With input from people around the world -- much of it on this website -- an international group of leading technological thinkers were asked to identify the Grand Challenges for Engineering in the 21st Century. Now their conclusions are revealed on this website.

Grand Challenges for Engineering

Creating a viable free open source alternative to
Magma, Maple, Mathematica, and Matlab

SAGE: Open Source Mathematics Software

Jacob Seidelin went on a ( crazy :) ) mission to create a pure JavaScript video player that didn't use Flash:

My first thought was to read binary video files using a technique like the Andy Na posted about here, figuring that there must be some really simple to parse video formats around, but I soon changed directions and decided to make up a whole new video format. Enter.. JSONVid. Using a player like mplayer, it is easy to export all frames in a movie clip to individual jpeg files, and using whichever language you prefer it is also fairly trivial to collect these files, base64 encode the bunch of them and throw them all together in a nice JSON file (I used this PHP script).

JSONVid: Pure JavaScript Video Player

I recently worked on a project that involved embedded systems and reverse engineering. This sort of territory can be a little hairy the first few times out. I ran into some interesting challenges and discoveries along the way which I thought might be worth writing a little bit about. I can’t tell you what the target was. But, it was important. And, we beat the crap out of it. So instead, I’ll tell you what I wish it was: a networked 4-slot toaster.

Now… to make things interesting; Early on, I’d discovered a vulnerability in the toaster that allowed any attacker to load their own firmware on the device. Ouch! My toast! My beautiful toast!

In order to drive home the risk (mostly to the vendor) of the firmware loading vulnerability, I was asked by my customer (also the vendor’s customer) to demonstrate the attack by actually loading malicious firmware onto the device and getting it to run.

Mind you, the request to prove this is actually pretty sane. I had little knowledge of the boot loader, or even of the firmware image format. I couldn’t say for sure that there wasn’t a code-signing feature, which would prevent the toaster from loading any image that wasn’t cryptographically signed by the vendor. That would have rendered the firmware loading attack impotent. To make things worse, the vendor was being pretty light on details. Can’t say I blame them.

Matasano Chargen » Retsaot is Toaster, Reversed: Quick ‘n Dirty Firmware Reversing

Zorba is a general purpose XQuery processor implementing in C the W3C family of specifications. It is not an XML database. The query processor has been designed to be embeddable in a variety of environments such as other programming languages extended with XML processing capabilities, browsers, database servers, XML message dispatchers, or smartphones. Its architecture employes a modular design, which allows customizing the Zorba query processor to the environment’s needs. In particular the architecture of the query processor allows a pluggable XML store (e.g. main memory, DOM stores, persistent disk-based large stores, S3 stores). Zorba runs on most platforms and is available under the Apache license v2.

Zorba: The XQuery Processor

RCFLs are a network of digital forensics labs sponsored by the FBI and staffed by local, state, and federal law enforcement personnel. These labs are available—free of charge—to 4,750 law enforcement agencies across 17 states.

Yes, RCFLs perform digital forensic exams in cyber crime cases, but they contribute to so many more kinds of investigations: terrorism, espionage, public corruption, civil rights, organized crime, white-collar crime, and violent crime. These days, computers and other technological devices are such a part of daily life that you’d be hard-pressed to find any type of criminal or terrorist who doesn’t use one. And when they do, RCFL examiners are there to extract and enhance information from these devices that may serve as evidence at trial.

You can read all about the accomplishments of these 14 labs—collectively and individually—in the RCFL Program’s Fiscal Year 2007 Annual Report.

Regional Computer Forensics Laboratory: Program Annual Report

How long are technology adoption lags? Can cross-country differences in technology adoption lags account for a significant fraction of cross-country GDP disparities? Diego Comin of Harvard Business School and Bart Hobijn of the Federal Reserve Bank of New York develop a new benchmark to understand the diffusion process of individual technologies and the consequences that this has for aggregate growth. This benchmark provides a rationale for the evolution of diffusion measures that include how many units of technology each adopter has adopted in addition to the traditional extensive margin. The model is estimated to obtain measures of adoption lags for 15 technologies in 166 countries. Key concepts include:

* Adoption lags are large. On average, countries have adopted technologies 47 years after their invention.
* There is substantial variation across technologies and countries.
* Over the past two centuries, newer technologies have been adopted faster than old ones.
* The remarkable development records of Japan between 1870 and 1970 and of the so-called East Asian Tigers in the second half of the 20th century all coincided with a catch-up in the range of technologies used with respect to industrialized countries.
* Adoption lags account for at least 25 percent of cross-country per capita income differences.

An Exploration of Technology Diffusion

This article initiates a poetics of Web video by considering the central features of one kind of video on the Web, the amateur videoblog, in terms of its functions, which include various affordances of use, and constraints, which include economics, technology, and viewing conditions. It takes as its central example an American videoblog called The Show With Ze Frank, which ran from 2006–2007, and which drew a passionate community of fans into collaborating in its creation. This article considers amateur Web video as a potentially democratic space for media production, offering an alternative to commercial media that involves ordinary citizens as participants and champions their creativity.

Ze Frank and the poetics of Web video

Do you remember the classic xkcd diagram about Wikipedia?

The code is uglier than Fergie on a rainy day, but it works and I find the results to be pretty fascinating.

Mapping the distraction that is Wikipedia

We've talked about this book before, but if you don't have a copy, there's something new:

Free chapters from the second edition! Wiley has agreed to let me put six sample chapters online for free. Here they are.

Security Engineering - A Guide to Building Dependable Distributed Systems