Aravind Krishna Joshi (August 5, 1929 – December 31, 2017) was the Henry Salvatori Professor of Computer and Cognitive Science in the computer science department of the University of Pennsylvania. Joshi defined the tree-adjoining grammar formalism which is often used in computational linguistics and natural language processing. Joshi studied at Pune University and the Indian Institute of Science, where he was awarded a BE in electrical engineering and a DIISc in communication engineering respectively. Joshi's graduate work was done in the electrical engineering department at the University of Pennsylvania, and he was awarded his PhD in 1960. He became a professor at Penn and was the co-founder and co-director of the Institute for Research in Cognitive Science. == Awards and recognitions == Guggenheim fellow, 1971–72 Fellow of the Institute of Electrical and Electronics Engineers (IEEE), 1976 Best Paper Award at the National Conference on Artificial Intelligence, 1987 Founding Fellow of the American Association for Artificial Intelligence (AAAI), 1990 IJCAI Award for Research Excellence, 1997 Fellow of the Association for Computing Machinery, 1998 Elected to the National Academy of Engineering, 1999 First to be awarded the Association for Computational Linguistics Lifetime Achievement Award at the 40th anniversary meeting of the ACL, 2002 Awarded the Rumelhart Prize, 2003 Benjamin Franklin Medal in Computer and Cognitive Science, 2005 Doctor honoris causa of mathematical and physical sciences, Charles University in Prague, October 30, 2013 S.-Y. Kuroda Prize of the SIG Mathematics of Language of the ACL, 2013 === Awarded history === On April 21, 2005, Joshi was awarded the Franklin Institute's Benjamin Franklin Medal in Computer and Cognitive Science. The Franklin Institute citation states that he was awarded the medal "for his fundamental contributions to our understanding of how language is represented in the mind, and for developing techniques that enable computers to process efficiently the wide range of human languages. These advances have led to new methods for computer translation."
Edits (app)
Edits is an American photo and short form video editing software service owned by Meta Platforms. It allows users to create videos and edit them by using features like green screens, and AI animation, and also provides real-time statistics to Instagram creators to track their accounts. Accounts directly from Instagram can be imported, and videos can be exported vice-versa. It is available solely on iOS and Android. On Apple, it supports over 32 different languages, including French, Spanish, and Chinese. It has been noted by critics as a direct competitor for apps like CapCut, owned by Chinese brand ByteDance. The Instagram head, Adam Mosseri, also acknowledged these similarities. Launched on April 22 for both iOS and Android. It received over 5M+ users on Apple and Android combined in its first 4 days since its launch. == History == On January 19, 2025, following the ban of all ByteDance Apps from the Google Play Store, and App Store, Instagram head Adam Mosseri announced on Threads that they would be launching the app in February for iOS, followed by an Android counterpart. He said the app is working with select people to test its features. In a separate post, he emphasized that the app is "more for creators than casual video makers". == Features == Edits contains many similar features to other competition of video editors like KineMaster, Inshot, and CapCut. When creating a video, users have the option to export in resolution of HD, 4K, and 2K, along with having HDR and SDR support. Like many traditional video editing software, it includes a timeline, and basic undo-redo buttons. On the bottom bar, 7 tabs for editing exist, namely the Split, Volume, Adjust, Speed, Delete, Filters, Green Screen, Voice FX, Extract Audio, Mirror, Slip, Replace and Duplicate bars. Basic features, like splitting, and adjusting speed and volume of clips are present, along with more advanced Green Screens, and AI features. Being a mobile video editor app, Edits also has drag-and-drop features to ease customer usage. Users have the ability to record videos directly within the app. This feature allows users to create content without needing extra software or devices. They can choose from several focal lengths, which affect how close or wide the shot appears. The app also supports different frame rates. Users have the ability to record videos directly within the app. This feature allows users to create content without needing extra software or devices. Once users are done filming your clips, they can simply transfer them into a project to start editing immediately. Upcoming features for the app include Keyframes, AI-powered modification, Collaboration, and Enhanced creativity. == Reception == Since its release, it received over 5 million downloads in 4 days. Critically, the app received great rankings from many. From users, the app received an average of 4.45 stars over Google Play Store and App Store in the first few days, with Google Play Store receiving the least stars. As in reviews, it was received mixed by the public. Many people praised the smoothness and intuivity of the app. "The app is more than just a basic editor, offering a full suite of creative tools, including a dedicated tab for inspiration and trending audio, as well as a tab for managing drafts," said a blogger. Some users were disappointed with the range of editing tools, some users have noted that it could benefit from more transition options between clips. Some even reported crashing between clips.
Cowrie (honeypot)
Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and shell interaction performed by an attacker. Cowrie also functions as an SSH and telnet proxy to observe attacker behavior to another system. Cowrie was developed from Kippo. == Reception == Cowrie has been referenced in published papers. The Book "Hands-On Ethical Hacking and Network Defense" includes Cowrie in a list of 5 commercial honeypots. === Prior uses === Discussing a honeypot effort called the Project Heisenberg Cloud by Rapid7, Bob Rudis, the company's chief data scientist, told eWEEK, "There are custom Rapid7-developed low- and medium-interaction honeypots used within the framework, along with open-source ones, such as Cowrie." Doug Rickert has experimented with the open-source Cowrie SSH honeypot and wrote about it on Medium. Putting up a simple honeypot isn't difficult, and there are many open-source products besides Cowrie, including the original Honeyd to MongoDB and NoSQL honeypots, to ones that emulate web servers. Some appear to be SCADA or other more advanced applications. === Best practices === Researchers at the SysAdmin, Audit, Network and Security (SANS) institute urged administrators and security researchers to run the latest version of Cowrie on a honeypot to monitor shifts in the type of passwords being scanned for and pattern of attacks on IoT devices. === Discussion and further resources === Attack Detection and Forensics Using Honeypot in an IoT Environment calls Cowrie a "medium interaction honeypot" and describes results from using it for 40 days to capture "all communicated sessions in log files." The book Advances on Data Science also devotes chapter two to "Cowrie Honeypot Dataset and Logging." ICCWS 2018 13th International Conference on Cyber Warfare and Security describes using Cowrie. On the Move to Meaningful Internet Systems: OTM 2019 Conferences includes details of using Cowrie. Splunk, a security tool that can receive information from honeypots, outlines how to set up a honeypot using the open-source Cowrie package.
Qapital
Qapital is a personal finance mobile application (app) for the iOS and Android operating systems, developed by Qapital, LLC. The app is designed to motivate users to save money through a gamification of their spending behavior. It moves money from a user's checking account to a separate Qapital account, when certain rules are triggered. Its database is used by psychology professor Dan Ariely to study consumer behavior. Qapital was released in Sweden in 2013, then in the US in early 2015. The application was later withdrawn from the Swedish market in April 2015, in order to focus on the US market. == History == The idea for Qapital was conceived by ex-bankers in Sweden. The software was designed by twin brothers Daniel and Andreas Källbom of Studio Källbom and released in Sweden in December 2013. The original software was a personal finance dashboard, similar to Mint.com, to show its users how they spent their money. Qapital introduced the app into the US market with a different design in 2014 and started focusing exclusively on the US market. The app was re-designed to focus on building savings rather than managing personal finances. The Swedish version shut down in April 2015. The app was initially restricted to the iOS platform, but an Android version was released at the end of 2015. Shortly after its US launch, Qapital invited psychology professor Dan Ariely to join its team as its "chief behavioral economist". He uses the app's database to conduct research into behavioral economics and Qapital in turn uses Ariely's research in design and programming decisions. In 2017, Qapital added checking and debit card services to the app. == Concept and features == Qapital is a free personal finance app for iOS and Android devices, intended to encourage its users to save money. Qapital directs each of its users to set savings goals, then automatically transfers money from their checking account to an account for savings, when a rule established in the app is met. It uses the "if this then that" (IFTTT) rule-based web-service. For example, one rule could be that if a user purchases a cup of coffee, then the app will round up the charge to the nearest dollar and deposit the difference into savings. Users connect their bank accounts to Qapital, so it knows when purchases are made. When a rule is met, money for savings are transferred to a Qapital account operated in partnership with Lincoln Savings Bank. As of 2015, Qapital can connect to more than 180 other apps, such as Facebook, Twitter, Dropbox and Instagram. For example, connecting to Jawbone allows the user to set a rule that if they take a certain number of steps during the day, a set amount of money is transferred to savings. The app also allows users to monitor activity among their other financial accounts, such as deposits and withdrawals. == Reception == In an October 2015 review, PC Magazine gave Qapital four out of five marks and an editor rating of "excellent." The review praised the app for having a "lovely design" and criticized it for being a, "bit simplistic in some of its rules." Bankrate, in a May 2015 review, gave the app a score of 3/5 for "ease of use," 5/5 for "features," 4/5 for "effectiveness," 4/5 for "value," for a total score of 16/20. The reviewer criticized Qapital's savings account for providing a low-interest rate, but concluded that its numerous features make the app "intriguing" and "it would be difficult to find a standard bank app more fun to use than Qapital."
Language-Theoretic Security
Language-theoretic security, or LangSec, is an approach to software security that focuses on input handling, complexity, and program design as strategies to improve the verifiability of computer programs. It was introduced in 2005 by Robert J. Hansen and Meredith L. Patterson at BlackHat and in 2011 by Len Sassaman and Patterson. It aims to create a formal description of which software is likely to have security vulnerabilities of particular classes, and why. It considers programs to have an inherent parser component, whether or not explicit, composed of that part of the program which operates on external input before that input is fully parsed. A central hypothesis of language-theoretic security is that vulnerabilities in software increase according to the computational power of the notional input-accepting automaton equivalent to this parser, using the definitions of automata theory. The lower bound on this computational power is the input language complexity of the program. The extent to which reducing this complexity is possible is a function of the specification of the communication protocol or file format the program takes as input. == Parsing as a security mechanism == The behaviour of a program is defined with reference to its expected input. Unexpected input being used by a program is a factor in numerous security bugs, including the so-called Android master key vulnerability (CVE-2013-4787), because accepting unexpected input renders the program's specification ambiguous. In that instance, the unexpected ambiguity came in the form of a ZIP file with duplicate filenames. If a program fully parses its input and only acts on input that unambiguously meets the specification, it follows that the program will avoid these types of vulnerabilities. This is an intentional inversion of the Postel principle. Accepting only unambiguous and valid input is a more formal requirement than input validation or sanitization, and narrows the number of possible but unanticipated program states that can be induced in an application via user input. Conversely, failure to do this is associated with security vulnerabilities. Input sanitization in particular is held to be an inadequate approach to avoiding malicious input because it inherently ignores context-sensitive properties of the input; it can therefore result in paradoxical effects, such as sanitization code activating otherwise inert cross-site scripting payloads in browsers. === Parser differentials === If the language of accepted program input is sufficiently simple, it is possible to verify that two implementations parse the same input language consistently. This is advantageous because it shows no parser differential exists between the two implementations. The requisite level of simplicity is theoretically that for which there is a solution to the equivalence problem. If the two parsers involved in CVE-2013-4787 were equivalent - that is, if they rendered the same output state given the same input state - the vulnerability could not have existed. One strategy for doing this is to publish machine-readable specifications of a format or protocol, and then use a parser generator to generate the parser code. An example of a parser generator built for this purpose is DaeDaLus. The combination of Lex with any of GNU Bison, ANTLR, or Yacc also accomplishes this. However, many parser generators allow the mixing of general purpose code with the parsing definitions, which weakens the guarantees provided by parsing. === Analysis of injection attacks === Injection attacks are generally the result of differences between the serializer (or "unparser") and the corresponding parser at a layer boundary in a system; therefore, they are a special case of parser differentials. In a SQL injection attack, for example, an attacker is able to cause the application with which they are interacting to serialize a SQL query that has different semantics than intended. In the simplest case where the payload ends a string and adds new code, the payload has crossed the code-data boundary in SQL. In language-theoretic security, this is treated as a bug in the serializer of the SQL query, which should instead be written in a way that constrains its possible outputs to those within the scope of the intended query. === Parser combinators === If a parser generator is not used, it is still possible to avoid implementation bugs by using parser combinator such as Nom to implement the parser code. This has the drawback of relying on a programmer correctly translating the specification into the language of the parser generator library, though this task is still less error-prone than hand-coding a parser. == Input format complexity == Complexity in computer programs is associated with security vulnerabilities. Within the domain of language-theoretic security, complexity is described with reference to the computational power of the abstract machine necessary to implement the program, or more particularly, to implement the parser for its input language. This complexity describes whether it is possible to show that there is no unintended or undesired functionality in the program which might be exploitable by an attacker. To be bounded in complexity, the program's input must be well-defined both in terms of form and of semantics. === Weird machines === A weird machine is a model of computation in a program that exists in parallel with, but is distinct from, the intended abstract model of computation in that program. Some classes of weird machine arise from the multi-layered nature of computer programs, or the context in which the programs run; others result from the unanticipated functionality a program has due to its complexity or to software bugs. The more complex the computation model of a program, the more likely it is to implement a weird machine. Depending on context, the weird machine may or may not be concretely useful for an attacker. Since the space of weird machines in the context of some program is the universe of all possible states that are not within the program's intended states, many exploited states including remote code execution and injection attacks belong to the domain of weird machines. A reduction in weird machines is therefore a likely correlate with reduced program vulnerability. === SafeDocs project === SafeDocs is a DARPA project undertaken in 2018 to take existing file formats, create safer subsets of them, and develop programming tools to work for the safer formats. The initial test case for this was PDF. The purpose of creating safer subsets in this case is to lower the minimum bound on parser complexity so that it becomes possible to create tools that will generate correct, normative parsers for them. == Relation to programming languages == The analytic framework of language-theoretic security assumes programs to be virtual machines that execute their input. A document that is read by an application is in this sense a form of machine code, in a generalization of the data as code idea, following the automata theory description of parsers. === Type-safe programming languages === Parsing input and serializing output are operations that consume one data type and emit another. A programming language can therefore check that data is correctly parsed and contains the expected structure by checking data types, and correct serializing (or unparsing) can be implemented as operations on the data types that are relevant to the program's output. This approach can be used to show that the recognizer and unparser patterns have been implemented. It is also possible to implement type checking across a distributed system to enforce parsing and unparsing of the expected structures and to verify that the assumptions made in designing the compositional properties of a distributed system have been followed. === Memory-safe programming languages === In the general case, spatial memory correctness is undecidable. If any proof of spatial memory correctness is to be made, it is therefore necessary to bound the complexity of the code. Interpreted languages such as Java and Python effectively accomplish this via runtime bounds checking, and frameworks for runtime bounds checking also exist for C. The effect of these strategies for spatial memory correctness are to create a halt state in place of a spatial memory correctness violation; therefore, it can be shown that the program will not violate spatial memory correctness, but in exchange, it cannot be shown in the general case that programs will not have runtime bounds checking exceptions. Some programming languages, such as Rust, accomplish this using borrow checking. The borrow checker acts to assure spatial memory correctness by compile-time reference counting. Code for which spatial memory correctness cannot be shown to not be violated therefore does not compile, inherently limiting the complexity of the spatial memory correctness of the program to what is decidable. Thi
Computer appliance
A computer appliance is a computer system with a combination of hardware, software, or firmware that is specifically designed to provide a particular computing resource. Such devices became known as appliances because of the similarity in role or management to a home appliance, which are generally closed and sealed, and are not serviceable by the user or owner. The hardware and software are delivered as an integrated product and may even be pre-configured before delivery to a customer, to provide a turn-key solution for a particular application. Unlike general purpose computers, appliances are generally not designed to allow the customers to change the software and the underlying operating system, or to flexibly reconfigure the hardware. Another form of appliance is the virtual appliance, which has similar functionality to a dedicated hardware appliance, but is distributed as a software virtual machine image for a hypervisor-equipped device. == Overview == Traditionally, software applications run on top of a general-purpose operating system, which uses the hardware resources of the computer (primarily memory, disk storage, processing power, and networking bandwidth) to meet the computing needs of the user. The main issue with the traditional model is related to complexity. It is complex to integrate the operating system and applications with a hardware platform, and complex to support it afterwards. By tightly constraining the variations of the hardware and software, the appliance becomes easily deployable, and can be used without nearly as wide (or deep) IT knowledge. Additionally, when problems and errors appear, the supporting staff very rarely needs to explore them deeply to understand the matter thoroughly. The staff needs merely training on the appliance management software to be able to resolve most of problems. In all forms of the computer appliance model, customers benefit from easy operations. The appliance has exactly one combination of hardware and operating system and application software, which has been pre-installed at the factory. This prevents customers from needing to perform complex integration work, and dramatically simplifies troubleshooting. In fact, this "turnkey operation" characteristic is the driving benefit that customers seek when purchasing appliances. To be considered an appliance, the (hardware) device needs to be integrated with software, and both are supplied as a package. This distinguishes appliances from "home grown" solutions, or solutions requiring complex implementations by integrators or value-added resellers (VARs). The appliance approach helps to decouple the various systems and applications, for example in the data center. Once a resource is decoupled, in theory it can be also centralized to become shared among many systems, centrally managed and optimized, all without requiring changes to any other system. == Tradeoffs of the computer appliance approach == The major disadvantage of deploying a computer appliance is that since they are designed to supply a specific resource, they most often include a customized operating system running over specialized hardware, neither of which are likely to be compatible with the other systems previously deployed. Customers lose flexibility. One may believe that a proprietary embedded operating system, or operating system within an application, can make the appliance much more secure from common cyber attacks. However, the opposite is true. Security by obscurity is a poor security decision, and appliances are often plagued by security issues as evidenced by the proliferation of IoT devices. == Types of appliances == The variety of computer appliances reflects the wide range of computing resources they provide to applications. Some examples: Storage appliances provide large amounts of storage, often available to many machines on the network. See Network-attached storage and Storage area network. Network appliances are general purpose routers which may also provide firewall protection, Transport Layer Security (TLS), messaging, access to specialized networking protocols (like the ebXML Message Service) and bandwidth multiplexing for the multiple systems they front-end. Backup and disaster recovery appliances computer appliances that are integrated backup software and backup targets, sometimes with hypervisors to support local DR of protected servers. They are often a gateway to a full DRaaS solution. Firewall and Security appliances Dedicated network appliances that are designed to protect computer networks from unwanted traffic. IIoT and MES Gateway appliances Computer appliances that are designed to translate data bidirectionally between control systems and enterprise systems. Proprietary, embedded, firmware applications running on the appliance use point-to-point connections to translate data between field devices in their native automation protocols and MES systems through their APIs, ODBC, or RESTful interfaces. Anti-spam appliances for e-mail spam Software appliances A single application server appliance, with just enough operating system (JeOS) for it to run. Virtual machine appliances consist of a "hypervisor style" embedded operating system running on appliance hardware. The hypervisor layer is matched to the hardware of the appliance, and cannot be varied by the customer, but the customer may load other operating systems and applications onto the appliance in the form of virtual machines. == Consumer appliances == Aside from its deployment within data centers, many computer appliances are directly used by the general public. These include: Digital video recorder Residential gateway Network-attached storage (NAS) Video game console Consumer uses stress the need for an appliance to have easy installation, configuration, and operation, with little or no technical knowledge being necessary. == Appliances in industrial automation == The world of industrial automation has been rich in appliances. These appliances have been hardened to withstand temperature and vibration extremes. These appliances are also highly configurable, enabling customization to meet a wide variety of applications. The key benefits of an appliance in automation are: Reduced downtime - a failed appliance is typically replaced with a COTS replacement and its task is quickly and easily reloaded from a backup. Highly scalable - appliances are typically targeted solutions for an area of a plant or process. As the requirements change, scalability is achieved through the installation of another appliance. Automation concepts are easily replicated throughout the enterprise by standardizing on appliances to perform the needed tasks, as opposed to the development of custom automation schemes for each task. Low TCO (total cost of ownership) - appliances are developed, tested and supported by automation product vendors and undergo a much broader level of quality testing than custom designed automation solutions. The use of appliances in automation reduce the level of testing needed in each individual application. Reduced design time - appliances perform specific functions and although they are highly configurable, they are typically self documenting. This enables appliance based solutions to be transferred from engineer to engineer with minimal need for training and documentation. Types of automation appliances: PLC (programmable logic controller) - Programmable logic controllers are appliances that are typically used for discrete control and offer a wide range of Input and Output options. They are configured through standardized programming languages such as IEC-1131. PID (proportional–integral–derivative controller) - PID controllers are appliances that monitor a process variable and, based on an error term, effect change on a control output (manipulated variable) to drive the process variable to a setpoint. PAC (programmable automation controller) - Programmable automation controllers are appliances that embody properties of both PLCs and PID controllers enabling the integration of both analog and discrete control. Universal gateway - A universal gateway appliance has the ability to communicate with a variety of devices through their respective communication protocols, and will affect data transactions between them. This in increasingly important as manufacturing strives to improve agility, quality, production rates, production costs and reduce downtime through enhanced M2M (machine to machine) communications. EATMs (Enterprise Appliance Transaction Modules) - Enterprise appliance transaction modules are appliances that affect data transactions from plant floor automation systems to enterprise business systems. They communicate to plant floor equipment through various vendor automation protocols, and communicate to business systems through database communication protocols such as JMS (Java Message Service) and SQL (Structured Query Language). == Internal structure == There are several
Halloween Problem
In computing, the Halloween Problem refers to a phenomenon in databases in which an update operation causes a change in the physical location of a row, potentially allowing the row to be visited again later in the same update operation. This could even cause an infinite loop in some cases where updates continually place the updated record ahead of the scan performing the update operation. The potential for this database error was first discovered by Don Chamberlin, Pat Selinger, and Morton Astrahan in the mid-1970s, on Halloween day, while working on query optimization. They wrote a SQL query supposed to give a ten percent raise to every employee who earned less than $25,000. This query would run successfully, with no errors, but when finished all the employees in the database earned at least $25,000, because it kept giving them a raise until they reached that level. The expectation was that the query would iterate over each of the employee records with a salary less than $25,000 precisely once. In fact, because even updated records were visible to the query execution engine and so continued to match the query's criteria, salary records were matching multiple times and each time being given a 10% raise until they were all greater than $25,000. Contrary to what some believe, the name is not descriptive of the nature of the problem but rather was given due to the day it was discovered on. As recounted by Don Chamberlin: Pat and Morton discovered this problem on Halloween... I remember they came into my office and said, "Chamberlin, look at this. We have to make sure that when the optimizer is making a plan for processing an update, it doesn't use an index that is based on the field that is being updated. How are we going to do that?" It happened to be on a Friday, and we said, "Listen, we are not going to be able to solve this problem this afternoon. Let's just give it a name. We'll call it the Halloween Problem and we'll work on it next week." And it turns out it has been called that ever since.