Social Networking in Science

The basic premise of social networks — allowing users to build a custom group of friends and colleagues with whom you can choose to selectively interact — is its broad appeal. But this premise has, in fact, been around for many decades in science research. Contrary to the popular image of the lone scientist toiling away in an isolated lab, just about all scientific discovery is a collaborative effort that requires extensive networks of lab teams. Whereas 20 years ago these networks might have been confined geographically or within the same university system, today those networks are more likely to be virtual and global, especially since so much research is now cross-disciplinary.

Ten years ago, on February 4, 2004, a new social networking site called Facebook was launched. While it was by no means the first, Facebook is arguably one of the largest and most influential social networks today. It’s worth taking a step back to look at how powerful the concept of social networking has become, and what its potential is for the future, especially for scientific research and discovery.

Several players have been the drivers of social networking. Its origins can be traced to the Computerized Bulletin Board System (CBBS) launched in 1978 by Ward Christensen, an IBM field technical sales specialist, and his collaborator Randy Suess. During the past 15 years social networking platforms such as MySpace, LiveJournal, LinkedIn, Foursquare and Reddit have launched to great fanfare. Facebook originated as a social networking platform for students at Harvard. It was referred to at the time as a college version of Friendster. By 2009 it was ranked as the most used social network with more than 200 million users, twice that of rival MySpace. Today it is estimated that there are more than one billion Facebook users across the globe. Less traveled, but no less important are those social networks geared to scientists such as Labroots, Quora, Research Gate, Mysciencework.com and Mendeley.

The basic premise of social networks — allowing users to build a custom group of friends and colleagues with whom you can choose to selectively interact — is its broad appeal. But this premise has, in fact, been around for many decades in science research. Contrary to the popular image of the lone scientist toiling away in an isolated lab, just about all scientific discovery is a collaborative effort that requires extensive networks of lab teams. Whereas 20 years ago these networks might have been confined geographically or within the same university system, today those networks are more likely to be virtual and global, especially since so much research is now cross-disciplinary. Teams of neuroscientists for example need a computer programmer, possibly an electrical engineer as well as genetics and analytic experts to help track, manage, and interpret the massive volume of data to develop reports. Larger, well-funded research teams may be fortunate enough to have such resources as part of their own on-site teams, but more often than not, they may be spread around the country or the world. In addition collaborations also appeal to funding agencies which see such efforts as a cost-effective way to provide crucial support to the core team.

Beyond this collaborative interaction of the research environment is the time-honored, critical scientific social network that, for 130 years, has governed the submission and peer review process of the scientific journal. The networks of editorial board members, teams of reviewers and experts have proven to be an effective process for providing feedback for authors, vetting new research and discerning its value to advancing science. With these networks now online and leveraging the full power of virtual communities, scientific publishing stands at an opportunistic crossroads, especially pertaining to the peer review process. There is certainly merit to crowd-sourcing through scientific social networks as a complement to the formal peer-review process, especially during the draft phase of a research paper where objective third-party insights would be helpful to authors in the finalization process, but only to a certain level. Publishers stake their reputation on the quality of our peer-reviewed journals; at Elsevier, for example, we reject almost 70 percent of submitted articles. Retractions are costly, not just on a monetary level, but also for credibility, so being able to trust the content of an article is crucial. This formal part of the peer review process should remain in the domain of the journal editor.

That said, social networking of science certainly offers a myriad of ways to benefit the research process and millions are leveraging social networks to explore, trade ideas and encourage debate; all laudable uses. Academic social networks like Mendeley for example, part of Elsevier, allow researchers to download journal articles from a variety of sources and create a personal library to share within a private group. Members can discuss, annotate and benefit from the free flow of ideas between like-minded colleagues at research facilities around the world regardless of affiliation, all of which drives citation and usage — a vital metric in research.

Sites such as Quora, LabRoots and the science groups of LinkedIn, encourage open discussion. These might include questions about a specific area of research, suggestions for funding, job openings, working overseas and even specific challenges faced in the lab. A random sampling of hundreds of research discussions on LinkedIn and Quora illustrate how these networks are being used:

I want to know if someone has heard about dementia in teenagers. Thanks.” “In which physical phenomenon is the subcritical pitchfork bifurcation observed?” “Why is that 2 shell in argon which is located closer to the nucleus has lower energy than the n = 2 shell in neon?” “I request you all to look at my piece and share your thoughts.” The corresponding answers from researchers around the globe demonstrate the power of the reach of these networks and the connections they develop.

The ability to create virtual labs where colleagues around the world can build their own libraries of papers and collaborative groups is now a staple of the research process. Looking to the future, development of alternate realities using such products as Google Glass, which allows a user to view the world with the internet overlaid, will create any number of intriguing ways for researchers to interact and discuss real-time field/lab research or papers in development. In addition, the targeting of researchers with pertinent information based on their social media posts, might generate automatic alerts and links to relevant articles and authors, much in the same way consumer product companies target prospects based on their purchasing history.

Tags : , , , , , , , , , ,

The Intriguing Success of Bitcoin: A Comparative Study

Despite three decades’ research on e-cash by the cryptographic community, all these efforts seem to have been dwindled by the swift success of Bitcoin. The researcher whose name previously unheard of, outsmarted the ingenuity of all the cryptographers combined? Bitcoin is by no means perfect and some well-known problems are discussed later on. So what is it in Bitcoin that has ensured its success? After an in-depth investigation of Bitcoin, we found that although Bitcoin uses no fancy cryptography, its design actually reflects a surprising amount of ingenuity and sophistication. Most importantly, it addresses the incentive problems most expeditiously.

No central point of trust: Bitcoin has a completely distributed architecture, without any single trusted entity. Bitcoin assumes that the majority of nodes in its network are honest, and resorts to a majority vote mechanism for double spending avoidance, and
dispute resolution. In contrast, most e-cash schemes require a centralized bank who is trusted for purposes of e-cash issuance, and double-spending detection. This greatly appeals to individuals who wish for a freely-traded currency not in control by any governments, banks, or authorities —from libertarians to drug-dealers and other underground economy proponents (note that apart from the aforementioned illegal usages, there are numerous legitimate uses as well, which will be mentioned later). In a spirit similar to the original motivation for a distributed Internet, such a purely decentralized system guarantees that no single entity, no matter how initially benevolent, can succumb to the temptation or be coerced by a government into subverting it for its own benefit.

Incentives and economic system: Bitcoin’s ecosystem is ingeniously designed, and ensures that users have economic incentives to participate. First, the generation of new bitcoins happens in a distributed fashion at a predictable rate: “bitcoin miners” solve computational puzzles to generate new bitcoins, and this process is closely coupled with the verification of previous transactions. At the same time, miners also get to collect optional transaction fees for their effort of vetting said transactions. This gives users clear economic incentives to invest spare computing cycles in the verification of Bitcoin transactions and the generation of new Bitcoins. At the time of writing the investment of a GPU to accelerate Bitcoin puzzle solution can pay for itself in ~6 months.

Predictable money supply: Bitcoin makes sure that new coins will be minted at a fixed rate, that is, the larger the Bitcoin community and the total computational resource devoted to coin generation, the more difficult the computational puzzle becomes. This provides strong incentives for early adopters — the earlier in the game, the cheaper the coins minted. (In a later section we discuss negative consequences that the adopted money supply schedule will have, in the long term, on value, incentives, and security.)

Divisibility and fungibility: One practical appeal of Bitcoin is the ease with which coins can be both divided and recombined to create essentially any denomination possible. This is an Achilles’ heel of (strongly anonymous) e-cash systems, because denominations had to be standardized to be unlinkable, which incidentally makes the computational cost of e-cash transactions linear in the amount. In Bitcoin, linkage is inherent, as it is what prevents double spending; but it is the identities that are “anonymous”.

Versatility, openness, and vibrancy: Bitcoin is remarkably flexible partly due to its completely distributed design. The open-source nature of the project entices the creation of new applications and spurs new businesses. Because of its flexibility and openness, a rich extended ecosystem surrounding Bitcoin is flourishing. For example, mixer services have spawned to cater to users who need better anonymity guarantees. There are payment processor services that offer gadgets venders can embed in their webpages to receive Bitcoin payments alongside regular currency.

Scripting: Another salient and very innovative feature is allowing users (payers and payees) to embed scripts in their Bitcoin transactions. Although today’s reference implementations have not fully utilized the power of this feature, in theory, one can realize
rich transactional semantics and contracts through scripts, such as deposits, escrow and dispute mediation, assurance contracts, including the use of external states, and so on. It is conceivable that in the future, richer forms of financial contracts and mechanisms are going to be built around Bitcoin using this feature.

Transaction irreversibility: Bitcoin transactions quickly become irreversible. This attracts a niche market where vendors are concerned about credit-card fraud and chargebacks. Through personal communication with a vendor selling specialty magazines, he mentioned that before, he could not conduct business with customers in certain countries where credit-card fraud prevails. With Bitcoin, he is able to extend his business to these countries due to the protection he obtains from the irreversibility of transactions.

Low fees and friction: The Bitcoin verifiers’ market currently bears very low transaction fees (which are optional and chosen by the payer); this can be attractive in micro payments where fees can dominate. Bitcoin is also appealing for its lack of additional
costs traditionally tacked upon international money transfers, due to disintermediation.

Readily available implementations: Last but not the least, in comparison with other ecash schemes, Bitcoin has provided readily available implementations, not only for the desktop computer, but also for mobile phones. The open-source project is maintained by a vibrant community, and has had healthy developments.

Tags : , , , , , , , , , , ,

Home Heating with Data Furances

We evaluate the financial viability of Data Furances from the perspective of cloud service providers. Because DFs serve as a primary heat source in homes, we first perform a simulation study to understand the heating demands for a single family house across the climatic zones in the U.S.. Based on the results, we discuss the expected savings if DFs were used in each zone. We use ballpark figures and back-of-the-envelope calculations; the exact numbers depend on the specific households and data centers under consideration.

DFs reduce the total cost of conventional datacenters in three main ways. First, much of the initial capital investment to build the infrastructure for a datacenter is avoided, including real estate, construction costs, and the cost of new power distribution, networking equipment, and other facilities. A second and related benefit is that operating costs are reduced. For example, cooling cost is significant in centralized data centers due to the power density, but DFs have essentially no additional cooling or air circulation costs since the heat distribution system in the house already circulates air. Thus, DFs increase the power usage efficiencies (PUE) over conventional datacenters. Finally, the money to buy and operate a furnace for home heating is avoided, and can be used instead to offset the cost of servers: the cloud service provider can sell DFs at the price of a furnace, and charge household owners for home heating. By doing this, the heating cost remains the same for the host family, while costs are reduced for the cloud service provider.

One disadvantage of DFs is that the retail price of electricity is usually higher in the residential areas by 10% to 50% than industrial areas. Another potential disadvantage is that the network bandwidth can cost more in homes if the home broadband link cannot satisfy the service and a high bandwidth link must be purchased. Finally, maintenance costs will increase because the machines will be geographically distributed.

To weigh these advantages and disadvantages, we perform a total cost of ownership (TCO) analysis for both DFs and conventional data centers. The initial and operating cost can change based on climate zone, so we first measure the actual heating demand for homes using the U.S. Department of Energy’s EnergyPlus simulator. This simulator calculates the heating load (BTU) required each minute to keep a home warm, using actual weather traces recorded at airports. We simulate a 1700 square foot residential house that is moderately insulated and sealed with a heating setpoint of 21°C (70°F). We use weather data of Typical Meteorological
Year 3 (TMY3), and replay the entire year for cities in each of the five climate zones in the U.S., as listed in Table 1. The last two columns show the percentage of time (in minutes granularity) that the outside temperature is less than 21°C, (thus heating is useful) and that the outside temperature is greater than 35°C (thus the server may have to be shut down for thermo protection since
we do not expect cooling the furnace.). The percentage of time in between is when the servers can be run but the heat must be pumped outside.

Table1

Table 1: Representative locations used in simulations

Tags : , , , , , ,

Quantization without Bounding Box

Most data sets do not make use of full floating-point precision so that the lowest-order bits are noise and not actual data. For effective compression, floating-point positions are  usually quantized onto a uniform grid. To support quantization for streaming meshes whose bounding box is not known in advance, we use a scheme that quantizes conservatively using a bounding box that is learned as the mesh streams by. The first two vertex positions are compressed without quantization and their distance gives the initial guess on the number of mantissa bits that need to be preserved to guarantee the user-requested precision. This maximum distance is updated with every compressed vertex position and will eventually match the extent of the actual bounding box. How long quantization is overly conservative depends on the order in which of the vertex positions are compressed.

This scheme is part of our current API and works reasonably well, but we still need to analyze and optimize compression speeds and bit-rates. Since conservative quantization encodes many positions with more precision than needed, thereby inflating compression rates, we want to use bounding box information if possible. For the results reported in this paper we assume that advance knowledge about the
bounding box is available. Our streaming mesh writer also supports lossless floating-point compression. This is less efficient since the low-order bits of the mantissa typically contain incompressible noise. But providing this functionality makes it possible to use compression when quantization—for whatever reason—is not an option.

Tags : , , , ,

Virtual Chassis Technology

The EX8208 supports Juniper Networks’ unique Virtual Chassis technology, which enables two interconnected EX8200 chassis— any combination of EX8208s or EX8216s—to operate as a single, logical device with a single IP address. Deployed as a collapsed aggregation or core layer solution, an EX8200 Virtual Chassis configuration creates a network fabric for interconnecting access switches, routers, and service-layer devices such as firewalls and load balancers using standards-based Ethernet LAGs.

In a Virtual Chassis configuration, EX8200 switches can be interconnected using either single line-rate 10GbE links or a LAG with up to 12 10GbE line-rate links. Since the Virtual Chassis intraconnections use small form SFP+ interfaces, Virtual Chassis member switches can be separated by distances of up to 40 km. If the EX8200 Virtual Chassis switch members are located in the same or adjacent racks, low cost direct attach cables (DACs) can be used as the interconnect mechanism.

Since the network fabric created by an EX8200 Virtual Chassis configuration prevents loops, it eliminates the need for protocols such as Spanning Tree. The fabric also simplifies the network by eliminating the need for Virtual Router Redundancy Protocol (VRRP), increasing the scalability of the network design. In addition, since the Virtual Chassis Control Protocol (VCCP) used to form the EX8200 Virtual Chassis configuration does not affect the function of the control plane, Junos OS control plane protocols such as 802.3ad, OSPF, Internet Group Management Protocol (IGMP), Physical Interface Module (PIM), BGP and others running on an EX8200 Virtual Chassis system behave in exactly the same way as when running on a standalone chassis.

EX8200 Virtual Chassis configurations are highly resilient, with no single point of failure, ensuring that no single element—whether a
chassis, a line card, a Routing Engine, or an interconnection—can render the entire fabric inoperable following a failure. Virtual
Chassis technology also makes server virtualization at scale feasible by providing simple L2 connectivity over a very large pool
of compute resources located anywhere within a data center.

Virtual Chassis technology can also be used to extend EX8200- based VLANs between data centers by placing an equal number of
switches in both data centers, or by interconnecting two separate Virtual Chassis configurations using a simple L2 trunk.

Tags : , , , , , , , , , , ,

Is the stored biometric information “personal”? How sensitive and unique is it?

In some Canadian jurisdictions, personal information is defined as recorded information about an identifiable individual, other than contact information. Under that broad definition, any biometric information is personal information. However, in this document, we will adopt a narrower concept of “personally identifiable information” (PII). Information is considered personally identifiable if an individual may be uniquely identified either from this information only or in combination with any other information. If it is determined that the information is PII (and not just contact information), it will also be considered “personal information” by other Canadian jurisdictions (including the federal Personal Information Protection and Electronic Documents Act).

Some organizations may see the following claims: (i) the stored biometric information is just a meaningless number, and therefore is not personally identifiable information; (ii) biometric templates stored in a database cannot be linked to other databases because a sophisticated proprietary algorithm is used; or (iii) a biometric image cannot be reconstructed from the stored biometric template. In most of these cases, none of these statements is true. If organizations do not have sufficient, state-of-the-art expertise in biometrics, they can easily fall victim to misleading information.

As such, great caution must be taken when stored biometric information is referred to as a “meaningless number.” It will be shown below that this is not necessarily true; in fact, a skilled (but not necessarily malicious) individual, with the proper knowledge, may be able to not only derive personally identifiable information from the stored “number,” but also to reconstruct a replica fingerprint from template data. What follows in this section is a discussion of the validity, or lack thereof, of the notion that the stored biometric information is a “meaningless number.” In particular, the following questions will be addressed:

Tags : , , , , ,

Managing Safe Recipients

The Safe Recipients list allows you to specify email addresses or domain names that will not filter the messages you send to them. You can add, edit, and remove entries in the Safe Recipients list.

1.  Be sure the junk email filter is on

2. On the toolbar, click OPTIONS, The Options screen appears.

3. From the Options list, select Junk E-Mail, The Junk E-Mail options appear.

4. To add an entry, in the Safe Recipients List section

5. To edit an entry

6. To remove an entry

7. Click SAVE, The changes are saved.

Tags : , , ,

What is a Non-Delivery Report?

Email systems support a service called Delivery Status Notification or DSN for short. This feature allows end users to be notified of successful or failed delivery of email messages. Examples include sending a report when email delivery has been delayed or when an email message has been successfully delivered.

A non-delivery report or NDR is a DSN message sent by the email server (mail transfer agent or MTA for short) that informs the sender that the delivery of the email message failed. While there are various events that can trigger an NDR, the most common cases are when the recipient of the message does not exist or when the destination mailbox is full.

A simple email message is typically made up of a set of headers and at least one body. An example of this can be seen in figure 1. In this example, the email is sent from user1@domain1.com to user2@domain2.com. If the domain name domain2.com does not exist
or does not have an email server, then the MTA at “domain1.com” will send an NDR to user1@domain1.com2. When the domain name exists and the MTA at domain2.com is accepting email, the behavior is different. In this case, the domain2.com email server should
check if the destination mailbox exists and is accepting emails. If this is not the case, then the MTA should reject the email message. However, many mail servers will accept any email and then bounce the email later on if the destination address does not exist.

F1

Figure 1

Figure 2 describes a scenario where “user2@domain2.com” does not exist, but the mail server at domain2.com still accepts the email as it cannot verify if the mailbox exists or not. The server then sends an NDR message to “user1@domain1.com” which includes the original message attached.

F2

Figure 2

Tags : , , , , ,

Quantum public keys

A quantum public key is a quantum state drawn from a set of non-orthogonal states. Multiple copies of the same key can be issued and distributed to different participants in a system. Such states can be used to encode classical information privately, because by the principles of quantum theory the states cannot be fully distinguished. The natural way to encode classical information on quantum states is to apply some quantum operation which represents the information on the quantum state.

It is considered to use quantum public key encryption for its direct and natural purpose – secure communication. In this part the emphasis is on the advantages of this method with respect to private key cryptography. Other uses of public keys in quantum cryptography include quantum fingerprinting, quantum digital signatures and quantum string commitment. In each of these cases a choice of the set of non orthogonal states is made suitable for the particular application. In the case of secure communication, discussed in this thesis, the quantum states must have the property that they can easily be used for encoding of classical information by a person without knowing which of the states from the set was chosen.

The contribution of this definition is a rigorous description of the parameters of a quantum public key. We give simple and efficient protocols for distribution of public keys, and of encoding and decoding of classical information using these keys. The protocols are divided into two types – those where the key distribution phase is quantum, but the encodings and decodings of messages are classical, and those where also the encoding and decoding procedures involve quantum communication. Each protocol comes with a thorough analysis of its security.

The good properties of this method of encryption allow us to have a network where the content of the exchanged messages, as well as the identities of senders and receivers of messages, are kept secret from any unauthorized entity. This unauthorized entity (the adversary) is assumed to control an arbitrary fraction (smaller than 1) of the users/players in the network. The network provides
unconditional security in both these two aspects. In terms of communication complexity the main parameter is the number of users of the network. With respect to this parameter we have protocols that require for a delivery of a single message a polylogarithmic number of communication rounds. The total amount of communication per message delivery is also polylogarithmic in this parameter.

Classically, according to what is currently known, tolerating an arbitrary fraction of adversary controlled users can be achieved efficiently only with computational security (to be considered efficient a protocol has to operate with both polylogarithmic number of rounds and polylogarithmic total communication per message). Proving this fact is an open problem; however if unconditional
security is required then the only known classical solutions either limit the power of the adversary to control at most half of the players in the network, or are highly inefficient in terms of communication cost in the network. To be more specific, these solutions require at least a linear number of communication rounds per single message delivery (which is far from being acceptable), and the
total amount of communication per message is polynomial.

Tags : , , , , , , , ,

Event Gateway, IM, and SMS injection in ColdFusion 8

ColdFusion 8 enables Event Gateways, instant messaging (IM), and SMS (short message service) for interacting with external systems. Event Gateways are ColdFusion components that respond asynchronously to non-HTTP requests: instant messages, SMS text from wireless devices, and so on. ColdFusion provides Lotus Sametime and XMPP (Extensible Messaging and Presence Protocol) gateways for instant messaging. It also provides an event gateway for interacting with SMS text messages.

Injection along these gateways can happen when users (and/or systems) send malicious code to execute on the server. These gateways all utilize ColdFusion Components (CFCs) for processing. Use standard ColdFusion functions, tags, and validation techniques to protect against malicious code injection. Sanitize all input strings and do not allow unvalidated code to access backend systems.

  1. Use the XML functions to validate XML input.
  2. When performing XPath searches and transformations in ColdFusion, validate the source before executing.
  3. Use ColdFusion validation techniques to sanitize strings passed to xmlSearch for performing XPath queries.
  4. When performing XML transformations use only a trusted source for the XSL stylesheet.
  5. Ensure that the memory size of the Java Sandbox containing ColdFusion can handle large XML documents without adversely affecting server resources.
  6. Set the maximum memory (heap) value to less than the amount of RAM on the server (-Xmx)
  7. Remove DOCTYPE elements from the XML string before converting it to an XML object.
  8. Use scriptProtect to thwart most attempts of cross-site scripting. Set scriptProtect to All in the Application.cfc file.
  9. Use <cfparam> or <cfargument> to instantiate variables in ColdFusion. Use these tag with the name and type attributes. If the value is not of the specified type, ColdFusion returns an error.
  10. To handle untyped variables use IsValid() to validate its value against any legal object type that ColdFusion supports.
  11. Use <cfqueryparam> and <cfprocparam> to validate dynamic SQL variables against database datatypes.
  12. Use CFLDAP for accessing LDAP servers. Avoid allowing native JNDI calls to connect to LDAP.

Tags : , , , , , , , , , , , , , ,