Sketchpad (a.k.a. Robot Draftsman) is a computer program written by Ivan Sutherland in 1963 in the course of his PhD thesis, for which he received the Turing Award in 1988, and the Kyoto Prize in 2012. It pioneered human–computer interaction (HCI), and is considered the ancestor of modern computer-aided design (CAD) programs and as a major breakthrough in the development of computer graphics in general. For example, Sketchpad inspired the graphical user interface (GUI) and object-oriented programming. Using the program, Sutherland showed that computer graphics could be used for both artistic and technical purposes and for demonstrating a novel method of human–computer interaction. == History == See History of the graphical user interface for a more detailed discussion of GUI development. == Software == Sketchpad was the earliest program ever to use a complete graphical user interface. The clever way the program organizes its geometric data pioneered the use of master (objects) and occurrences (instances) in computing and pointed forward to object-oriented programming. The main idea was to have master drawings which can be instantiated into many duplicates. When a master drawing is changed, then all instances change also. This was the first known form of an entity component system: for example instead of encapsulating points inside of a line object, the points are stored in a ring buffer as described in pages 48 to 52 of the paper, and the line only points to them. This allowed moving one point to alter all the shapes that use it in a single operation. The structures in Sketchpad were also able to store pointers to functions, to achieve a different behavior depending on the kind of object. In figure 3.8 of the paper, the "instances generic block" stores several "subroutine entries" which are pointers to functions: "display", "howbig" etc. This was an early form of virtual functions. Geometric constraints was another major invention in Sketchpad, letting a user easily constrain geometric properties in the drawing: for instance, the length of a line or the angle between two lines could be fixed. As a trade magazine said, clearly Sutherland "broke new ground in 3D computer modeling and visual simulation, the basis for computer graphics and CAD/CAM". Very few programs can be called precedents for his achievements. Patrick J. Hanratty is sometimes called the "father of CAD/CAM" and wrote PRONTO, a numerical control language at General Electric in 1957, and wrote CAD software while working for General Motors beginning in 1961. Sutherland wrote in his thesis that Bolt, Beranek and Newman had a "similar program" and T-Square was developed by Peter Samson and one or more fellow MIT students in 1962, both for the PDP-1. The Computer History Museum holds program listings for Sketchpad. == Hardware == Sketchpad ran on the MIT Lincoln Laboratory TX-2 (1958) computer at the Massachusetts Institute of Technology (MIT), which had 64k of 36-bit words. The user drew on the computer monitor screen with the recently invented light pen, which relayed information on its position by computing at what time the light from the scanning cathode-ray tube screen is detected. To configure the initial position of the light pen, the word INK was displayed on the screen, which, upon tapping, initialised the program with a white cross to continue keeping track of the pen's movement relative to its prior position. Of the 36 bits available to store each display spot in the display file, 20 gave the coordinates of that spot for the display system and the remaining 16 gave the address of the n-component element responsible for adding that spot to display. The TX-2 was an experimental machine and the hardware changed often (on Wednesdays, according to Sutherland). By 1975, the light pen and the cathode-ray tube with which it had been used had been removed. == Publications == The Sketchpad program was part and parcel of Sutherland's Ph.D. thesis at MIT and peripherally related to the Computer-Aided Design project at that time. Sketchpad: A Man-Machine Graphical Communication System.
Internet Security Awareness Training
Internet Security Awareness Training (ISAT) is the training given to members of an organization regarding the protection of various information assets of that organization. ISAT is a subset of general security awareness training (SAT). Even small and medium enterprises are generally recommended to provide such training, but organizations that need to comply with government regulations (e.g., the Gramm–Leach–Bliley Act, the Payment Card Industry Data Security Standard, Health Insurance Portability and Accountability Act, Sarbanes–Oxley Act) normally require formal ISAT for annually for all employees. Often such training is provided in the form of online courses. ISAT, also referred to as Security Education, Training, and Awareness (SETA), organizations train and create awareness of information security management within their environment. It is beneficial to organizations when employees are well trained and feel empowered to take important actions to protect themselves and organizational data. The SETA program target must be based on user roles within organizations and for positions that expose the organizations to increased risk levels, specialized courses must be required. == Coverage == There are general topics to cover for the training, but it is necessary for each organization to have a coverage strategy based on its needs, as this will ensure the training is practical and captures critical topics relevant to the organization. As the threat landscape changes very frequently, organizations should continuously review their training programs to ensure relevance with current trends. Topics covered in ISAT include: Appropriate methods for protecting sensitive information on personal computer systems, including password policy Various computer security concerns, including spam, malware, phishing, social engineering, etc. Consequences of failure to properly protect information, including potential job loss, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal law penalties. Being Internet Security Aware means you understand that there are people actively trying to steal data that is stored within your organization's computers. (This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts and other high-value IT assets.) That is why it is important to protect the assets of the organization and stop that from happening. The general scope should include topics such as password security, Email phishing, Social engineering, Mobile device security, Sensitive data security, and Business communications. In contrast, those requiring specialized knowledge are usually required to take technical and in-depth training courses. Suppose an organization determines that it is best to use one of the available training tools on the market, it must ensure it sets objectives that the training can meet, including confirming the training will provide employees with the knowledge to understand risks and the behaviors needed in managing them, actions to take to prevent or detect security incidents, using language easily understandable by the trainees, and ensuring the pricing is reasonable. Organizations are recommended to base ISAT training content on employee roles and their culture; the policy should guide that training for all employees and gave the following as examples of sources of reference materials: National Institute of Standards and Technology (NIST) Special Publication 800-50, Building an Information Technology Security Awareness and Training Program International Standards Organization (ISO) 27002:2013, Information technology—Security techniques—Code of practice for information security controls International Standards Organization (ISO) 27001:2013, Information technology — Security techniques — Information security management systems COBIT 5 Appendix F.2, Detailed Guidance: Services, Infrastructure and Applications Enabler, Security Awareness The training must focus on current threats specific to an organization and the impacts if that materializes as a result of user actions. Including practical examples and ways of dealing with scenarios help users know the appropriate measures to take. It is a good practice to periodically train customers of specific organizations on threats they face from people with malicious intentions. Coverage strategy for SAT should be driven by an organization's policy. It can help truly determine the level of depth of the training and where it should be conducted at a global level or business unit level, or a combination of both. A policy also empowers a responsible party within the organization to run the training. == Importance == Studies show that well-structured security awareness training can significantly reduce the likelihood of cyber incidents caused by human error. According to the Ponemon Institute, organizations that implement regular security training experience up to 70% fewer successful phishing attacks. Additionally, a 2023 Verizon Data Breach Investigations Report found that 74% of breaches involve the human element, highlighting the need for continuous education. Employees are key in whether organizations are breached or not; there must be a policy on creating awareness and training them on emerging threats and actions to take in safeguarding sensitive information and reporting any observed unusual activity within the corporate environment. Research has shown that SAT has helped reduce cyber-attacks within organizations, especially when it comes to phishing, as trainees learned to identify these attack modes and give them the self-assurance to take action appropriately. There is an increase in phishing attacks, and it has become increasingly important for people to understand how to these attacks work, and the actions required to prevent these and SAT has shown a significant impact on the number of successful phishing attacks against organizations. == Compliance Requirements == Various regulations and laws mandate SAT for organizations in specific industries, including the Gramm–Leach–Bliley Act (GLBA) for the financial services, the Federal Information Security Modernization Act of 2014 for federal agencies, and the European Union's General Data Protection Regulation (GDPR). === Federal Information Security Modernization Act === Employees and contractors in federal agencies are required to receive Security Awareness Training annually, and the program needs to address job-related information security risks linked that provide them with the knowledge to lessen security risks. === Health Insurance Portability and Accountability Act === The Health Insurance Portability and Accountability Act has the Security Rule, and Privacy Rule requiring the creation of a security awareness training program and ensuring employees are trained accordingly. === Payment Card Industry Data Security Standard === The Payment Card Industry Security Standards Council, the governing council for stakeholders in the payment industry, formed by American Express, Discover, JCB International, MasterCard, and Visa that developed the DSS as a requirement for the payment industry. Requirement 12.6 requires member organizations to institute a formal security awareness program. There is a published guide for organizations to adhere to when setting up the program. === US States Training Regulations === Some States mandate Security Awareness Training whiles other do not but simply recommend voluntary training. Among states that require the training for its employees include: Colorado (The Colorado Information Security Act, Colorado Revised Statutes 24-37.5-401 et seq.) Connecticut (13 FAM 301.1-1 Cyber Security Awareness Training (PS800)) Florida (Florida Statutes Chapter 282) Georgia (Executive Order GA E.O.182 mandated training within 90 days of issue) Illinois (Cook County) Indiana (IN H 1240) Louisiana (Louisiana Division of Administration, Office of Technology Services p. 52: LA H 633) Maryland (20-07 IT Security Policy) Montana (Mandatory cyber training for executive branch state employees) Nebraska Nevada (agency-by-agency state employee requirement - State Security Standard 123 – IT Security) New Hampshire New Jersey ( NJ A 1654) North Carolina Ohio (IT-15 - Security Awareness and Training) Pennsylvania Texas Utah Vermont Virginia West Virginia (WV Code Section 5A-6-4a) == Training Techniques == Below are some common training techniques, even though some can be blended depending on the operating environment: Interactive video training – This technique allows users to be trained using two-way interactive audio and video instruction. Web-based training – This method allows employees or users to take the training independently and usually has a testing component to determine if learning has taken place. If not, users can be allowed to retake the course and test to ensure there is a complete understanding
Moj
Moj is an Indian short-form video-sharing social networking service owned by Mohalla Tech Pvt Ltd, the parent company of ShareChat. Launched on 29 June 2020, shortly after the Government of India banned TikTok and several other Chinese apps, Moj quickly gained popularity as one of the leading domestic alternatives for short-form video content in India. == History == Moj was introduced by Mohalla Tech, the Bengaluru-based parent company of ShareChat, within days of the TikTok ban in India in June 2020. The app targeted the growing demand for short-form video platforms in the country. By early 2021, Moj had amassed over 100 million downloads on the Google Play Store. In February 2021, Mohalla Tech raised significant funding from investors like Tiger Global, Snapchat, and others, which supported both Moj and ShareChat’s growth. In 2022, Moj partnered with several music labels to expand its licensed music library, competing directly with global platforms such as Instagram Reels and YouTube Shorts. == Features == Short Videos: Users can create and watch videos up to 15–60 seconds. Filters & Effects: The platform provides AR filters, editing tools, stickers, and music integration. Regional Language Support: Moj supports more than 15 Indian languages including Hindi, Bengali, Tamil, Telugu, Kannada, and Marathi. Music Integration: Users can add music tracks to their videos from licensed Indian and international music libraries. Creator Program: Moj launched initiatives to support influencers and creators, offering training, monetization, and promotional opportunities. == Popularity == By mid-2021, Moj reported over 160 million monthly active users. According to reports, Moj consistently ranked among the top social media apps in India in terms of downloads. The app gained traction in Tier-2 and Tier-3 cities due to its multilingual support and focus on local content. == Competitors == Moj competes with several other short video platforms in India, including: Instagram Reels (Meta) YouTube Shorts (Google) Josh (Dailyhunt/VerSe Innovation) Roposo (InMobi) MX TakaTak (later merged with Moj in 2022) RedPost (an emerging Indian social networking platform) == Merger with MX TakaTak == In February 2022, Mohalla Tech announced that Moj would merge with MX TakaTak, another leading short video app owned by Times Internet. The merger created one of the largest short-video ecosystems in India, with a combined user base of over 300 million monthly active users.
Multimedia database
A Multimedia database (MMDB) is a collection of related for multimedia data. The multimedia data include one or more primary media data types such as text, images, graphic objects (including drawings, sketches and illustrations) animation sequences, audio and video. A Multimedia Database Management System (MMDBMS) is a framework that manages different types of data potentially represented in a wide diversity of formats on a wide array of media sources. It provides support for multimedia data types, and facilitate for creation, storage, access, query and control of a multimedia database. == Contents of MMDB == A Multimedia Database (MMDB) hosts one or more multimedia data types (i.e. text, images, graphic objects, audio, video, animation sequences). These data types are broadly categorized into three classes: Static media (time-independent: image and graphic object). Dynamic media (time-dependent: audio, video and animation). Dimensional media(3D game and computer aided drafting programs). === Comparison of multimedia data types === Additionally, a Multimedia Database (MMDB) needs to manage additional information pertaining to the actual multimedia data. The information is about the following: Media data: the actual data representing an object. Media format data: information about the format of the media data after it goes through the acquisition, processing, and encoding phases. Media keyword data: the keyword descriptions, usually relating to the generation of the media data. Media feature data: content dependent data such as contain information about the distribution of colours, the kinds of textures and the different shapes present in an image. The last three types are called metadata as they describe several different aspects of the media data. The media keyword data and media feature data are used as indices for searching purpose. The media format data is used to present the retrieved information. == Requirements of Multimedia databases == Like the traditional databases, Multimedia databases should address the following requirements: Integration Data items do not need to be duplicated for different programs invocations Data independence Separate the database and the management from the application programs Concurrency control Allows concurrent transactions Persistence Data objects can be saved and re-used by different transactions and program invocations Privacy Access and authorization control Integrity control Ensures database consistency between transactions Recovery Failures of transactions should not affect the persistent data storage Query support Allows easy querying of multimedia data Multimedia databases should have the ability to uniformly query data (media data, textual data) represented in different formats and have the ability to simultaneously query different media sources and conduct classical database operations across them. (Query support) They should have the ability to retrieve media objects from a local storage device in a good manner. (Storage support) They should have the ability to take the response generated by a query and develop a presentation of that response in terms of audio-visual media and have the ability to deliver this presentation. (Presentation and delivery support) == Issues and challenges == Multimedia data consists of a variety of media formats or file representations including TIFF, BMP, PPT, IVUE, FPX, JPEG, MPEG, AVI, MID, WAV, DOC, GIF, EPS, PNG, etc. Because of restrictions on the conversion from one format to the other, the use of the data in a specific format has been limited as well. Usually, the data size of multimedia is large such as video; therefore, multimedia data often require a large storage. Multimedia database consume a lot of processing time, as well as bandwidth. Some multimedia data types such as video, audio, and animation sequences have temporal requirements that have implications on their storage, manipulation and presentation, but images, video and graphics data have special constraints in terms of their content. == Application areas == Examples of multimedia database application areas: Digital Libraries News-on-Demand Video-on-Demand Music database Geographic Information Systems (GIS) Telemedicine
Play Integrity API
Play Integrity API (formerly known as SafetyNet) consists of several application programming interfaces (APIs) offered by the Google Play Services to support security sensitive applications and enforce DRM. Currently, these APIs include device integrity verification, app verification, recaptcha and web address verification. It uses an environment called DroidGuard to perform the attestation. == Attestation == The SafetyNet Attestation API, one of the APIs under the SafetyNet umbrella, provides verification that the integrity of the device is not compromised. In practice, non-official ROMs such as LineageOS fail the hardware attestation and thus prevent the user from using a non-compliant ROM with third-party apps (mainly banking) that require the API. Due to this, some consider this a monopolistic practice deterring the entrance of competing mobile operating systems in the market. It requires a network connection to Google servers and validates the hardware signatures. Amongst the checks, the API looks for bootloader unlock status, ROM signatures, kernel strings, it also uses AVB2.0 and dm-verity attestations. Upon successful checks, Google Play will mark the device as Certified. The attestation runs in an environment called DroidGuard (com.google.android.gms.unstable). The SafetyNet Attestation API (one of the four APIs under the SafetyNet umbrella) has been deprecated. As of 6 October 2023, Google planned to replace it with the Play Integrity API by the end of January 2025. The transition ended on 20 May 2025, breaking applications which hadn't been updated. These attestations are offered by Google Play Services and thus are not available on free Android environments, like AOSP. Therefore, developers can require the API to be available and may refuse to execute on AOSP builds. == Google Play Protect == Under the same umbrella, Play Protect is a mechanism to find and remove "vulnerable" apps from one's Android device as well as store apps. Although it's meant to scan for malware-containing apps, it also looks for non-DRM compliant apps. == Criticism == Multiple groups have criticised SafetyNet and the Play Integrity API. Criticisms include that it offers weaker protection compared to alternatives such as Android's hardware attestation API, which provides a stronger form of verification while having the ability to remain compatible with more secure Android operating systems like GrapheneOS. Critics argued it undermines competition by effectively requiring developers to rely on Google's proprietary services, strengthening its monopoly over the Android ecosystem and disadvantaging alternative, privacy-focused operating systems. Users have also developed tools, such as the Play Integrity Fix module for Magisk/KernelSU/APatch, which tricks the attestation using leaked fingerprints of vulnerable devices. Furthermore, some have questioned the effectiveness of the attestation, claiming it does not deliver the level of security promised by Google and instead serves more as a form of vendor lock-in than a meaningful security measure. Activists have also raised concerns that it may violate antitrust and competition laws, like the Digital Markets Act.
Radek Maneuver
The Radek Maneuver is a scale-up-then-scale-down tactic used in the administration of web services, specifically those deployed under a cloud computing paradigm (by a provider e.g. Amazon Elastic Compute Cloud or Microsoft Azure). == History == Developed by Olivier "Radek" Dabrowski in the mid-2010s, the Radek Maneuver was originally conceived of in using and maintaining applications running on a PaaS system. == Execution == The Radek Maneuver consists of a series of steps, usually executed via the PaaS or web portal interface. The tactic should be used when a service is misbehaving or otherwise experiencing errors, and the suspected cause is the underlying cloud layer, rather than the application layer. This includes networking issues and other "bad box" problems. The steps are as follows: Identify the application or service which is misbehaving. Increase the compute resource (number of CPU cores, amount of ram) for the instance on which the application is running. This is also known as scaling up. Wait for the application to re-deploy and stabilize. Scale back down to the original instance size. == Principle of action == This scale-up-scale-down method is understood to shift the application to a different physical machine underlying the PaaS service or application virtual machine. While this layer of the cloud computing stack is generally out of the access of an application developer (instead in the hands of the cloud provider), the maneuver allows troubleshooting and dodging errors in that layer.
Sarpa (snakebite app)
Sarpa or SARPA (Snake Awareness, Rescue and Protection app) is a snakebite app, an application for mobile devices developed in India to provide rapid, life-saving help for victims of snakebite, which kill an estimated 58,000 people a year in India. The app provides information about snakes, gets fast aid for people bitten, and helps in the development of antivenoms. Similar systems developed in India include SnakeHub, Snake Lens, Snakepedia, Serpent and the Big Four Mapping Project. The apps provide rapid response to snakebite incidents, often in remote areas, using a network of volunteers managed by local wildlife departments; their use can save human lives by providing rapid medical care, and also snakes, by helping to avoid interaction between the species. In 2026, it was announced that the app had plans to offer real-time contact from doctors directly from the app to provide users with decision-making advice.