AI Chat Writer

AI Chat Writer — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

Terminology model

A terminology model is a refinement of a concept system. Within a terminology model the concepts (object types) of a specific problem or subject area are defined by subject-matter experts in terms of concept (object type) definitions and definitions of subordinated concepts or characteristics (properties). Besides object types, the terminology model allows defining hierarchical classifications, definitions for object type and property behavior and definition of casual relations. The terminology model is a means for subject-matter experts to express their knowledge about the subject in subject-specific terms. Since the terminology model is structured rather similar to an object-oriented database schema, is can be transformed without loss of information into an object-oriented database schema. Thus, the terminology model is a method for problem analysis on the one side and a mean of defining database schema on the other side. Several terminology models have been developed and published in the field of statistics: Terminology model for classifications Terminology model for statistical variables Reference model for statistical metadata
Read more →
Confidential computing

Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology. The technology protects data in use by performing computations in a hardware-based trusted execution environment (TEE). Confidential data is released to the TEE only once it is assessed to be trustworthy. Different types of confidential computing define the level of data isolation used, whether virtual machine, application, or function, and the technology can be deployed in on-premise data centers, edge locations, or the public cloud. It is often compared with other privacy-enhancing computational techniques such as fully homomorphic encryption, secure multi-party computation, and Trusted Computing. Confidential computing is promoted by the Confidential Computing Consortium (CCC) industry group, whose membership includes major providers of the technology. == Properties == Trusted execution environments (TEEs) "prevent unauthorized access or modification of applications and data while they are in use, thereby increasing the security level of organizations that manage sensitive and regulated data". Trusted execution environments can be instantiated on a computer's processing components such as a central processing unit (CPU) or a graphics processing unit (GPU). In their various implementations, TEEs can provide different levels of isolation including virtual machine, individual application, or compute functions. Typically, data in use in a computer's compute components and memory exists in a decrypted state and can be vulnerable to examination or tampering by unauthorized software or administrators. According to the CCC, confidential computing protects data in use through a minimum of three properties: Data confidentiality: "Unauthorized entities cannot view data while it is in use within the TEE". Data integrity: "Unauthorized entities cannot add, remove, or alter data while it is in use within the TEE". Code integrity: "Unauthorized entities cannot add, remove, or alter code executing in the TEE". In addition to trusted execution environments, remote cryptographic attestation is an essential part of confidential computing. The attestation process assesses the trustworthiness of a system and helps ensure that confidential data is released to a TEE only after it presents verifiable evidence that it is genuine and operating with an acceptable security posture. It allows the verifying party to assess the trustworthiness of a confidential computing environment through an "authentic, accurate, and timely report about the software and data state" of that environment. "Hardware-based attestation schemes rely on a trusted hardware component and associated firmware to execute attestation routines in a secure environment". Without attestation, a compromised system could deceive others into trusting it, claim it is running certain software in a TEE, and potentially compromise the confidentiality or integrity of the data being processed or the integrity of the trusted code. == Technical approaches == Technical approaches to confidential computing may vary in which software, infrastructure and administrator elements are allowed to access confidential data. The "trust boundary," which circumscribes a trusted computing base (TCB), defines which elements have the potential to access confidential data, whether they are acting benignly or maliciously. Confidential computing implementations enforce the defined trust boundary at a specific level of data isolation. The three main types of confidential computing are: Virtual machine isolation Application isolation, also known as process isolation Function isolation, also known as library isolation Virtual machine isolation removes the elements controlled by the computer infrastructure or cloud provider, but allows potential data access by elements inside a virtual machine running on the infrastructure. Application or process isolation permits data access only by authorized software applications or processes. Function or library isolation is designed to permit data access only by authorized subroutines or modules within a larger application, blocking access by any other system element, including unauthorized code in the larger application. == Threat model == As confidential computing is concerned with the protection of data in use, only certain threat models can be addressed by this technique. Other types of attacks are better addressed by other privacy-enhancing technologies. === In scope === The following threat vectors are generally considered in scope for confidential computing: Software attacks: including attacks on the host’s software and firmware. This may include the operating system, hypervisor, BIOS, other software and workloads. Protocol attacks: including "attacks on protocols associated with attestation as well as workload and data transport". This includes vulnerabilities in the "provisioning or placement of the workload" or data that could cause a compromise. Cryptographic attacks: including "vulnerabilities found in ciphers and algorithms due to a number of factors, including mathematical breakthroughs, availability of computing power and new computing approaches such as quantum computing". The CCC notes several caveats in this threat vector, including relative difficulty of upgrading cryptographic algorithms in hardware and recommendations that software and firmware be kept up-to-date. A multi-faceted, defense-in-depth strategy is recommended as a best practice. Basic physical attacks: including cold boot attacks, bus and cache snooping and plugging attack devices into an existing port, such as a PCI Express slot or USB port. Basic upstream supply-chain attacks: including attacks that would compromise TEEs through changes such as added debugging ports. The degree and mechanism of protection against these threats varies with specific confidential computing implementations. === Out of scope === Threats generally defined as out of scope for confidential computing include: Sophisticated physical attacks: including physical attacks that "require long-term and/or invasive access to hardware" such as chip scraping techniques and electron microscope probes. Upstream hardware supply-chain attacks: including attacks on the CPU manufacturing process, CPU supply chain in key injection/generation during manufacture. Attacks on components of a host system that are not directly providing the capabilities of the trusted execution environment are also generally out-of-scope. Availability attacks: confidential computing is designed to protect the confidentiality and integrity of protected data and code. It does not address availability attacks such as Denial of Service or Distributed Denial of Service attacks. == Use cases == Confidential computing can be deployed in the public cloud, on-premise data centers, or distributed "edge" locations, including network nodes, branch offices, industrial systems and others. === Data privacy and security === Confidential computing protects the confidentiality and integrity of data and code from the infrastructure provider, unauthorized or malicious software and system administrators, and other cloud tenants, which may be a concern for organizations seeking control over sensitive or regulated data. The additional security capabilities offered by confidential computing can help accelerate the transition of more sensitive workloads to the cloud or edge locations. === Multi-party analytics === Confidential computing can enable multiple parties to engage in joint analysis using confidential or regulated data inside a TEE while preserving privacy and regulatory compliance. In this case, all parties benefit from the shared analysis, but no party's sensitive data or confidential code is exposed to the other parties or system host. Examples include multiple healthcare organizations contributing data to medical research, or multiple banks collaborating to identify financial fraud or money laundering. Oxford University researchers proposed the alternative paradigm called "Confidential Remote Computing" (CRC), which supports confidential operations in Trusted Execution Environments across endpoint computers considering multiple stakeholders as mutually distrustful data, algorithm and hardware providers. === Confidential generative AI === Confidential computing technologies can be applied to various stages of a generative AI deployments to help increase data or model privacy, security, and regulatory compliance. TEEs and remote attestation can protect the integrity of data during AI model training, keep
Read more →
Digital on-screen graphics by country

Digital on-screen graphics by country are the varying logos and differences of digital on-screen graphics in different countries and regions. == Overview == Digital on-screen graphics (DOGs; also called a digitally originated graphic, bug, network bug, on-screen bug, or screenbug) are almost always placed in one of four corners: the top left, the top right, the bottom left, or the bottom right. There are few exceptions to this rule: most notably, Saturday! in Russia, which places their DOG in the top center. Many news broadcasters, as well as a few television networks, also place a clock alongside their bug. In the United States, Canada, Australia, and New Zealand, DOGs may also include the show's parental guideline rating. In Australia, this is known as a Program Return Graphic (PRG). It has become common to place text above the station's logo advertising other programs on the network. In many countries, some TV networks insert the word "live" near the DOG to advise viewers that the program is live, rather than pre-recorded. During televised sports events, a DOG may also display game-related statistics such as the current score. This has led people in Canada and the United States to refer to such a DOG as a score bug. In many countries, DOGs are removed in non-program sections such as commercials and program trailers, but TV channels in some other countries have retained in full color or instead replaced them in either of these sections or in both sections (like Turkey, Indonesia, Italy, the entirety of South Asia, Vietnam, Taiwan, and Russia). == MENA == === Arab world === Arabic TV logos are placed in the top-right and top-left except for Al-Jazeera, whose logo appears on the bottom-right of the screen. Some Arabian TV stations hide their logos during commercial breaks and promos/trailers, such as Dubai TV, Dubai One, Funoon, the Egyptian CBC and Nile TV networks, ART Hekayat, ART Hekayat 2, Iqraa, and Al-Jazeera. Abu Dhabi TV and MBC1 initially had their logos at the bottom-right corner from their launch until the mid-2000s, when they were moved to the top-right corner. === Iran === Iranian broadcaster IRIB introduced DOGs in early 2000s. Unlike other Middle Eastern nations that introduced DOGs on their TV networks in 1990s, Iran was very late in this practice. Almost all Iranian TV channels display DOGs at top-left corner of the screen. The few exception is IRIB-owned channels remove DOGs during news broadcasts. === Israel === In Israel, Television DOGs were first introduced in 1991. Israeli channel watermarks most often appear on the top left or the top right corner since Israeli cable and satellite-based services often have the channel description and programming (OSD) on the bottom of the screen. Most channels have an opaque, full-color watermark, though exceptions exist, for example Channel 9, which displays a blue-tinted semi-transparent logo. In ad breaks, it is required to replace the channel watermark with another symbol – sometimes on the other edge of the screen – indicating there are ads at the moment. The Israel Broadcasting Authority, whose channels placed their logos in the top left corner, ceased broadcasting in May 2017. The new public broadcaster, the Israeli Public Broadcasting Corporation, displays its logos at the top right instead. The erstwhile Channel 2 as well as its successors, Keshet 12 and Reshet 13, also use the top right corner. However, Channel 10 used the top left corner before rebranding to Eser (Literally "Ten") in 2017 and simultaneously moving its logo to the top right (Not long after, in January 2019, it ceased broadcasting as it merged with Reshet 13). Channel 14 as well as its predecessor Channel 20 use the top right corner as well. The Knesset Channel, however, uses the top left corner. === Morocco === The SNRT and 2M And Al-Aoula Uses permanent on-screen DOGs for their TV channels. In contrast, other channels such as Medi 1 TV hide their DOGs during commercial breaks. == Asia == === Brunei === Radio Television Brunei introduced DOGs in 1994. Like TV channels from neighbouring Malaysia, all DOGs are removed during advertisement breaks. === Cambodia === Cambodian TV channels introduced DOGs in 1995. Like Thailand, all logos are full-color and displayed on the top-right corner of the screen. Some channels such as TV5 hide their logos during commercial breaks. Hang Meas HDTV Logo on the top-left corner of the screen, CTN (Cambodian Television Network), MyTV, Bayon TV, PNN, Logo on the top-right corner of the screen. === China === TV stations in mainland China always place their logo (usually semi-transparent and sometimes animated) in the top-left corner of the screen in full-color or grey-scale. Regardless of the content being broadcast (program or advertisements), some channels like Phoenix Television hide their logos during commercial breaks; although in some rare cases, the DOG may be placed elsewhere to avoid covering the score bug during the broadcast of a sporting event. China introduced logos in 1983 on the bottom-left corner of the screen, but they were used only during commercial breaks and clock idents. Later China Central Television (CCTV) introduced permanent DOGs for all programs in 1992, on the top-left corner of the screen. China also displays a clock on top-right corner of the screen for 1 minute between 59:30–00:30 & 29:30–30:30 time in transition between programs. === Hong Kong === Hong Kong TV introduced DOGs in 1994. Hong Kong DOGs can be either of full color or semi-transparent and (except for RTHK 31) always be hidden during commercial breaks. Television Broadcasts Limited (TVB) placed their logos at the top-right corner of the screen while now-defunct Asia Television and other channels placed their logos at the top-left corner of the screen. Sometimes, weather information, date, and time clocks had been used alongside DOGs in news programs, continuity & live broadcasts. === India === The first on-screen logo in India was introduced in 1984 by DD2 Metro (now DD News). It was white and slightly transparent. All Indian TV channels have on-screen logos. They are always full-colors, never transparent, and they are almost never removed during commercial breaks (though the channels of the South Indian Sun TV Network did so until 2015). The great majority of Indian TV channels place their logos in the top right corner of the screen, though there are exceptions. The corner used may be broadcaster-dependent. Among the big national broadcasters: Channels from the Sony network always use the top right corner, without exception. Star channels also use the top right, with the exception of National Geographic and Nat Geo Wild, which use the top left corner in line with their international counterparts. Past exceptions include The History Channel, whose logo was placed in the top left until it rebranded to Fox History & Entertainment in 2008; the now-defunct Channel V, which used the top left between 2013 and 2016; and Nat Geo People, Nat Geo Music and BabyTV, were withdrawn from India in June 2019. TV18 and Viacom18 channels use the top right corner as well, with the exceptions of regional-language movie channels (e.g., Colors Kannada Cinema and Colors Gujarati Cinema) as well as Colors Super, which have shown their logos at the top left corner since 2018; and VH1, which has always used the bottom right corner. Also, CNBC-TV18, CNBC Awaaz and CNBC Bajar use the bottom right. Moreover, MTV showed its logo in the top left corner until 23 April 2018, when it was moved to the top right (its HD version, launched in 2017, has always used the top right). Unlike most other major networks, the Zee Network's non-news channels containing 'Zee' in their name display their logos at the top left corner and not the top right. This has been the case since 15 October 2017, when almost all the Zee-branded TV channels of the Zee network rebranded with a new logo and, in many cases, a new graphics package and look. Before then, the logos were shown at the top right, as with other broadcasters. (News channels' logos—i.e., logos of channels owned by Zee Media Corporation—stayed put at the top right corner, with the exception of WION, which uses the bottom left.) All the major Zee-branded channels—such as Zee TV, Zee Cinema, Zee Café and the regional-language channels like Zee Tamil, Zee Telugu, Zee Marathi and Zee Bangla—show their logos at the top left; moreover, the Odia-language channel Sarthak TV rebranded to Zee Sarthak and moved its logo to the top left. Among the Zee channels not containing the word 'Zee' that moved their logos to the top left during the big rebrand in 2017 was English movie channel Zee Studio; when it was renamed to &flix on 3 June 2018, the logo remained at the top left. Moreover, Hindi movie channel &pictures has always shown its logo at the top left since its launch in 2013. However, &privé HD, Zee's other English movie channel, and Hindi entertainment channel &TV place the
Read more →
Confused deputy problem

In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deputy problem is often cited as an example of why capability-based security is important. Capability systems protect against the confused deputy problem, whereas access-control list–based systems do not. Such systems can mitigate the confused deputy problem by eliminating ambient authority, allowing programs to act only on resources for which they hold explicit capabilities, whereas access-control list–based systems are more susceptible to it. However, this protection depends on correct implementation; in formally verified capability systems such as seL4, it can be shown that the kernel enforces capability constraints correctly, preventing such behavior at the system level. == Example == In the original example of a confused deputy, there was a compiler program provided on a commercial timesharing service. Users could run the compiler and optionally specify a filename where it would write debugging output, and the compiler would be able to write to that file if the user had permission to write there. The compiler also collected statistics about language feature usage. Those statistics were stored in a file called "(SYSX)STAT", in the directory "SYSX". To make this possible, the compiler program was given permission to write to files in SYSX. But there were other files in SYSX: in particular, the system's billing information was stored in a file "(SYSX)BILL". A user ran the compiler and named "(SYSX)BILL" as the desired debugging output file. This produced a confused deputy problem. The compiler made a request to the operating system to open (SYSX)BILL. Even though the user did not have access to that file, the compiler did, so the open succeeded. The compiler wrote the compilation output to the file (here "(SYSX)BILL") as normal, overwriting it, and the billing information was destroyed. === The confused deputy === In this example, the compiler program is the deputy because it is acting at the request of the user. The program is seen as 'confused' because it was tricked into overwriting the system's billing file. Whenever a program tries to access a file, the operating system needs to know two things: which file the program is asking for, and whether the program has permission to access the file. In the example, the file is designated by its name, “(SYSX)BILL”. The program receives the file name from the user, but does not know whether the user had permission to write the file. When the program opens the file, the system uses the program's permission, not the user's. When the file name was passed from the user to the program, the permission did not go along with it; the permission was increased by the system silently and automatically. It is not essential to the attack that the billing file be designated by a name represented as a string. The essential points are that: the designator for the file does not carry the full authority needed to access the file; the program's own permission to access the file is used implicitly. == Other examples == A cross-site request forgery (CSRF) is an example of a confused deputy attack that uses the web browser to perform sensitive actions against a web application. A common form of this attack occurs when a web application uses a cookie to authenticate all requests transmitted by a browser. Using JavaScript, an attacker can force a browser into transmitting authenticated HTTP requests. The Samy computer worm used cross-site scripting (XSS) to turn the browser's authenticated MySpace session into a confused deputy. Using XSS the worm forced the browser into posting an executable copy of the worm as a MySpace message which was then viewed and executed by friends of the infected user. Clickjacking is an attack where the user acts as the confused deputy. In this attack a user thinks they are harmlessly browsing a website (an attacker-controlled website) but they are in fact tricked into performing sensitive actions on another website. An FTP bounce attack can allow an attacker to connect indirectly to TCP ports to which the attacker's machine has no access, using a remote FTP server as the confused deputy. Another example relates to personal firewall software. It can restrict Internet access for specific applications. Some applications circumvent this by starting a browser with instructions to access a specific URL. The browser has authority to open a network connection, even though the application does not. Firewall software can attempt to address this by prompting the user in cases where one program starts another which then accesses the network. However, the user frequently does not have sufficient information to determine whether such an access is legitimate—false positives are common, and there is a substantial risk that even sophisticated users will become habituated to clicking "OK" to these prompts. Not every program that misuses authority is a confused deputy. Sometimes misuse of authority is simply a result of a program error. The confused deputy problem occurs when the designation of an object is passed from one program to another, and the associated permission changes unintentionally, without any explicit action by either party. It is insidious because neither party did anything explicit to change the authority. Another example is when an administrator authorizes an AI agent to act on their behalf, and that AI subsequently delegates authority to another AI agent neither vetted nor authorized by the original administrator. The unvetted AI can then act without permissions or oversight from the original developer. == Solutions == In some systems it is possible to ask the operating system to open a file using the permissions of another client. This solution has some drawbacks: It requires explicit attention to security by the server. A naive or careless server might not take this extra step. It becomes more difficult to identify the correct permission if the server is in turn the client of another service and wants to pass along access to the file. It requires the client to trust the server to not abuse the borrowed permissions. Note that intersecting the server and client's permissions does not solve the problem either, because the server may then have to be given very wide permissions (all of the time, rather than those needed for a given request) in order to act for arbitrary clients. The simplest way to solve the confused deputy problem is to bundle together the designation of an object and the permission to access that object. This is exactly what a capability is. Using capability security in the compiler example, the client would pass to the server a capability to the output file, such as a file descriptor, rather than the name of the file. Since it lacks a capability to the billing file, it cannot designate that file for output. In the cross-site request forgery example, a URL supplied "cross"-site would include its own authority independent of that of the client of the web browser.
Read more →
Transfer learning

Transfer learning (TL) is a technique in machine learning (ML) in which knowledge learned from a task is re-used in order to boost performance on a related task. For example, for image classification, knowledge gained while learning to recognize cars could be applied when trying to recognize trucks. This topic is related to the psychological literature on transfer of learning, although practical ties between the two fields are limited. Reusing or transferring information from previously learned tasks to new tasks has the potential to significantly improve learning efficiency. Since transfer learning makes use of training with multiple objective functions it is related to cost-sensitive machine learning and multi-objective optimization. == History == In 1976, Bozinovski and Fulgosi published a paper addressing transfer learning in neural network training. The paper gives a mathematical and geometrical model of the topic. In 1981, a report considered the application of transfer learning to a dataset of images representing letters of computer terminals, experimentally demonstrating positive and negative transfer learning. In 1992, Lorien Pratt formulated the discriminability-based transfer (DBT) algorithm. By 1998, the field had advanced to include multi-task learning, along with more formal theoretical foundations. Influential publications on transfer learning include the book Learning to Learn in 1998, a 2009 survey and a 2019 survey. Ng said in his NIPS 2016 tutorial that TL would become the next driver of machine learning commercial success after supervised learning. In the 2020 paper, "Rethinking Pre-Training and self-training", Zoph et al. reported that pre-training can hurt accuracy, and advocate self-training instead. == Definition == The definition of transfer learning is given in terms of domains and tasks. A domain D {\displaystyle {\mathcal {D}}} consists of: a feature space X {\displaystyle {\mathcal {X}}} and a marginal probability distribution P ( X ) {\displaystyle P(X)} , where X = { x 1 , . . . , x n } ∈ X {\displaystyle X=\{x_{1},...,x_{n}\}\in {\mathcal {X}}} . Given a specific domain, D = { X , P ( X ) } {\displaystyle {\mathcal {D}}=\{{\mathcal {X}},P(X)\}} , a task consists of two components: a label space Y {\displaystyle {\mathcal {Y}}} and an objective predictive function f : X → Y {\displaystyle f:{\mathcal {X}}\rightarrow {\mathcal {Y}}} . The function f {\displaystyle f} is used to predict the corresponding label f ( x ) {\displaystyle f(x)} of a new instance x {\displaystyle x} . This task, denoted by T = { Y , f ( x ) } {\displaystyle {\mathcal {T}}=\{{\mathcal {Y}},f(x)\}} , is learned from the training data consisting of pairs { x i , y i } {\displaystyle \{x_{i},y_{i}\}} , where x i ∈ X {\displaystyle x_{i}\in {\mathcal {X}}} and y i ∈ Y {\displaystyle y_{i}\in {\mathcal {Y}}} . Given a source domain D S {\displaystyle {\mathcal {D}}_{S}} and learning task T S {\displaystyle {\mathcal {T}}_{S}} , a target domain D T {\displaystyle {\mathcal {D}}_{T}} and learning task T T {\displaystyle {\mathcal {T}}_{T}} , where D S ≠ D T {\displaystyle {\mathcal {D}}_{S}\neq {\mathcal {D}}_{T}} , or T S ≠ T T {\displaystyle {\mathcal {T}}_{S}\neq {\mathcal {T}}_{T}} , transfer learning aims to help improve the learning of the target predictive function f T ( ⋅ ) {\displaystyle f_{T}(\cdot )} in D T {\displaystyle {\mathcal {D}}_{T}} using the knowledge in D S {\displaystyle {\mathcal {D}}_{S}} and T S {\displaystyle {\mathcal {T}}_{S}} . == Applications == Algorithms for transfer learning are available in Markov logic networks and Bayesian networks. Transfer learning has been applied to cancer subtype discovery, building utilization, general game playing, text classification, digit recognition, medical imaging and spam filtering. In 2020, it was discovered that, due to their similar physical natures, transfer learning is possible between electromyographic (EMG) signals from the muscles and classifying the behaviors of electroencephalographic (EEG) brainwaves, from the gesture recognition domain to the mental state recognition domain. It was noted that this relationship worked in both directions, showing that electroencephalographic can likewise be used to classify EMG. The experiments noted that the accuracy of neural networks and convolutional neural networks were improved through transfer learning both prior to any learning (compared to standard random weight distribution) and at the end of the learning process (asymptote). That is, results are improved by exposure to another domain. Moreover, the end-user of a pre-trained model can change the structure of fully-connected layers to improve performance.
Read more →
Threat actor

In cybersecurity and risk assessment, a threat actor (or threat agents, attackers, or adversaries) is a person, group, organisation, state, or other entity with the ability to cause, carry, transmit, support, or exploit a threat. Threat actors are commonly analysed according to their motivations, resources, technical capability, access to systems, relationship to a target, and degree of connection to state authority. They may exploit vulnerabilities, conduct social engineering, steal or monetise data, disrupt operations, or support other actors who carry out such activity. Because the term covers a wide range of actors, researchers and security organisations use taxonomies that distinguish between groups such as cybercriminals, state-linked actors, ideologically motivated actors, thrill seekers or trolls, insiders, and competitors. Threat actor classifications are used in risk management, cyber threat intelligence, and incident response to connect observed behaviour with possible objectives and likely future activity. The categories are not always mutually exclusive: the same actor may combine criminal, ideological, commercial, or state-linked motivations, and different organisations may use different names for similar actors. == Risk assessment and security management == In risk assessment, threat actor analysis is used to identify who or what may create, carry, transmit, support, or exploit a threat, and how that actor relates to the system being assessed. Rausand and Haugen classify threat actors by their relationship to the system, distinguishing between internal and external actors, and by intent, distinguishing between intentional and unintentional actors. Threat actor classification may also support incident investigation. Rogers argued that actor categories could be inferred from observable case points, such as tools used, messages left, data targeted, forensic knowledge, and the degree of damage, allowing investigators to assess likely motivation and skill level. Later work similarly linked actor classification to operational analysis. Chng, Lu, Kumar and Yau proposed a framework connecting hacker types, motivations and typical strategies, arguing that observed behaviour before or during an attack can help analysts infer the likely type of actor involved. At the strategic level, actor analysis may consider an actor's resources, capabilities, degree of state involvement, motivations and objectives. == Landscape == The United Nations Institute for Disarmament Research has described the contemporary cyberthreat landscape as involving an increasingly diverse and interconnected set of actors, including state-led operations, cybercriminal syndicates, ideological hacktivists, commercial cyber mercenaries, private companies and civilian volunteers. Its 2026 report argued that these actors vary in resources, technical sophistication and relationships with states, making it traditional distinctions between state, civilian combatant roles, and legitimate and illegitimate conduct harder to apply. == Academic taxonomies == Early taxonomies classified hackers by activity, skill, motivation, or criminal profile. Landreth proposed six categories based on activity: novice, student, tourist, crasher, and thief. Hollinger classified computer misuse into pirates, browsers, and crackers, describing a progression from less-skilled activity to more technically serious offences. Chantler used attributes including activity, skill, knowledge, motivation, and duration of involvement to distinguish between an elite group, neophytes, and "losers and lamers". Parker proposed seven profiles of cybercriminals: pranksters, hacksters, malicious hackers, personal problem solvers, career criminals, extreme advocates, and malcontents, addicts, and irrational or incompetent people. In 2000, Marc Rogers proposed a taxonomy of hackers with seven, non-mutually-exclusive categories: newbie/tool kit users, cyber-punks, internals, coders, old guard hackers, professional criminals, and cyber-terrorists. Rausand and Haugen distinguish between internal and external threat actors, and between intentional and unintentional threat actors. Internal actors have some relationship with, access to, or position inside the system or organisation, while external actors operate from outside it. Intentional actors seek to create, exploit, or support a threat event, whereas unintentional actors may cause or enable a threat event through error, negligence, accident, or lack of awareness. Rogers later revised his hacker taxonomy into Novices, Cyber-punks, Internals, Petty Thieves, Virus Writers, Old Guard hackers, Professional Criminals, Information Warriors, and, more tentatively, Political Activists. In the model, motivation is grouped into four broad domains: curiosity, notoriety, revenge, and financial gain. A 2022 review by Chng, Lu, Kumar and Yau examined 11 hacker typologies published over three decades and proposed a unified framework linking hacker types, motivations, and strategies. The framework identified 13 hacker types and seven motivations, and argued that observed strategies during an attack can help analysts infer the likely type of actor involved. == Government taxonomies == Taxonomies of threat actors by governments are much more likely to include state-level threat actors. In the United States the National Institute of Standards and Technology (NIST) uses the term threat source in its risk-assessment guidance: organisations are directed to identify and characterise threat sources of concern, including capability, intent and targeting for adversarial threat sources, and the range of effects for non-adversarial threat sources. NIST treats threat-source identification as part of the risk-assessment process, alongside identifying threat events, vulnerabilities, likelihood and impact. In the EU, European Union Agency for Cybersecurity publishes the annual ENISA Threat Landscape, which analyses cyber incidents and adversary behaviour affecting the European Union. The 2025 report analysed selected incidents from the previous year and grouped activity around cybercrime, state-aligned activity, foreign information manipulation and interference, and hacktivism. In ENISA's 2025 analysis, hacktivist activity dominated reporting, representing almost 80% of recorded incidents and consisting mainly of low-level distributed denial-of-service operations. ENISA also reported increasing convergence between hacktivism, cybercrime and state-nexus activity, including state-aligned use of hacktivist personas, hacktivist adoption of ransomware, and false-flag or impersonation activity. At the UN level, A 2026 report by the United Nations Institute for Disarmament Research described the cyberthreat landscape as involving state-led operations, cybercriminal syndicates, ideological hacktivists, commercial cyber mercenaries, and civilian volunteers, with actors varying in resources, technical sophistication, and links to states. Canada defines threat actors as states, groups, or individuals who aim to cause harm by exploiting a vulnerability with malicious intent. A threat actor must be trying to gain access to information systems to access or alter data, devices, systems, or networks. The Japanese government's National Centre of Incident Readiness and Strategy (NISC) was established in 2015 to create a "free, fair and secure cyberspace" in Japan. The NICS created a cybersecurity strategy in 2018 that outlines nation-states and cybercrime to be some of the most key threats. It also indicates that terrorist usage of the cyberspace needs to be monitored and understood. The Security Council of the Russian Federation published the cyber security strategy doctrine in 2016. This strategy highlights the following threat actors as a risk to cyber security measures: nation-state actors, cyber criminals, and terrorists. == Techniques == Threat actors use techniques like Social engineering (security), and Phishing, alongside technical exploits like Cross-site scripting, SQL injection, and denial-of-service attacks. == Limitations == In practice, actor categories may overlap (Edward Snowden for example), and the same activity may combine features associated with hacktivism, cybercrime and state-linked operations. The lines between hacktivism, cybercrime and state-nexus activity had continued to blur, with shared toolsets, overlapping methods, fake personas, hacktivist adoption of ransomware, and cybercriminal or state-linked actors masquerading as other groups. Threat actor analysis also has limits as a risk-management method. NIST notes that risk assessments depend on their purpose, scope, assumptions, constraints, information sources, risk model and analytic approach, and that assessments are tied to particular time frames and organisational contexts. NIST also warns that simple threat-vulnerability pairing may be undesirable or problematic where there are many threats and vulnerabilities, and recom
Read more →
Molecular graphics

Molecular graphics is the discipline and philosophy of studying molecules and their properties through graphical representation. IUPAC limits the definition to representations on a "graphical display device". Ever since Dalton's atoms and Kekulé's benzene, there has been a rich history of hand-drawn atoms and molecules, and these representations have had an important influence on modern molecular graphics. Colour molecular graphics are often used on chemistry journal covers artistically. == History == Prior to the use of computer graphics in representing molecular structure, Robert Corey and Linus Pauling developed a system for representing atoms or groups of atoms from hard wood on a scale of 1 inch = 1 angstrom connected by a clamping device to maintain the molecular configuration. These early models also established the CPK coloring scheme that is still used today to differentiate the different types of atoms in molecular models (e.g. carbon = black, oxygen = red, nitrogen = blue, etc). This early model was improved upon in 1966 by W.L. Koltun and are now known as Corey-Pauling-Koltun (CPK) models. The earliest efforts to produce models of molecular structure was done by Project MAC using wire-frame models displayed on a cathode ray tube in the mid 1960s. In 1965, Carroll Johnson distributed the Oak Ridge thermal ellipsoid plot (ORTEP) that visualized molecules as a ball-and-stick model with lines representing the bonds between atoms and ellipsoids to represent the probability of thermal motion. Thermal ellipsoid plots quickly became the de facto standard used in the display of X-ray crystallography data, and are still in wide use today. The first practical use of molecular graphics was a simple display of the protein myoglobin using a wireframe representation in 1966 by Cyrus Levinthal and Robert Langridge working at Project MAC. Among the milestones in high-performance molecular graphics was the work of Nelson Max in "realistic" rendering of macromolecules using reflecting spheres. Initially much of the technology concentrated on high-performance 3D graphics. During the 1970s, methods for displaying 3D graphics using cathode ray tubes were developed using continuous tone computer graphics in combination with electro-optic shutter viewing devices. The first devices used an active shutter 3D system, generating different perspective views for the left and right channel to provide the illusion of three-dimensional viewing. Stereoscopic viewing glasses were designed using lead lanthanum zirconate titanate (PLZT) ceramics as electronically controlled shutter elements. Active 3D glasses require batteries and work in concert with the display to actively change the presentation by the lenses to the wearer's eyes. Many modern 3D glasses use a passive, polarized 3D system that enables the wearer to visualize 3D effects based on their own perception. Passive 3D glasses are more common today since they are less expensive. The requirements of macromolecular crystallography also drove molecular graphics because the traditional techniques of physical model-building could not scale. The first two protein structures solved by molecular graphics without the aid of the Richards' Box were built with Stan Swanson's program FIT on the Vector General graphics display in the laboratory of Edgar Meyer at Texas A&M University: First Marge Legg in Al Cotton's lab at A&M solved a second, higher-resolution structure of staph. nuclease (1975) and then Jim Hogle solved the structure of monoclinic lysozyme in 1976. A full year passed before other graphics systems were used to replace the Richards' Box for modelling into density in 3-D. Alwyn Jones' FRODO program (and later "O") were developed to overlay the molecular electron density determined from X-ray crystallography and the hypothetical molecular structure. === Timeline === == Types == === Ball-and-stick models === In the ball-and-stick model, atoms are drawn as small sphered connected by rods representing the chemical bonds between them. === Space-filling models === In the space-filling model, atoms are drawn as solid spheres to suggest the space they occupy, in proportion to their van der Waals radii. Atoms that share a bond overlap with each other. === Surfaces === In some models, the surface of the molecule is approximated and shaded to represent a physical property of the molecule, such as electronic charge density. === Ribbon diagrams === Ribbon diagrams are schematic representations of protein structure and are one of the most common methods of protein depiction used today. The ribbon shows the overall path and organization of the protein backbone in 3D, and serves as a visual framework on which to hang details of the full atomic structure, such as the balls for the oxygen atoms bound to the active site of myoglobin in the adjacent image. Ribbon diagrams are generated by interpolating a smooth curve through the polypeptide backbone. α-helices are shown as coiled ribbons or thick tubes, β-strands as arrows, and non-repetitive coils or loops as lines or thin tubes. The direction of the polypeptide chain is shown locally by the arrows, and may be indicated overall by a colour ramp along the length of the ribbon.
Read more →
World Database of Happiness

The World Database of Happiness is a web-based archive of research findings on subjective appreciation of life, based in the Erasmus Happiness Economics Research Organization of the Erasmus University Rotterdam in The Netherlands. The database contains both an overview of scientific publications on happiness and a digest of research findings. Happiness is defined as the degree to which an individual judges the quality of his or her life as a whole favorably. Two 'components' of happiness are distinguished: hedonic level of affect (the degree to which pleasant affect dominates) and contentment (perceived realization of wants). == Aims == The World Database of Happiness is a tool to quickly acquire an overview on the ever-growing stream of research findings on happiness Medio 2023 the database covered some 16,000 scientific publications on happiness, from which were extracted 23,000 distributional findings (on how happy people are) and another 24,000 correlational findings (on factors associated with more and less happiness). The first findings date from 1915. == Technique == The World Database of Happiness is a ‘findings archive’, which consists of electronic ‘finding pages’ on which separate research results are described in a standard format and terminology. These finding pages can be selected on various characteristics, such as population studies, the measure of happiness used and observed co-variates. All finding-pages have a specific internet address to which links can be made in scientific review papers or policy recommendations. This allows a concise presentation of many findings in a table, while providing readers with access to detail. == Scientific use == The Database has been cited in 254 scientific papers, for example to access under what conditions economic growth enhances average happiness or to show that rising mean happiness at first raises happiness inequality, but further rise will diminish these differences, or that healthy eating is associated with more happiness, even after controlling for the effect on health Another finding is that relative simple happiness training techniques raise happiness by some 5% == Popular use == The World Database of Happiness is often used by popular media to make lists of the happiest countries around the globe. An example is the Happy Planet Index, which aims to chart sustainable happiness all over the world by combining data on longevity, happiness and the size of the ecological footprint of citizens. == Strengths and weaknesses == The database has a clear conceptual focus, it includes only research findings on subjective enjoyment of one's life as a whole. Thereby it evades the Babel that has haunted the study of happiness for ages. The other side of that coin is that much interesting research is left out. The findings are reported with technical details about measurement and statistical analysis. This detail is welcomed by scholars, but makes the information difficult to digest for lay-persons. Still another limitation is that the determinants of happiness appear to vary considerably across persons and situations, which make it hard to draw general conclusions about the causes of happiness. What is clear is that poor health, separation, unemployment and lack of social contact are all strongly negatively associated with happiness. Another problem for the World database of happiness is that the studies on happiness increase with such a high rate that it gets increasingly difficult to offer a complete overview of all research findings. A further concern is that the Database of Happiness is exclusively focused on hedonic happiness (feeling good) and not on mature happiness that might exist in the face of suffering
Read more →
Human-in-the-loop

Human-in-the-loop (HITL) is used in multiple contexts. It can be defined as a model requiring human interaction. HITL is associated with modeling and simulation (M&S) in the live, virtual, and constructive taxonomy. HITL, along with the related human-on-the-loop, are also used in relation to lethal autonomous weapons. Further, HITL is used in the context of machine learning.It is also used in conversational AI to manage complex interactions that require human empathy. == Machine learning == In machine learning, HITL is used in the sense of humans aiding the computer in making the correct decisions in building a model. HITL improves machine learning over random sampling by selecting the most critical data needed to refine the model. == Simulation == In simulation, HITL models may conform to human factors requirements as in the case of a mockup. In this type of simulation, a human is always part of the simulation and consequently influences the outcome in such a way that is difficult if not impossible to reproduce exactly. HITL also readily allows for the identification of problems and requirements that may not be easily identified by other means of simulation. HITL is often referred to as an interactive simulation, which is a special kind of physical simulation in which physical simulations include human operators, such as in a flight or a driving simulator. === Benefits === Human-in-the-loop allows the user to change the outcome of an event or process. The immersion effectively contributes to a positive transfer of acquired skills into the real world. This can be demonstrated by trainees utilizing flight simulators in preparation to become pilots. HITL also allows for the acquisition of knowledge regarding how a new process may affect a particular event. Utilizing HITL allows participants to interact with realistic models and attempt to perform as they would in an actual scenario. HITL simulations bring to the surface issues that would not otherwise be apparent until after a new process has been deployed. A real-world example of HITL simulation as an evaluation tool is its usage by the Federal Aviation Administration (FAA) to allow air traffic controllers to test new automation procedures by directing the activities of simulated air traffic while monitoring the effect of the newly implemented procedures. As with most processes, there is always the possibility of human error, which can only be reproduced using HITL simulation. Although much can be done to automate systems, humans typically still need to take the information provided by a system to determine the next course of action based on their judgment and experience. Intelligent systems can only go so far in certain circumstances to automate a process; only humans in the simulation can accurately judge the final design. Tabletop simulation may be useful in the very early stages of project development for the purpose of collecting data to set broad parameters, but the important decisions require human-in-the-loop simulation. HITL reflects scenarios where human input remains essential despite advances in automation. === Within the virtual simulation taxonomy === Virtual simulations inject HITL in a central role by exercising motor control skills (e.g. flying an airplane), decision making skills (e.g. committing fire control resources to action), or communication skills (e.g. as members of a C4I team). === Examples === Flight simulators Driving simulators Marine simulators Video games Supply chain management simulators Digital puppetry === Misconceptions === Although human-in-the-loop simulation can include a computer simulation in the form of a synthetic environment, computer simulation is not necessarily a form of human-in-the-loop simulation, and is often considered as human-out-of-the loop simulation. In this particular case, a computer model’s behavior is modified according to a set of initial parameters. The results of the model differ from the results stemming from a true human-in-the-loop simulation because the results can easily be replicated time and time again, by simply providing identical parameters. == Weapons == === Taxonomy === Three classifications of the degree of human control of autonomous weapon systems were laid out by Bonnie Docherty in a 2012 Human Rights Watch report. human-in-the-loop: a human must instigate the action of the weapon (in other words not fully autonomous) human-on-the-loop: a human may abort an action human-out-of-the-loop: no human action is involved === Positive human action === In discussions of autonomous weapons and nuclear command and control, the phrase positive human action has been used alongside "human-in-the-loop" to emphasize that a human operator must affirmatively authorize the use of force. Descriptions of the United States Navy's Aegis Combat System have used the phrase in characterizing a requirement for affirmative human action to initiate live firing. A survey of autonomous weapons systems described the Aegis "Auto SM" mode as one in which "the system fully develops the engagement process however engagement requires positive human action". The phrase entered United States federal law in the National Defense Authorization Act for Fiscal Year 2025, which stipulates that artificial intelligence systems not compromise "the principle of requiring positive human actions in execution of decisions by the President with respect to the employment of nuclear weapons".
Read more →
Insider threat

An insider threat is a perceived threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems. == Overview == Insiders may have accounts giving them legitimate access to computer systems, with this access originally having been given to them to serve in the performance of their duties; these permissions could be abused to harm the organization. Insiders are often familiar with the organization's data and intellectual property as well as the methods that are in place to protect them. This makes it easier for the insider to circumvent any security controls of which they are aware. Physical proximity to data means that the insider does not need to hack into the organizational network through the outer perimeter by traversing firewalls; rather they are in the building already, often with direct access to the organization's internal network. Insider threats are harder to defend against than attacks from outsiders, since the insider already has legitimate access to the organization's information and assets. An insider may attempt to steal property or information for personal gain or to benefit another organization or country. The threat to the organization could also be through malicious software left running on its computer systems by former employees, a so-called logic bomb. == Research == Insider threat is an active area of research in academia and government. The CERT Coordination Center at Carnegie-Mellon University maintains the CERT Insider Threat Center, which includes a database of more than 850 cases of insider threats, including instances of fraud, theft and sabotage; the database is used for research and analysis. CERT's Insider Threat Team also maintains an informational blog to help organizations and businesses defend themselves against insider crime. The Threat Lab and Defense Personnel and Security Research Center (DOD PERSEREC) has also recently emerged as a national resource within the United States of America. The Threat Lab hosts an annual conference, the SBS Summit. They also maintain a website that contains resources from this conference. Complimenting these efforts, a companion podcast was created, Voices from the SBS Summit. In 2022, the Threat Lab created an interdisciplinary journal, Counter Insider Threat Research and Practice (CITRAP) which publishes research on insider threat detection. === Findings === In the 2022 Data Breach Investigations Report (DBIR), Verizon found that 82% of breaches involved the human element, noting that employees continue to play a leading role in cybersecurity incidents and breaches. According to the UK Information Commissioners Office, 90% of all breaches reported to them in 2019 were the result of mistakes made by end users. This was up from 61% and 87% over the previous two years. A 2018 whitepaper reported that 53% of companies surveyed had confirmed insider attacks against their organization in the previous 12 months, with 27% saying insider attacks have become more frequent. A report published in July 2012 on the insider threat in the U.S. financial sector gives some statistics on insider threat incidents: 80% of the malicious acts were committed at work during working hours; 81% of the perpetrators planned their actions beforehand; 33% of the perpetrators were described as "difficult" and 17% as being "disgruntled". The insider was identified in 74% of cases. Financial gain was a motive in 81% of cases, revenge in 23% of cases, and 27% of the people carrying out malicious acts were in financial difficulties at the time. The US Department of Defense Personnel Security Research Center published a report that describes approaches for detecting insider threats. Earlier it published ten case studies of insider attacks by information technology professionals. Cybersecurity experts believe that 38% of negligent insiders are victims of a phishing attack, whereby they receive an email that appears to come from a legitimate source such as a company. These emails normally contain malware in the form of hyperlinks. == Typologies and ontologies == Multiple classification systems and ontologies have been proposed to classify insider threats. Traditional models of insider threat identify three broad categories: Malicious insiders, which are people who take advantage of their access to inflict harm on an organization; Negligent insiders, which are people who make errors and disregard policies, which place their organizations at risk; and Infiltrators, who are external actors that obtain legitimate access credentials without authorization. == Criticisms == Insider threat research has been criticized. Critics have argued that insider threat is a poorly defined concept. Forensically investigating insider data theft is notoriously difficult, and requires novel techniques such as stochastic forensics. Data supporting insider threat is generally proprietary (i.e., encrypted data). Theoretical/conceptual models of insider threat are often based on loose interpretations of research in the behavioral and social sciences, using "deductive principles and intuitions of subject matter expert." Adopting sociotechnical approaches, researchers have also argued for the need to consider insider threat from the perspective of social systems. Jordan Schoenherr said that "surveillance requires an understanding of how sanctioning systems are framed, how employees will respond to surveillance, what workplace norms are deemed relevant, and what ‘deviance’ means, e.g., deviation for a justified organization norm or failure to conform to an organizational norm that conflicts with general social values." By treating all employees as potential insider threats, organizations might create conditions that lead to insider threats. == Sector-specific concerns == === Healthcare === The healthcare industry faces particularly acute insider threat risks due to the large number of workforce members who require access to sensitive patient records for legitimate clinical purposes. The U.S. Department of Health and Human Services has identified unauthorized access by insiders, including workforce snooping on patient records and theft of protected health information for identity fraud, as a persistent enforcement concern. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule addresses insider threats through several administrative safeguards, including workforce security procedures requiring covered entities to implement policies for authorizing and supervising workforce members who work with electronic protected health information, as well as termination procedures to revoke access when employment ends (45 CFR 164.308(a)(3)). The rule also requires audit controls to record and examine information system activity (45 CFR 164.312(b)), enabling detection of unauthorized access by insiders. The December 2024 Notice of proposed rulemaking (NPRM) to overhaul the HIPAA Security Rule would strengthen insider threat defenses by mandating role-based access controls, requiring notification of relevant workforce members within 24 hours of any changes to access privileges, and requiring regular review of audit logs to detect anomalous access patterns.
Read more →
Tandem Money

Tandem is one of the UK's original challenger banks. Tandem is a digital bank with a mobile app, and no branches. The acquisition of Harrods Bank in 2017 allowed the company to provide services using the former's banking licence. Tandem Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority. Tandem has offices across the UK in Blackpool, Cardiff, Durham and London, employing over 500 people. == History == The company was founded by Ricky Knox, Matt Cooper and Michael Kent in 2014. In December 2016, Tandem announced that it had secured a £35 million investment from The Sanpower Group, the Chinese company that also owned the department store House of Fraser; however, £29 million of this investment was later revoked by Sanpower over concerns that the Chinese Government would object to the investment following increased restrictions on outbound investment in China. This resulted in a delay in the launch of Tandem's savings products, which, at the time of the revocation, was expected imminently and, more importantly, meant that Tandem volunteered the return of their banking license but retained all other permissions. In April 2018, Tandem launched fixed-term savings accounts, offering one-, two- and three-year terms through its app. === Acquisitions === In August 2017, it was announced that Tandem would fully acquire Harrods Bank, founded in 1893, in a deal that would bring a near-£200m loan book, over £300m of deposits and nearly £80 million of capital. Prior to its sale to Tandem Money, Harrods Bank catered for high-net-worth (HNW) individuals and operated from the Harrods store in Knightsbridge, London. It offered a variety of personal and business current and savings accounts, mortgages, foreign currency and gold bullion trading services. On 7 August 2017, Tandem Money Limited announced a deal to acquire 100% of Harrods Bank Limited shares. The purchase deal closed successfully on 11 January 2018. In March 2018, Tandem agreed to acquire Pariti Technologies Limited, developers of the Pariti money management application. In August 2020 Tandem acquired green home improvement loan specialists Allium Lending Group. It was announced on 8 February 2021 that Tandem had agreed to purchase the mortgage book from private bank Bank and Clients, consisting of 300 B&C customers for an undisclosed amount. In January 2022 Tandem Bank acquired consumer lender Oplo, creating a combined business with £1.2 billion of total assets. In April 2023, it was announced that Tandem had acquired money-sharing app Loop Money. At the time of the purchase, one of Loop's founders – Paul Pester – was also chairman at Tandem. == Features == Tandem Bank offers customers savings, mortgages, personal and secured loans, green home improvement loans and motor finance. In November 2022, the bank launched its new Tandem Marketplace, providing information and resources to help promote greener living.
Read more →
Tensor glyph

In scientific visualization a tensor glyph is an object that can visualize all or most of the nine degrees of freedom, such as acceleration, twist, or shear – of a 3 × 3 {\displaystyle 3\times 3} matrix. It is used for tensor field visualization, where a data-matrix is available at every point in the grid. "Glyphs, or icons, depict multiple data values by mapping them onto the shape, size, orientation, and surface appearance of a base geometric primitive." Tensor glyphs are a particular case of multivariate data glyphs. There are certain types of glyphs that are commonly used: Ellipsoid Cuboid Cylindrical Superquadrics According to Thomas Schultz and Gordon Kindlmann, specific types of tensor fields "play a central role in scientific and biomedical studies as well as in image analysis and feature-extraction methods."
Read more →
Digital video effect

Digital video effects (DVEs) are visual effects that provide comprehensive live video image manipulation, in the same form as optical printer effects in film. DVEs differ from standard video switcher effects (often referred to as analog effects) such as wipes or dissolves, in that they deal primarily with resizing, distortion or movement of the image. Modern video switchers often contain internal DVE functionality. Modern DVE devices are incorporated in high-end broadcast video switchers. Early examples of DVE devices found in the broadcast post-production industry include the Ampex Digital Optics (ADO), Quantel DPE-5000, Vital Squeezoom, NEC E-Flex and the Abekas A5x series of DVEs. By 1988, Grass Valley Group caught up with the competition with their Kaleidoscope, which integrated ADO-type effects with their widely used line of broadcast switching gear. DVEs are used by the broadcast television industry in live television production environments like television studios and outside broadcasts. They are commonly used in video post-production.
Read more →
Vero (app)

Vero (stylized as VERO) is a social media platform and mobile app company. Vero markets itself as a social network free from advertisements, data mining and algorithms. == History == The app was founded by French-Lebanese billionaire Ayman Hariri who is the son of former Lebanese prime minister Rafic Hariri. The name is taken from the Italian word for true. The app launched officially in 2015 as an alternative to Facebook and their popular photo-blogging app Instagram. Within weeks of its release the app surged in popularity although users expressed mixed reports with some feeling confused about how the app worked. Cosplayers were early to adopt the app as their photo-sharing platform of choice, favouring the app's pinch and zoom magnification feature over Instagram's zoom feature. Other creative communities soon followed, and the app became popular with niche groups of makeup artists, tattoo artists, and skateboarders. In March 2018, Vero's popularity surged, partly helped by an exodus from Facebook and Instagram following the Cambridge Analytica data scandal. In the wake of the scandal, Vero devised an advertising campaign aimed at defected Facebook and Instagram users, hoping the app's policies and privacy settings would assuage concerns over sharing personal information on the internet. Within the space of one week, the app went from being a small service, akin to Ello or Peach, to being the most downloaded app in eighteen countries. In December 2020, Vero released its most significant update to date, Vero 2.0 which introduced new features including voice and video calls, game and app posts and bookmarks, and refinements to the UI. In October 2021, Vero introduced their Desktop app (beta) with multiple post options and a re-sizable multi-column feed. == Concept and funding == Vero's content feed resembles Instagram's although users can share a wider variety of content and the app has a chronological content feed whereas Facebook and Instagram's feeds are algorithm based. Vero's business plan is also distinct from similar social media apps. Whereas its competitors such as Facebook or Instagram make money from in-app advertising revenue and the sale of user data, Vero's business plan was to invite the first one million users to use the app for free then charge any subsequent users a subscription fee. The app was entirely funded by its founder and generated additional revenues by charging affiliate fees when someone buys a product they find on Vero. == Awards == Vero was recognized at the 2021 Webbys, being named as an Honoree in the Best Visual Design - Aesthetic Category. == Controversies == === Privacy === Vero has faced some criticism over the wording of their manifesto, in particular, the statement "Vero only collects the data we believe is necessary to provide users with a great experience and to ensure the security of their accounts." Because this policy does not explicitly state that the app will not sell data on to third parties some users fear that the need to monetise the app through data might prove too tempting. Users have also complained about not being able to delete their accounts. While this was never the case, the option was hidden deep in the app's settings. === Russian involvement === Although Vero remains transparent about the app's Russian development team, they have been caught up in concerns about Russian interference on social media platforms. The app's founder Ayman Hariri was quick to dismiss the remarks as xenophobic and defend the nationality of his employees, stating in an interview with Time Magazine; "At the end of the day, where people are from is really not how anybody should judge anyone". === Criticism of the app's founder === Until 2013, Vero's founder Ayman Harari was deputy CEO and chairman of Saudi Oger, the Saudi Arabian construction company which collapsed in 2017, mired by controversies over the welfare and treatment of their employees. However, Hariri is quick to point out that he divested from the firm in 2014 and the worker's rights violations occurred after he had left the company.
Read more →
Index locking

In databases an index is a data structure, part of the database, used by a database system to efficiently navigate access to user data. Index data are system data distinct from user data, and consist primarily of pointers. Changes in a database (by insert, delete, or modify operations), may require indexes to be updated to maintain accurate user data accesses. Index locking is a technique used to maintain index integrity. A portion of an index is locked during a database transaction when this portion is being accessed by the transaction as a result of attempt to access related user data. Additionally, special database system transactions (not user-invoked transactions) may be invoked to maintain and modify an index, as part of a system's self-maintenance activities. When a portion of an index is locked by a transaction, other transactions may be blocked from accessing this index portion (blocked from modifying, and even from reading it, depending on lock type and needed operation). Index Locking Protocol guarantees that phantom read phenomenon won't occur. Index locking protocol states: Every relation must have at least one index. A transaction can access tuples only after finding them through one or more indices on the relation A transaction Ti that performs a lookup must lock all the index leaf nodes that it accesses, in S-mode, even if the leaf node does not contain any tuple satisfying the index lookup (e.g. for a range query, no tuple in a leaf is in the range) A transaction Ti that inserts, updates or deletes a tuple ti in a relation r must update all indices to r and it must obtain exclusive locks on all index leaf nodes affected by the insert/update/delete The rules of the two-phase locking protocol must be observed. Specialized concurrency control techniques exist for accessing indexes. These techniques depend on the index type, and take advantage of its structure. They are typically much more effective than applying to indexes common concurrency control methods applied to user data. Notable and widely researched are specialized techniques for B-trees (B-Tree concurrency control) which are regularly used as database indexes. Index locks are used to coordinate threads accessing indexes concurrently, and typically shorter-lived than the common transaction locks on user data. In professional literature, they are often called latches.
Read more →