AI Face Editor App

AI Face Editor App — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

Stencil buffer

A stencil buffer is an extra data buffer, in addition to the color buffer and Z-buffer, found on modern graphics hardware. The buffer is per pixel and works on integer values, usually with a depth of one byte per pixel. The Z-buffer and stencil buffer often share the same area in the RAM of the graphics hardware. In the simplest case, the stencil buffer is used to limit the area of rendering (stenciling). More advanced usage of the stencil buffer makes use of the strong connection between the Z-buffer and the stencil buffer in the rendering pipeline. For example, stencil values can be automatically increased/decreased for every pixel that fails or passes the depth test. The simple combination of depth test and stencil modifiers make a vast number of effects possible (such as stencil shadow volumes, Two-Sided Stencil, compositing, decaling, dissolves, fades, swipes, silhouettes, outline drawing, or highlighting of intersections between complex primitives) though they often require several rendering passes and, therefore, can put a heavy load on the graphics hardware. The most typical application is still to add shadows to 3D applications. It is also used for planar reflections. Other rendering techniques, such as portal rendering, use the stencil buffer in other ways; for example, it can be used to find the area of the screen obscured by a portal and re-render those pixels correctly. The stencil buffer and its modifiers can be accessed in computer graphics by using APIs like OpenGL, Direct3D, Vulkan or Metal. == Architecture == The stencil buffer typically shares the same memory space as the Z-buffer, and typically the ratio is 24 bits for Z-buffer + 8 bits for stencil buffer or, in the past, 15 bits for Z-buffer + 1 bit for stencil buffer. Another variant is 4 + 24, where 28 of the 32 bits are used and 4 ignored. Stencil and Z-buffers are part of the frame buffer, coupled to the color buffer. The first chip available to a wider market was 3Dlabs' Permedia II, which supported a one-bit stencil buffer. The bits allocated to the stencil buffer can be used to represent numerical values in the range [0, 2n-1], and also as a Boolean matrix (n is the number of allocated bits), each of which may be used to control the particular part of the scene. Any combination of these two ways of using the available memory is also possible. == Stencil test == Stencil test or stenciling is among the operations on the pixels/fragments (Per-pixel operations), located after the alpha test, and before the depth test. The stencil test ensures undesired pixels do not reach the depth test. This saves processing time for the scene. Similarly, the alpha test can prevent corresponding pixels to reach the stencil test. The test itself is carried out over the stencil buffer to some value in it, or altered or used it, and carried out through the so-called stencil function and stencil operations. The stencil function is a function by which the stencil value of a certain pixel is compared to a given reference value. If this comparison is logically true, the stencil test passes. Otherwise not. In doing so, the possible reaction caused by the result of comparing three different state-depth and stencil buffer: Stencil test is not passed Stencil test is passed but not the depth test Both tests are passed (or stencil test is passed, and the depth is not enabled) For each of these cases, different operations can be set over the examined pixel. In the OpenGL stencil functions, the reference value and mask, respectively, define the function glStencilFunc. In Direct3D each of these components is adjusted individually using methods SetRenderState devices currently in control. This method expects two parameters, the first of which is a condition that is set and the other its value. In the order that was used above, these conditions are called D3DRS_STENCILFUNC, D3DRS_STENCILREF, and D3DRS_STENCILMASK. Stencil operations in OpenGL adjust glStencilOp function that expects three values. In Direct3D, again, each state sets a specific method SetRenderState. The three states that can be assigned to surgery are called D3DRS_STENCILFAIL, D3DRENDERSTATE_STENCILZFAIL, and D3DRENDERSTATE_STENCILPASS. == Z-fighting == Due to the lack of precision in the Z-buffer, coplanar polygons that are short-range, or overlapping, can be portrayed as a single plane with a multitude of irregular cross-sections. These sections can vary depending on the camera position and other parameters and are rapidly changing. This is called Z-fighting. There exist multiple solutions to this issue: - Bring the far plane closer to restrict the scene's depth, thus increasing the accuracy of the Z-buffer, or reducing the distance at which objects are visible in the scene. - Increase the number of bits allocated to the Z-buffer, which is possible at the expense of memory for the stencil buffer. - Move polygons farther apart from one another, which restricts the possibilities for the artist to create an elaborate scene. All of these approaches to the problem can only reduce the likelihood that the polygons will experience Z-fighting, and do not guarantee a definitive solution in the general case. A solution that includes the stencil buffer is based on the knowledge of which polygon should be in front of the others. The silhouette of the front polygon is drawn into the stencil buffer. After that, the rest of the scene can be rendered only where the silhouette is negative, and so will not clash with the front polygon. == Shadow volume == Shadow volume is a technique used in 3D computer graphics to add shadows to a rendered scene. They were first proposed by Frank Crow in 1977 as the geometry describing the 3D shape of the region occluded from a light source. A shadow volume divides the virtual world in two: areas that are in shadow and areas that are not. The stencil buffer implementation of shadow volumes is generally considered among the most practical general-purpose real-time shadowing techniques for use on modern 3D graphics hardware. It has been popularised by the video game Doom 3, and a particular variation of the technique used in this game has become known as Carmack's Reverse. == Reflections == Reflection of a scene is drawn as the scene itself transformed and reflected relative to the "mirror" plane, which requires multiple render passes and using of stencil buffer to restrict areas where the current render pass works: Draw the scene excluding mirror areas – for each mirror lock the Z-buffer and color buffer Render visible part of the mirror Depth test is set up so that each pixel is passed to enter the maximum value and always passes for each mirror: Depth test is set so that it passes only if the distance of a pixel is less than the current (default behavior) The matrix transformation is changed to reflect the scene relative to the mirror plane Unlock the Z-buffer and color buffer Draw the scene, but only the part of it that lies between the mirror plane and the camera. In other words, a mirror plane is also a clipping plane Again locks color buffer, depth test is set so that it always passes, reset stencil for the next mirror. == Planar Shadows == While drawing a plane of shadows, there are two dominant problems: The first concerns the problem of deep struggle in case the flat geometry is not awarded on the part covered with the shadow of shadows and outside. See the section that relates to this. Another problem relates to the extent of the shadows outside the area where the plane there. Another problem, which may or may not appear, depending on the technique, the design of more polygons in one part of the shadow, resulting in darker and lighter parts of the same shade. All three problems can be solved geometrically, but because of the possibility that hardware acceleration is directly used, it is a far more elegant implementation using the stencil buffer: 1. Enable lights and the lights 2. Draw a scene without any polygon that should be projected shadows 3. Draw all polygons which should be projected shadows, but without lights. In doing so, the stencil buffer, the pixel of each polygon to be assigned to a specific value for the ground to which they belong. The distance between these values should be at least two, because for each plane to be used two values for two states: in the shadows and bright. 4. Disable any global illumination (to ensure that the next steps will affect only individual selected light) For each plane: For each light: 1. Edit a stencil buffer and only the pixels that carry a specific value for the selected level. Increase the value of all the pixels that are projected objects between the date of a given level and bright. 2. Allow only selected light for him to draw level at which part of her specific value was not changed. == Spatial shadows == Stencil buffer implementation of spatial drawing shadows is any shadow of a geometric body that its volume includes part of the scene that is
Read more →
Computer Law & Security Review

The Computer Law & Security Review is an international peer-reviewed journal published by Elsevier. It has been published six times a year since 1985 and is indexed in Scopus and SSCI. It is accessible to a wide range of professional legal and IT practitioners, businesses, academics, researchers, libraries and organisations in both the public and private sectors. The journal regularly covers: CLSR Briefing with special emphasis on UK/US developments European Union update National news from 10 European jurisdictions Pacific rim news column Refereed practitioner and academic papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection and freedom of information and many other topics. The Journal's Correspondent Panel includes more than 40 specialists in IT law and security. Each issue contains articles, case law analysis and current news on information and communications technology. Special Features High quality peer reviewed papers from internationally renowned practitioner and academic experts Latest developments reported in situ by more than 20 leading law firms from around the world Highly experienced and respected editor and correspondents panel Online access to all 23 volumes of CLSR with embedded web links to primary sources Contact details of all authors A pool of expertise that can collectively identify the key topics that need to be examined.
Read more →
Data commingling

Data commingling, in computer science, occurs when different items or kinds of data are stored in such a way that they become commonly accessible when they are supposed to remain separated. In cloud computing, this can occur where different customer data sits on the same server. Data that is commingled can present a security vulnerability. Data commingling can also occur due to high speed data transmission mixing. In this situation, data of one security level can inadvertently or purposely be mixed with data of a lower or higher security level on the same transmission portal. Portal vehicles can be wire, fiber optics, microwave or various radio frequency transmission portals. This commingling can cause breaches of security and become a source of legal issues to any entity, corporation or individual. Data commingling can also occur when personal computers and personal software programs are used for business, security, government, etc. uses. In the early formulation stages of entities, non-profit or profit corporations, LLC's, LLP's, etc., the creation and use of stand-alone computers and stand-alone networks, "absolutely unconnected" to involved individuals, is the easiest, and safest way to prevent Data Commingling.
Read more →
Immediate mode (computer graphics)

Immediate mode is an API design pattern in computer graphics libraries, in which the client calls directly cause rendering of graphics objects to the display, or in which the data to describe rendering primitives is inserted frame by frame directly from the client into a command list (in the case of immediate mode primitive rendering), without the use of extensive indirection – thus immediate – to retained resources. It does not preclude the use of double-buffering. Retained mode is an alternative approach. Historically, retained mode has been the dominant style in GUI libraries; however, both can coexist in the same library and are not necessarily exclusive in practice. == Overview == In immediate mode, the scene (complete object model of the rendering primitives) is retained in the memory space of the client, instead of the graphics library. This implies that in an immediate mode application, the lists of graphical objects to be rendered are kept by the client and are not saved by the graphics library API. The application must re-issue all drawing commands required to describe the entire scene each time a new frame is required, regardless of actual changes. This method provides on the one hand a maximum of control and flexibility to the application program, but on the other hand it also generates continuous work load on the CPU. Examples of immediate mode rendering systems include Direct2D, OpenGL and Quartz. There are some immediate mode GUIs that are particularly suitable when used in conjunction with immediate mode rendering systems. == Immediate mode primitive rendering == Primitive vertex attribute data may be inserted frame by frame into a command buffer by a rendering API. This involves significant bandwidth and processor time (especially if the graphics processing unit is on a separate bus), but may be advantageous for data generated dynamically by the CPU. It is less common since the advent of increasingly versatile shaders, with which a graphics processing unit may generate increasingly complex effects without the need for CPU intervention. == Immediate mode rendering with vertex buffers == Although drawing commands have to be re-issued for each new frame, modern systems using this method are generally able to avoid the unnecessary duplication of more memory-intensive display data by referring to that unchanging data (via indirection) (e.g. textures and vertex buffers) in the drawing commands. == Immediate mode GUI == Graphical user interfaces traditionally use retained mode-style API design, but immediate mode GUIs instead use an immediate mode-style API design, in which user code directly specifies the GUI elements to draw in the user input loop. For example, rather than having a CreateButton() function that a user would call once to instantiate a button, an immediate-mode GUI API may have a DoButton() function which should be called whenever the button should be on screen. The technique was developed by Casey Muratori in 2002. Prominent implementations include Omar Cornut's Dear ImGui in C++, Nic Barker's Clay in C and Micha Mettke's Nuklear in C.
Read more →
Biopython

Biopython is an open-source collection of non-commercial Python modules for computational biology and bioinformatics. It makes robust and well-tested code easily accessible to researchers. Python is an object-oriented programming language and is a suitable choice for automation of common tasks. The availability of reusable libraries saves development time and lets researchers focus on addressing scientific questions. Biopython is constantly updated and maintained by a large team of volunteers across the globe. Biopython contains parsers for diverse bioinformatic sequence, alignment, and structure formats. Sequence formats include FASTA, FASTQ, GenBank, and EMBL. Alignment formats include Clustal, BLAST, PHYLIP, and NEXUS. Structural formats include the PDB, which contains the 3D atomic coordinates of the macromolecules. It has provisions to access information from biological databases like NCBI, Expasy, PBD, and BioSQL. This can be used in scripts or incorporated into their software. Biopython contains a standard sequence class, sequence alignment, and motif analysis tools. It also has clustering algorithms, a module for structural biology, and a module for phylogenetics analysis. == History == The development of Biopython began in 1999, and it was first released in July 2000. First "semi-complete" and "semi-stable" release was done in March 2001 and December 2002 respectively. It was developed during a similar time frame and with analogous goals to other projects that added bioinformatics capabilities to their respective programming languages, including BioPerl, BioRuby and BioJava. Early developers on the project included Jeff Chang, Andrew Dalke and Brad Chapman, though over 100 people have made contributions to date. In 2007, a similar Python project, namely PyCogent, was established. The initial scope of Biopython involved accessing, indexing and processing biological sequence files. The retrieved data from common biological databases will then be parsed into a python data structure. While this is still a major focus, over the following years added modules have extended its functionality to cover additional areas of biology. The key challenge in the design of parsers for bioinformatics file formats is the frequency at which the data formats change. This is due to inadequate curation of the structure of the data, and changes in the database contents. This problem is overcome by the application of a standard event-oriented parser design (see Key features and examples). As of version 1.77, Biopython no longer supports Python 2. The current stable release of Biopython version 1.85 was released on 15 January 2025. It only supports Python 3 and the recent releases of Biopython require NumPy (and not Numeric). == Design == Wherever possible, Biopython follows the conventions used by the Python programming language to make it easier for users familiar with Python. For example, Seq and SeqRecord objects can be manipulated via slicing, in a manner similar to Python's strings and lists. It is also designed to be functionally similar to other Bio projects, such as BioPerl. It is organized into modular sub-packages, e.g., Bio.Seq, Bio.Align, Bio.PDB, Bio.Entrez each of them useful in a different bioinformatics domain. It used principles, like encapsulation and polymorphism, notably in classes Seq, SeqRecord, and Bio.PDB.Structure. It can also interoperate with other Python tools (Pandas, Matplotlib and SciPy). Biopython can read and write most common file formats for each of its functional areas, and its license is permissive and compatible with most other software licenses, which allows Biopython to be used in a variety of software projects. == Requirements == Biopython is currently supported and tested with the following Python implementations: Python 3 or PyPy3 NumPy == Key features and examples == === Input and output === Biopython can read and write to a number of common formats. When reading files, descriptive information in the file is used to populate the members of Biopython classes, such as SeqRecord. This allows records of one file format to be converted into others. Very large sequence files can exceed a computer's memory resources, so Biopython provides various options for accessing records in large files. They can be loaded entirely into memory in Python data structures, such as lists or dictionaries, providing fast access at the cost of memory usage. Alternatively, the files can be read from disk as needed, with slower performance but lower memory requirements. === Sequences === A core concept in Biopython is the biological sequence, and this is represented by the Seq class. A Biopython Seq object is similar to a Python string in many respects: it supports the Python slice notation, can be concatenated with other sequences and is immutable. This object includes both general string-like and biological sequence-specific methods. It is best to store information about the biological type (DNA, RNA, protein) separately from the sequence, rather than using an explicit alphabet argument. === Sequence annotation === The SeqRecord class describes sequences, along with information such as name, description and features in the form of SeqFeature objects. Each SeqFeature object specifies the type of the feature and its location. Feature types can be ‘gene’, ‘CDS’ (coding sequence), ‘repeat_region’, ‘mobile_element’ or others, and the position of features in the sequence can be exact or approximate. === Accessing online databases === Through the Bio.Entrez module, users of Biopython can download biological data from NCBI databases. Each of the functions provided by the Entrez search engine is available through functions in this module, including searching for and downloading records. === Phylogeny === The Bio.Phylo module provides tools for working with and visualising phylogenetic trees. A variety of file formats are supported for reading and writing, including Newick, NEXUS and phyloXML. Common tree manipulations and traversals are supported via the Tree and Clade objects. Examples include converting and collating tree files, extracting subsets from a tree, changing a tree's root, and analysing branch features such as length or score. Rooted trees can be drawn in ASCII or using matplotlib (see Figure 1), and the Graphviz library can be used to create unrooted layouts (see Figure 2). === Genome diagrams === The GenomeDiagram module provides methods of visualising sequences within Biopython. Sequences can be drawn in a linear or circular form (see Figure 3), and many output formats are supported, including PDF and PNG. Diagrams are created by making tracks and then adding sequence features to those tracks. By looping over a sequence's features and using their attributes to decide if and how they are added to the diagram's tracks, one can exercise much control over the appearance of the final diagram. Cross-links can be drawn between different tracks, allowing one to compare multiple sequences in a single diagram. === Macromolecular structure === The Bio.PDB module can load molecular structures from PDB and mmCIF files, and was added to Biopython in 2003. The Structure object is central to this module, and it organises macromolecular structure in a hierarchical fashion: Structure objects contain Model objects which contain Chain objects which contain Residue objects which contain Atom objects. Disordered residues and atoms get their own classes, DisorderedResidue and DisorderedAtom, that describe their uncertain positions. Using Bio.PDB, one can navigate through individual components of a macromolecular structure file, such as examining each atom in a protein. Common analyses can be carried out, such as measuring distances or angles, comparing residues and calculating residue depth. === Population genetics === The Bio.PopGen module adds support to Biopython for Genepop, a software package for statistical analysis of population genetics. This allows for analyses of Hardy–Weinberg equilibrium, linkage disequilibrium and other features of a population's allele frequencies. This module can also carry out population genetic simulations using coalescent theory with the fastsimcoal2 program. === Wrappers for command line tools === Biopython previously included command-line wrappers for tools such as BLAST, Clustal, EMBOSS, and SAMtools. This option allowed users to run external tool commands from within the code using specialized Biopython classes. However, Bio.Application modules and their wrappers have deprecated and will be removed in future Biopython releases. The main reason for this is the high maintenance burden of updating them with the evolving external tools. The recommended approach is to directly construct and execute command-line tool commands using Python’s built-in subprocess module. This method provides flexibility and removes the dependency on the Biopython wrappers. subprocess is a native Python module useful for running ext
Read more →
Client honeypot

Honeypots are security devices whose value lie in being probed and compromised. Traditional honeypots are servers (or devices that expose server services) that wait passively to be attacked. Client Honeypots are active security devices in search of malicious servers that attack clients. The client honeypot poses as a client and interacts with the server to examine whether an attack has occurred. Often the focus of client honeypots is on web browsers, but any client that interacts with servers can be part of a client honeypot (for example ftp, email, ssh, etc.). There are several terms that are used to describe client honeypots. Besides client honeypot, which is the generic classification, honeyclient is the other term that is generally used and accepted. However, there is a subtlety here, as "honeyclient" is actually a homograph that could also refer to the first known open source client honeypot implementation (see below), although this should be clear from the context. == Architecture == A client honeypot is composed of three components. The first component, a queuer, is responsible for creating a list of servers for the client to visit. This list can be created, for example, through crawling. The second component is the client itself, which is able to make a requests to servers identified by the queuer. After the interaction with the server has taken place, the third component, an analysis engine, is responsible for determining whether an attack has taken place on the client honeypot. In addition to these components, client honeypots are usually equipped with some sort of containment strategy to prevent successful attacks from spreading beyond the client honeypot. This is usually achieved through the use of firewalls and virtual machine sandboxes. Analogous to traditional server honeypots, client honeypots are mainly classified by their interaction level: high or low; which denotes the level of functional interaction the server can utilize on the client honeypot. In addition to this there are also newly hybrid approaches which denotes the usage of both high and low interaction detection techniques. == High interaction == High interaction client honeypots are fully functional systems comparable to real systems with real clients. As such, no functional limitations (besides the containment strategy) exist on high interaction client honeypots. Attacks on high interaction client honeypots are detected via inspection of the state of the system after a server has been interacted with. The detection of changes to the client honeypot may indicate the occurrence of an attack against that has exploited a vulnerability of the client. An example of such a change is the presence of a new or altered file. High interaction client honeypots are very effective at detecting unknown attacks on clients. However, the tradeoff for this accuracy is a performance hit from the amount of system state that has to be monitored to make an attack assessment. Also, this detection mechanism is prone to various forms of evasion by the exploit. For example, an attack could delay the exploit from immediately triggering (time bombs) or could trigger upon a particular set of conditions or actions (logic bombs). Since no immediate, detectable state change occurred, the client honeypot is likely to incorrectly classify the server as safe even though it did successfully perform its attack on the client. Finally, if the client honeypots are running in virtual machines, then an exploit may try to detect the presence of the virtual environment and cease from triggering or behave differently. === Capture-HPC === Capture [1] is a high interaction client honeypot developed by researchers at Victoria University of Wellington, NZ. Capture differs from existing client honeypots in various ways. First, it is designed to be fast. State changes are being detected using an event based model allowing to react to state changes as they occur. Second, Capture is designed to be scalable. A central Capture server is able to control numerous clients across a network. Third, Capture is supposed to be a framework that allows to utilize different clients. The initial version of Capture supports Internet Explorer, but the current version supports all major browsers (Internet Explorer, Firefox, Opera, Safari) as well as other HTTP aware client applications, such as office applications and media players. === HoneyClient === HoneyClient [2] is a web browser based (IE/FireFox) high interaction client honeypot designed by Kathy Wang in 2004 and subsequently developed at MITRE. It was the first open source client honeypot and is a mix of Perl, C++, and Ruby. HoneyClient is state-based and detects attacks on Windows clients by monitoring files, process events, and registry entries. It has integrated the Capture-HPC real-time integrity checker to perform this detection. HoneyClient also contains a crawler, so it can be seeded with a list of initial URLs from which to start and can then continue to traverse web sites in search of client-side malware. === HoneyMonkey (dead since 2010) === HoneyMonkey [3] is a web browser based (IE) high interaction client honeypot implemented by Microsoft in 2005. It is not available for download. HoneyMonkey is state based and detects attacks on clients by monitoring files, registry, and processes. A unique characteristic of HoneyMonkey is its layered approach to interacting with servers in order to identify zero-day exploits. HoneyMonkey initially crawls the web with a vulnerable configuration. Once an attack has been identified, the server is reexamined with a fully patched configuration. If the attack is still detected, one can conclude that the attack utilizes an exploit for which no patch has been publicly released yet and therefore is quite dangerous. === SHELIA (dead since 2009) === Shelia [4] is a high interaction client honeypot developed by Joan Robert Rocaspana at Vrije Universiteit Amsterdam. It integrates with an email reader and processes each email it receives (URLs & attachments). Depending on the type of URL or attachment received, it opens a different client application (e.g. browser, office application, etc.) It monitors whether executable instructions are executed in data area of memory (which would indicate a buffer overflow exploit has been triggered). With such an approach, SHELIA is not only able to detect exploits, but is able to actually ward off exploits from triggering. === UW Spycrawler === The Spycrawler [5] developed at the University of Washington is yet another browser based (Mozilla) high interaction client honeypot developed by Moshchuk et al. in 2005. This client honeypot is not available for download. The Spycrawler is state based and detects attacks on clients by monitoring files, processes, registry, and browser crashes. Spycrawlers detection mechanism is event based. Further, it increases the passage of time of the virtual machine the Spycrawler is operating in to overcome (or rather reduce the impact of) time bombs. === Web Exploit Finder === WEF [6] is an implementation of an automatic drive-by-download – detection in a virtualized environment, developed by Thomas Müller, Benjamin Mack and Mehmet Arziman, three students from the Hochschule der Medien (HdM), Stuttgart during the summer term in 2006. WEF can be used as an active HoneyNet with a complete virtualization architecture underneath for rollbacks of compromised virtualized machines. == Low interaction == Low interaction client honeypots differ from high interaction client honeypots in that they do not utilize an entire real system, but rather use lightweight or simulated clients to interact with the server. (in the browser world, they are similar to web crawlers). Responses from servers are examined directly to assess whether an attack has taken place. This could be done, for example, by examining the response for the presence of malicious strings. Low interaction client honeypots are easier to deploy and operate than high interaction client honeypots and also perform better. However, they are likely to have a lower detection rate since attacks have to be known to the client honeypot in order for it to detect them; new attacks are likely to go unnoticed. They also suffer from the problem of evasion by exploits, which may be exacerbated due to their simplicity, thus making it easier for an exploit to detect the presence of the client honeypot. === HoneyC === HoneyC [7] is a low interaction client honeypot developed at Victoria University of Wellington by Christian Seifert in 2006. HoneyC is a platform independent open source framework written in Ruby. It currently concentrates driving a web browser simulator to interact with servers. Malicious servers are detected by statically examining the web server's response for malicious strings through the usage of Snort signatures. === Monkey-Spider (dead since 2008) === Monkey-Spider [8] is a low-interaction client honeypot i
Read more →
CPU modes

CPU modes (also called processor modes, CPU states, CPU privilege levels and other names) are operating modes for the central processing unit of most computer architectures that place restrictions on the type and scope of operations that can be performed by instructions being executed by the CPU. For example, this design allows an operating system to run with more privileges than application software by running the operating systems and applications in different modes. Ideally, only highly trusted kernel code is allowed to execute in the unrestricted mode; everything else (including non-supervisory portions of the operating system) runs in a restricted mode and must use a system call (via interrupt) to request the kernel perform on its behalf any operation that could damage or compromise the system, making it impossible for untrusted programs to alter or damage other programs (or the computing system itself). Device drivers are designed to be part of the kernel due to the need for frequent I/O access. Multiple modes can be implemented, e.g. allowing a hypervisor to run multiple operating system supervisors beneath it, which is the basic design of many virtual machine systems available today. == Mode types == The unrestricted mode is often called kernel mode, but many other designations exist (master mode, supervisor mode, privileged mode, etc.). Restricted modes are usually referred to as user modes, but are also known by many other names (slave mode, problem state, etc.). Hypervisor Hypervisor mode is used to support virtualization, allowing the simultaneous operation of multiple operating systems. Kernel and user In kernel mode, the CPU may perform any operation allowed by its architecture; any instruction may be executed, any I/O operation initiated, any area of memory accessed, and so on. In the other CPU modes, certain restrictions on CPU operations are enforced by the hardware. Typically, certain instructions are not permitted (especially those—including I/O operations—that could alter the global state of the machine), some memory areas cannot be accessed, etc. User-mode capabilities of the CPU are typically a subset of those available in kernel mode, but in some cases, such as hardware emulation of non-native architectures, they may be significantly different from those available in standard kernel mode. Some CPU architectures support more modes than those, often with a hierarchy of privileges. These architectures are often said to have ring-based security, wherein the hierarchy of privileges resembles a set of concentric rings, with the kernel mode in the center. Multics hardware was the first significant implementation of ring security, but many other hardware platforms have been designed along similar lines, including the Intel 80286 protected mode, and the IA-64 as well, though it is referred to by a different name in these cases. Mode protection may extend to resources beyond the CPU hardware itself. Hardware registers track the current operating mode of the CPU, but additional virtual-memory registers, page-table entries, and other data may track mode identifiers for other resources. For example, a CPU may be operating in Ring 0 as indicated by a status word in the CPU itself, but every access to memory may additionally be validated against a separate ring number for the virtual-memory segment targeted by the access, and/or against a ring number for the physical page (if any) being targeted. This has been demonstrated with the PSP handheld system. Hardware that meets the Popek and Goldberg virtualization requirements makes writing software to efficiently support a virtual machine much simpler. Such a system can run software that "believes" it is running in supervisor mode, but is actually running in user mode. == Architectures == Several computer systems introduced in the 1960s, such as the IBM System/360, DEC PDP-6/PDP-10, the GE-600/Honeywell 6000 series, and the Burroughs B5000 series and B6500 series, support two CPU modes; a mode that grants full privileges to code running in that mode, and a mode that prevents direct access to input/output devices and some other hardware facilities to code running in that mode. The first mode is referred to by names such as supervisor state (System/360), executive mode (PDP-6/PDP-10), master mode (GE-600 series), control mode (B5000 series), and control state (B6500 series). The second mode is referred to by names such as problem state (System/360), user mode (PDP-6/PDP-10), slave mode (GE-600 series), and normal state (B6500 series); there are multiple non-control modes in the B5000 series. === RISC-V === RISC-V has three main CPU modes: User Mode (U), Supervisor Mode (S), and Machine Mode (M). Virtualization is supported via an orthogonal CSR setting instead of a fourth mode.
Read more →
SCADA Strangelove

SCADA Strangelove is an independent group of information security researchers founded in 2012, focused on security assessment of industrial control systems (ICS) and SCADA. == Activities == Main fields of research include: Discovery of 0-day vulnerabilities in cyber physical systems and coordinated vulnerability disclosure; Security assessment of ICS protocols and development suites; Identification of publicly Internet-connected ICS components and secure it with help of proper authorities; Development of security hardening guides for ICS software; Mapping cybersecurity on to functional safety; Awareness control and delivery of information regarding the actual security state of ICS systems. SCADA Strangelove's interests expand further than classic ICS components and covers various embedded systems, however, and encompass smart home components, solar panels, wind turbines, SmartGrid as well as other areas. == Projects == Group members have and continue to develop and publish numerous open source tools for scanning, fingerprinting, security evaluation and password bruteforcing for ICS devices. These devices work over industrial protocols such as modbus, Siemens S7, MMS, ISO EC 60870, ProfiNet. In 2014 Shodan used some of the published tools for building a map of ICS devices which is publicly available on the Internet. Open source security assessment frameworks, such as THC Hydra, Metasploit, and DigitalBond Redpoint have used Shodan-developed tools and techniques. The group has published security-hardening guidelines for industrial solutions based on Siemens SIMATIC WinCC and WinCC Flexible. The guidelines contain detailed security configuration walk-throughs, descriptions of internal security features and appropriate best practices. Among the group’s more noticeable projects is Choo Choo PWN (CCP) also named the Critical Infrastructure Attack (CIA). This is an interactive laboratory built upon ICS software and hardware used in real world. Every system is connected to a toy city infrastructure, which includes factories, railroads and other facilities. The laboratory has been demonstrated at various conferences including PHDays, Power of Community, and 30C3. Primarily the laboratory is used for the discovery of new vulnerabilities and for evaluation of security mechanisms, however it is also used for workshops and other educational activities. At Positive Hack Days IV, contestants found several 0-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric, and in specific ICS hardware RTU PET-7000 during the ICS vulnerability discovery challenge. The group supports Secure Open SmartGrid (SCADASOS) project to find and fix vulnerabilities in intellectual power grid components such as photovoltaic power station, wind turbine, power inverter. More than 80 000 industrial devices were discovered and isolated from the Internet in 2015. == Appearances == Group members are frequently seen presenting at conferences like CCC, SCADA Security Scientific Symposium, Positive Hack Days. Most notable talks are: === 29C3 === An overview of vulnerabilities discovered in the widely distributed Siemens SIMATIC WinCC software and tools that are implemented for searching ICS on the Internet. === PHDays === This talk consisted of an overview of vulnerabilities discovered in various systems produced by ABB, Emerson, Honeywell and Siemens and was presented at PHDays III and PHDays IV. === Confidence 2014 === Implications of security research aimed at realization of various industrial network protocols Profinet, Modbus, DNP3, IEC 61850-8-1 (MMS), IEC (International Electrotechnical Commission) 61870-5-101/104, FTE (Fault Tolerant Ethernet), Siemens S7. === PacSec 2014 === Presentations of security research showing the impact of radio and 3G/4G networks on the security of mobile devices as well as on industrial equipment. === 31C3 === Analysis of security architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. === 32C3 === Cybersecurity assessment of railway signaling systems such as Automatic Train Control (ATC), Computer-based interlocking (CBI) and European Train Control System (ETCS). === China Internet Security Conference 2016 === In "Greater China Cyber Threat Landscape" keynote by Sergey Gordeychik an overview of vulnerabilities, attacks and cyber-security incidents in Greater China region was presented. === Recon 2017 === In talk "Hopeless: Relay Protection for Substation Automation" by Kirill Nesterov and Alexander Tlyapov security analysis results of key Digital Substation component - Relay Protection Terminals was presented. Vulnerabilities, including remote code execution in Siemens SIPROTEC, General Electric Line Distance Relay, NARI and ABB protective relays was presented. == Philosophy == All names, catchwords and graphical elements refer to Stanley Kubrick’s film, Dr. Strangelove. In their talks, group members often refer to Cold War events such as the Caribbean Crisis, and draw parallels between nuclear arms race and the current escalation of cyberwar. Group members follow the approach of “responsible disclosure” and “ready to wait for years, while vendor is patching the vulnerability”. Public exploits for discovered vulnerabilities are not published. This is on account of the longevity of ICS and by implication the long process of patching ICS. However, conflicts still happen, notably in 2012 when the talk at DEF CON was called off due to a dispute of persistent weaknesses in Siemens industrial software.
Read more →
Luminoso

Luminoso is a Cambridge, MA-based text analytics and artificial intelligence company. It spun out of the MIT Media Lab and its crowd-sourced Open Mind Common Sense (OMCS) project. The company has raised $20.6 million in financing, and its clients include Sony, Autodesk, Scotts Miracle-Gro, and GlaxoSmithKline. == History == Luminoso was co-founded in 2010 by Dennis Clark, Jason Alonso, Robyn Speer, and Catherine Havasi, a research scientist at MIT in artificial intelligence and computational linguistics. The company builds on the knowledge base of MIT’s Open Mind Common Sense (OMCS) project, co-founded in 1999 by Havasi, who continues to serve as its director. The OCMS knowledge base has since been combined with knowledge from other crowdsourced resources to become ConceptNet. ConceptNet consists of approximately 28 million statements in 304 languages, with full support for 10 languages and moderate support for 77 languages. ConceptNet is a resource for making an AI that understands the meanings of the words people use. During the World Cup in June 2014, the company provided a widely reported real-time sentiment analysis of the U.S. vs. Germany match, analyzing 900,000 posts on Twitter, Facebook and Google+. == Applications == The company uses artificial intelligence, natural language processing, and machine learning to derive insights from unstructured data such as contact center interactions, chatbot and live chat transcripts, product reviews, open-ended survey responses, and email. Luminoso's software identifies and quantifies patterns and relationships in text-based data, including domain-specific or creative language. Rather than human-powered keyword searches of data, the software automates taxonomy creation around concepts, allowing related words and phrases to be dynamically generated and tracked. Commercial applications include analyzing, prioritizing, and routing contact center interactions; identifying consumer complaints before they begin to trend; and tracking sentiment during product launches. The software natively analyzes text in fourteen languages, as well as emoji. == Products == Luminoso's technology can be accessed via two products: Luminoso Daylight and Luminoso Compass. Luminoso Daylight enables a deep-dive analysis into batch or real-time data, whereas Luminoso Compass automates the categorization of real-time data. Both products offer a user interface as well as an API. Luminoso's products can be implemented through either a cloud-based or an on-premise solution. == Research == Luminoso continues to actively conduct research in natural language processing and word embeddings and regularly participates in evaluations such as SemEval. At SemEval 2017, Luminoso participated in Task 2, measuring the semantic similarity of word pairs within and across five languages. Its solution outperformed all competing systems in every language pair tested, with the exception of Persian. == Recognition == Luminoso has been listed as a "Cool Vendor in AI for Marketing" by Gartner, and has also been named a "Boston Artificial Intelligence Startup to Watch" by BostInno. In May 2017, Luminoso was recognized as having the Best Application for AI in the Enterprise by AI Business, and was also shortlisted as the Best AI Breakthrough and Best Innovation in NLP. == Competitors == Major competitors include Clarabridge and Lexalytics. == Investors == The company raised $1.5 million from angel investors led by Basis Technology in 2012. Its first institutional funding round of $6.5 was completed in July 2014, led by Acadia Woods with participation from Japan’s Digital Garage. The company followed that with a $10M series B funding round in December 2018, led by DVI Equity Partners, with participation from Liberty Global Ventures, DF Enterprises, Raptor Holdco, Acadia Woods Partners, and Accord Ventures, among others.
Read more →
Nagarik App

Nagarik App (translation: Citizen App) is a mobile application launched by the Government of Nepal to provide government-related services in a single online platform. The app was developed to facilitate an easier, systematic, and simplified delivery of government services to Nepali citizens digitally. The app was launched to play a pivotal role in revolutionizing the way citizens interact with the government. It offers government services through a single unified platform, minimizing the need for citizens to navigate multiple channels or physical offices for their diverse needs of government services. The services are added gradually according to the needs and services required. The government aims to reduce the physical queues and the need to be physically present to get services from the different government offices. One can get services online round-the-clock even during holidays. As of now, 25 services are included in the app, ranging from Police Clearance Report to Voters Card. The app contains and provides a vast range of government services. The app was launched on the occasion of the fourth National Information and Communication Technology Day, 2021 (2078 BS). The event marked a significant milestone in Nepal’s digital transformation journey. It aims to reduce all the bureaucratic hurdles that the citizens have been facing and make government services more efficient and convenient. In Oct 20, 2024, a E-Chalan was introduced for managing traffic violations in initially piloting in Kathmandu Valley. The Kathmandu Valley Traffic Police Office announced that physical licenses would no longer be confiscated for traffic rule violations. Instead, a "Digital Chit (E-Chalan)" system was implemented, allowing drivers to pay fines electronically. Integrated with the NagarikApp, the system enables police to access drivers' licenses, record violations, and update details directly in the app. == Features and Services == Inland Revenue Department (Nepal) PAN Registration Election Commission (Nepal) Voter Card Pre-Registration and Details Nepal Police Online Clearance Report Traffic Violations and Fine Payment Nepal Passport, Driving License, National Identity Card (NID), Citizenship, and Voter ID link details My Municipality (Includes contact info of the representatives, services such as ambulance, nearby police, and budget programs and plans) The Government Press ID card PF/PAN/SST/CIT statements can be viewed Nagarik Pahichan Dwar (Online bank accounts can be opened and KYC can be verified for selected banks using the QR) == Awards and honors == Each year, World Summit Award honors outstanding digital applications and solutions across various categories. The winners of the World Summit Award represent the pinnacle of innovation in their respective categories. Nagarik App was selected among 180 participants and won the World Summit Award of 2022 in Government and Citizen Engagement category. == Latest Statistics & Usage Trends (2082 BS / 2025 AD) == As of August 2025, over 1.5 million Nepali citizens have registered and actively use the Nagarik App, according to the National Information Technology Center (NITC). The majority of daily logins come from: Kathmandu Valley – 37% of total users Province 1 (Koshi) – 19% of total users Bagmati Province – 15% of total users On average, 45,000+ transactions (service requests, document verifications, and payments) are processed through the app each day. The most-used services include: PAN Card Registration – 28% of total requests Police Clearance Report – 22% Driving License Linking & E-Chalan Payment – 18% Vehicle Tax Payment – 14% Source: Internal report from NITC, July 2025 == Step-by-Step: How to Link Your Driving License with Nagarik App == Update the App – Install the latest version from Play Store or App Store. Login or Register – Ensure your SIM is registered in your own name. Go to “Transport Services” in the menu. Select “Driving License” – Enter your license number and date of birth. Verify via OTP – Sent to your registered mobile number. Confirmation – Your digital license will appear inside the app. This guide is continuously updated to reflect the latest rules from the Kathmandu Valley Traffic Police Office and changes in NITC’s backend system. For in-depth details, step-by-step tutorials, and the most recent Nagarik App updates, visit the full article on The Bipin Blog.
Read more →
Wavelet noise

Wavelet noise is an alternative to Perlin noise which reduces the problems of aliasing and detail loss that are encountered when Perlin noise is summed into a fractal. == Algorithm detail == The basic algorithm for 2-dimensional wavelet noise is as follows: Create an image, R {\displaystyle R} , filled with uniform white noise. Downsample R {\displaystyle R} to half-size to create R ↓ {\displaystyle R^{\downarrow }} , then upsample it back up to full size to create R ↓↑ {\displaystyle R^{\downarrow \uparrow }} . Subtract R ↓↑ {\displaystyle R^{\downarrow \uparrow }} from R {\displaystyle R} to create the end result, N {\displaystyle N} . This results in an image that contains all the information that cannot be represented at half-scale. From here, N {\displaystyle N} can be used similarly to Perlin noise to create fractal patterns.
Read more →
Supervisor Mode Access Prevention

Supervisor Mode Access Prevention (SMAP) is a feature of some CPU implementations such as the Intel Broadwell microarchitecture that allows supervisor mode programs to optionally set user-space memory mappings so that access to those mappings from supervisor mode will cause a trap. This makes it harder for malicious programs to "trick" the kernel into using instructions or data from a user-space program. == History == Supervisor Mode Access Prevention is designed to complement Supervisor Mode Execution Prevention (SMEP), which was introduced earlier. SMEP can be used to prevent supervisor mode from unintentionally executing user-space code. SMAP extends this protection to reads and writes. == Benefits == Without Supervisor Mode Access Prevention, supervisor code usually has full read and write access to user-space memory mappings (or has the ability to obtain full access). This has led to the development of several security exploits, including privilege escalation exploits, which operate by causing the kernel to access user-space memory when it did not intend to. Operating systems can block these exploits by using SMAP to force unintended user-space memory accesses to trigger page faults. Additionally, SMAP can expose flawed kernel code which does not follow the intended procedures for accessing user-space memory. However, the use of SMAP in an operating system may lead to a larger kernel size and slower user-space memory accesses from supervisor code, because SMAP must be temporarily disabled any time supervisor code intends to access user-space memory. == Technical details == Processors indicate support for Supervisor Mode Access Prevention through the Extended Features CPUID leaf. SMAP is enabled when memory paging is active and the SMAP bit in the CR4 control register is set. SMAP can be temporarily disabled for explicit memory accesses by setting the EFLAGS.AC (Alignment Check) flag. The stac (Set AC Flag) and clac (Clear AC Flag) instructions can be used to easily set or clear the flag. When the SMAP bit in CR4 is set, explicit memory reads and writes to user-mode pages performed by code running with a privilege level less than 3 will always result in a page fault if the EFLAGS.AC flag is not set. Implicit reads and writes (such as those made to descriptor tables) to user-mode pages will always trigger a page fault if SMAP is enabled, regardless of the value of EFLAGS.AC. == Operating system support == Linux kernel support for Supervisor Mode Access Prevention was implemented by H. Peter Anvin. It was merged into the mainline Linux 3.7 kernel (released December 2012) and it is enabled by default for processors which support the feature. FreeBSD has supported Supervisor Mode Execution Prevention since 2012 and Supervisor Mode Access Prevention since 2018. OpenBSD has supported Supervisor Mode Access Prevention and the related Supervisor Mode Execution Prevention since 2012, with OpenBSD 5.3 being the first release with support for the feature enabled. NetBSD support for Supervisor Mode Execution Prevention (SMEP) was implemented by Maxime Villard in December 2015. Support for Supervisor Mode Access Prevention (SMAP) was also implemented by Maxime Villard, in August 2017. NetBSD 8.0 was the first release with both features supported and enabled. Haiku support for Supervisor Mode Execution Prevention (SMEP) was implemented by Jérôme Duval in January 2018. macOS has support for SMAP at least since macOS 10.13 released 2017.
Read more →
World Database of Happiness

The World Database of Happiness is a web-based archive of research findings on subjective appreciation of life, based in the Erasmus Happiness Economics Research Organization of the Erasmus University Rotterdam in The Netherlands. The database contains both an overview of scientific publications on happiness and a digest of research findings. Happiness is defined as the degree to which an individual judges the quality of his or her life as a whole favorably. Two 'components' of happiness are distinguished: hedonic level of affect (the degree to which pleasant affect dominates) and contentment (perceived realization of wants). == Aims == The World Database of Happiness is a tool to quickly acquire an overview on the ever-growing stream of research findings on happiness Medio 2023 the database covered some 16,000 scientific publications on happiness, from which were extracted 23,000 distributional findings (on how happy people are) and another 24,000 correlational findings (on factors associated with more and less happiness). The first findings date from 1915. == Technique == The World Database of Happiness is a ‘findings archive’, which consists of electronic ‘finding pages’ on which separate research results are described in a standard format and terminology. These finding pages can be selected on various characteristics, such as population studies, the measure of happiness used and observed co-variates. All finding-pages have a specific internet address to which links can be made in scientific review papers or policy recommendations. This allows a concise presentation of many findings in a table, while providing readers with access to detail. == Scientific use == The Database has been cited in 254 scientific papers, for example to access under what conditions economic growth enhances average happiness or to show that rising mean happiness at first raises happiness inequality, but further rise will diminish these differences, or that healthy eating is associated with more happiness, even after controlling for the effect on health Another finding is that relative simple happiness training techniques raise happiness by some 5% == Popular use == The World Database of Happiness is often used by popular media to make lists of the happiest countries around the globe. An example is the Happy Planet Index, which aims to chart sustainable happiness all over the world by combining data on longevity, happiness and the size of the ecological footprint of citizens. == Strengths and weaknesses == The database has a clear conceptual focus, it includes only research findings on subjective enjoyment of one's life as a whole. Thereby it evades the Babel that has haunted the study of happiness for ages. The other side of that coin is that much interesting research is left out. The findings are reported with technical details about measurement and statistical analysis. This detail is welcomed by scholars, but makes the information difficult to digest for lay-persons. Still another limitation is that the determinants of happiness appear to vary considerably across persons and situations, which make it hard to draw general conclusions about the causes of happiness. What is clear is that poor health, separation, unemployment and lack of social contact are all strongly negatively associated with happiness. Another problem for the World database of happiness is that the studies on happiness increase with such a high rate that it gets increasingly difficult to offer a complete overview of all research findings. A further concern is that the Database of Happiness is exclusively focused on hedonic happiness (feeling good) and not on mature happiness that might exist in the face of suffering
Read more →
Screenless video

Screenless video is any system for transmitting visual information from a video source without the use of a screen. Screenless computing systems can be divided into three groups: Visual Image, Retinal Direct, and Synaptic Interface. == Visual image == Visual Image screenless display includes any image that the eye can perceive. The most common example of Visual Image screenless display is a hologram. In these cases, light is reflected off some intermediate object (hologram, LCD panel, or cockpit window) before it reaches the retina. In the case of LCD panels the light is refracted from the back of the panel, but is nonetheless a reflected source. Google has proposed a similar system to replace the screens of tablet computers and smartphones. == Retinal display == Virtual retinal display systems are a class of screenless displays in which images are projected directly onto the retina. They are distinguished from visual image systems because light is not reflected from some intermediate object onto the retina, it is instead projected directly onto the retina. Retinal Direct systems, once marketed, hold out the promise of extreme privacy when computing work is done in public places because most snooping relies on viewing the same light as the person who is legitimately viewing the screen, and retinal direct systems send light only into the pupils of their intended viewer. == Synaptic interface == Synaptic Interface screenless video does not use light at all. Visual information completely bypasses the eye and is transmitted directly to the brain. While such systems have only been implemented in humans in rudimentary form - for example, displaying single Braille characters to blind people – success has been achieved in sampling usable video signals from the biological eyes of a living horseshoe crab through their optic nerves, and in sending video signals from electronic cameras into the creatures' brains using the same method.
Read more →
Intrapixel and Interpixel processing

Intrapixel and Interpixel processing is used in the processing of computers graphics, as well as sensors and images in equipment such as cameras. For computer graphics, CMOS sensor processing is done in pixel level. This process includes two general categories: intrapixel processing, where the processing is performed on the individual pixel signals, and interpixel processing, where the processing is performed locally or globally on signals from several pixels. The purpose of interpixel processing is to perform early vision processing, not merely to capture images. Intrapixel and Interpixel processing is an integral part of spatial processing within the earth Mixed Spatial Attraction Model. This also includes use within hyperspectral image processing.
Read more →