Lingua Libre is an online collaborative project and tool by the Wikimédia France association, which aims to build a collaborative, multilingual, audiovisual speech corpus under a free license. It mostly consists of a rapid recording online service which allows the user to chain hundreds of recordings. Contributors have produced content in 310+ languages. == Description == Lingua Libre enables the recording of words, phrases or sentences of any language, oral (audio recording) or signed (video recording). Words are presented to the speaker in the form of a list, created on the spot, in advance, or by reusing an existing Wikimedia category. The speaker simply reads the word displayed on the screen, and the software moves on to the next word when it detects a silence after the read word. This principle, borrowed from the open source software Shtooka recorder with the help of its creator, Nicolas Vion, makes it possible to record several hundreds of words per hour. The recordings are then uploaded automatically from the web client to the Wikimedia Commons media library. In spring 2021, Lingua Libre was offline due to a fire in Strasbourg, but no audio recordings were lost. === Use of the recordings === The recordings can be consulted either on Lingua Libre or on Commons. They are mainly used on other Wikimedia projects, for example to illustrate entries on Wiktionaries or proper nouns in Wikipedia articles. The re-use of the recordings in a language teaching context is envisaged. Language learners can freely download pronunciations and use them on GoldenDict, a popular dictionary software. Thus, audio recordings can be used as “Pronunciation Dictionaries” on GoldenDict without needing internet connection. The recordings are also reused in Natural Language Processing projects, for example to drive Mozilla's DeepSpeech speech recognition engines. == Versions == Lingua Libre was initiated on January 23, 2015 and has had three successive versions: === Lingua Libre v.1 (2016) === As part of the Languages of France project, which aims to document and promote the regional languages of France on Wikimedia and Internet projects in general, the conception of Lingua Libre started in November 2015, partly funded by the DGLFLF (General Delegation for the French language and the languages of France). The first version of the project was launched in August 2016. Only suitable for audio recording, Lingua Libre was shown during a workshop on Occitan language in December 2016, and then presented to the online Wikimedia community and at international events in 2017. === Lingua Libre v.2 (2018) === A complete rebuilding was launched at the end of 2017. The new version of Lingua Libre is based on MediaWiki, uses Wikibase and OAuth to better integrate into the Wikimedia environment. The interface is translated via Translatewiki.net so that the project can be used by a large number of communities. The new version of the site was ready in June 2018 and opened to the public in August 2018. === Lingua Libre v.2.2 (2020) === In 2020, important changes were made to the platform; a new look was developed especially for the site, the .org domain replaced the .fr domain used until then, and added support for sign languages through video recording. == Statistics == In the first two years of the project's launch, approximately 10,000 recordings were made. The transition to v.2 was accompanied by a sharp increase in the contributions. The number of recordings multiplied by 10 in less than a year, exceeding the 100,000 threshold in May 2019. These recordings were made by 127 speakers in almost 50 languages. By September 2020, the platform had more than 300,000 recordings in 90 languages with more than 350 speakers. The 500,000 recordings milestone was reached in June 2021, thanks to 540 speakers of 120 languages.
Content Threat Removal
Content Threat Removal (CTR) is a cybersecurity technology intended to defeat the threat posed by handling digital content in the cyberspace. Unlike other defenses, including antivirus software and sandboxed execution, CTR does not rely on being able to detect threats. Similar to Content Disarm and Reconstruction, CTR is designed to remove the threat without knowing whether it has done so and acts without knowing if data contains a threat or not. Detection strategies work by detecting unsafe content, and then blocking or removing that content. Content that is deemed safe is delivered to its destination. In contrast, Content Threat Removal assumes all data is hostile and delivers none of it to the destination, regardless of whether it is actually hostile. Although no data is delivered, the business information carried by the data is delivered using new data created for the purpose. == Threat == Advanced attacks continuously defeat defenses that are based on detection. These are often referred to as zero-day attacks, because as soon as they are discovered attack detection mechanisms must be updated to identify and neutralize the attack, and until they are, all systems are unprotected. These attacks succeed because attackers find new ways of evading detection. Polymorphic code can be used to evade the detection of known unsafe data and sandbox detection allows attacks to evade dynamic analysis. == Method == A Content Threat Removal defence works by intercepting data on its way to its destination. The business information carried by the data is extracted and the data is discarded. Then entirely new, clean and safe data is built to carry the information to its destination. The effect of building new data to carry the business information is that any unsafe elements of the original data are left behind and discarded. This includes executable data, macros, scripts and malformed data that trigger vulnerabilities in applications. While CTR is a form of content transformation, not all transformations provide a complete defence against the content threat. == Applicability == CTR is applicable to user-to-user traffic, such as email and chat, and machine-to-machine traffic, such as web services. Data transfers can be intercepted by in-line application layer proxies and these can transform the way information content is delivered to remove any threat. CTR works by extracting business information from data and it is not possible to extract information from executable code. This means CTR is not directly applicable to web browsing, since most web pages are code. It can, however, be applied to content that is downloaded from, and uploaded to, websites. Although most web pages cannot be transformed to render them safe, web browsing can be isolated and the remote access protocols used to reach the isolated environment can be subjected to CTR. CTR provides a solution to the problem of stegware. It naturally removes detectable steganography and eliminates symbiotic and permutation steganography through normalisation.
Anderson's rule (computer science)
In the field of computer security, Anderson's rule refers to a principle formulated by Ross J. Anderson: systems that handle sensitive personal information involve a trilemma of security, functionality, and scale, of which you can choose any two. A system that has information on many data subjects and to which many people require access is hard to secure unless its functionality is severely restricted. If it has rich functionality, you may have to restrict the number of people with access, or accept that some information will leak.
Intel Management Engine
The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards. The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off. This issue can be mitigated with the deployment of a hardware device which is able to disconnect all connections to mains power as well as all internal forms of energy storage. The Electronic Frontier Foundation and some security researchers have voiced concern that the Management Engine is a backdoor. Intel's main competitor, AMD, has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs. == Difference from Intel AMT == The Management Engine is often confused with Intel AMT (Intel Active Management Technology). AMT runs on the ME, but is only available on processors with vPro. AMT gives device owners remote administration of their computer, such as powering it on or off, and reinstalling the operating system. However, the ME itself has been built into all Intel chipsets since 2008, not only those with AMT. While AMT can be unprovisioned by the owner, there is no official, documented way to disable the ME. == Design == The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the computer is running, and while it is asleep. As long as the chipset or SoC is supplied with power (via battery or power supply), it continues to run even when the system is turned off. Intel claims the ME is required to provide full performance. Its exact workings are largely undocumented and its code is obfuscated using confidential Huffman tables stored directly in hardware, so the firmware does not contain the information necessary to decode its contents. === Hardware === Starting with ME 11 (introduced in Skylake CPUs), it is based on the Intel Quark x86-based 32-bit CPU and runs the MINIX 3 operating system. The ME firmware is stored in a partition of the SPI BIOS Flash, using the Embedded Flash File System (EFFS). Previous versions were based on an ARC core, with the Management Engine running the ThreadX RTOS. Versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x used the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor could also execute signed Java applets. The ME has its own MAC and IP address for the out-of-band management interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP). The ME also communicates with the host via PCI interface. Under Linux, communication between the host and the ME is done via /dev/mei or /dev/mei0. Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout. With the newer Intel architectures (Intel 5 Series onwards), the ME is integrated into the Platform Controller Hub (PCH). === Firmware === By Intel's current terminology as of 2017, ME is one of several firmware sets for the Converged Security and Manageability Engine (CSME). Prior to AMT version 11, CSME was called Intel Management Engine BIOS Extension (Intel MEBx). Management Engine (ME) – mainstream chipsets Server Platform Services (SPS) – server chipsets and SoCs Trusted Execution Engine (TXE) – tablet/embedded/low power It was also found that the ME firmware version 11 runs MINIX 3. Management of the ME modules for provisioning inside the UEFI is done via a tool called Intel Flash Image Tool (FITC). ==== Modules ==== Active Management Technology (AMT) Intel Boot Guard (IBG) and Secure Boot Quiet System Technology (QST), formerly known as Advanced Fan Speed Control (AFSC), which provides support for acoustically optimized fan speed control, and monitoring of temperature, voltage, current and fan speed sensors that are provided in the chipset, CPU and other devices present on the motherboard. Communication with the QST firmware subsystem is documented and available through the official software development kit (SDK). Protected Audio Video Path, enforces HDCP Intel Anti-Theft Technology (AT), discontinued in 2015 Serial over LAN (SOL) Intel Platform Trust Technology (PTT), a firmware-based Trusted Platform Module (TPM) Near Field Communication, a middleware for NFC readers and vendors to access NFC cards and provide secure element access, found in later MEI versions. == The intricacies of working with Intel ME == It should also be noted that the ME region requires special cleaning and subsequent initialisation, for example, after replacing the platform hub on the motherboard. Usually, this requires an SPI programmer. There are known successful cases of this operation being performed. == Security vulnerabilities == Several weaknesses have been found in the ME. On May 1, 2017, Intel confirmed a Remote Elevation of Privilege bug (SA-00075) in its Management Technology. Every Intel platform with provisioned Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME. Several ways to disable the ME without authorization that could allow ME's functions to be sabotaged have been found. Additional major security flaws in the ME affecting a very large number of computers incorporating ME, Trusted Execution Engine (TXE), and Server Platform Services (SPS) firmware, from Skylake in 2015 to Coffee Lake in 2017, were confirmed by Intel on November 20, 2017 (SA-00086). Unlike SA-00075, this bug is even present if AMT is absent, not provisioned or if the ME was "disabled" by any of the known unofficial methods. In July 2018, another set of vulnerabilities was disclosed (SA-00112). In September 2018, yet another vulnerability was published (SA-00125). === Ring −3 rootkit === A ring −3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not work for the later Q45 chipset as Intel implemented additional protections. The exploit worked by remapping the normally protected memory region (top 16 MB of RAM) reserved for the ME. The ME rootkit could be installed regardless of whether the AMT is present or enabled on the system, as the chipset always contains the ARC ME coprocessor. (The "−3" designation was chosen because the ME coprocessor works even when the system is in the S3 state. Thus, it was considered a layer below the System Management Mode rootkits.) For the vulnerable Q35 chipset, a keystroke logger ME-based rootkit was demonstrated by Patrick Stewin. === Zero-touch provisioning === Another security evaluation by Vassilios Ververis showed serious weaknesses in the GM45 chipset implementation. In particular, it criticized AMT for transmitting unencrypted passwords in the SMB provisioning mode when the IDE redirection and Serial over LAN features are used. It also found that the "zero touch" provisioning mode (ZTC) is still enabled even when the AMT appears to be disabled in BIOS. For about 60 euros, Ververis purchased from GoDaddy a certificate that is accepted by the ME firmware and allows remote "zero touch" provisioning of (possibly unsuspecting) machines, which broadcast their HELLO packets to would-be configuration servers. === SA-00075 (a.k.a. Silent Bob is Silent) === In May 2017, Intel confirmed that many computers with AMT have had an unpatched critical privilege escalation vulnerability (CVE-2017-5689). The vulnerability was nicknamed "Silent Bob is Silent" by the researchers who had reported it to Intel. It affects numerous laptops, desktops and servers sold by Dell, Fujitsu, Hewlett-Packard (later Hewlett Packard Enterprise and HP Inc.), Intel, Lenovo, and possibly others. Those researchers claimed that the bug affects systems made in 2010 or later. Other reports claimed the bug also affects systems made as long ago as 2008. The vulnerability was described as giving remote attackers: "full control of affected machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware), and read and modify any data." === PLATINUM === In June 2017, the PLATINUM cybercrime group became notable for exploiting the serial over LAN (SOL) capabilities of AMT to perform data exfiltration of stolen documents. SOL is disabled by default and must be enabled to exploit this vulnerability. === SA-00086 === Some months after the previous bugs, and subsequent warnings from the EFF, securi
Data administration
Data administration or data resource management is an organizational function working in the areas of information systems and computer science that plans, organizes, describes and controls data resources. Data resources are usually stored in databases under a database management system or other software such as electronic spreadsheets. In many smaller organizations, data administration is performed occasionally, or is a small component of the database administrator’s work. In the context of information systems development, data administration ideally begins at system conception, ensuring there is a data dictionary to help maintain consistency, avoid redundancy, and model the database so as to make it logical and usable, by means of data modeling, including database normalization techniques. == Data resource management == According to the Data Management Association (DAMA), data resource management is "the development and execution of architectures, policies, practices and procedures that properly manage the full data lifecycle needs of an enterprise". Data Resource management may be thought of as a managerial activity that applies information system and other data management tools to the task of managing an organization’s data resource to meet a company’s business needs, and the information they provide to their shareholders. From the perspective of database design, it refers to the development and maintenance of data models to facilitate data sharing between different systems, particularly in a corporate context. Data Resource Management is also concerned with both data quality and compatibility between data models. Since the beginning of the information age, businesses need all types of data on their business activity. With each data created, when a business transaction is made, need data is created. With these data, new direction is needed that focuses on managing data as a critical resource of the organization to directly support its business activities. The data resource must be managed with the same intensity and formality that other critical resources are managed. Organizations must emphasize the information aspect of information technology, determine the data needed to support the business, and then use appropriate technology to build and maintain a high-quality data resource that provides that support. Data resource quality is a measure of how well the organization's data resource supports the current and the future business information demand of the organization. The data resource cannot support just the current business information demand while sacrificing the future business information demand. It must support both the current and the future business information demand. The ultimate data resource quality is stability across changing business needs and changing technology. A corporate data resource must be developed within single, organization-wide common data architecture. A data architecture is the science and method of designing and constructing a data resource that is business driven, based on real-world objects and events as perceived by the organization, and implemented into appropriate operating environments. It is the overall structure of a data resource that provides a consistent foundation across organizational boundaries to provide easily identifiable, readily available, high-quality data to support the business information demand. The common data architecture is a formal, comprehensive data architecture that provides a common context within which all data at an organization's disposal are understood and integrated. It is subject oriented, meaning that it is built from data subjects that represent business objects and business events in the real world that are of interest to the organization and about which data are captured and maintained.
Eigenface
An eigenface ( EYE-gən-) is the name given to a set of eigenvectors when used in the computer vision problem of human face recognition. The approach of using eigenfaces for recognition was developed by Sirovich and Kirby and used by Matthew Turk and Alex Pentland in face classification. The eigenvectors are derived from the covariance matrix of the probability distribution over the high-dimensional vector space of face images. The eigenfaces themselves form a basis set of all images used to construct the covariance matrix. This produces dimension reduction by allowing the smaller set of basis images to represent the original training images. Classification can be achieved by comparing how faces are represented by the basis set. == History == The eigenface approach began with a search for a low-dimensional representation of face images. Sirovich and Kirby showed that principal component analysis could be used on a collection of face images to form a set of basis features. These basis images, known as eigenpictures, could be linearly combined to reconstruct images in the original training set. If the training set consists of M images, principal component analysis could form a basis set of N images, where N < M. The reconstruction error is reduced by increasing the number of eigenpictures; however, the number needed is always chosen less than M. For example, if you need to generate a number of N eigenfaces for a training set of M face images, you can say that each face image can be made up of "proportions" of all the K "features" or eigenfaces: Face image1 = (23% of E1) + (2% of E2) + (51% of E3) + ... + (1% En). In 1991 M. Turk and A. Pentland expanded these results and presented the eigenface method of face recognition. In addition to designing a system for automated face recognition using eigenfaces, they showed a way of calculating the eigenvectors of a covariance matrix such that computers of the time could perform eigen-decomposition on a large number of face images. Face images usually occupy a high-dimensional space and conventional principal component analysis was intractable on such data sets. Turk and Pentland's paper demonstrated ways to extract the eigenvectors based on matrices sized by the number of images rather than the number of pixels. Once established, the eigenface method was expanded to include methods of preprocessing to improve accuracy. Multiple manifold approaches were also used to build sets of eigenfaces for different subjects and different features, such as the eyes. == Generation == A set of eigenfaces can be generated by performing a mathematical process called principal component analysis (PCA) on a large set of images depicting different human faces. Informally, eigenfaces can be considered a set of "standardized face ingredients", derived from statistical analysis of many pictures of faces. Any human face can be considered to be a combination of these standard faces. For example, one's face might be composed of the average face plus 10% from eigenface 1, 55% from eigenface 2, and even −3% from eigenface 3. Remarkably, it does not take many eigenfaces combined together to achieve a fair approximation of most faces. Also, because a person's face is not recorded by a digital photograph, but instead as just a list of values (one value for each eigenface in the database used), much less space is taken for each person's face. The eigenfaces that are created will appear as light and dark areas that are arranged in a specific pattern. This pattern is how different features of a face are singled out to be evaluated and scored. There will be a pattern to evaluate symmetry, whether there is any style of facial hair, where the hairline is, or an evaluation of the size of the nose or mouth. Other eigenfaces have patterns that are less simple to identify, and the image of the eigenface may look very little like a face. The technique used in creating eigenfaces and using them for recognition is also used outside of face recognition: handwriting recognition, lip reading, voice recognition, sign language/hand gestures interpretation and medical imaging analysis. Therefore, some do not use the term eigenface, but prefer to use 'eigenimage'. === Practical implementation === To create a set of eigenfaces, one must: Prepare a training set of face images. The pictures constituting the training set should have been taken under the same lighting conditions, and must be normalized to have the eyes and mouths aligned across all images. They must also be all resampled to a common pixel resolution (r × c). Each image is treated as one vector, simply by concatenating the rows of pixels in the original image, resulting in a single column with r × c elements. For this implementation, it is assumed that all images of the training set are stored in a single matrix T, where each column of the matrix is an image. Subtract the mean. The average image a has to be calculated and then subtracted from each original image in T. Calculate the eigenvectors and eigenvalues of the covariance matrix S. Each eigenvector has the same dimensionality (number of components) as the original images, and thus can itself be seen as an image. The eigenvectors of this covariance matrix are therefore called eigenfaces. They are the directions in which the images differ from the mean image. Usually this will be a computationally expensive step (if at all possible), but the practical applicability of eigenfaces stems from the possibility to compute the eigenvectors of S efficiently, without ever computing S explicitly, as detailed below. Choose the principal components. Sort the eigenvalues in descending order and arrange eigenvectors accordingly. The number of principal components k is determined arbitrarily by setting a threshold ε on the total variance. Total variance v = ( λ 1 + λ 2 + . . . + λ n ) {\displaystyle v=(\lambda _{1}+\lambda _{2}+...+\lambda _{n})} , n = number of components, and λ {\displaystyle \lambda } represents component eigenvalue. k is the smallest number that satisfies ( λ 1 + λ 2 + . . . + λ k ) v > ϵ {\displaystyle {\frac {(\lambda _{1}+\lambda _{2}+...+\lambda _{k})}{v}}>\epsilon } These eigenfaces can now be used to represent both existing and new faces: we can project a new (mean-subtracted) image on the eigenfaces and thereby record how that new face differs from the mean face. The eigenvalues associated with each eigenface represent how much the images in the training set vary from the mean image in that direction. Information is lost by projecting the image on a subset of the eigenvectors, but losses are minimized by keeping those eigenfaces with the largest eigenvalues. For instance, working with a 100 × 100 image will produce 10,000 eigenvectors. In practical applications, most faces can typically be identified using a projection on between 100 and 150 eigenfaces, so that most of the 10,000 eigenvectors can be discarded. === Matlab example code === Here is an example of calculating eigenfaces with Extended Yale Face Database B. To evade computational and storage bottleneck, the face images are sampled down by a factor 4×4=16. Note that although the covariance matrix S generates many eigenfaces, only a fraction of those are needed to represent the majority of the faces. For example, to represent 95% of the total variation of all face images, only the first 43 eigenfaces are needed. To calculate this result, implement the following code: === Computing the eigenvectors === Performing PCA directly on the covariance matrix of the images is often computationally infeasible. If small images are used, say 100 × 100 pixels, each image is a point in a 10,000-dimensional space and the covariance matrix S is a matrix of 10,000 × 10,000 = 108 elements. However the rank of the covariance matrix is limited by the number of training examples: if there are N training examples, there will be at most N − 1 eigenvectors with non-zero eigenvalues. If the number of training examples is smaller than the dimensionality of the images, the principal components can be computed more easily as follows. Let T be the matrix of preprocessed training examples, where each column contains one mean-subtracted image. The covariance matrix can then be computed as S = TTT and the eigenvector decomposition of S is given by S v i = T T T v i = λ i v i {\displaystyle \mathbf {Sv} _{i}=\mathbf {T} \mathbf {T} ^{T}\mathbf {v} _{i}=\lambda _{i}\mathbf {v} _{i}} However TTT is a large matrix, and if instead we take the eigenvalue decomposition of T T T u i = λ i u i {\displaystyle \mathbf {T} ^{T}\mathbf {T} \mathbf {u} _{i}=\lambda _{i}\mathbf {u} _{i}} then we notice that by pre-multiplying both sides of the equation with T, we obtain T T T T u i = λ i T u i {\displaystyle \mathbf {T} \mathbf {T} ^{T}\mathbf {T} \mathbf {u} _{i}=\lambda _{i}\mathbf {T} \mathbf {u} _{i}} Meaning that, if ui is an eigenvector of TTT, then vi = Tui is an eigenvector of S. If we have
Gonioreflectometer
A gonioreflectometer is a device for measuring a bidirectional reflectance distribution function (BRDF). The device consists of a light source illuminating the material to be measured and a sensor that captures light reflected from that material. The light source should be able to illuminate and the sensor should be able to capture data from a hemisphere around the target. The hemispherical rotation dimensions of the sensor and light source are the four dimensions of the BRDF. The 'gonio' part of the word refers to the device's ability to measure at different angles. Several similar devices have been built and used to capture data for similar functions. Most of these devices use a camera instead of the light intensity-measuring sensor to capture a two-dimensional sample of the target. Examples include: a spatial gonioreflectometer for capturing the SBRDF (McAllister, 2002). a camera gantry for capturing the light field (Levoy and Hanrahan, 1996). an unnamed device for capturing the bidirectional texture function (Dana et al., 1999).