| |
| Current Topic: Technology |
|
Welcome to Materials Monthly |
|
|
|---|
| Topic: Technology |
9:51 am EDT, Apr 21, 2008 |
Princeton Architectural Press is excited to announce the launch of the next ten volumes in the Materials Monthly series. This revolutionary new service is a subscription-based publication providing hands-on access to state-of-the-art materials and allowing designers to easily build a library that expands and supports their work. Designed as a system for shelving and cataloging, Materials Monthly regularly brings you a sampling of new and innovative materials, ten times per year.
City of Sound has a look inside Materials Monthly. Welcome to Materials Monthly |
|
Automatic Patch-Based Exploit Generation |
|
|
|---|
| Topic: Technology |
5:06 pm EDT, Apr 18, 2008 |
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update. In many cases we are able to automatically generate exploits within minutes or less. Although our techniques may not work in all cases, a fundamental tenet of security is to conservatively estimate the capabilities of attackers. Thus, our results indicate that automatic patch-based exploit generation should be considered practical. One important security implication of our results is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update, may allow attackers who receive the patch first to compromise the significant fraction of vulnerable hosts who have not yet received the patch. Thus, we conclude update schemes, such as Windows Update as currently implemented, can detract from overall security, and should be redesigned.
Automatic Patch-Based Exploit Generation |
|
|
|---|
| Topic: Technology |
7:07 am EDT, Apr 18, 2008 |
Imagine a more trusted, privacy enhanced Internet experience where devices and software enable people to make more effective choices and take control over who, and what, to trust online. It is not an overstatement to say that the Internet has transformed the way we live. Social networking represents the new town square; blogging has turned citizens into journalists; and e-commerce sites have spurred global competition in the marketplace. But with people of all ages flocking online, and with the proliferation of high-profile, targeted attacks on individual or organizational information, assets and identities, more and more people consider the lack of security and privacy on the Internet to be at an unacceptable level.
End to End Trust |
|
The international kilogram conundrum |
|
|
|---|
| Topic: Technology |
7:07 am EDT, Apr 18, 2008 |
In the more than a century since 'perfect' platinum-iridium cylinders were first used as the world's kilogram standards, their weights have mysteriously fluctuated. Scientists are rethinking what the measure means.
The international kilogram conundrum |
|
Pillar: A Parallel Implementation Language |
|
|
|---|
| Topic: Technology |
7:07 am EDT, Apr 18, 2008 |
As parallelism in microprocessors becomes mainstream, new programming languages and environments are emerging to meet the challenges of parallel programming. To support research on these languages, we are developing a lowlevel language infrastructure called Pillar (derived from Parallel Implementation Language). Although Pillar programs are intended to be automatically generated from source programs in each parallel language, Pillar programs can also be written by expert programmers. The language is defined as a small set of extensions to C. As a result, Pillar is familiar to C programmers, but more importantly, it is practical to reuse an existing optimizing compiler like gcc [1] or Open64 [2] to implement a Pillar compiler. Pillar’s concurrency features include constructs for threading, synchronization,
and explicit data-parallel operations. The threading constructs focus on creating new threads only when hardware resources are idle, and otherwise executing parallel work within existing threads, thus minimizing thread creation overhead. In addition to the usual synchronization constructs, Pillar includes transactional memory. Its sequential features include stack walking, second-class continuations, support for precise garbage collection, tail calls, and seamless integration of Pillar and legacy code. This paper describes the design and implementation of the Pillar software stack, including the language, compiler, runtime, and high-level converters (that translate high-level language programs into Pillar programs). It also reports on early experience with three high-level languages that target Pillar.
Pillar: A Parallel Implementation Language |
|
|
|---|
| Topic: Technology |
7:07 am EDT, Apr 18, 2008 |
TinEye is an image search engine built by Idee currently in private beta. Give it an image and it will tell you where the image appears on the web.
TinEye |
|
Dynamic Composable Computing (DCC) |
|
|
|---|
| Topic: Technology |
7:06 am EDT, Apr 18, 2008 |
Fred and Sally are visiting their friend Joe’s house when the topic of Sally’s recent vacation comes up. Instead of just showing them pictures on her mobile device, Sally displays a collection of her favorite pictures on Joe’s wall-mounted flat-screen TV, using her mobile to advance the slides. Meanwhile, Fred takes a moment to browse through Joe’s music collection on his MID until he finds an appropriate album, which he then triggers to play on Joe’s stereo system.
Dynamic Composable Computing (DCC) |
|
|
|---|
| Topic: Technology |
7:06 am EDT, Apr 18, 2008 |
Imagine a day when a single device small enough to fit in your pocket has the power of a laptop and can deliver a rich computing, telephony, media, gaming, and Internet experience. Imagine a day when this device knows your tendencies and preferences and can adapt and optimize its interfaces to match what you are doing at any point any time. Imagine a day when this device is not constrained as a standalone unit, but can dynamically become a hybrid combination of other computing and multimedia devices in close proximity. In the labs at Intel, we have been looking at what makes sense for mobility in the future – a vision we refer to as Carry Small, Live Large.
Carry Small, Live Large |
|
Computing History at Bell Labs |
|
|
|---|
| Topic: Technology |
7:06 am EDT, Apr 18, 2008 |
In 1997, on his retirement from Bell Labs, Doug McIlroy gave a fascinating talk about the “History of Computing at Bell Labs.” That page contains audio for the talk in Real Audio format (it was 1997). Almost ten years ago I transcribed the audio but never did anything with it. The transcript is below.
Computing History at Bell Labs |
|
Treemaps for space-constrained visualization of hierarchies |
|
|
|---|
| Topic: Technology |
7:06 am EDT, Apr 18, 2008 |
Ben Shneiderman: During 1990, in response to the common problem of a filled hard disk, I became obsessed with the idea of producing a compact visualization of directory tree structures.
Treemaps for space-constrained visualization of hierarchies |
|
