Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology. The technology protects data in use by performing computations in a hardware-based trusted execution environment (TEE). Confidential data is released to the TEE only once it is assessed to be trustworthy. Different types of confidential computing define the level of data isolation used, whether virtual machine, application, or function, and the technology can be deployed in on-premise data centers, edge locations, or the public cloud. It is often compared with other privacy-enhancing computational techniques such as fully homomorphic encryption, secure multi-party computation, and Trusted Computing. Confidential computing is promoted by the Confidential Computing Consortium (CCC) industry group, whose membership includes major providers of the technology. == Properties == Trusted execution environments (TEEs) "prevent unauthorized access or modification of applications and data while they are in use, thereby increasing the security level of organizations that manage sensitive and regulated data". Trusted execution environments can be instantiated on a computer's processing components such as a central processing unit (CPU) or a graphics processing unit (GPU). In their various implementations, TEEs can provide different levels of isolation including virtual machine, individual application, or compute functions. Typically, data in use in a computer's compute components and memory exists in a decrypted state and can be vulnerable to examination or tampering by unauthorized software or administrators. According to the CCC, confidential computing protects data in use through a minimum of three properties: Data confidentiality: "Unauthorized entities cannot view data while it is in use within the TEE". Data integrity: "Unauthorized entities cannot add, remove, or alter data while it is in use within the TEE". Code integrity: "Unauthorized entities cannot add, remove, or alter code executing in the TEE". In addition to trusted execution environments, remote cryptographic attestation is an essential part of confidential computing. The attestation process assesses the trustworthiness of a system and helps ensure that confidential data is released to a TEE only after it presents verifiable evidence that it is genuine and operating with an acceptable security posture. It allows the verifying party to assess the trustworthiness of a confidential computing environment through an "authentic, accurate, and timely report about the software and data state" of that environment. "Hardware-based attestation schemes rely on a trusted hardware component and associated firmware to execute attestation routines in a secure environment". Without attestation, a compromised system could deceive others into trusting it, claim it is running certain software in a TEE, and potentially compromise the confidentiality or integrity of the data being processed or the integrity of the trusted code. == Technical approaches == Technical approaches to confidential computing may vary in which software, infrastructure and administrator elements are allowed to access confidential data. The "trust boundary," which circumscribes a trusted computing base (TCB), defines which elements have the potential to access confidential data, whether they are acting benignly or maliciously. Confidential computing implementations enforce the defined trust boundary at a specific level of data isolation. The three main types of confidential computing are: Virtual machine isolation Application isolation, also known as process isolation Function isolation, also known as library isolation Virtual machine isolation removes the elements controlled by the computer infrastructure or cloud provider, but allows potential data access by elements inside a virtual machine running on the infrastructure. Application or process isolation permits data access only by authorized software applications or processes. Function or library isolation is designed to permit data access only by authorized subroutines or modules within a larger application, blocking access by any other system element, including unauthorized code in the larger application. == Threat model == As confidential computing is concerned with the protection of data in use, only certain threat models can be addressed by this technique. Other types of attacks are better addressed by other privacy-enhancing technologies. === In scope === The following threat vectors are generally considered in scope for confidential computing: Software attacks: including attacks on the host’s software and firmware. This may include the operating system, hypervisor, BIOS, other software and workloads. Protocol attacks: including "attacks on protocols associated with attestation as well as workload and data transport". This includes vulnerabilities in the "provisioning or placement of the workload" or data that could cause a compromise. Cryptographic attacks: including "vulnerabilities found in ciphers and algorithms due to a number of factors, including mathematical breakthroughs, availability of computing power and new computing approaches such as quantum computing". The CCC notes several caveats in this threat vector, including relative difficulty of upgrading cryptographic algorithms in hardware and recommendations that software and firmware be kept up-to-date. A multi-faceted, defense-in-depth strategy is recommended as a best practice. Basic physical attacks: including cold boot attacks, bus and cache snooping and plugging attack devices into an existing port, such as a PCI Express slot or USB port. Basic upstream supply-chain attacks: including attacks that would compromise TEEs through changes such as added debugging ports. The degree and mechanism of protection against these threats varies with specific confidential computing implementations. === Out of scope === Threats generally defined as out of scope for confidential computing include: Sophisticated physical attacks: including physical attacks that "require long-term and/or invasive access to hardware" such as chip scraping techniques and electron microscope probes. Upstream hardware supply-chain attacks: including attacks on the CPU manufacturing process, CPU supply chain in key injection/generation during manufacture. Attacks on components of a host system that are not directly providing the capabilities of the trusted execution environment are also generally out-of-scope. Availability attacks: confidential computing is designed to protect the confidentiality and integrity of protected data and code. It does not address availability attacks such as Denial of Service or Distributed Denial of Service attacks. == Use cases == Confidential computing can be deployed in the public cloud, on-premise data centers, or distributed "edge" locations, including network nodes, branch offices, industrial systems and others. === Data privacy and security === Confidential computing protects the confidentiality and integrity of data and code from the infrastructure provider, unauthorized or malicious software and system administrators, and other cloud tenants, which may be a concern for organizations seeking control over sensitive or regulated data. The additional security capabilities offered by confidential computing can help accelerate the transition of more sensitive workloads to the cloud or edge locations. === Multi-party analytics === Confidential computing can enable multiple parties to engage in joint analysis using confidential or regulated data inside a TEE while preserving privacy and regulatory compliance. In this case, all parties benefit from the shared analysis, but no party's sensitive data or confidential code is exposed to the other parties or system host. Examples include multiple healthcare organizations contributing data to medical research, or multiple banks collaborating to identify financial fraud or money laundering. Oxford University researchers proposed the alternative paradigm called "Confidential Remote Computing" (CRC), which supports confidential operations in Trusted Execution Environments across endpoint computers considering multiple stakeholders as mutually distrustful data, algorithm and hardware providers. === Confidential generative AI === Confidential computing technologies can be applied to various stages of a generative AI deployments to help increase data or model privacy, security, and regulatory compliance. TEEs and remote attestation can protect the integrity of data during AI model training, keep
Textual case-based reasoning
Textual case-based reasoning (TCBR) is a subtopic of case-based reasoning, in short CBR, a popular area in artificial intelligence. CBR suggests the ways to use past experiences to solve future similar problems, requiring that past experiences be structured in a form similar to attribute-value pairs. This leads to the investigation of textual descriptions for knowledge exploration whose output will be, in turn, used to solve similar problems. == Subareas == Textual case-base reasoning research has focused on: measuring similarity between textual cases mapping texts into structured case representations adapting textual cases for reuse automatically generating representations.
Robert Abel and Associates
Robert Abel and Associates (RA&A) was an American pioneering animation production company specializing in television commercials made with computer graphics. Founded by Robert Abel and Con Pederson in 1971, RA&A was especially known for their art direction and won many Clio Awards. Abel and his team created some of the most advanced and impressive computer-animated works of their time, including full ray-traced renders and fluid character animation at a time when such things were largely unknown. A variety of high-profile television advertisements, graphics sequences for motion pictures (including The Andromeda Strain and Tron), and work on laserdisc video games such as Cube Quest, put Abel and his team on the map in the early 1980s. The company was also originally commissioned to create the visual effects for Star Trek: The Motion Picture, but were subsequently taken off the project for mishandling funds. The company was also notable on its work for The Jacksons' 1981 music video "Can You Feel It." RA&A was on the southwest corner of Highland Avenue and Romaine in the heart of Hollywood, California. RA&A closed in 1987 following an ill-fated merger with now-defunct Omnibus Computer Graphics, Inc., a company which had been based in Toronto. Many people who worked at RA&A went on to other ground-breaking projects, including the founding of Wavefront Technologies, Rhythm & Hues and other studios. Many RA&A people went on to win Academy Awards.
Feature detection (web development)
Feature detection (also feature testing) is a technique used in web development for handling differences between runtime environments (typically web browsers or user agents), by programmatically testing for clues that the environment may or may not offer certain functionality. This information is then used to make the application adapt in some way to suit the environment: to make use of certain APIs, or tailor for a better user experience. Its proponents claim it is more reliable and future-proof than other techniques like user agent sniffing and browser-specific CSS hacks. == Techniques == A feature test can take many forms. It is essentially any snippet of code which gives some level of confidence that a required feature is indeed supported. However, in contrast to other techniques, feature detection usually focuses on performing actions which directly relate to the feature to be detected, rather than heuristics. === JavaScript === JavaScript feature detection can inspect the DOM and the local JavaScript environment to test whether browser features or APIs are supported. The simplest technique is to check for the existence of a relevant object or property. For example, the Geolocation API (used for accessing the device's knowledge of its geographical location, possibly obtained from a GPS navigation device) exposes a geolocation property on the navigator object in the DOM; the presence of which implies the Geolocation API is supported: if ('geolocation' in navigator) { // Geolocation API is supported } For a higher level of confidence, some feature tests will attempt to invoke the feature then look for clues that it behaved properly. For example, a test for support for cookies might attempt to set a value as a cookie and then verify it can be read back. === CSS === In CSS, the at-rule @supports introduced in 2015 allows to test if a given feature is supported. For instance the following code activates the declarations only if the user agent supports display: flex: == Undetectables == Some browser features are considered undetectable, because no clues are known to give sufficient confidence that a feature is supported. These are often because of limited information available to the JavaScript environment in the browser; generally features must be exposed via the DOM in some way in order to be detectable using JavaScript. When undetectables are encountered, it is common to turn to user agent sniffing as an alternative mechanism, or to employ defensive coding to minimise the impact if the feature turns out not to be supported. The Modernizr project maintains a record of known undetectables on their wiki.
Common-mode signal
In electrical engineering, a common-mode signal is the identical component of voltage present at both input terminals of an electrical device. In telecommunication, the common-mode signal on a transmission line is also known as longitudinal voltage. Common-mode interference (CMI) is a type of common-mode signal. Common-mode interference is interference that appears on both signal leads, or coherent interference that affects two or more elements of a network. In most electrical circuits, desired signals are transferred by a differential voltage between two conductors. If the voltages on these conductors are U1 and U2, the common-mode signal is the average of the voltages: U cm = U 1 + U 2 2 {\displaystyle U_{\text{cm}}={\frac {U_{1}+U_{2}}{2}}} When referenced to the local common or ground, a common-mode signal appears on both lines of a two-wire cable, in phase and with equal amplitudes. Technically, a common-mode voltage is one-half the vector sum of the voltages from each conductor of a balanced circuit to local ground or common. Such signals can arise from one or more of the following sources: Radiated signals coupled equally to both lines, An offset from signal common created in the driver circuit, or A ground differential between the transmitting and receiving locations. Noise induced into a cable, or transmitted from a cable, usually occurs in the common mode, as the same signal tends to be picked up by both conductors in a two-wire cable. Likewise, RF noise transmitted from a cable tends to emanate from both conductors. Elimination of common-mode signals on cables entering or leaving electronic equipment is important to ensure electromagnetic compatibility. Unless the intention is to transmit or receive radio signals, an electronic designer generally designs electronic circuits to minimise or eliminate common-mode effects. == Methods of eliminating common-mode signals == Differential amplifiers or receivers that respond only to voltage differences, e.g. those between the wires that constitute a pair. This method is particularly suited for instrumentation where signals are transmitted through DC bias. For sensors with very high output impedance that require very high common-mode rejection ratio, a differential amplifier is combined with input buffers to form an instrumentation amplifier. An inductor where a pair of signaling wires follow the same path through the inductor, e.g. in a bifilar winding configuration such as used in Ethernet magnetics. Useful for AC and DC signals, but will filter only higher frequency common-mode signals. A transformer, which is useful for AC signals only, and will filter any form of common-mode noise, but may be used in combination with a bifilar wound coil to eliminate capacitive coupling of higher frequency common-mode signals across the transformer. Used in twisted pair Ethernet. Common-mode filtering may also be used to prevent egress of noise for electromagnetic compatibility purposes: High frequency common-mode signals (e.g., RF noise from a computing circuit) may be blocked using a ferrite bead clamped to the outside of a cable. These are often observable on laptop computer power supplies near the jack socket, and good quality mouse or printer USB cables and HDMI cables. Switch mode power supplies include common and differential mode filtering inductors to block the switching signal noise returning into mains wiring. Common-mode rejection ratio is a measure of how well a circuit eliminates common-mode interference.
Misskey
Misskey (Japanese: ミスキー, romanized: Misukī) is an open source, federated, social networking service created in 2014 by Japanese software engineer Eiji "syuilo" Shinoda. Misskey uses the ActivityPub protocol for federation, allowing users to interact between independent Misskey instances, and other ActivityPub compatible platforms. Misskey is generally considered to be part of the Fediverse. Despite being a decentralized service, Misskey is not philosophically opposed to centralization. The name Misskey comes from the lyrics of Brain Diver, a song by the Japanese singer May'n. == History == Misskey was initially developed as a BBS-style internet forum by high school student Eiji Shinoda in 2014. After introducing a timeline feature, Misskey gained popularity as the microblogging platform it is today. In 2018, Misskey added support for ActivityPub, becoming a federated social media platform. The flagship Misskey server, Misskey.io, was started on April 15, 2019. Misskey, alongside Mastodon and Bluesky, has received attention as a potential replacement for Twitter following Twitter's acquisition by Elon Musk in 2022. On April 8, 2023, Misskey.io incorporated as MisskeyHQ K.K. As of February 2024, over 450,000 users were registered, making it the largest instance of Misskey. Misskey.io is crowdfunded. The administrator of Misskey.io is Japanese system administrator Yoshiki Eto, who operates under the alias Murakami-san. Eiji Shinoda serves as director. In July 2023, Twitter introduced extreme restrictions on their API in order to combat scraping from bots. Some users were critical of the changes, and as a result migrated to other social networks. The number of users registering on Misskey.io, Misskey's official instance and the largest one, increased rapidly, with other Misskey instances also receiving a spike in signups. In response to this trend, Skeb, a platform for sharing art, announced on July 14, 2023 that it would sponsor the Misskey development team. In early 2024, Misskey was targeted by a spam attack from Japan. The cause of the attack is believed to be a dispute between rival groups on a Japanese hacker forum and a DDoS attack on a Discord bot. Mastodon instances with open registration were used in the attack. In November 2025, Eto announced intentions to replace ActivityPub with Misskey's own low-overhead federation system in "a few years". Shinoda later said that this was "fake news". == Development == Misskey is open source software and is licensed under the AGPLv3. The Misskey API is publicly available and is documented using the OpenAPI Specification, which allows users to build automated accounts and use it on any Misskey instance. The service is translated using Crowdin. Misskey is developed using Node.js. TypeScript is used on both the frontend and backend. PostgreSQL is used as its database. Vue.js is used for the frontend. == Functionality == Posts on Misskey are called "notes". Notes are limited to a maximum of 3,000 characters (a limit which can be customized by instances), and can be accompanied by any file, including polls, images, videos, and audio. Notes can be reposted, either by themselves or with another "quote" note. Misskey comes with multiple timelines to sort through the notes that an instance has available, and are displayed in reverse chronological order. The Home timeline shows notes from users that you follow, the Local timeline shows all notes from the instance in use, the Social timeline shows both the Home and Local timeline, and the Global timeline shows every public note that the instance knows about. Notes have customizable privacy settings to control what users can see a note, similar to Mastodon's post visibility ranges. Public notes show up on all timelines, while Home notes only show on a user's Home timeline. Notes can also be set to be available only for followers. Direct messages using notes can be sent to users.
Facebook Platform
The Facebook Platform is the set of services, tools, and products provided by the social networking service Facebook for third-party developers to create their own applications and services that access data in Facebook. The current Facebook Platform was launched in 2010. The platform offers a set of programming interfaces and tools which enable developers to integrate with the open "social graph" of personal relations and other things like songs, places, and Facebook pages. Applications on facebook.com, external websites, and devices are all allowed to access the graph. == History == Facebook launched the Facebook Platform on May 24, 2007, providing a framework for software developers to create applications that interact with core Facebook features. A markup language called Facebook Markup Language was introduced simultaneously; it is used to customize the "look and feel" of applications that developers create. Prior to the Facebook platform, Facebook had built many applications themselves within the Facebook website, including Gifts, allowing users to send virtual gifts to each other, Marketplace, allowing users to post free classified ads, Facebook events, giving users a method of informing their friends about upcoming events, Video, letting users share homemade videos with one another, and social network game, where users can use their connections to friends to help them advance in games they are playing. The Facebook Platform made it possible for outside partners to build similar applications. Many of the popular early social network games would combine capabilities. For instance, one of the early games to reach the top application spot, (Lil) Green Patch, combined virtual Gifts with Event notifications to friends and contributions to charities through Causes. Third-party companies provide application metrics, and several blogs arose in response to the clamor for Facebook applications. On July 4, 2007, Altura Ventures announced the "Altura 1 Facebook Investment Fund," becoming the world's first Facebook-only venture capital firm. On August 29, 2007, Facebook changed the way in which the popularity of applications is measured, to give attention to the more engaging applications, following criticism that ranking applications only by the number of people who had installed the application was giving an advantage to the highly viral, yet useless applications. Tech blog Valleywag has criticized Facebook Applications, labeling them a "cornucopia of uselessness." Others have called for limiting third-party applications so the Facebook user experience is not degraded. Applications that have been created on the Platform include chess, which both allow users to play games with their friends. In such games, a user's moves are saved on the website, allowing the next move to be made at any time rather than immediately after the previous move. By November 3, 2007, seven thousand applications had been developed on the Facebook Platform, with another hundred created every day. By the second annual f8 developers conference on July 23, 2008, the number of applications had grown to 33,000, and the number of registered developers had exceeded 400,000. Within a few months of launching the Facebook Platform, issues arose regarding "application spam", which involves Facebook applications "spamming" users to request it be installed. Facebook integration was announced for the Xbox 360 and Nintendo DSi on June 1, 2009 at E3. On November 18, 2009, Sony announced an integration with Facebook to deliver the first phase of a variety of new features to further connect and enhance the online social experiences of PlayStation 3. On February 2, 2010, Facebook announced the release of HipHop for PHP as an opensource project. Mark Zuckerberg said that his team from Facebook is developing a Facebook search engine. “Facebook is pretty well placed to respond to people’s questions. At some point, we will. We have a team that is working on it", said Mark Zuckerberg. For him, the traditional search engines return too many results that do not necessarily respond to questions. “The search engines really need to evolve a set of answers: 'I have a specific question, answer this question for me.'" On June 10, 2014, Facebook announced Haxl, a Haskell library that simplified the access to remote data, such as databases or web-based services. === Partnerships with device manufacturers === Starting in 2007, Facebook formed data sharing partnerships with at least 60 handset manufacturers, including Apple, Amazon, BlackBerry, Microsoft and Samsung. Those manufacturers were provided with Facebook user data without the users' consent. Most of the partnerships remained in place as of 2018, when the partnerships were first publicly reported. == High-level Platform components == === Graph API === The Graph API is the core of Facebook Platform, enabling developers to read from and write data into Facebook. The Graph API presents a simple, consistent view of the Facebook social graph, uniformly representing objects in the graph (e.g., people, photos, events, and pages) and the connections between them (e.g., friend relationships, shared content, and photo tags). On April 30, 2015, Facebook shut down friends' data API prior to the v2.0 release. === Authentication === Facebook authentication enables developers’ applications to interact with the Graph API on behalf of Facebook users, and it provides a single-sign on mechanism across web, mobile, and desktop apps. ==== Facebook Connect ==== Facebook Connect, also called Log in with Facebook, like OpenID, is a set of authentication APIs from Facebook that developers can use to help their users connect and share with such users' Facebook friends (on and off Facebook) and increase engagement for their website or application. When so used, Facebook members can log on to third-party websites, applications, mobile devices and gaming systems with their Facebook identity and, while logged in, can connect with friends via these media and post information and updates to their Facebook profile. Originally unveiled during Facebook's developer conference, F8, in July 2008, Log in with Facebook became generally available in December 2008. According to an article from The New York Times, "Some say the services are representative of surprising new thinking in Silicon Valley. Instead of trying to hoard information about their users, the Internet companies (including Facebook, Google, MySpace and Twitter) all share at least some of that data so people do not have to enter the same identifying information again and again on different sites." Log in with Facebook cannot be used by users in locations that cannot access Facebook, even if the third-party site is otherwise accessible from that location. According to Facebook, users who logged into The Huffington Post with Facebook spent more time on the site than the average user. === Social plugins === Social plugins – including the Like Button, Recommendations, and Activity Feed – enable developers to provide social experiences to their users with just a few lines of HTML. All social plugins are extensions of Facebook and are designed so that no user data is shared with the sites on which they appear. On the other hand, the social plugins let Facebook track its users’ browsing habits through any sites that feature the plugins. === Open Graph protocol === The Open Graph protocol enables developers to integrate their pages into Facebook's global mapping/tracking tool Social Graph. These pages gain the functionality of other graph objects including profile links and stream updates for connected users. OpenGraph tags in HTML5 might look like this: === iframes === Facebook uses iframes to allow third-party developers to create applications that are hosted separately from Facebook, but operate within a Facebook session and are accessed through a user's profile. Since iframes essentially nest independent websites within a Facebook session, their content is distinct from Facebook formatting. Facebook originally used 'Facebook Markup Language (FBML)' to allow Facebook Application developers to customize the "look and feel" of their applications, to a limited extent. FBML is a specification of how to encode content so that Facebook's servers can read and publish it, which is needed in the Facebook-specific feed so that Facebook's system can properly parse content and publish it as specified. FBML set by any application is cached by Facebook until a subsequent API call replaces it. Facebook also offers a specialized Facebook JavaScript (FBJS) library. Facebook stopped accepting new FBML applications on March 18, 2011, but continued to support existing FBML tabs and applications. Since January 1, 2012 FBML was no longer supported, and FBML no longer functioned as of June 1, 2012. === Microformats === In February 2011, Facebook began to use the hCalendar microformat to mark up events, and the hCard for the events' venues,