uniquely identify their case. The MSDT can also be run offline which will generate a .CAB file which can be uploaded from a computer with an internet connection. == Security vulnerabilities == === Follina === Follina is the name given to a remote code execution (RCE) vulnerability, a type of arbitrary code execution (ACE) exploit, in the Microsoft Support Diagnostic Tool (MSDT) which was first widely publicized on May 27, 2022, by a security research group called Nao Sec. This exploit allows a remote attacker to use a Microsoft Office document template to execute code via MSDT. This works by exploiting the ability of Microsoft Office document templates to download additional content from a remote server. If the size of the downloaded content is large enough it causes a buffer overflow allowing a payload of Powershell code to be executed without explicit notification to the user. On May 30 Microsoft issued CVE-2022-30190 with guidance that users should disable MSDT. Malicious actors have been observed exploiting the bug to attack computers in Russia and Belarus since April, and it is believed Chinese state actors had been exploiting it to attack the Tibetan government in exile based in India. Microsoft patched this vulnerability in its June 2022 patches. === DogWalk === The DogWalk vulnerability is a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). It was first reported in January 2020, but Microsoft initially did not consider it to be a security issue. However, the vulnerability was later exploited in the wild, and Microsoft released a patch for it in August 2022. The vulnerability is caused by a path traversal vulnerability in the sdiageng.dll library. This vulnerability allows an attacker to trick a victim into opening a malicious diagcab file, which is a type of Windows cabinet file that is used to store support files. When the diagcab file is opened, it triggers the MSDT tool, which then executes the malicious code. Originally discovered by Mitja Kolsek, the DogWalk vulnerability is caused by a path traversal vulnerability in the sdiageng.dll library. This vulnerability allows an attacker to trick a victim into opening a malicious diagcab file, which is a type of Windows cabinet file that is used to store support files. When the diagcab file is opened, it triggers the MSDT tool, which then executes the malicious code. The vulnerability is exploited by creating a malicious diagcab file that contains a specially crafted path. This path contains a sequence of characters that is designed to exploit the path traversal vulnerability in the sdiageng.dll library. When the diagcab file is opened, the MSDT tool will attempt to follow the path. However, the path will contain characters that are not valid for a Windows path. This will cause the MSDT tool to crash. When the MSDT tool crashes, it will generate a memory dump. This memory dump will contain the malicious code that was executed by the MSDT tool. The attacker can then use this memory dump to extract the malicious code and execute it on their own computer. == Retirement == Microsoft will no longer be supporting the Windows legacy inbox Troubleshooters. In 2025, Microsoft will remove the MSDT platform entirely. Get Help is the replacement tool. == Windows versions == Windows 7 Windows 8.1 Windows 10 Windows 11 (up to 22H2) Future versions and feature upgrades will deprecate the MSDT after May 23, 2023.
Read more →
NIS2 Directive

The Directive (EU) 2022/2555, commonly known as NIS2 is a directive of the European Union aimed at protecting digital infrastructure, in particular critical infrastructure. It broadened the sectors covered by EU network and information security rules and updated incident reporting and oversight compared to the NIS1. Member States were required to transpose NIS2 by 17 October 2024, and the earlier NIS Directive was repealed on 18 October 2024. Only 23 Member States have fully implemented the measures contained with the NIS Directive. Infringement proceedings against them to enforce the Directive have not taken place, and they are not expected to take place in the near future. This failed implementation has led to the fragmentation of cybersecurity capabilities across the EU, with differing standards, incident reporting requirements and enforcement requirements being implemented in different Member States. From the EFTA countries (to April 2026) only Liechtenstein has fully transposed the NIS2 Directive. While the EFTA commission is conducting preparations to transpose the directive into its legislation. == National implementations == === Czech Republic === It is implemented through the Act No. 264/2025 Coll. also called Zákon o kybernetické bezpečnosti (Cybersecurity law) and through another five implementing regulations. The transposing legislation came into force on November 1st, 2025. === Germany === It is implemented through the Gesetz zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung. === Ireland === It is implemented through the National Cyber Security Bill. === The Netherlands === It is implemented through the Cyberbeveiligingswet (Cbw). === Slovakia === It is implemented through via an amendment of the Act No. 69/2018 Coll. also called Zákon o kybernetickej bezpečnosti a o zmene a doplnení niektorých zákonov (Law on Cybersecurity and change and amendment of certain laws). It came into force on November 1st, 2025. === Spain === It is implemented through the Esquema Nacional de Seguridad (ENS).
Read more →
The Visualization Handbook

The Visualization Handbook is a textbook by Charles D. Hansen and Christopher R. Johnson that serves as a survey of the field of scientific visualization by presenting the basic concepts and algorithms in addition to a current review of visualization research topics and tools. It is commonly used as a textbook for scientific visualization graduate courses. It is also commonly cited as a reference for scientific visualization and computer graphics in published papers, with almost 500 citations documented on Google Scholar. == Table of Contents == PART I - Introduction Overview of Visualization - William J. Schroeder and Kenneth M. Martin PART II - Scalar Field Visualization: Isosurfaces Accelerated Isosurface Extraction Approaches -Yarden Livnat Time-Dependent Isosurface Extraction - Han-Wei Shen Optimal Isosurface Extraction - Paolo Cignoni, Claudio Montani, Robert Scopigno, and Enrico Puppo Isosurface Extraction Using Extrema Graphs - Takayuki Itoh and Koji Koyamada Isosurfaces and Level-Sets - Ross Whitaker PART III - Scalar Field Visualization: Volume Rendering Overview of Volume Rendering - Arie E. Kaufman and Klaus Mueller Volume Rendering Using Splatting - Roger Crawfis, Daqing Xue, and Caixia Zhang Multidimensional Transfer Functions for Volume Rendering - Joe Kniss, Gordon Kindlmann, and Charles D. Hansen Pre-Integrated Volume Rendering - Martin Kraus and Thomas Ertl Hardware-Accelerated Volume Rendering - Hanspeter Pfister PART IV - Vector Field Visualization Overview of Flow Visualization - Daniel Weiskopf and Gordon Erlebacher Flow Textures: High-Resolution Flow Visualization - Gordon Erlebacher, Bruno Jobard, and Daniel Weiskopf Detection and Visualization of Vortices - Ming Jiang, Raghu Machiraju, and David Thompson PART V - Tensor Field Visualization Oriented Tensor Reconstruction - Leonid Zhukov and Alan H. Barr Diffusion Tensor MRI Visualization - Song Zhang, David Laidlaw, and Gordon Kindlmann Topological Methods for Flow Visualization - Gerik Scheuermann and Xavier Tricoche PART VI - Geometric Modeling for Visualization 3D Mesh Compression - Jarek Rossignac Variational Modeling Methods for Visualization - Hans Hagen and Ingrid Hotz Model Simplification - Jonathan D. Cohen and Dinesh Manocha PART VII - Virtual Environments for Visualization Direct Manipulation in Virtual Reality - Steve Bryson The Visual Haptic Workbench - Milan Ikits and J. Dean Brederson Virtual Geographic Information Systems - William Ribarsky Visualization Using Virtual Reality - R. Bowen Loftin, Jim X. Chen, and Larry Rosenblum PART VIII - Large-Scale Data Visualization Desktop Delivery: Access to Large Datasets - Philip D. Heermann and Constantine Pavlakos Techniques for Visualizing Time-Varying Volume Data - Kwan-Liu Ma and Eric B. Lum Large-Scale Data Visualization and Rendering: A Problem-Driven Approach - Patrick McCormick and James Ahrens Issues and Architectures in Large-Scale Data Visualization - Constantine Pavlakos and Philip D. Heermann Consuming Network Bandwidth with Visapult - Wes Bethel and John Shalf PART IX - Visualization Software and Frameworks The Visualization Toolkit - William J. Schroeder and Kenneth M. Martin Visualization in the SCIRun Problem-Solving Environment - David M. Weinstein, Steven Parker, Jenny Simpson, Kurt Zimmerman, and Greg M. Jones Numerical Algorithms Group IRIS Explorer - Jeremy Walton AVS and AVS/Express - Jean M. Favre and Mario Valle Vis5D, Cave5D, and VisAD - Bill Hibbard Visualization with AVS - W. T. Hewitt, Nigel W. John, Matthew D. Cooper, K. Yien Kwok, George W. Leaver, Joanna M. Leng, Paul G. Lever, Mary J. McDerby, James S. Perrin, Mark Riding, I. Ari Sadarjoen, Tobias M. Schiebeck, and Colin C. Venters ParaView: An End-User Tool for Large-Data Visualization - James Ahrens, Berk Geveci, and Charles Law The Insight Toolkit: An Open-Source Initiative in Data Segmentation and Registration - Terry S. Yoo amira: A Highly Interactive System for Visual Data Analysis - Detlev Stalling, Malte Westerhoff, and Hans-Christian Hege PART X - Perceptual Issues in Visualization Extending Visualization to Perceptualization: The Importance of Perception in Effective Communication of Information - David S. Ebert Art and Science in Visualization - Victoria Interrante Exploiting Human Visual Perception in Visualization - Alan Chalmers and Kirsten Cater PART XI - Selected Topics and Applications Scalable Network Visualization - Stephen G. Eick Visual Data-Mining Techniques - Daniel A. Keim, Mike Sips, and Mihael Ankerst Visualization in Weather and Climate Research - Don Middleton, Tim Scheitlin, and Bob Wilhelmson Painting and Visualization - Robert M. Kirby, Daniel F. Keefe, and David Laidlaw Visualization and Natural Control Systems for Microscopy - Russell M. Taylor II, David Borland, Frederick P. Brooks, Jr., Mike Falvo, Kevin Jeffay, Gail Jones, David Marshburn, Stergios J. Papadakis, Lu-Chang Qin, Adam Seeger, F. Donelson Smith, Dianne Sonnenwald, Richard Superfine, Sean Washburn, Chris Weigle, Mary Whitton, Leandra Vicci, Martin Guthold, Tom Hudson, Philip Williams, and Warren Robinett Visualization for Computational Accelerator Physics - Kwan-Liu Ma, Greg Schussman, and Brett Wilson
Read more →
Inferential theory of learning

Inferential Theory of Learning (ITL) is an area of machine learning which describes inferential processes performed by learning agents. ITL has been continuously developed by Ryszard S. Michalski, starting in the 1980s. The first known publication of ITL was in 1983. In the ITL learning process is viewed as a search (inference) through hypotheses space guided by a specific goal. The results of learning need to be stored. Stored information will later be used by the learner for future inferences. Inferences are split into multiple categories including conclusive, deduction, and induction. In order for an inference to be considered complete it was required that all categories must be taken into account. This is how the ITL varies from other machine learning theories like Computational Learning Theory and Statistical Learning Theory; which both use singular forms of inference. == Usage == The most relevant published usage of ITL was in scientific journal published in 2012 and used ITL as a way to describe how agent-based learning works. According to the journal "The Inferential Theory of Learning (ITL) provides an elegant way of describing learning processes by agents".
Read more →
CPU modes

CPU modes (also called processor modes, CPU states, CPU privilege levels and other names) are operating modes for the central processing unit of most computer architectures that place restrictions on the type and scope of operations that can be performed by instructions being executed by the CPU. For example, this design allows an operating system to run with more privileges than application software by running the operating systems and applications in different modes. Ideally, only highly trusted kernel code is allowed to execute in the unrestricted mode; everything else (including non-supervisory portions of the operating system) runs in a restricted mode and must use a system call (via interrupt) to request the kernel perform on its behalf any operation that could damage or compromise the system, making it impossible for untrusted programs to alter or damage other programs (or the computing system itself). Device drivers are designed to be part of the kernel due to the need for frequent I/O access. Multiple modes can be implemented, e.g. allowing a hypervisor to run multiple operating system supervisors beneath it, which is the basic design of many virtual machine systems available today. == Mode types == The unrestricted mode is often called kernel mode, but many other designations exist (master mode, supervisor mode, privileged mode, etc.). Restricted modes are usually referred to as user modes, but are also known by many other names (slave mode, problem state, etc.). Hypervisor Hypervisor mode is used to support virtualization, allowing the simultaneous operation of multiple operating systems. Kernel and user In kernel mode, the CPU may perform any operation allowed by its architecture; any instruction may be executed, any I/O operation initiated, any area of memory accessed, and so on. In the other CPU modes, certain restrictions on CPU operations are enforced by the hardware. Typically, certain instructions are not permitted (especially those—including I/O operations—that could alter the global state of the machine), some memory areas cannot be accessed, etc. User-mode capabilities of the CPU are typically a subset of those available in kernel mode, but in some cases, such as hardware emulation of non-native architectures, they may be significantly different from those available in standard kernel mode. Some CPU architectures support more modes than those, often with a hierarchy of privileges. These architectures are often said to have ring-based security, wherein the hierarchy of privileges resembles a set of concentric rings, with the kernel mode in the center. Multics hardware was the first significant implementation of ring security, but many other hardware platforms have been designed along similar lines, including the Intel 80286 protected mode, and the IA-64 as well, though it is referred to by a different name in these cases. Mode protection may extend to resources beyond the CPU hardware itself. Hardware registers track the current operating mode of the CPU, but additional virtual-memory registers, page-table entries, and other data may track mode identifiers for other resources. For example, a CPU may be operating in Ring 0 as indicated by a status word in the CPU itself, but every access to memory may additionally be validated against a separate ring number for the virtual-memory segment targeted by the access, and/or against a ring number for the physical page (if any) being targeted. This has been demonstrated with the PSP handheld system. Hardware that meets the Popek and Goldberg virtualization requirements makes writing software to efficiently support a virtual machine much simpler. Such a system can run software that "believes" it is running in supervisor mode, but is actually running in user mode. == Architectures == Several computer systems introduced in the 1960s, such as the IBM System/360, DEC PDP-6/PDP-10, the GE-600/Honeywell 6000 series, and the Burroughs B5000 series and B6500 series, support two CPU modes; a mode that grants full privileges to code running in that mode, and a mode that prevents direct access to input/output devices and some other hardware facilities to code running in that mode. The first mode is referred to by names such as supervisor state (System/360), executive mode (PDP-6/PDP-10), master mode (GE-600 series), control mode (B5000 series), and control state (B6500 series). The second mode is referred to by names such as problem state (System/360), user mode (PDP-6/PDP-10), slave mode (GE-600 series), and normal state (B6500 series); there are multiple non-control modes in the B5000 series. === RISC-V === RISC-V has three main CPU modes: User Mode (U), Supervisor Mode (S), and Machine Mode (M). Virtualization is supported via an orthogonal CSR setting instead of a fourth mode.
Read more →
Dark data

Dark data is data which is acquired through various computer network operations but not used in any manner to derive insights or for decision making. The ability of an organisation to collect data can exceed the throughput at which it can analyse the data. In some cases the organisation may not even be aware that the data is being collected. IBM estimate that roughly 90 percent of data generated by sensors and analog-to-digital conversions never get used. In an industrial context, dark data can include information gathered by sensors and telematics. Organizations retain dark data for a multitude of reasons, and it is estimated that most companies are only analyzing 1% of their data. Often it is stored for regulatory compliance and record keeping. Some organizations believe that dark data could be useful to them in the future, once they have acquired better analytic and business intelligence technology to process the information. Because storage is inexpensive, storing data is easy. However, storing and securing the data usually entails greater expenses (or even risk) than the potential return profit. In academic discourse, the term dark data was essentially coined by Bryan P. Heidorn. He uses it to describe research data, especially from the long tail of science (the many, small research projects), which are not or no longer available for research because they disappear in a drawer without adequate data management. Without this, the data become dark, and further reasons for this are e.g. missing metadata annotation, missing data management plans and data curators. == Analysis == The term "dark data" very often refers to data that is not amenable to computer processing. For example, a company might have a great deal of data that exists only as scanned page-images. Even the bare text in such documents is not available without something like Optical character recognition, which can vary greatly in accuracy. Even with OCR, the significance of each part of the data is unavailable. An obvious examples is whether a capitalized word is a name or not, and if so, whether it represents a person, place, organization, or even a work of art. Bibliographic and other references, data within tables (that may be labeled quite adequately for humans, but not for processing), and countless assertions represented with the full complexity and ambiguity of human language. A lot of unused data is very valuable, and would be used if it could be; but is blocked because it is in formats that are difficult to process, categorise, identify, and analyse. Often the reason that business does not use their dark data is because of the amount of resources it would take and the difficulty of having that data analysed. In other words, the data is "dark" not because it is not used, but because it cannot (feasibly or affordably) be used, given its poor representation. There are many data representations that can make data much more accessible for automation. However, a great deal of information lacks any such identification of information items or relationships; and much more loses it during "downhill" conversion such as saving to page-oriented representations, printing, scanning, or faxing. The journey back "uphill" can be costly. According to Computer Weekly, 60% of organisations believe that their own business intelligence reporting capability is "inadequate" and 65% say that they have "somewhat disorganised content management approaches". == Relevance == Useful data may become dark data after it becomes irrelevant, as it is not processed fast enough. This is called "perishable insights" in "live flowing data". For example, if the geolocation of a customer is known to a business, the business can make offer based on the location, however if this data is not processed immediately, it may be irrelevant in the future. According to IBM, about 60 percent of data loses its value immediately. == Storage == According to the New York Times, 90% of energy used by data centres is wasted. If data was not stored, energy costs could be saved. Furthermore, there are costs associated with the underutilisation of information and thus missed opportunities. According to Datamation, "the storage environments of EMEA organizations consist of 54 percent dark data, 32 percent redundant, obsolete and trivial data and 14 percent business-critical data. By 2020, this can add up to $891 billion in storage and management costs that can otherwise be avoided." The continuous storage of dark data can put an organisation at risk, especially if this data is sensitive. In the case of a breach, this can result in serious repercussions. These can be financial, legal and can seriously hurt an organisation's reputation. For example, a breach of private records of customers could result in the stealing of sensitive information, which could result in identity theft. Another example could be the breach of the company's own sensitive information, for example relating to research and development. These risks can be mitigated by assessing and auditing whether this data is useful to the organisation, employing strong encryption and security and finally, if it is determined to be discarded, then it should be discarded in a way that it becomes unretrievable. == Future == It is generally considered that as more advanced computing systems for analysis of data are built, the higher the value of dark data will be. It has been noted that "data and analytics will be the foundation of the modern industrial revolution". Of course, this includes data that is currently considered "dark data" since there are not enough resources to process it. All this data that is being collected can be used in the future to bring maximum productivity and an ability for organisations to meet consumers' demand. Technology advancements are helping to leverage this dark data affordably. Furthermore, many organisations do not realise the value of dark data right now, for example in healthcare and education organisations deal with large amounts of data that could create a significant "potential to service students and patients in the manner in which the consumer and financial services pursue their target population".
Read more →
Public computer

A public computer (or public access computer) is any of various computers available in public areas. Some places where public computers may be available are libraries, schools, or dedicated facilities run by government. Public computers share similar hardware and software components to personal computers, however, the role and function of a public access computer is entirely different. A public access computer is used by many different untrusted individuals throughout the course of the day. The computer must be locked down and secure against both intentional and unintentional abuse. Users typically do not have authority to install software or change settings. A personal computer, in contrast, is typically used by a single responsible user, who can customize the machine's behavior to their preferences. Public access computers are often provided with tools such as a PC reservation system to regulate access. The world's first public access computer center was the Marin Computer Center in California, co-founded by David and Annie Fox in 1977. == Kiosks == A kiosk is a special type of public computer using software and hardware modifications to provide services only about the place the kiosk is in. For example, a movie ticket kiosk can be found at a movie theater. These kiosks are usually in a secure browser with zero access to the desktop. Many of these kiosks may run Linux, however, ATMs, a kiosk designed for depositing money, often run Windows XP. == Public computers in the United States == === Library computers === In the United States and Canada, almost all public libraries have computers available for the use of patrons, though some libraries will impose a time limit on users to ensure others will get a turn and keep the library less busy. Users are often allowed to print documents that they have created using these computers, though sometimes for a small fee. ==== Privacy ==== Privacy is an important part of the public library institution, since the libraries entitle the public to intellectual freedom. Use of any computer or network may create records of users' activities that can jeopardize their privacy. It is possible for a patron to jeopardize their privacy if they do not delete cache, clear cookies, or documents from the public computer. In order for a member of the public to remain private on a computer, the American Library Association (ALA) has guidelines. These give patrons an idea of the right way to keep using public library computers. In their provision of services to library users, librarians have an ethical responsibility, expressed in the ALA Code of Ethics, to preserve users' right to privacy. A librarian is also responsible for giving users an understanding of private patron use and access. Libraries must ensure that users have the following rights when browsing on public computers: the computer automatically will clear a users history; libraries should display privacy screens so users do not see another patron's screen; updating software for effective safety measures; restoration data software to clear documents that users may have left on their computers and to combat possible malware; security practices; and making users aware of any possible monitoring of their browsing activities. Users can also view the Library Privacy Checklist for Public Access Computers and Networks to better understand what libraries strive for when protecting privacy. === School computers === The U.S. government has given money to many school boards to purchase computers for educational applications. Schools may have multiple computer labs, which contain these computers for students to use. There is usually Internet access on these machines, but some schools will put up a blocking service to limit the websites that students are able to access to only include educational resources, such as Google. In addition to controlling the content students are viewing, putting up these blocks can also help to keep the computers safe by preventing students from downloading malware and other threats. However, the effectiveness of such content filtering systems is questionable since it can easily be circumvented by using proxy websites, Virtual Private Networks, and for some weak security systems, merely knowing the IP address of the intended website is enough to bypass the filter. School computers often have advanced operating system security to prevent tech-savvy students from inflicting damage (i.e. the Windows Registry Editor and Task Manager, etc.) are disabled on Microsoft Windows machines. Schools with very advanced tech services may also install a locked down BIOS/firmware or make kernel-level changes to the operating system, precluding the possibility of unauthorized activity.
Read more →
Avid DS

Avid DS (which was called Avid DS Nitris until early 2008) is a high-end offline and finishing system comprising a non-linear editing system and visual effects software. It was developed by Softimage (this company was owned by Microsoft at the time of DS v1.0's launch before being acquired from Microsoft by Avid Technology, Inc. shortly thereafter) in Montreal. DS was discontinued on September 30, 2013 with support ending on the same date the following year. == Software == DS was called ‘Digital Studio’ in development. It was envisioned to be a complete platform for video/audio work. The first previews of the system were on the SGI platform, but this version was never released. The system was rewritten on Windows NT with different video hardware platforms (Matrox DigiSuite or Play Trinity running on a NetPower system) before the final system was released on Intergraph/StudioZ hardware in January 1998. After its acquisition by Avid, DS was always positioned as a high end video finishing tool. However, many users found it to be uniquely soup-to-nuts in its capabilities. From version 1.0 of the product, it competed with products like Autodesk Smoke, Quantel and Avid Symphony. The toolset in DS offered video timeline editing, an object-oriented vector-based paint tool, 2D layer compositing, sample based audio and starting with version 3.01 of the product, a 3D environment. Originally, a subset of the Softimage|XSI 3D software was planned to become part of the DS toolset, both were built on the same software foundation, but over time the code bases divided between the applications and the integration never happened. While the first version of the DS still lacked a few key features (no 3D, poor keying, no real-time effects), it had some significant features compared to the competing products at the time. It offered a large number of built in effects. Avid OMF import was available, positioning Softimage DS as a strong finishing tool for then typical off-line Avid systems. Lastly the integration of the toolset of Softimage DS was beyond what other product offered. A Softimage DS user could quickly go from editing, to paint, to compositing with a few mouse clicks all inside the same interface. Some of the lacking features were quickly resolved, within months of version 1.0 a new chroma keyer was released. Early versions of the software (up thru 4.0) added additional key features. Development continued with one of the first uncompressed HD editing systems (version 4.01) and an attempt to make the system more friendly to Media Composer editors in version 6. In later versions (v7.5 on beyond) DS was criticized for slow development of compositing tools, mainly lack of a new 3D environment and better tracking tools. Many DS users felt that Avid had not been giving DS the attention that it deserved. On July 7, 2013, Avid sent out an email marking the end of life of the DS product. "To Our Avid DS customers, We are writing to inform you that Avid will be realigning our business strategy to focus on a core suite of products to best leverage our developmental and creative resources. As part of this transition, we will be ceasing future development of Avid DS with a final sale date of September 30th, 2013" == Hardware == Up until version 10.5, DS was sold as a turn-key system; the software was not available without purchasing CPU, I/O and storage hardware from Avid. Beginning with 10.5, customers were able to configure their own systems using widely available components, based on recommended system requirements. In turn-key systems, there were many hardware refreshes over time. StudioZ single stream: Intergraph TDZ-425 with 30 minutes of uncompressed SCSI storage. CPUs at the time were Pentium II/300 MHz. StudioZ dual stream: Intergraph TDZ-2000 GT1 with one hour of fibre channel storage. CPUs on first systems were Pentium II/400 MHz, but last shipping systems had Pentium III/1 GHz. DS was one of the first applications to show that real-time effects could be processed with just the CPUs of the system, not requiring special video cards with real-time effect hardware. Equinox: Developed by Avid, it was one of the first uncompressed HD video cards available. Systems were available on CPUs from Pentium III/1 GHz to Pentium 4/2.8 GHz. Storage was typically SCSI, but fibre channel was also supported. Nitris DNA: Developed by Avid, the Nitris hardware was probably the largest hardware update to the system since it was released. 10-bit HD and SD support was standard. Real-time down and cross convert. This was the only hardware for DS that had on-board effect processing. This allowed a system at the time to play back dual-stream uncompressed HD effects in real-time at 16-bit precision. This was also the first hardware from Avid to support the DNxHD codec. Starting with Pentium 4, Intel Core Xeons were supported. SCSI storage was primarily used. AJA Video Systems: First available as a 4:4:4 option to be used in conjunction with Nitris hardware. Final-generation DS systems used the AJA Video Systems Kona 3 (Xena 2K) card as the only I/O for the system. The last systems shipped with two Intel Core Xeon 6-core processors. SAS is the recommended storage for these systems. == History ==
Read more →
Internet Security Awareness Training

Internet Security Awareness Training (ISAT) is the training given to members of an organization regarding the protection of various information assets of that organization. ISAT is a subset of general security awareness training (SAT). Even small and medium enterprises are generally recommended to provide such training, but organizations that need to comply with government regulations (e.g., the Gramm–Leach–Bliley Act, the Payment Card Industry Data Security Standard, Health Insurance Portability and Accountability Act, Sarbanes–Oxley Act) normally require formal ISAT for annually for all employees. Often such training is provided in the form of online courses. ISAT, also referred to as Security Education, Training, and Awareness (SETA), organizations train and create awareness of information security management within their environment. It is beneficial to organizations when employees are well trained and feel empowered to take important actions to protect themselves and organizational data. The SETA program target must be based on user roles within organizations and for positions that expose the organizations to increased risk levels, specialized courses must be required. == Coverage == There are general topics to cover for the training, but it is necessary for each organization to have a coverage strategy based on its needs, as this will ensure the training is practical and captures critical topics relevant to the organization. As the threat landscape changes very frequently, organizations should continuously review their training programs to ensure relevance with current trends. Topics covered in ISAT include: Appropriate methods for protecting sensitive information on personal computer systems, including password policy Various computer security concerns, including spam, malware, phishing, social engineering, etc. Consequences of failure to properly protect information, including potential job loss, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal law penalties. Being Internet Security Aware means you understand that there are people actively trying to steal data that is stored within your organization's computers. (This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts and other high-value IT assets.) That is why it is important to protect the assets of the organization and stop that from happening. The general scope should include topics such as password security, Email phishing, Social engineering, Mobile device security, Sensitive data security, and Business communications. In contrast, those requiring specialized knowledge are usually required to take technical and in-depth training courses. Suppose an organization determines that it is best to use one of the available training tools on the market, it must ensure it sets objectives that the training can meet, including confirming the training will provide employees with the knowledge to understand risks and the behaviors needed in managing them, actions to take to prevent or detect security incidents, using language easily understandable by the trainees, and ensuring the pricing is reasonable. Organizations are recommended to base ISAT training content on employee roles and their culture; the policy should guide that training for all employees and gave the following as examples of sources of reference materials: National Institute of Standards and Technology (NIST) Special Publication 800-50, Building an Information Technology Security Awareness and Training Program International Standards Organization (ISO) 27002:2013, Information technology—Security techniques—Code of practice for information security controls International Standards Organization (ISO) 27001:2013, Information technology — Security techniques — Information security management systems COBIT 5 Appendix F.2, Detailed Guidance: Services, Infrastructure and Applications Enabler, Security Awareness The training must focus on current threats specific to an organization and the impacts if that materializes as a result of user actions. Including practical examples and ways of dealing with scenarios help users know the appropriate measures to take. It is a good practice to periodically train customers of specific organizations on threats they face from people with malicious intentions. Coverage strategy for SAT should be driven by an organization's policy. It can help truly determine the level of depth of the training and where it should be conducted at a global level or business unit level, or a combination of both. A policy also empowers a responsible party within the organization to run the training. == Importance == Studies show that well-structured security awareness training can significantly reduce the likelihood of cyber incidents caused by human error. According to the Ponemon Institute, organizations that implement regular security training experience up to 70% fewer successful phishing attacks. Additionally, a 2023 Verizon Data Breach Investigations Report found that 74% of breaches involve the human element, highlighting the need for continuous education. Employees are key in whether organizations are breached or not; there must be a policy on creating awareness and training them on emerging threats and actions to take in safeguarding sensitive information and reporting any observed unusual activity within the corporate environment. Research has shown that SAT has helped reduce cyber-attacks within organizations, especially when it comes to phishing, as trainees learned to identify these attack modes and give them the self-assurance to take action appropriately. There is an increase in phishing attacks, and it has become increasingly important for people to understand how to these attacks work, and the actions required to prevent these and SAT has shown a significant impact on the number of successful phishing attacks against organizations. == Compliance Requirements == Various regulations and laws mandate SAT for organizations in specific industries, including the Gramm–Leach–Bliley Act (GLBA) for the financial services, the Federal Information Security Modernization Act of 2014 for federal agencies, and the European Union's General Data Protection Regulation (GDPR). === Federal Information Security Modernization Act === Employees and contractors in federal agencies are required to receive Security Awareness Training annually, and the program needs to address job-related information security risks linked that provide them with the knowledge to lessen security risks. === Health Insurance Portability and Accountability Act === The Health Insurance Portability and Accountability Act has the Security Rule, and Privacy Rule requiring the creation of a security awareness training program and ensuring employees are trained accordingly. === Payment Card Industry Data Security Standard === The Payment Card Industry Security Standards Council, the governing council for stakeholders in the payment industry, formed by American Express, Discover, JCB International, MasterCard, and Visa that developed the DSS as a requirement for the payment industry. Requirement 12.6 requires member organizations to institute a formal security awareness program. There is a published guide for organizations to adhere to when setting up the program. === US States Training Regulations === Some States mandate Security Awareness Training whiles other do not but simply recommend voluntary training. Among states that require the training for its employees include: Colorado (The Colorado Information Security Act, Colorado Revised Statutes 24-37.5-401 et seq.) Connecticut (13 FAM 301.1-1 Cyber Security Awareness Training (PS800)) Florida (Florida Statutes Chapter 282) Georgia (Executive Order GA E.O.182 mandated training within 90 days of issue) Illinois (Cook County) Indiana (IN H 1240) Louisiana (Louisiana Division of Administration, Office of Technology Services p. 52: LA H 633) Maryland (20-07 IT Security Policy) Montana (Mandatory cyber training for executive branch state employees) Nebraska Nevada (agency-by-agency state employee requirement - State Security Standard 123 – IT Security) New Hampshire New Jersey ( NJ A 1654) North Carolina Ohio (IT-15 - Security Awareness and Training) Pennsylvania Texas Utah Vermont Virginia West Virginia (WV Code Section 5A-6-4a) == Training Techniques == Below are some common training techniques, even though some can be blended depending on the operating environment: Interactive video training – This technique allows users to be trained using two-way interactive audio and video instruction. Web-based training – This method allows employees or users to take the training independently and usually has a testing component to determine if learning has taken place. If not, users can be allowed to retake the course and test to ensure there is a complete understanding
Read more →
Datasource

A datasource or DataSource is a name given to the connection set up to a database from a server. The name is commonly used when creating a query to the database. The data source name (DSN) need not be the same as the filename for the database. For example, a database file named friends.mdb could be set up with a DSN of school. Then DSN school would be used to refer to the database when performing a query. == Sun's version of DataSource [1] == A factory for connections to the physical data source that this DataSource object represents. An alternative to the DriverManager facility, a DataSource object is the preferred means of getting a connection. An object that implements the DataSource interface will typically be registered with a naming service based on the Java Naming and Directory Interface (JNDI) API. The DataSource interface is implemented by a driver vendor. There are three types of implementations: Basic implementation — produces a standard Connection object Connection pooling implementation — produces a Connection object that will automatically participate in connection pooling. This implementation works with a middle-tier connection pooling manager. Distributed transaction implementation — produces a Connection object that may be used for distributed transactions and almost always participates in connection pooling. This implementation works with a middle-tier transaction manager and almost always with a connection pooling manager. A DataSource object has properties that can be modified when necessary. For example, if the data source is moved to a different server, the property for the server can be changed. The benefit is that because the data source's properties can be changed, any code accessing that data source does not need to be changed. A driver that is accessed via a DataSource object does not register itself with the DriverManager. Rather, a DataSource object is retrieved through a lookup operation and then used to create a Connection object. With a basic implementation, the connection obtained through a DataSource object is identical to a connection obtained through the DriverManager facility. == Sun's DataSource Overview [2] == A DataSource object is the representation of a data source in the Java programming language. In basic terms, a data source is a facility for storing data. It can be as sophisticated as a complex database for a large corporation or as simple as a file with rows and columns. A data source can reside on a remote server, or it can be on a local desktop machine. Applications access a data source using a connection, and a DataSource object can be thought of as a factory for connections to the particular data source that the DataSource instance represents. The DataSource interface provides two methods for establishing a connection with a data source. Using a DataSource object is the preferred alternative to using the DriverManager for establishing a connection to a data source. They are similar to the extent that the DriverManager class and DataSource interface both have methods for creating a connection, methods for getting and setting a timeout limit for making a connection, and methods for getting and setting a stream for logging. Their differences are more significant than their similarities, however. Unlike the DriverManager, a DataSource object has properties that identify and describe the data source it represents. Also, a DataSource object works with a Java Naming and Directory Interface (JNDI) naming service and can be created, deployed, and managed separately from the applications that use it. A driver vendor will provide a class that is a basic implementation of the DataSource interface as part of its Java Database Connectivity (JDBC) 2.0 or 3.0 driver product. What a system administrator does to register a DataSource object with a JNDI naming service and what an application does to get a connection to a data source using a DataSource object registered with a JNDI naming service are described later in this chapter. Being registered with a JNDI naming service gives a DataSource object two major advantages over the DriverManager. First, an application does not need to hardcode driver information, as it does with the DriverManager. A programmer can choose a logical name for the data source and register the logical name with a JNDI naming service. The application uses the logical name, and the JNDI naming service will supply the DataSource object associated with the logical name. The DataSource object can then be used to create a connection to the data source it represents. The second major advantage is that the DataSource facility allows developers to implement a DataSource class to take advantage of features like connection pooling and distributed transactions. Connection pooling can increase performance dramatically by reusing connections rather than creating a new physical connection each time a connection is requested. The ability to use distributed transactions enables an application to do the heavy duty database work of large enterprises. Although an application may use either the DriverManager or a DataSource object to get a connection, using a DataSource object offers significant advantages and is the recommended way to establish a connection. Since 1.4 Since Java EE 6 a JNDI-bound DataSource can alternatively be configured in a declarative way directly from within the application. This alternative is particularly useful for self-sufficient applications or for transparently using an embedded database. == Yahoo's version of DataSource [3] == A DataSource is an abstract representation of a live set of data that presents a common predictable API for other objects to interact with. The nature of your data, its quantity, its complexity, and the logic for returning query results all play a role in determining your type of DataSource. For small amounts of simple textual data, a JavaScript array is a good choice. If your data has a small footprint but requires a simple computational or transformational filter before being displayed, a JavaScript function may be the right approach. For very large datasets—for example, a robust relational database—or to access a third-party webservice you'll certainly need to leverage the power of a Script Node or XHR DataSource.
Read more →