Lorien Pratt is an American computer scientist known for contributions to transfer learning and for her work in promoting and developing the concept of decision intelligence. She is chief scientist and founder of Quantellia. Since 1988, she has conducted research on the use of machine learning as an academic, professor, industry analyst, and practicing data scientist. Pratt received her AB degree in computer science from Dartmouth College and her master's and doctorate degrees in computer science from Rutgers University. == Learning to Learn == She is best known for her book "Learning to Learn," co-edited with Sebastian Thrun, which provided an overview on how to use machine learning to better understand bias and generalization of discrete subjects. This approach, still largely theoretical when the book was published in 1998, is also called metalearning and is now a foundational underpinning of machine learning algorithms such as GPT-3 and DALL-E. == Research == === Transfer learning === Pratt's research includes early work in transfer learning where she developed the discriminability-based transfer (DBT) algorithm in 1993 during her tenure as a professor of computer science at Colorado School of Mines. This paper is considered one of the earliest academic works referring to the use of transfer in machine learning and has been cited over 400 times as foundational research for deep neural networks. === Decision intelligence === Since then, Pratt's research has continued to explore the relationships between machine learning and human cognition with the concept of decision intelligence, an emerging field of machine learning guided analytics designed to support human decision. Pratt introduced this concept in 2008, and this term has since been used by a number of vendors providing machine learning-guided analytics including Diwo, Peak AI, Sisu, and Tellius as the technologies used to support machine learning at scale have become easier to deploy, manage, and embed into software platforms. Pratt's work is cited as a core starting point for defining modern aspects of decision intelligence. Pratt's work at Quantellia since 2020 has focused on the use of decision intelligence to improve COVID-19-based outcomes.
LIVAC Synchronous Corpus
LIVAC is an uncommon language corpus dynamically maintained since 1995. Different from other existing corpora, LIVAC has adopted a rigorous and regular "Windows" approach in processing and filtering massive media texts from representative Chinese speech communities such as Beijing, Hong Kong, Macau, Taipei, Singapore, Shanghai, as well as Guangzhou, and Shenzhen. The contents are thus deliberately repetitive in most cases, represented by textual samples drawn from editorials, local and international news, cross-Taiwan Strait news, as well as news on finance, sports and entertainment. By 2023, more than 3 billion characters of news media texts have been filtered, of which 700 million characters have been processed and analyzed and have yielded an expanding Pan-Chinese dictionary of 2.5 million words from the Pan-Chinese printed media. Through rigorous analysis based on computational linguistic methodology, LIVAC has at the same time accumulated a large amount of accurate and meaningful statistical data on the Chinese language and on their diverse speech communities in the Pan-Chinese context, and the results show considerable and important long standing as well as evolving variations. The "Windows" approach is the most innovative feature of LIVAC and has enabled Pan-Chinese media texts to be quantitatively analyzed according to various attributes such as locations, time and subject domains. Thus, various types of comparative studies and applications in information technology as well as development of often related innovative applications have been possible. Moreover, LIVAC has allowed longitudinal developments to be taken into account, facilitating Key Word in Context (KWIC) search and comprehensive study of target words and their underlying concepts as well as linguistic structures over the past 25 years, based on the above mentioned variables of location, time and subject. Results from the extensive and accumulative data analysis contained in LIVAC have enabled the cultivation of textual databases of proper names, place names, organization names, new words, and bi-weekly and annual rosters of media figures. Related applications have included the establishment of verb and adjective databases, the formulation of sentiment indices, and related opinion mining, to measure and compare the popularity of global media figures in the Chinese media (LIVAC Annual Pan-Chinese Celebrity Rosters, later renamed as the Pan-Chinese Newsmaker Rosters). Notable among these are the decades long periodic reviews of the 25 years of annual pan-Chinese rosters since 2000 and compilation of new word databases (LIVAC Annual Pan-Chinese New Word Rosters). On this basis, the analysis of the emergence, diffusion and transformation of new words, and the publication of dictionaries of neologisms have been made possible. A recent focus is on the relative balance between disyllabic words and growing trisyllabic words in the Chinese language, and the comparative study of light verbs in three Chinese speech communities. as well as the link between the language use and use of language as a reflection of epochal change in China. A new LIVAC version 3.1 was launched in February 2024. == Corpus data processing == Accessing media texts, manual input, etc. Text unification including conversion from simplified to traditional Chinese characters, stored as Big5 and Unicode versions Automatic word segmentation Automatic alignment of parallel texts Manual verification, part-of-speech tagging Extraction of words and addition to regional sub-corpora Combination of regional sub-corpora to update the LIVAC corpus, and master lexical database == Labeling for data curation == Categories used include general terms and proper names, such as: general names, surnames, semi titles; geographical, organizations and commercial entities, etc.; time, prepositions, locations, etc.; stack-words; loanwords; case-word; numerals, etc. Construction of databases of proper names, place names, and specific terms, etc. Generate rosters: "new word rosters", "celebrity or media personality rosters", "place name rosters", compound words and matched words Other parts of speech tagging for sub-database, such as common nouns, numerals, numeral classifiers, different types of verbs, and of adjectives, pronouns, adverbs, prepositions, conjunctions, particles marking mood, onomatopoeia, interjection, etc. == Applications == Compilation of Pan-Chinese dictionaries or local dictionaries Information technology research, such as predictive Chinese text input for mobile phones, automatic speech to text conversion, opinion mining Comparative studies on linguistic and cultural developments in the Pan-Chinese regions, especially in a critical period of history in modern China. Language teaching and learning research, and speech-to-text conversion Customized service on linguistic research and lexical search for international corporations and government agencies The above applications are provided by the following functions: Word Segmentation Search Phrase Search Example Sentence Selection Multi-word Comparison Word Cloud
Secure coding
Secure coding is the practice of developing computer software in such a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment. Some scholars have suggested that in order to effectively confront threats related to cybersecurity, proper security should be coded or "baked in" to the systems. With security being designed into the software, this ensures that there will be protection against insider attacks and reduces the threat to application security. Implementing secure coding practices is part of the secure by design approach to security engineering. == Buffer-overflow prevention == Buffer overflows, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overflowed data may overwrite data in the next location which can result in a security vulnerability (stack smashing) or program termination (segmentation fault). An example of a C program prone to a buffer overflow is If the user input is larger than the destination buffer, a buffer overflow will occur. To fix this unsafe program, use strncpy to prevent a possible buffer overflow. Another secure alternative is to dynamically allocate memory on the heap using malloc. In the above code snippet, the program attempts to copy the contents of src into dst, while also checking the return value of malloc() to ensure that enough memory was able to be allocated for the destination buffer. == Format-string attack prevention == A Format String Attack is when a malicious user supplies specific inputs that will eventually be entered as an argument to a function that performs formatting, such as printf(). The attack involves the adversary reading from or writing to the stack. The C printf function writes output to stdout. If the parameter of the printf function is not properly formatted, several security bugs can be introduced. Below is a program that is vulnerable to a format string attack. A malicious argument passed to the program could be "%s%s%s%s%s%s%s", which can crash the program from improper memory reads. == Integer-overflow prevention == Integer overflow occurs when an arithmetic operation results in an integer too large to be represented within the available space. A program which does not properly check for integer overflow introduces potential software bugs and exploits. Below is a function in C++ which attempts to confirm that the sum of x and y is less than or equal to a defined value MAX: The problem with the code is it does not check for integer overflow on the addition operation. If the sum of x and y is greater than the maximum possible value of an unsigned int, the addition operation will overflow and perhaps result in a value less than or equal to MAX, even though the sum of x and y is greater than MAX. Below is a function which checks for overflow by confirming the sum is greater than or equal to both x and y. If the sum did overflow, the sum would be less than x or less than y. == Path traversal prevention == Path traversal is a vulnerability whereby paths provided from an untrusted source are interpreted in such a way that unauthorised file access is possible. For example, consider a script that fetches an article by taking a filename, which is then read by the script and parsed. Such a script might use the following hypothetical URL to retrieve an article about dog food: https://www.example.net/cgi-bin/article.sh?name=dogfood.html If the script has no input checking, instead trusting that the filename is always valid, a malicious user could forge a URL to retrieve configuration files from the web server: https://www.example.net/cgi-bin/article.sh?name=../../../../../etc/passwd Depending on the script, this may expose the /etc/passwd file, which on Unix-like systems contains (among others) user IDs, their login names, home directory paths and shells. (See SQL injection for a similar attack.) == Regulatory drivers == Secure coding practices are increasingly mandated by regulatory frameworks governing the development and maintenance of software systems that process sensitive data. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires covered entities to protect the integrity of protected health information through technical safeguards under 45 CFR 164.312(c)(1) and to implement mechanisms to authenticate electronic protected health information under 45 CFR 164.312(c)(2). The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 Requirement 6.2 mandates that custom software is developed securely, including training developers in secure coding techniques (6.2.2), reviewing custom code for vulnerabilities before release (6.2.3), and addressing common software attacks in development practices (6.2.4).
Computer security
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide. The growing significance of computer security reflects the increasing dependence on computer systems, the Internet, and evolving wireless network standards. This reliance has expanded with the proliferation of smart devices, including smartphones, televisions, and other components of the Internet of things (IoT). As digital infrastructure becomes more embedded in everyday life, cybersecurity has emerged as a critical concern. The complexity of modern information systems—and the societal functions they underpin—has introduced new vulnerabilities. Systems that manage essential services, such as power grids, electoral processes, and finance, are particularly sensitive to security breaches. Although many aspects of computer security involve digital security, such as electronic passwords and encryption, physical security measures, such as metal locks, are still used to prevent unauthorized tampering. IT security is not a perfect subset of information security and therefore does not completely align with the security convergence schema. == Vulnerabilities and attacks == A vulnerability refers to a flaw in the structure, execution, functioning, or internal oversight of a computer or system that compromises its security. Most of the vulnerabilities that have been discovered are documented in the Common Vulnerabilities and Exposures (CVE) database. An exploitable vulnerability is one for which at least one working exploit exists. Actors maliciously seeking vulnerabilities are known as threats. Vulnerabilities can be researched, reverse-engineered, hunted, or exploited using automated tools or customized scripts. Various people or parties are vulnerable to cyberattacks; however, different groups are likely to experience different types of attacks more than others. In April 2023, the United Kingdom Department for Science, Innovation & Technology released a report on cyberattacks over the previous 12 months. They surveyed 2,263 UK businesses, 1,174 UK registered charities, and 554 education institutions. The research found that "32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months." These figures were much higher for "medium businesses (59%), large businesses (69%), and high-income charities with £500,000 or more in annual income (56%)." Yet, although medium or large businesses are more often the victims, since larger companies have generally improved their security over the last decade, small and midsize businesses (SMBs) have also become increasingly vulnerable as they often "do not have advanced tools to defend the business." SMBs are most likely to be affected by malware, ransomware, phishing, man-in-the-middle attacks, and Denial-of Service (DoS) Attacks. Normal internet users are most likely to be affected by untargeted cyberattacks. These are where attackers indiscriminately target as many devices, services, or users as possible. They do this using techniques that take advantage of the openness of the Internet. These strategies mostly include phishing, ransomware, water holing and scanning. To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the following categories: === Backdoor === A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. These weaknesses may exist for many reasons, including original design or poor configuration. Due to the nature of backdoors, they are of greater concern to companies and databases as opposed to individuals. Backdoors may be added by an authorized party to allow some legitimate access or by an attacker for malicious reasons. Criminals often use malware to install backdoors, giving them remote administrative access to a system. Once they have access, cybercriminals can "modify files, steal personal information, install unwanted software, and even take control of the entire computer." Backdoors can be difficult to detect, as they often remain hidden within source code or system firmware and may require intimate knowledge of the operating system to identify. === Denial-of-service attack === Denial-of-service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering an incorrect password enough consecutive times to cause the victim's account to be locked, or they may overload the capabilities of a machine or network and block all users at once. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of distributed denial-of-service (DDoS) attacks are possible, where the attack comes from a large number of points. In this case, defending against these attacks is much more difficult. Such attacks can originate from the zombie computers of a botnet or from a range of other possible techniques, including distributed reflective denial-of-service (DRDoS), where innocent systems are fooled into sending traffic to the victim. With such attacks, the amplification factor makes the attack easier for the attacker because they have to use little bandwidth themselves. To understand why attackers may carry out these attacks, see the 'attacker motivation' section. === Physical access attacks === A direct-access attack is when an unauthorized user (an attacker) gains physical access to a computer, typically to copy data from it or steal information. Attackers may also compromise security by making operating system modifications, installing software worms, keyloggers, covert listening devices or using wireless microphones. Even when the system is protected by standard security measures, these may be bypassed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and the Trusted Platform Module standard are designed to prevent these attacks. Direct service attackers are related in concept to direct memory attacks which allow an attacker to gain direct access to a computer's memory. The attacks "take advantage of a feature of modern computers that allows certain devices, such as external hard drives, graphics cards, or network cards, to access the computer's memory directly." === Eavesdropping === Eavesdropping is the act of surreptitiously listening to a private computer conversation (communication), usually between hosts on a network. It typically occurs when a user connects to a network where traffic is not secured or encrypted and sends sensitive business data to a colleague, which, when listened to by an attacker, could be exploited. Data transmitted across an open network can be intercepted by an attacker using various methods. Unlike malware, direct-access attacks, or other forms of cyberattacks, eavesdropping attacks are unlikely to negatively affect the performance of networks or devices, making them difficult to notice. In fact, "the attacker does not need to have any ongoing connection to the software at all. The attacker can insert the software onto a compromised device, perhaps by direct insertion or perhaps by a virus or other malware, and then come back some time later to retrieve any data that is found or trigger the software to send the data at some determined time." Using a virtual private network (VPN), which encrypts data between two points, is one of the most common forms of protection against eavesdropping. Using the best form of encryption possible for wireless networks is best practice, as well as using HTTPS instead of an unencrypted HTTP. Programs such as Carnivore and NarusInSight have been used by the Federal Bureau of Investigation (FBI) and the NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact with the outside world) can be eavesdropped upon by monitoring the faint electromagnetic transmissions generated by the hardware. TEMPEST is a specification by the NSA referring to these attacks. === Malware === Malicious software (malware) is any software code or computer program "intentionally written to harm a computer system or its users." Once present on a computer, it can leak sensitive details such as personal information, business information and passwords, can give control of the system to the attacker, and can corrupt or delete data permanently. ==== Types of malware ==== Viruses are a specific type of malware, and are normally a malicious code that hijac
Language-Theoretic Security
Language-theoretic security, or LangSec, is an approach to software security that focuses on input handling, complexity, and program design as strategies to improve the verifiability of computer programs. It was introduced in 2005 by Robert J. Hansen and Meredith L. Patterson at BlackHat and in 2011 by Len Sassaman and Patterson. It aims to create a formal description of which software is likely to have security vulnerabilities of particular classes, and why. It considers programs to have an inherent parser component, whether or not explicit, composed of that part of the program which operates on external input before that input is fully parsed. A central hypothesis of language-theoretic security is that vulnerabilities in software increase according to the computational power of the notional input-accepting automaton equivalent to this parser, using the definitions of automata theory. The lower bound on this computational power is the input language complexity of the program. The extent to which reducing this complexity is possible is a function of the specification of the communication protocol or file format the program takes as input. == Parsing as a security mechanism == The behaviour of a program is defined with reference to its expected input. Unexpected input being used by a program is a factor in numerous security bugs, including the so-called Android master key vulnerability (CVE-2013-4787), because accepting unexpected input renders the program's specification ambiguous. In that instance, the unexpected ambiguity came in the form of a ZIP file with duplicate filenames. If a program fully parses its input and only acts on input that unambiguously meets the specification, it follows that the program will avoid these types of vulnerabilities. This is an intentional inversion of the Postel principle. Accepting only unambiguous and valid input is a more formal requirement than input validation or sanitization, and narrows the number of possible but unanticipated program states that can be induced in an application via user input. Conversely, failure to do this is associated with security vulnerabilities. Input sanitization in particular is held to be an inadequate approach to avoiding malicious input because it inherently ignores context-sensitive properties of the input; it can therefore result in paradoxical effects, such as sanitization code activating otherwise inert cross-site scripting payloads in browsers. === Parser differentials === If the language of accepted program input is sufficiently simple, it is possible to verify that two implementations parse the same input language consistently. This is advantageous because it shows no parser differential exists between the two implementations. The requisite level of simplicity is theoretically that for which there is a solution to the equivalence problem. If the two parsers involved in CVE-2013-4787 were equivalent - that is, if they rendered the same output state given the same input state - the vulnerability could not have existed. One strategy for doing this is to publish machine-readable specifications of a format or protocol, and then use a parser generator to generate the parser code. An example of a parser generator built for this purpose is DaeDaLus. The combination of Lex with any of GNU Bison, ANTLR, or Yacc also accomplishes this. However, many parser generators allow the mixing of general purpose code with the parsing definitions, which weakens the guarantees provided by parsing. === Analysis of injection attacks === Injection attacks are generally the result of differences between the serializer (or "unparser") and the corresponding parser at a layer boundary in a system; therefore, they are a special case of parser differentials. In a SQL injection attack, for example, an attacker is able to cause the application with which they are interacting to serialize a SQL query that has different semantics than intended. In the simplest case where the payload ends a string and adds new code, the payload has crossed the code-data boundary in SQL. In language-theoretic security, this is treated as a bug in the serializer of the SQL query, which should instead be written in a way that constrains its possible outputs to those within the scope of the intended query. === Parser combinators === If a parser generator is not used, it is still possible to avoid implementation bugs by using parser combinator such as Nom to implement the parser code. This has the drawback of relying on a programmer correctly translating the specification into the language of the parser generator library, though this task is still less error-prone than hand-coding a parser. == Input format complexity == Complexity in computer programs is associated with security vulnerabilities. Within the domain of language-theoretic security, complexity is described with reference to the computational power of the abstract machine necessary to implement the program, or more particularly, to implement the parser for its input language. This complexity describes whether it is possible to show that there is no unintended or undesired functionality in the program which might be exploitable by an attacker. To be bounded in complexity, the program's input must be well-defined both in terms of form and of semantics. === Weird machines === A weird machine is a model of computation in a program that exists in parallel with, but is distinct from, the intended abstract model of computation in that program. Some classes of weird machine arise from the multi-layered nature of computer programs, or the context in which the programs run; others result from the unanticipated functionality a program has due to its complexity or to software bugs. The more complex the computation model of a program, the more likely it is to implement a weird machine. Depending on context, the weird machine may or may not be concretely useful for an attacker. Since the space of weird machines in the context of some program is the universe of all possible states that are not within the program's intended states, many exploited states including remote code execution and injection attacks belong to the domain of weird machines. A reduction in weird machines is therefore a likely correlate with reduced program vulnerability. === SafeDocs project === SafeDocs is a DARPA project undertaken in 2018 to take existing file formats, create safer subsets of them, and develop programming tools to work for the safer formats. The initial test case for this was PDF. The purpose of creating safer subsets in this case is to lower the minimum bound on parser complexity so that it becomes possible to create tools that will generate correct, normative parsers for them. == Relation to programming languages == The analytic framework of language-theoretic security assumes programs to be virtual machines that execute their input. A document that is read by an application is in this sense a form of machine code, in a generalization of the data as code idea, following the automata theory description of parsers. === Type-safe programming languages === Parsing input and serializing output are operations that consume one data type and emit another. A programming language can therefore check that data is correctly parsed and contains the expected structure by checking data types, and correct serializing (or unparsing) can be implemented as operations on the data types that are relevant to the program's output. This approach can be used to show that the recognizer and unparser patterns have been implemented. It is also possible to implement type checking across a distributed system to enforce parsing and unparsing of the expected structures and to verify that the assumptions made in designing the compositional properties of a distributed system have been followed. === Memory-safe programming languages === In the general case, spatial memory correctness is undecidable. If any proof of spatial memory correctness is to be made, it is therefore necessary to bound the complexity of the code. Interpreted languages such as Java and Python effectively accomplish this via runtime bounds checking, and frameworks for runtime bounds checking also exist for C. The effect of these strategies for spatial memory correctness are to create a halt state in place of a spatial memory correctness violation; therefore, it can be shown that the program will not violate spatial memory correctness, but in exchange, it cannot be shown in the general case that programs will not have runtime bounds checking exceptions. Some programming languages, such as Rust, accomplish this using borrow checking. The borrow checker acts to assure spatial memory correctness by compile-time reference counting. Code for which spatial memory correctness cannot be shown to not be violated therefore does not compile, inherently limiting the complexity of the spatial memory correctness of the program to what is decidable. Thi
Flo (app)
Flo is a period-tracking app that provides menstrual cycle, ovulation and pregnancy tracking as well as perimenopause symptom tracking that was developed by Flo Health, Inc. It has over 380 million downloads worldwide and over 70 million monthly active users as of November 2024. In mid-2024, it reached unicorn status, and became Europe’s first femtech unicorn. The company has been accused of sharing users' sensitive health data with third parties without consent and misleading its users about data practices. == History == Flo Health, Inc. was co-founded in 2015 by Dmitry and Yuri Gurski, in Belarus. Their backgrounds helped build the first version of the software having experience in other fitness and health apps. Dmitry serves as the company's CEO. The company's development hubs are in London, Amsterdam and Vilnius. In 2016, the company raised $1 million in seed round funding from Flint Capital and Haxus Venture Fund. In 2017, Flo received an investment of $5 million from Flint Capital and model Natalia Vodianova with Vodianova helping develop an awareness campaign for the company. In 2018, Flo received an investment of $6 million from Mangrove Capital Partners, with participation from Flint Capital and Haxus, giving the company a valuation of $200 million. In mid-2019, Flo received an additional investment of $7.5 million led by Founders Fund. In 2020, the Federal Trade Commission alleged that Flo had misled users about its handling of health information to third parties including Google, Facebook, AppsFlyer, and Flurry since 2016. These allegations followed a 2019 report by The Wall Street Journal in reference to Facebook. The company reached a settlement in 2021 and was required to notify users of how their personal information was shared and obtain permission before any further information was shared. The agreement also required that Flo to undertake an independent privacy audit which it completed in March 2022. In early September 2021, Flo announced it closed $50M in a Series B financing, bringing the total capital raised to $65 million and company valuation to $800M led by VNV Global and Target Global. In March 2024, the Supreme Court of British Columbia certified a class action suit against Flo for sharing intimate data with Facebook and other third parties without user knowledge. In July 2024, Flo announced it raised more than $200M in Series C financing from General Atlantic bringing its valuation beyond $1 billion. As of November 2024, the app had over 380 million downloads world wide, and over 70 million monthly active users. In 2025, Flo adopted a data intelligence platform from Databricks to power its analytics and AI features, allowing users personalized cycle predictions. In 2025, a class action lawsuit in California was settled for $56 million with Flo paying $8 million and Google paying $48 million. == Features and privacy == Flo was initially created as a period and ovulation tracking application. It now provides reminders of upcoming menstrual cycles and a place to record various other health symptoms such as contraceptive methods, vaginal discharge (leukorrhea), water intake, pains, mood swings, and sexual activity. The application is available on iOS and Android. Flo is free to download and the free basic version gives you access to period and ovulation tracking and predictions, symptom tracking, cycle history, and anonymous mode. In Pregnancy mode, the app provides tracking features and educational material for pregnancy. In October 2023, Flo launched Flo for Partners, a feature that allows users to share their Flo data with their partner. In September 2022, as a response to Roe v. Wade being overturned, Flo sped up the release of a feature called "Anonymous Mode". Flo said this mode allows users to access the app without any personal identifiers such as name, email address, or technical identifiers being associated with their health data. Flo said it uses a technology called Oblivious HTTP to help protect user privacy in Anonymous Mode. == Recognition == Flo was named to Bloomberg’s Top 25 UK Startups to Watch for 2024. Flo's Anonymous Mode feature was recognized on both Fast Company's World Changing Ideas 2023 and TIME's Best Inventions List 2023. Flo is a CES 2019 Innovation Awards Honoree in the Software and Mobile Applications category.
ISO/IEC JTC 1/SC 24
ISO/IEC JTC 1/SC 24 Computer graphics, image processing and environmental data representation is a standardization subcommittee of the joint subcommittee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which develops and facilitates standards within the field of computer graphics, image processing, and environmental data representation. The international secretariat of ISO/IEC JTC 1/SC 24 is the British Standards Institute (BSI) located in the United Kingdom. == History == ISO/IEC JTC 1/SC 24 was formed in 1987 from ISO/TC 97 as a result of Resolution 21 at the ISO/IEC JTC 1 plenary. The group's origins began in computer graphics, the standardization of which was originally under ISO/IEC JTC 1/SC 21/WG 2. However, when ISO/IEC JTC 1/SC 24 was created, the standardization activity of ISO/IEC JTC 1/SC 21/WG 2 was carried over to the new subcommittee. The initial five working groups of ISO/IEC JTC 1/SC 24 were titled, “Architecture,” “Application programming interfaces,” “Metafiles and interfaces,” “Language bindings,” and “Validation, testing and registration.” The work of ISO/IEC JTC 1/SC 24 began with the Graphical Kernel System (GKS), which was adopted from ISO/IEC JTC 1/SC 21/WG 2. However, since GKS only addressed 2D functionality, attention turned to the standardization of 3D functionality. This resulted in two standards being published: GKS-3D in 1988 and PHIGS in 1989, both of which addressed 3D functionality. Since 1991, ISO/IEC JTC 1/SC 24 has held plenaries in a number of countries, including the Netherlands, Germany, United States, France, Canada, Japan, Sweden, Korea, United Kingdom, Australia, and Czech Republic. == Scope == The scope of ISO/IEC JTC 1/SC 24 is the “Standardization of interfaces for information technology based applications relating to”: Computer graphics Image processing Environmental data representation Support for the Mixed and Augmented Reality (MAR) Interaction with, and visual representation of, information Included are the following related areas: Modeling and simulation and related reference models Virtual reality with accompanying augmented reality/augmented virtuality aspects and related reference models Application program interfaces Functional specifications Representation models Interchange formats, encodings and their specifications, including metafiles Device interfaces Testing methods Registration procedures Presentation and support for creation of multimedia, hypermedia, and mixed reality documents Excluded are the following areas: Character and image coding Coding of multimedia, hypermedia, and mixed reality document interchange formats JTC 1 work in user system interfaces and document presentation ISO/TC 207 work on ISO 14000 environment management, ISO/TC 211 work on geographic information and geomatics Software environments as described by ISO/IEC JTC 1/SC 22 == Structure == ISO/IEC JTC 1/SC 24 is made up of four active working groups, each of which carries out specific tasks in standards development within the field of computer graphics, image processing and environmental data representation, together with ITU-T Study Group 16. As a response to changing standardization needs, working groups of ISO/IEC JTC 1/SC 24 can be disbanded if their area of work is no longer applicable, or established if new working areas arise. The focus of each working group is described in the group's terms of reference. Active working groups of ISO/IEC JTC 1/SC 24 are: == Collaborations == ISO/IEC JTC 1/SC 24 works in close collaboration with a number of other organizations or subcommittees, both internal and external to ISO or IEC, in order to avoid conflicting or duplicative work. Organizations internal to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 24 include: ISO/IEC JTC 1/WG 7, Sensor Networks ISO/IEC JTC 1/SC 29, Coding of audio, picture, multimedia and hypermedia information ISO/IEC JTC 1/SC 32, Data management and interchange ISO/TAG 14, Imagery and technology ISO/TC 130, Graphic Technology ISO/TC 184/SC 4, Industrial data ISO/TC 211, Geographic information/Geomatics ISO/TC 215, Health informatics IEC TC 100, Audio, video and multimedia system and equipment Some organizations external to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 24 include: Defence Geospatial Information Working Group (DGIWG) Digital Imaging and Communications in Medicine (DICOM) International Hydrographic Organization (IHO) The Khronos Group NATO - Joint Intelligence Surveillance and Reconnaissance Capability Group (JISRCG) OMG Robotics DTF Open CGM Open Geospatial Consortium (OGC) SEDRIS Organization Simulation Interoperability Standards Organization (SISO) US National Imagery Transmission Format Standard (NITFS) Technical Board (US NTB) Web3D Consortium World Intellectual Property Organization (WIPO) World Wide Web Consortium (W3C) == Member countries == Countries pay a fee to ISO to be members of subcommittees. The 11 "P" (participating) members of ISO/IEC JTC 1/SC 24 are: Australia, China, Egypt, France, India, Japan, Republic of Korea, Portugal, Russian Federation, United Kingdom, and United States. The 22 "O" (observer) members of ISO/IEC JTC 1/SC 24 are: Argentina, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Canada, Cuba, Czech Republic, Finland, Ghana, Hungary, Iceland, Indonesia, Islamic Republic of Iran, Italy, Kazakhstan, Malaysia, Poland, Romania, Serbia, Slovakia, Switzerland, and Thailand. == Published standards == ISO/IEC JTC 1/SC 24 currently has 80 published standards under their direct responsibility within the field of computer graphics, image processing, and environmental data representation, including: