AI Code Tester

AI Code Tester — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

Comparison of vector graphics editors

A number of vector graphics editors exist for various platforms. Potential users of these editors will make comparisons based on factors such as the availability for the user's platform, the software license, the feature set, the merits of the user interface (UI) and the focus of the program. Some programs are more suitable for artistic work while others are better for technical drawings. Another important factor is the application's support of various vector and bitmap image formats for import and export. The tables in this article compare general and technical information for a number of vector graphics editors. See the article on each editor for further information. This article is neither all-inclusive nor necessarily up-to-date. == Some editors in detail == Adobe Fireworks (formerly Macromedia Fireworks) is a vector editor with bitmap editing capabilities with its main purpose being the creation of graphics for Web and screen. Fireworks supports RGB color scheme and has no CMYK support. This means it is mostly used for screen design. The native Fireworks file format is editable PNG (FWPNG or PNG). Adobe Fireworks has a competitive price, but its features can seem limited in comparison with other products. It is easier to learn than other products and can produce complex vector artwork. The Fireworks editable PNG file format is not supported by other Adobe products. Fireworks can manage the PSD and AI file formats which enables it to be integrated with other Adobe apps. Fireworks can also open FWPNG/PNG, PSD, AI, EPS, JPG, GIF, BMP, TIFF file formats, and save/export to FWPNG/PNG, PSD, AI (v.8), FXG (v.2.0), JPG, GIF, PDF, SWF and some others. Some support for exporting to SVG is available via a free Export extension. On May 6, 2013, Adobe announced that Fireworks would be phased out. Adobe Flash (formerly a Macromedia product) has straightforward vector editing tools that make it easier for designers and illustrators to use. The most important of these tools are vector lines and fills with bitmap-like selectable areas, simple modification of curves via the "selection" or the control points/handles through "direct selection" tools. Flash uses Actionscript for OOP, and has full XML functionality through E4X support. Adobe FreeHand (formerly Macromedia Freehand and Aldus Freehand) is mainly used by professional graphic designers. The functionality of FreeHand includes the flexibility of the application in the wide design environment, catering to the output needs of both traditional image reproduction methods and to contemporary print and digital media with its page-layout capabilities and text attribute controls. Specific functions of FreeHand include a superior image-tracing operation for vector editing, page layout features within multiple-page documents, and embedding custom print-settings (such as variable halftone-screen specifications within a single graphic, etc.) to each document independent of auxiliary printer-drivers. User-operation is considered to be more suited for designers with an artistic background compared to designers with a technical background. When being marketed, FreeHand lacked the promotional backing, development and PR support in comparison to other similar products. FreeHand was transferred to the classic print group after Macromedia was purchased by Adobe in 2005. On May 16, 2007, Adobe announced that no further updates to Freehand would be developed but continues to sell FreeHand MX as a Macromedia product. FreeHand continues to run on Mac OS X Snow Leopard (using an Adobe fix) and on Windows 7. For macOS, Affinity Designer is able to open version 10 & MX Freehand files. Adobe Illustrator is a commonly used editor because of Adobe's market dominance, but is more expensive than other similar products. It is primarily developed consistently in line with other Adobe products and is best integrated with Adobe's Creative Suite packages. The ai file format is proprietary, but some vector editors can open and save in that format. Illustrator imports over two dozen formats, including PSD, PDF and SVG, and exports AI, PDF, SVG, SVGZ, GIF, JPG, PNG, WBMP, and SWF. However, the user must be aware of unchecking the "Preserve Illustrator Editing Capabilities" option if generating interoperable SVG files is desired. Affinity Designer by Serif Europe (the successor to their previous product, DrawPlus) is non-subscription-based software that is often described as an alternative to Adobe Illustrator. The application can open Portable Document Format (PDF), Adobe Photoshop, and Adobe Illustrator files, as well as export to those formats and to the Scalable Vector Graphics (SVG) and Encapsulated PostScript (EPS) formats. It also supports import from some Adobe Freehand files (specifically versions 10 & MX). Apache OpenOffice Draw is the vector graphics editor of the Apache OpenOffice open source office suite. It supports many import and export file formats and is available for multiple desktop operating systems. Boxy SVG is a chromium-based vector graphics editor for creating illustrations, as well as logos, icons, and other elements of graphic design. It is primarily focused on editing drawings in the SVG file format. The program is available as both a web app and a desktop application for Windows, macOS, ChromeOS, and Linux-based operating systems. Collabora Online Draw is the vector graphics editor of the Collabora Online open source office suite. It supports many import and export file formats and is accessible via any modern web browser, it also supports desktop editing features, Collabora Office is available for desktop and mobile operating systems, it is the enterprise ready version of LibreOffice. ConceptDraw PRO is a business diagramming tool and vector graphics editor available for both Windows and macOS. It supports multi-page documents, and includes an integrated presentation mode. ConceptDraw PRO supports imports and exports several formats, including Microsoft Visio and Microsoft PowerPoint. Corel Designer (originally Micrografx Designer) is one of the earliest vector-based graphics editors for the Microsoft Windows platform. The product is mainly used for the creation of engineering drawings and is shipped with extensive libraries for the needs of engineers. It is also flexible enough for most vector graphics design applications. CorelDRAW is an editor used in the graphic design, sign making and fashion design industries. CorelDRAW is capable of limited interoperation by reading file formats from Adobe Illustrator. CorelDRAW has over 50 import and export filters, on-screen and dialog box editing and the ability to create multi-page documents. It can also generate TrueType and Type 1 fonts, although refined typographic control is better suited to a more specific application. Some other features of CorelDRAW include the creation and execution of VBA macros, viewing of colour separations in print preview mode and integrated professional imposing options. Dia is a free and open-source diagramming and vector graphics editor available for Windows, Linux and other Unix-based computer operating systems. Dia has a modular design and several shape packages for flowcharting, network diagrams and circuit diagrams. Its design was inspired by Microsoft Visio, although it uses a Single Document Interface similar to other GNOME software (such as GIMP). DrawPlus, first built for the Windows platform in 1993, has matured into a full featured vector graphics editor for home and professional users. Also available as a feature-limited free 'starter edition': DrawPlus SE. DrawPlus developers, Serif Europe, have now ceased its development in order to focus on its successor, Affinity Designer. Edraw Max is a cross-platform diagram software and vector graphics editor available for Windows, Mac and Linux. It supports kinds of diagram types. It supports imports and exports SVG, PDF, HTML, Multiple page TIFF, Microsoft Visio and Microsoft PowerPoint. Embroidermodder is a free machine embroidery software tool that supports a variety of formats and allows the user to add custom modifications to their embroidery designs. Fatpaint is a free, light-weight, browser-based graphic design application with built-in vector drawing tools. It can be accessed through any browser with Flash 9 installed. Its integration with Zazzle makes it particularly suitable for people who want to create graphics for custom printed products such as T-shirts, mugs, iPhone cases, flyers and other promotional products. Figma is a collaborative web-based online vector graphics editor, used primarily for UX design and prototyping. GIMP, which works mainly with raster images, offers a limited set of features to create and record SVG files. It can also load and handle SVG files created with other software like Inkscape. Inkscape is a free and open-source vector editor with the primary native format being SVG. Inkscape is available for Linux, Windows, Mac OS X, and
Read more →
List of online database creator apps

This list of online database creator apps lists notable web apps where end users with minimal database administration expertise can create online databases to share with team members. Users need not have the coding skills to manage the solution stack themselves, because the web app already provides this predefined functionality. Such online database creator apps serve the gap between IT professionals (who can manage such a stack themselves) and people who would not create databases at all anyway. In other words, they provide a low-code way of doing database administration. As the concept of low-code development in general continues to evolve, some of the brands that began as online database creator apps are evolving into low-code development platforms for both the databases and the custom apps that use them. Airtable Bubble Caspio Coda.io Microsoft Access web apps plus SharePoint Oracle Application Express aka APEX Quickbase WaveMaker Rapid ZohoCreator
Read more →
Valantic

Valantic GmbH (stylised as valantic) is an IT service and consulting company headquartered in Munich, Germany. == History == Valantic GmbH was founded in 2012 under the name Dabero Service Group. Until it was renamed Valantic GmbH in 2017, the company merged with IT service providers and consulting firms. These included, among others, Realtime AG, a company for SAP systems. The companies involved in these mergers were also renamed in 2017 and have since used the Valantic brand name. Realtime AG, for example, became Valantic ERP Services AG. During the COVID-19 pandemic and the resulting economic pressures, demand increased for IT service providers, particularly those offering customised software, IT consulting, SAP services, customer experience, cybersecurity, IoT, and digital work environments. In the following years, Valantic expanded by integrating additional companies. In 2021, Valantic expanded into other European countries through the integration of the Dutch company ISM eCompany and the Portuguese consulting firm Abaco. In 2022, the consulting firm C-Clear/Atom Ideas from Belgium joined Valantic. In February 2019, DPE Deutsche Private Equity Management III GmbH (DPE) took over the majority shareholding in Valantic. The founder, Holger von Daniels, and the further management retained a 25% stake. By 2025, DPE had invested €500 million in Valantic. In the following years, Valantic expanded its international locations. In 2023, Valantic incorporated the Danish company Inspari into the group, thereby entering the Scandinavian market. Inspari is a company for Microsoft technologies such as Azure and Power Platform. In the same year, Valantic joined forces with the Aiopsgroup, an international provider of online shopping applications for private and business customers of large companies. The company is based in Bulgaria with additional locations across Eastern Europe and other places. Additionally, the SAP applications division was expanded through the merger with the Spanish company Saptools. As a result, the companies became one of the largest European end-to-end consulting and implementation house for SAP services. By the end of 2023, Valantic had locations in 18 countries. In November 2024, Valantic announced its merger with the Danish digital consultancy Venzo. Through the integration of the company, founded in 2007 and oriented towards Microsoft technologies and digital transformation projects in the areas of automation, artificial intelligence, security, infrastructure and change management, Valantic further expanded its presence in Denmark and the Nordic countries. In July 2025, Valantic announced its merger with Utiligence GmbH, a Mannheim-based consulting firm for SAP technologies. Utiligence works primarily for the energy industry and supports companies in the integration of SAP S/4HANA and the digitalisation of business processes. == Company structure == Valantic is a partnership-based organisation, with partners acting as decision-makers in matters relating to corporate strategy, employee development and acquisitions. Valantic pursues a holacratic approach, promoting an open and self-organised way of working instead of hierarchical structures. By merging with other companies, Valantic is expanding its range of services and tapping into international markets and market shares. The new companies use Valantic's core systems and support processes, but usually retain their original structure. In the 2024 financial year, the company generated revenue of €544 million and employed 3,874 on average. Valantic has over 40 locations internationally. == Services == Valantic GmbH is a consulting firm, software provider and implementation partner. The company offers services in the areas of digital strategy and analytics (business intelligence and data science), customer experience management, SAP services, smart industries (Industry 4.0, supply chain management, and production planning and control processes), and financial services automation. The automation of financial services is aimed at financial service providers and banks. Valantic has been offering services in the field of generative artificial intelligence (GenAI) since 2023. Part of these services involves enabling companies to use GenAI securely and in compliance with regulations in order to make internal work processes more efficient. Its customers include large corporations, several medium-sized companies and DAX-listed companies. == Research == Since 2018, Valantic has published an annual study on the development of the SAP landscape in German-speaking countries. The study examines topics such as the migration to SAP S/4HANA, cloud strategies, technological trends and the use of artificial intelligence in business processes. The 2025 survey of 201 SAP professionals from the DACH region showed, for example, an increase in ongoing and completed S/4HANA migration projects, as well as a further shift towards private-cloud systems. The use of artificial intelligence continued to grow, as did the use of the SAP Business Technology Platform and the Business Data Cloud. In 2025, Valantic, together with the Handelsblatt Research Institute, published the trend study Digital 2030 – The Rise of Applied AI. The study was based on a survey of around 700 executives from companies in Germany, Austria, and Switzerland on the economic effects of current digitalisation trends. According to the study, most respondents consider artificial intelligence, cybersecurity, and cloud computing to hold the greatest strategic importance for business success by 2030. Around 70% of the participating companies stated that they are already achieving measurable business benefits through the use of AI applications, for example in quality control, document management, logistics, or customer service.
Read more →
Orleans (software framework)

Orleans is a cross-platform software framework for building scalable and robust distributed interactive applications based on the .NET Framework or on the more recent .NET. == Overview == Orleans was originally created by the eXtreme Computing Group at Microsoft Research and introduced the virtual actor model as a new approach to building distributed systems for the cloud. Orleans scales from a single on-premises server to highly-available and globally distributed applications in the cloud. The virtual actor model is based on the actor model but has several differences: A virtual actor always exists, it cannot be explicitly created or destroyed. Virtual actors are automatically instantiated. If a server hosting an actor crashes, the next message sent to the actor causes it to be reinstantiated automatically. The server that an actor is on is transparent to the application code. Orleans can automatically create multiple instances of the same stateless actor. Starting with cloud services for the Halo franchise, the framework has been used by a number of cloud services at Microsoft and other companies since 2011. The core Orleans technology was transferred to 343 Industries and is available as open source since January 2015. The source code is licensed under MIT License and hosted on GitHub. Orleans runs on Microsoft Windows, Linux, and macOS and is compatible with .NET Standard 2.0 and above. == Features == Some Orleans features include: Persistence Distributed ACID transactions Streams Timers & Reminders Fault tolerance == Related implementations == The Electronic Arts BioWare division created Project Orbit. It is a Java implementation of virtual actors that was heavily inspired by the Orleans project.
Read more →
Diagnostically acceptable irreversible compression

Diagnostically acceptable irreversible compression (DAIC) is the amount of lossy compression which can be used on a medical image to produce a result that does not prevent the reader from using the image to make a medical diagnosis. The term was first introduced at a workshop on irreversible compression convened by the European Society of Radiology (ESR) in Palma de Mallorca October 13, 2010, the results of which were reported in a subsequent position paper. == Determination == The "amount of compression" in irreversible compression used to be determined by the compression ratio, where the acceptable minimum is determined by the algorithm (typically JPEG or J2K) and the data type (body part and imaging method). Such a definition is easy to follow, and has been used by medical bodies in 2010 around the world. However, its downside is obvious: the compression ratio tells nothing about the real quality of the image, as different compressors can produce vastly different qualities under the same file size. For example, the JPEG format of 1992 can perform as well as many modern formats given newer techniques exploited in mozjpeg and ISO libjpeg, yet they would be lumped together with the legacy encoders in such a scheme. The image compression community has long used objective quality metrics like SSIM to measure the effects of compression. In the absence of good data regarding SSIM, the ESR review of 2010 concluded that it is still difficult to establish a criterion for whether a particular irreversible compression scheme applied with particular parameters to a particular individual image, or category of images, avoids the introduction of some quantifiable risk of a diagnostic error for any particular diagnostic task. A 2017 study showed that a SSIM variant called 4-G-r (4-component, gradient, structural component of SSIM) best reflects changes in images that affect the decision of radiologists out of 16 SSIM variants. A 2020 study shows that visual information fidelity (VIF), feature similarity index (FSIM), and noise quality metric (NQM) best reflect radiologist preferences out of ten metrics. It also mentions that the original version of SSIM works as poorly as a basic root-mean-square distance (RMSD) for this purpose, a result echoed by the 2017 study. The 4-G-r modification is not tested in the study.
Read more →
Static program analysis

In computer science, static program analysis (also known as static analysis or static simulation) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment. The term is usually applied to analysis performed by an automated tool, with human analysis typically being called "program understanding", program comprehension, or code review. In the last of these, software inspection and software walkthroughs are also used. In most cases the analysis is performed on some version of a program's source code, and, in other cases, on some form of its object code. Two leading approaches to resource certification have been Static Analysis (SA) and Implicit Computational Complexity (ICC). SA is algorithmic in nature: it focuses on a broad programming language of choice, and seeks to determine by syntactic means whether given programs in that language are feasible. In contrast, ICC attempts to create from the outset specialized programming languages or methods that delineate a complexity class. Thus, SA's focus is on compile time, making no demand on the programmer; whereas ICC is a language-design discipline." The discipline of static analysis should not be confused with linting, which is the process of checking for coding style mistakes. == Rationale == The sophistication of the analysis performed by tools varies from those that only consider the behaviour of individual statements and declarations, to those that include the complete source code of a program in their analysis. The uses of the information obtained from the analysis vary from highlighting possible coding errors (e.g., the lint tool) to formal methods that mathematically prove properties about a given program (e.g., its behaviour matches that of its specification). Software metrics and reverse engineering can be described as forms of static analysis. Deriving software metrics and static analysis are increasingly deployed together, especially in creation of embedded systems, by defining so-called software quality objectives. A growing commercial use of static analysis is in the verification of properties of software used in safety-critical computer systems and locating potentially vulnerable code. For example, the following industries have identified the use of static code analysis as a means of improving the quality of increasingly sophisticated and complex software: Medical software: The US Food and Drug Administration (FDA) has identified the use of static analysis for medical devices. Nuclear software: In the UK the Office for Nuclear Regulation (ONR) recommends the use of static analysis on reactor protection systems. Aviation software (in combination with dynamic analysis). Automotive & Machines (functional safety features form an integral part of each automotive product development phase, ISO 26262, section 8). A study in 2012 by VDC Research reported that 28.7% of the embedded software engineers surveyed use static analysis tools and 39.7% expect to use them within 2 years. A study from 2010 found that 60% of the interviewed developers in European research projects made at least use of their basic IDE built-in static analyzers. However, only about 10% employed an additional other (and perhaps more advanced) analysis tool. In the application security industry the name static application security testing (SAST) is also used. SAST is an important part of Security Development Lifecycles (SDLs) such as the SDL defined by Microsoft and a common practice in software companies. == Tool types == The OMG (Object Management Group) published a study regarding the types of software analysis required for software quality measurement and assessment. This document on "How to Deliver Resilient, Secure, Efficient, and Easily Changed IT Systems in Line with CISQ Recommendations" describes three levels of software analysis. Unit Level Analysis that takes place within a specific program or subroutine, without connecting to the context of that program. Technology Level Analysis that takes into account interactions between unit programs to get a more holistic and semantic view of the overall program in order to find issues and avoid obvious false positives. System Level Analysis that takes into account the interactions between unit programs, but without being limited to one specific technology or programming language. A further level of software analysis can be defined. Mission/Business Level Analysis that takes into account the business/mission layer terms, rules and processes that are implemented within the software system for its operation as part of enterprise or program/mission layer activities. These elements are implemented without being limited to one specific technology or programming language and in many cases are distributed across multiple languages, but are statically extracted and analyzed for system understanding for mission assurance. == Formal methods == Formal methods is the term applied to the analysis of software (and computer hardware) whose results are obtained purely through the use of rigorous mathematical methods. The mathematical techniques used include denotational semantics, axiomatic semantics, operational semantics, and abstract interpretation. By a straightforward reduction to the halting problem, it is possible to prove that (for any Turing complete language), finding all possible run-time errors in an arbitrary program (or more generally any kind of violation of a specification on the final result of a program) is undecidable: there is no mechanical method that can always answer truthfully whether an arbitrary program may or may not exhibit runtime errors. This result dates from the works of Church, Gödel and Turing in the 1930s (see: Halting problem and Rice's theorem). As with many undecidable questions, one can still attempt to give useful approximate solutions. Some of the implementation techniques of formal static analysis include: Abstract interpretation, to model the effect that every statement has on the state of an abstract machine (i.e., it 'executes' the software based on the mathematical properties of each statement and declaration). This abstract machine over-approximates the behaviours of the system: the abstract system is thus made simpler to analyze, at the expense of incompleteness (not every property true of the original system is true of the abstract system). If properly done, though, abstract interpretation is sound (every property true of the abstract system can be mapped to a true property of the original system). Data-flow analysis, a lattice-based technique for gathering information about the possible set of values; Hoare logic, a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. There is tool support for some programming languages (e.g., the SPARK programming language (a subset of Ada) and the Java Modeling Language—JML—using ESC/Java and ESC/Java2, Frama-C WP (weakest precondition) plugin for the C language extended with ACSL (ANSI/ISO C Specification Language) ). Model checking, considers systems that have finite state or may be reduced to finite state by abstraction; Symbolic execution, as used to derive mathematical expressions representing the value of mutated variables at particular points in the code. Nullable reference analysis == Data-driven static analysis == Data-driven static analysis leverages extensive codebases to infer coding rules and improve the accuracy of the analysis. For instance, one can use all Java open-source packages available on GitHub to learn good analysis strategies. The rule inference can use machine learning techniques. It is also possible to learn from a large amount of past fixes and warnings. == Remediation == Static analyzers produce warnings. For certain types of warnings, it is possible to design and implement automated remediation techniques. For example, Logozzo and Ball have proposed automated remediations for C# cccheck.
Read more →
CEITON

CEITON is a web-based software system for facilitating and automating business processes such as planning, scheduling, and payroll using workflow technologies. The system is used by several media companies such as MDR, Yle, RAI and Red Bull Media House. In December 2018, the first CEITON User Group Meeting took place in Leipzig, Germany. == Architecture == The software runs on a server (on premises) or in the cloud and is scalable on parallel servers. Data security is warranted by role-based access control (RBAC). The software is used via web-browsers and not dependent on particular system software. == Structure and Features == CEITON combines the two classical approaches of production planning and control and workflow management. === Project Management === The scheduling system plans, manages, bills, and analyzes projects or tasks. It manages human and technical resources, material, and locations on a single GUI. The system uses a gantt chart to assign tasks to be done to available and eligible resources (i.e. staff), automatically or by drag-and-drop. The scheduling module includes material management, resource management/ human resource management, integration of freelancers, clients and suppliers, long-term budget planning, time-tracking, shift scheduling, quality management, delivery and logistics, document management, archive, analysis and controlling, business reporting, as well as all accounting and documentation processes. === Workflow === The workflow management system module coordinates business processes. Processes are defined once as a workflow and then repeatedly executed. Human resources are automatically assigned to steps (tasks) and integrated in workflow forms. Systems are integrated with an EAI/SOAP module, allowing data exchange with arbitrary external systems which are also involved in the business process. It also features a 3-D workflow overview in which the status of each project step can be determined by its color in the overview. === Process Management === For project and order processing management, business processes are designed as workflows, and coordinate communication automatically. Different user interfaces for staff, customers or suppliers can be created so each gets only relevant information. Different workflow forms are associated with different log-ins. The main application for the system is knowledge-based business processes, in which many people are involved and virtual results are produced, e.g. in research, or development of media products, such as TV and movies. Broadcasters and media companies such as MDR and Yle use CEITON to control their production processes for products and services and coordinate complex workflows with all kinds of resources. === Integrations === An integrated EAI module allows CEITON to integrate every external system in any business process without programming, using SOAP and similar technologies. Aspera and FileCatalyst were integrated for faster data transfer, yet complex ERP systems and numerous SAP modules have also been integrated, for example, to extract working times to payroll. === Mobile Working === Since Version 7, released in 2015, CEITON includes a time-tracking module allowing employees to enter their times from mobile devices such as tablets running Android, iPhones etc. == History == Ceiton Technologies (SME tech firm), the company developing CEITON, was founded in Leipzig, Germany in 2000, staffing solutions for the Bureau of Internal Revenue in Manila, Philippines, were implemented in 2000 together with the Deutsche Gesellschaft für Technische Zusammenarbeit of the German government. The first version (1.0) of the software was released in July 2001. The product was originally developed for German broadcasting companies. CEITON is named after the Japanese concept Seiton, one of the principles of Japanese workplace design methodology known as 5S. Since version 7, released in 2015, CEITON includes a time-tracking module allowing employees to enter their times from mobile devices such as tablets running Android, iPhones etc. In May 2005 CEITON won the IQ innovation award, sponsored by Siemens, in the category Excellent innovation in the IT-sector. Since 2007, CEITON has been present at the broadcast trade fairs NAB in Las Vegas and IBC in Amsterdam. In 2020, the company celebrated its 20th anniversary.
Read more →
Software durability

In software engineering, software durability means the solution ability of serviceability of software and to meet user's needs for a relatively long time. Software durability is important for user's satisfaction. For a software security to be durable, it must allow an organization to adjust the software to business needs that are constantly evolving, often in impulsive ways. Durability of software depends on four characteristics mainly; i.e. software trustworthiness, Human Trust for Serviceability, software dependability and software usability.
Read more →
SCADA Strangelove

SCADA Strangelove is an independent group of information security researchers founded in 2012, focused on security assessment of industrial control systems (ICS) and SCADA. == Activities == Main fields of research include: Discovery of 0-day vulnerabilities in cyber physical systems and coordinated vulnerability disclosure; Security assessment of ICS protocols and development suites; Identification of publicly Internet-connected ICS components and secure it with help of proper authorities; Development of security hardening guides for ICS software; Mapping cybersecurity on to functional safety; Awareness control and delivery of information regarding the actual security state of ICS systems. SCADA Strangelove's interests expand further than classic ICS components and covers various embedded systems, however, and encompass smart home components, solar panels, wind turbines, SmartGrid as well as other areas. == Projects == Group members have and continue to develop and publish numerous open source tools for scanning, fingerprinting, security evaluation and password bruteforcing for ICS devices. These devices work over industrial protocols such as modbus, Siemens S7, MMS, ISO EC 60870, ProfiNet. In 2014 Shodan used some of the published tools for building a map of ICS devices which is publicly available on the Internet. Open source security assessment frameworks, such as THC Hydra, Metasploit, and DigitalBond Redpoint have used Shodan-developed tools and techniques. The group has published security-hardening guidelines for industrial solutions based on Siemens SIMATIC WinCC and WinCC Flexible. The guidelines contain detailed security configuration walk-throughs, descriptions of internal security features and appropriate best practices. Among the group’s more noticeable projects is Choo Choo PWN (CCP) also named the Critical Infrastructure Attack (CIA). This is an interactive laboratory built upon ICS software and hardware used in real world. Every system is connected to a toy city infrastructure, which includes factories, railroads and other facilities. The laboratory has been demonstrated at various conferences including PHDays, Power of Community, and 30C3. Primarily the laboratory is used for the discovery of new vulnerabilities and for evaluation of security mechanisms, however it is also used for workshops and other educational activities. At Positive Hack Days IV, contestants found several 0-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric, and in specific ICS hardware RTU PET-7000 during the ICS vulnerability discovery challenge. The group supports Secure Open SmartGrid (SCADASOS) project to find and fix vulnerabilities in intellectual power grid components such as photovoltaic power station, wind turbine, power inverter. More than 80 000 industrial devices were discovered and isolated from the Internet in 2015. == Appearances == Group members are frequently seen presenting at conferences like CCC, SCADA Security Scientific Symposium, Positive Hack Days. Most notable talks are: === 29C3 === An overview of vulnerabilities discovered in the widely distributed Siemens SIMATIC WinCC software and tools that are implemented for searching ICS on the Internet. === PHDays === This talk consisted of an overview of vulnerabilities discovered in various systems produced by ABB, Emerson, Honeywell and Siemens and was presented at PHDays III and PHDays IV. === Confidence 2014 === Implications of security research aimed at realization of various industrial network protocols Profinet, Modbus, DNP3, IEC 61850-8-1 (MMS), IEC (International Electrotechnical Commission) 61870-5-101/104, FTE (Fault Tolerant Ethernet), Siemens S7. === PacSec 2014 === Presentations of security research showing the impact of radio and 3G/4G networks on the security of mobile devices as well as on industrial equipment. === 31C3 === Analysis of security architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. === 32C3 === Cybersecurity assessment of railway signaling systems such as Automatic Train Control (ATC), Computer-based interlocking (CBI) and European Train Control System (ETCS). === China Internet Security Conference 2016 === In "Greater China Cyber Threat Landscape" keynote by Sergey Gordeychik an overview of vulnerabilities, attacks and cyber-security incidents in Greater China region was presented. === Recon 2017 === In talk "Hopeless: Relay Protection for Substation Automation" by Kirill Nesterov and Alexander Tlyapov security analysis results of key Digital Substation component - Relay Protection Terminals was presented. Vulnerabilities, including remote code execution in Siemens SIPROTEC, General Electric Line Distance Relay, NARI and ABB protective relays was presented. == Philosophy == All names, catchwords and graphical elements refer to Stanley Kubrick’s film, Dr. Strangelove. In their talks, group members often refer to Cold War events such as the Caribbean Crisis, and draw parallels between nuclear arms race and the current escalation of cyberwar. Group members follow the approach of “responsible disclosure” and “ready to wait for years, while vendor is patching the vulnerability”. Public exploits for discovered vulnerabilities are not published. This is on account of the longevity of ICS and by implication the long process of patching ICS. However, conflicts still happen, notably in 2012 when the talk at DEF CON was called off due to a dispute of persistent weaknesses in Siemens industrial software.
Read more →
Orleans (software framework)

Orleans is a cross-platform software framework for building scalable and robust distributed interactive applications based on the .NET Framework or on the more recent .NET. == Overview == Orleans was originally created by the eXtreme Computing Group at Microsoft Research and introduced the virtual actor model as a new approach to building distributed systems for the cloud. Orleans scales from a single on-premises server to highly-available and globally distributed applications in the cloud. The virtual actor model is based on the actor model but has several differences: A virtual actor always exists, it cannot be explicitly created or destroyed. Virtual actors are automatically instantiated. If a server hosting an actor crashes, the next message sent to the actor causes it to be reinstantiated automatically. The server that an actor is on is transparent to the application code. Orleans can automatically create multiple instances of the same stateless actor. Starting with cloud services for the Halo franchise, the framework has been used by a number of cloud services at Microsoft and other companies since 2011. The core Orleans technology was transferred to 343 Industries and is available as open source since January 2015. The source code is licensed under MIT License and hosted on GitHub. Orleans runs on Microsoft Windows, Linux, and macOS and is compatible with .NET Standard 2.0 and above. == Features == Some Orleans features include: Persistence Distributed ACID transactions Streams Timers & Reminders Fault tolerance == Related implementations == The Electronic Arts BioWare division created Project Orbit. It is a Java implementation of virtual actors that was heavily inspired by the Orleans project.
Read more →
Caspio

Caspio, Inc. is an American software company providing a low-code platform for building cloud-based business applications. Founded in 2000 by Frank Zamani, the company is headquartered in Sunnyvale, California, with operations in Poland, the Philippines, and Spain. Caspio’s platform allows organizations to create online database applications and workflow tools without extensive coding. == History == Caspio was founded by Frank Zamani in 2000. The company initially focused on simplifying custom cloud applications and reducing development time and cost as compared to traditional software development. Caspio released the first version of its platform, Caspio Bridge, in 2001. In 2014, Caspio released a HIPAA-Compliant Edition of its low-code application development platform. Caspio also released an EU General Data Protection Regulation (GDPR) Compliance Edition of its low-code application development platform in 2016. Caspio's second European Software Development Center opened in Kraków, Poland in 2017. In 2019, Forrester Research listed Caspio and three other platforms in its highest of four ranked tiers of twelve low-code platforms for business developers based on rankings of offerings and strategy at that time. Caspio also opened data centers in Montreal, Canada and India in 2020.
Read more →
Focus recovery based on the linear canonical transform

For digital image processing, the Focus recovery from a defocused image is an ill-posed problem since it loses the component of high frequency. Most of the methods for focus recovery are based on depth estimation theory. The Linear canonical transform (LCT) gives a scalable kernel to fit many well-known optical effects. Using LCTs to approximate an optical system for imaging and inverting this system, theoretically permits recovery of a defocused image. == Depth of field and perceptual focus == In photography, depth of field (DOF) means an effective focal length. It is usually used for stressing an object and deemphasizing the background (and/or the foreground). The important measure related to DOF is the lens aperture. Decreasing the diameter of aperture increases focus and lowers resolution and vice versa. == The Huygens–Fresnel principle and DOF == The Huygens–Fresnel principle describes diffraction of wave propagation between two fields. It belongs to Fourier optics rather than geometric optics. The disturbance of diffraction depends on two circumstance parameters, the size of aperture and the interfiled distance. Consider a source field and a destination field, field 1 and field 0, respectively. P1(x1,y1) is the position in the source field, P0(x0,y0) is the position in the destination field. The Huygens–Fresnel principle gives the diffraction formula for two fields U(x0,y0), U(x1,y1) as following: U ( x 0 , y 0 ) = 1 j λ ∫ ∫ U ( x 1 , y 1 ) e j k r 01 r 01 cos ⁡ θ d x 1 d y 1 {\displaystyle \mathbf {U} (x_{0},y_{0})={\frac {1}{j\lambda }}\int \!\int \mathbf {U} (x_{1},y_{1}){\frac {e^{jkr_{01}}}{r_{01}}}\cos \theta dx_{1}dy_{1}} where θ denotes the angle between r 01 {\displaystyle r_{01}} and z {\displaystyle z} . Replace cos θ by r 01 z {\displaystyle {\frac {r_{01}}{z}}} and r 01 {\displaystyle r_{01}} by [ ( x 0 − x 1 ) 2 + ( y 0 − y 1 ) 2 + z 2 ] 1 / 2 {\displaystyle [(x_{0}-x_{1})^{2}+(y_{0}-y_{1})^{2}+z^{2}]^{1/2}} we get U ( x 0 , y 0 ) = 1 j λ z ∫ ∫ U ( x 1 , y 1 ) exp ⁡ ( j k z [ 1 + ( x 0 − x 1 z ) 2 + ( y 0 − y 1 z ) 2 ] 1 / 2 ) 1 + ( x 0 − x 1 z ) 2 + ( y 0 − y 1 z ) 2 d x 1 d y 1 {\displaystyle \mathbf {U} (x_{0},y_{0})={\frac {1}{j\lambda z}}\int \!\int \mathbf {U} (x_{1},y_{1}){\frac {\exp(jkz[1+({\frac {x_{0}-x_{1}}{z}})^{2}+({\frac {y_{0}-y_{1}}{z}})^{2}]^{1/2})}{1+({\frac {x_{0}-x_{1}}{z}})^{2}+({\frac {y_{0}-y_{1}}{z}})^{2}}}dx_{1}dy_{1}} The further distance z or the smaller aperture (x1,y1) causes a greater diffraction. A larger DOF can lead to a more effective focused wave distribution. This seems to be a conflict. Here are the notations: Diffraction In a real imaging environment, the depths of objects comparing to the aperture are usually not enough to lead to serious diffraction. However, a long enough depth of the object can truly blurs the image. Effective Focus Small aperture, small blurring radius, few wave information. Loses details in comparing to a large aperture. In conclusion, diffraction explains a micro behavior whereas DOF shows a macro behavior. Both of them are related to aperture size. == Linear canonical transform == As the meaning of "canonical", the linear canonical transform (LCT) is a scalable transform that connects to many important kernels such as the Fresnel transform, Fraunhofer transform and the fractional Fourier transform. It can be easily controlled by its four parameters, a, b, c, d (3 degrees of freedom). The definition: L M ( f ( u ) ) = ∫ L M ( u , u ′ ) f ( u ′ ) d u ′ {\displaystyle L_{M}(f(u))=\int L_{M}(u,u')f(u')du'} where L M ( u , u ′ ) = { 1 b e − j π / 4 e [ j π ( d b u 2 ) − 2 1 b u u ′ + a b u ′ 2 ] , if b ≠ 0 d e j 2 c d u 2 δ ( u ′ − d u ) , if b = 0 {\displaystyle L_{M}(u,u')={\begin{cases}{\sqrt {\frac {1}{b}}}e^{-j\pi /4}e^{[j\pi ({\frac {d}{b}}u^{2})-2{\frac {1}{b}}uu'+{\frac {a}{b}}u'^{2}]},&{\mbox{if }}b\neq 0\\{\sqrt {d}}e^{{\frac {j}{2}}cdu^{2}}\delta (u'-du),&{\mbox{if }}b=0\end{cases}}} Consider a general imaging system with object distance z0, focal length of the thin lens f and an imaging distance z1. The effect of the propagation in freespace acts as nearly a chirp convolution, that is, the formula of diffraction. Besides, the effect of the propagation in thin lens acts as a chirp multiplication. The parameters are all simplified as paraxial approximations while meeting the freespace propagation. It does not consider aperture size. From the properties of the LCT, it is possible to obtain those 4 parameters for this optical system as: [ 1 − z 1 f λ z 0 − λ z 0 z 1 f + λ z 1 − 1 λ f 1 − z 0 f ] {\displaystyle {\begin{bmatrix}1-{\frac {z_{1}}{f}}\quad &\lambda z_{0}-{\frac {\lambda z_{0}z_{1}}{f}}+\lambda z_{1}\\-{\frac {1}{\lambda f}}\quad &1-{\frac {z_{0}}{f}}\end{bmatrix}}} Once the values of z1, z0 and f are known, the LCT can simulate any optical system.
Read more →
Software diversity

Software diversity is a research field about the comprehension and engineering of diversity in the context of software. == Areas == The different areas of software diversity are discussed in surveys on diversity for fault-tolerance or for security. The main areas are: design diversity, n-version programming, data diversity for fault tolerance randomization software variability == Techniques == === Code transformations === It is possible to amplify software diversity through automated transformation processes that create synthetic diversity. A "multicompiler" is compiler embedding a diversification engine. A multi-variant execution environment (MVEE) is responsible for selecting the variant to execute and compare the output. Fred Cohen was among the very early promoters of such an approach. He proposed a series of rewriting and code reordering transformations that aim at producing massive quantities of different versions of operating systems functions. These ideas have been developed over the years and have led to the construction of integrated obfuscation schemes to protect key functions in large software systems. Another approach to increase software diversity of protection consists in adding randomness in certain core processes, such as memory loading. Randomness implies that all versions of the same program run differently from each other, which in turn creates a diversity of program behaviors. This idea was initially proposed and experimented by Stephanie Forrest and her colleagues. Recent work on automatic software diversity explores different forms of program transformations that slightly vary the behavior of programs. The goal is to evolve one program into a population of diverse programs that all provide similar services to users, but with a different code. This diversity of code enhances the protection of users against one single attack that could crash all programs at the same time. Transformation operators include: code layout randomization: reorder functions in code globals layout randomization: reorder and pad globals stack variable randomization: reorder variables in each stack frame heap layout randomization === Natural software diversity === It is known that some functionalities are available in multiple interchangeable implementations. This natural diversity can be exploited, for example it has been shown valuable to increase security in cloud systems.
Read more →
SAP Cloud Infrastructure

SAP Cloud Infrastructure is an SAP-operated IaaS cloud platform, used to run SAP’s cloud business and customer-facing deployments for SAP and non-SAP workloads. It is developed and operated with open-source technologies within SAP’s data center network, based on OpenStack and Kubernetes and supporting SAP S/4HANA and general-purpose applications. It offers compute, storage, and platform services that are accessible to SAP customers. == History == In 2012, SAP promoted aspects of cloud computing. In October 2012, SAP announced a platform as a service called the SAP Cloud Platform. In May 2013, a managed private cloud called the S/4HANA Enterprise Cloud service was announced. SAP Converged Cloud was announced in January 2015. SAP Converged Cloud was originally developed as SAP's internal standardized Infrastructure as a Service (IaaS) offering to support SAP’s cloud solutions. Originating from SAP Converged Cloud, SAP Cloud Infrastructure was developed and announced as SAP’s cloud computing offering that is provided for both SAP and customer workloads. In 2025, it had a global footprint of 15 regions and 29 data centers, encompassing more than 200,000 active VMs and over 6,000 hypervisors. In September 2025, SAP announced an expansion of its European “SAP Sovereign Cloud” portfolio, explicitly naming SAP Cloud Infrastructure (alongside SAP Sovereign Cloud On-Site) as part of the stack positioned for public sector and regulated environments. == Services and Features == SAP Cloud Infrastructure (SCI) is an infrastructure-as-a-service (IaaS) offering by SAP that provides virtual compute, storage, and networking services, together with identity, key management, and operational services. SCI follows a self-service model and is managed via APIs and a web-based user interface. === Compute === SCI provides virtual machine instances that can be provisioned from operating system images and selected in predefined sizes (“flavors”). It supports lifecycle operations such as create/modify/resize/delete, power control, and snapshots; instances can be organized into server groups to influence placement policies. === Storage === SCI provides persistent storage services including: Block storage (virtual volumes) with attach/detach to instances, online expansion, cloning, snapshots, and provisioning volumes from images or snapshots. Object storage (containers and objects) managed via API/CLI with access control lists (ACLs) and configurable redundancy options. File storage (shared file systems) with access controls, online resize, snapshots/restore, and replication across availability zones. === Networking === SCI provides software-defined networking (SDN) for tenant networks (networks, subnets, routers) and connectivity features such as floating IPs for public reachability. Network security controls include security groups and firewall policies; connectivity options include BGP-based VPN networking. === Load balancing and DNS === SCI includes managed load balancing for distributing traffic across backend instances and an authoritative DNS service (DNSaaS) with API-based management of DNS zones and records, including options for zone sharing/transfer across projects/tenants and service integrations for automated record creation. === Identity, access, and key management === SCI includes identity and access management for authentication/authorization in projects/tenants (for example token handling, role assignment, and credential management) and key/secrets management for storing and controlling access to secret material such as keys and certificates, including support for different backends (depending on configuration). === Cloud-native services === SCI includes a container image registry (image push/pull, access policies, and lifecycle controls) and an auto-scaling capability for file shares based on configurable rules. === Observability and audit === SCI includes metrics and audit logging capabilities for operational monitoring and for listing/filtering audit-relevant events across services. === Availability and service levels === SCI documentation describes availability-related features such as load balancing, storage redundancy options, and replication for file shares across availability zones. SAP cloud services are governed by contractual service-level agreements (SLA); SAP Cloud Infrastructure references an SLA supplement defining infrastructure-specific terms when referenced in order forms. === SAP cloud services === SAP cloud services can run on different underlying infrastructures, including SAP Cloud Infrastructure in addition to SAP NS2 or hyperscalers. SAP cloud solutions available on SAP Cloud Infrastructure include SAP Cloud ERP, SAP HCM, SAP Solutions for Spend Management, Supply Chain Management, Business Transformation Management, and SAP Business Technology Platform (including related analytics and business data solutions). For example, SAP HANA Cloud documentation lists SAP Cloud Infrastructure as one of the supported infrastructures alongside hyperscalers. === Sustainability === SAP describes sustainability initiatives for its data centers, including energy-efficient infrastructure (for example, advanced cooling systems and power management), renewable electricity usage where feasible, and operational practices such as recycling electronic waste and minimizing water usage. SAP also references environmental management and energy management standards such as ISO 14001 and ISO 50001 for its data center operations. SAP-owned data centers run with 100% renewable electricity and that renewable electricity has been used since 2014 to power SAP facilities including owned data centers and co-locations. == SAP Cloud Infrastructure for SAP Sovereign Cloud == SAP Sovereign Cloud is a portfolio of SAP solutions designed to help organizations adopt SAP cloud solutions such as the SAP Cloud ERP while maintaining control over data, infrastructure, and compliance in line with local laws and regulations. The portfolio offers multiple deployment options, including SAP Cloud Infrastructure and SAP Sovereign Cloud On-Site, alongside sovereign hyperscaler-based options such as via SAP NS2, and targets customers such as public-sector bodies and other highly regulated organizations. In Europe, SAP Cloud Infrastructure is an Infrastructure-as-a-Service (IaaS) deployment option within SAP Sovereign Cloud for SAP and customer / third party workloads, operated on SAP’s data center network and developed using open-source technologies, with customer data stored within the European Union. Sovereignty-related characteristics for the SAP Cloud Infrastructure include: EU footprint and ownership model: SAP-operated data centers in Germany include sites in St. Leon-Rot and Walldorf, and co-location sites in Frankfurt. EU AI Cloud: EU AI Cloud is a sovereign AI offering for Europe that provides secure, compliant environments for building and running AI, including governed access to auditable large language models from SAP and partners. It offers AI models on the SAP Cloud Infrastructure and SAP Business Technology Platform (SAP BTP), enabling deployment of AI applications and models on high-performance European infrastructure (including accelerator/GPU-based compute for AI workloads). Availability zones and secure interconnect: Three availability zones in three independent data centers in Germany, connected via SAP-owned fiber on SAP-owned property. Facility and security standards: ISO/IEC 27001 governance of delivery and operations of SAP cloud services and SAP-owned data centers. Additional facility and availability standards: EN 50600 availability class 3 (European data centre standard) and/or ISO/IEC 22237 availability class 3 (international equivalent). Technology foundation: Based on open-source cloud infrastructure framework (OpenStack) and Kubernetes, without dependencies on hyperscaler technologies. Sovereignty controls: Data sovereignty (data residency), operational sovereignty (administration and maintenance restricted to approved, security-cleared personnel), technical sovereignty (locally hosted control planes with separation via encryption or dedicated infrastructure), and legal sovereignty (use of locally based legal entities or those in approved countries). Classified information processing: Roadmap to meet high and very high requirements for handling classified or sensitive information under European regulatory and security regimes. Public-sector readiness and EU sovereignty assurance levels: Implemented to meet SEAL-3 (Digital Resilience) and SEAL-4 (Full Digital Sovereignty) of the European Commission’s Cloud Sovereignty Framework. Staffing constraints: Operations model selectable to restrict sensitive operations to vetted personnel from EU or NATO countries.
Read more →
Fuse Services Framework

Fuse Services Framework is an open source SOAP and REST web services platform based on Apache CXF for use in enterprise IT organizations. It is productized and supported by the Fuse group at FuseSource Corp. Fuse Services Framework service-enables new and existing systems for use in enterprise SOA infrastructure. Fuse Services Framework is a pluggable, small-footprint engine that creates high performance, secure and robust services in minutes using front-end programming APIs like JAX-WS and JAX-RS. It supports multiple transports and bindings and is extensible so developers can add bindings for additional message formats so all systems can work together without having to communicate through a centralized server. Fuse Services Framework is now a part of Red Hat JBoss Fuse. Fabric8 is a free Apache 2.0 Licensed upstream community for the JBoss Fuse product from Red Hat.
Read more →