05/11/2021 Reflective Blog

During this year long experience in the senior seminar, we have read and had discussions on ethical aspects of interesting topics in computer science, for example, IoT, quantum computing and cryptography, facial recognition… I think having knowledge about and developing the awareness for the ethical problems in technologies is essential in the 21 century. Many dilemmas that we discussed about like legal responsibilities in self-driving cars were manifested in recent news. As more cutting-edge technologies are rapidly put into use in real life, our society is craving for education and legislation on the ethical problems in new technologies and Dickinson’s Computer Science department is actively taking on its responsibility to deliver that indispensable portion of education.

Another aspect of our seminar that I love is joining an H/FOSS community. Our group joined OpenMRS community. This semester we had great interactions with the OpenMRS community. After exploring for tickets and joining different modules, I was surprised by how the communities for each and every module are so welcoming and supportive. And considering the enormous database and module structure OpenMRS has, I was amazed by how helpful it was to build relationships with these incredible main contributors around the world. I was always not good at asking questions and asking for help, but receiving kindness and help from the community made me want to be more dedicated and make more contributions to OpenMRS.

04/30/2021 How does Apple Face ID work?

There are a number of hardware factors involved in Face ID, such as the TrueDepth camera system, neural networks and the Bionic chips.

Apple face ID is designed to work with hats, scarves, contact lenses and most sunglasses, but it doesn't work with a face mask. A software update coming in iOS 14.5 will enable Face ID to work when user is wearing a face mask.

TrueDepth camera system

Each time the user glance at their iPhone X (or newer), the TrueDepth camera system will detect their face with a flood illuminator, even in the dark.

An infrared camera will then take an image, and a dot projector will project out over 30,000 invisible infrared dots. This system uses the infrared image and the infrared dots, and pushes them through neural networks to create a mathematical model of the user’s face.

Bionic neural engine

The chips are specialized hardware built for a set of machine learning algorithms. They can handle hundreds of billions of operations per second and can therefore be used for technology, such as real-time Face ID recognition.

Security in Apple’s facial recognition

1. User’s face data is also protected by a secure enclave in the Bionic chips, and all the processing is done on the chips, whether that be the A11, A12 or A13. That means user’s face data is not sent to a server.

2. Face ID also requires user’s attention to unlock, so if their eyes are closed, or if they are looking away, it's not going to unlock.

04/19/2021 Right to be forgotten

As the most comprehensive state data privacy legislation to date, CCPA(California Consumer Privacy Act) was signed into law on June 28, 2018, and went into effect on January 1, 2020. CCPA requires entities that collect user data to obey duties such as informing data subjects when and how data is collected, and giving them the ability to access, correct, and delete such information.

This includes users’ right to be forgotten. Here are the times when the right to be forgotten is applicable:

Upon receiving a request the organization is obligated to erase data if:• the personal data is no longer necessary for the purposes it was collected previously. • the individual withdraws consent and there is no ground for the processing of personal data. • The personal data have been unlawfully processed, etc.

Organizations should erase the data without undue delay and at least within one month after the request was received. There are certain situations where the deadline can be longer if: • the individual is requested to confirm the identity (for example, provide a copy of an ID). • the organization charges a fee (this can only be applicable in certain situations and is advised to avoid).

There are situations where organizations can decline a request if the processing is necessary for:• exercising the right of freedom of expression and information. • compliance with a legal obligation which requires processing by Union or Member State law, etc.

04/02/2021 China developed the fastest quantum computer, Jiuzhang

The Chinese team, based primarily at the University of Science and Technology of China in Hefei, reported their quantum computer, Jiuzhang, is 10 billion times faster than Google's. 

A description of Jiuzhang was published in the journal Science. Jiuzhang would be the second quantum computer to achieve quantum supremacy in the world (Google was the first one claimed to achieve quantum supremacy).Xi Jinping's government has spent $10 billion on the country's National Laboratory for Quantum Information Sciences, NDTV reported. 

The Chinese computer makes its calculations using optical circuits. Google's device, Sycamore, uses superconducting materials on a chip and more nearly resembles the basic structure of classical computers. Neither would be particularly useful on its own as a computer, and the Chinese device was built to solve just one type of problem.To test Jiuzhang, the researchers assigned it a "Gaussian boson sampling" (GBS) task, where the computer calculates the output of a complex circuit that uses light. That output is expressed as a list of numbers. (Light is made of particles known as photons, which belongs to a category of particles known as bosons.) Its calculation time to produce the list of numbers for each experimental run was about 200 seconds, while the fastest Chinese supercomputer, TaihuLight, would have taken 2.5 billion years to arrive at the same result. That suggests the quantum computer can do GBS 100 trillion times faster than a classical supercomputer.

03/26/2021 Internet of Battlefield Things

The Internet of Battlefield Things (IoBT) involves the full realization of pervasive sensing, pervasive computing, and pervasive communication, leading to an unprecedented scale of information produced by the networked sensors and computing units. In the Internet of Military Things (IoMT) or Internet of Battlefield Things (IoBT), the sensing and computing devices worn by soldiers and embedded in their combat suits, helmets, weapons systems, and other equipment are capable of acquiring a variety of static and dynamic biometrics such as their face, iris, periocular space, fingerprints, heart rate, gait, gestures, and facial expressions.

Edge computing allows, for example, fingerprints from a weapon or bomb to be uploaded to the network and used to identify a combatant instantly.

Context-aware biometrics may contribute to fully realize the IoBT potential by augmenting the available information exchanged among the various kinds of devices with supplementary physical, such as, heart rate, body temperature or thermal distribution, etc., and behavioral (body dynamic patterns, speech patterns, etc.) user data, useful for inferring physiological and emotional conditions of soldiers on the field which could be valuable for critical situation evaluation, and decisional activity.

03/05/2021 Existing Government Surveillance Projects

Countries in the world have already been using their own surveillance projects to track people in their countries. The moral issues behind these projects are complex.

In the U.S., Edward Snowden disclosed the existence of Boundless Informant. It is a big data analysis and data visualization tool used by the United States National Security Agency(NSA). It gives NSA managers summaries of the NSA's worldwide data collection activities. Those disclosed documents were in a direct contradiction to the NSA's assurance to United States Congress that it does not collect any type of data on millions of Americans. Boundless Informant also collects data worldwide. Here is a “heat map” demonstrating the amount of data collected from each country. The figure shows that Iran had the largest amount of intelligence gathered.

Main Core is an alleged American government database containing information like personal and financial database on those believed to be threats to national security.

DRDO NETRA from India monitors online communications on a real time basis from services like Skype and Google Talk.

Many other countries like China, Russia, UK, and so on, also have their own surveillance projects to monitor the information of people inside their countries.

02/20/2021 An Introduction to DeepMasterPrints

Developers introduced their product DeepMasterPrints in their paper, DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution∗. DeepMasterPrints utilize MasterPrints to simulate real finger prints. MasterPrints are real or synthetic fingerprints that can fortuitously match with a large number of various fingerprints, so that one MasterPrint can gain access to a lot of fingerprint-protected devices. DeepMasterPrints create synthetic fingerprint images that are visually similar to natural fingerprint images.

The logic behind MasterPrints is that fingerprint sensors are usually small in size for ergonomic reasons, so only partial finger prints are captured. However, partial fingerprints are not as distinguishable as full fingerprints, so there is a larger chance for a different fingerprint to be mismatched to one’s fingerprint record on their device. This means it is possible to gain access to a fingerprint-protected device even without information gaining the subject’s fingerprint image.

DeepMasterPrints is the first design that creates a synthetic MasterPrint at the image-level. Therefore it presents a greater danger of utilizing small-sized sensors with limited resolution in fingerprint application. Existing hacking technologies like DeepMasterPrints remind us that the security issue should be given enough attention to when in the future biometrics are further popularized.

02/12/2020 Legality Issues Behind Autonomous Cars

People in technology, like Elon Musk, had great confidence on the technology of autonomous cars before the first fatal incident happened in 2018. After that, many companies had postponed or limited the testing of autonomous cars, and started putting more attention to the legality issues involved in autonomous cars. The first death on record involving a self-driving car was caused by a Uber’s test vehicle, which was operating on self-driving mode with a human safety backup driver sitting in the driving seat. The victim’s name was Elaine Herzberg who was wheeling a bicycle across a four-lane road late in the evening of March 18, 2018. Investigators said that the safety driver had been streaming an episode of the television show, The Voice, at that time. As a result, the back-up driver was charged with negligent homicide mostly because the fatal collision was “entirely avoidable” if the driver was paying attention to the road situation. Uber was not charged with a crime since there was “no basis for criminal liability”. Because of this fatal incident, Uber stopped testing of the autonomous car technology in Arizona. As long as there is a back-up driver in the autonomous car, it would be very complicated to decide whose fault it is when accidents occur. The law is not adequately prepared for the popularization of autonomous cars so far.

02/05/2021 Perfect Duties and Imperfect Duties in Kantianism

Kantianism says that do not do someting you do not want others to do, and perfect duties have higher priority than imperfect duties. According to Kant, duties are something that that we can see as a universal rule for all of humanity necessary for a morally just society. So the followings are examples and explanations for both perfect duties and imperfect duties according to this resource.

Perfect duties says if there is something that when everyone in a society does it, the society will be unstable, then not doing this thing will be a perfect duty. For example, if everyone in a society lies to others at their own convenience, then there would be no trust in the society. Since we have a constant need of honesty and trust in dealings, not lying would be a perfect duty under Kantianism. Most of the perfect duties turn out to be negative duties, not doing something.

Kant specifies two imperfect duties: the duty of self-improvement and the duty to aid others. One of the imperfect duties is aiding others. This duty exists because of human’s fragile nature. Since we cannot do things by ourselves and we need help, it is our imperfect duties to help others. We can universalize this theory: we receive help from others and we also need to provide help to people in need. We cannot ignore out imperfect duties, but we can achieve them by various means. Another imperfect duty is self-improvement. It is a imperfect duty because when people need help, they need it from experts, and only when there are experts, can the society work in harmony.

12/04/2020 Reflective Blog Post

The topic of CS491 brings me to the world of Free and Open Source Software. As a person who always wants to engage in nonprofit organizations to help the minorities and the vulnerable communities, it is surprising to know that my strength in Computer Science can also be a part of these acts of altruism. The aim of OpenMRS project, providing medical support in the developing countries, immediately catch the attention of our group. While working on the user and developer installation can be stressful when each of us meets different errors that we cannot even understand the error messages for, we feel so confident knowing that an active, friendly, and altruistic group across the globe has our back. Not only is the OpenMRS group helpful, our group of 6 is also surprisingly active and engaging. Our group divided into two subteams, and our subteam had several meetings to do the developer installation together and to help each other out. During the meetings, we listened to each other’s questions and tried to help out as a group.

Another big takeaway is we do not need to understand the functionality of a tool thoroughly in order to use it. For example, none of our group members knew what Maven and Tomcat did before we installed them, and their functionalities became clearer as we continue to use them for tasks. Although we have learnt a lot from college, there are so many things we need to learn as the technology evolves, do not be afraid for unfamiliarity, we can always learn while doing.

There are so many more takeaways. This class feels like a start rather than an end. Although not provided with well-organized knowledge as before in lectures, I gain the strength to learn from peers, mentors, and even Googling. I am less fear for the unknown and am more eager to help.

11/23/2020-Reasons Why Meritocracy Is Not Perfectly Implemented in Today’s OSS Projects

According to this article, although the core value of OSS is meritocracy, it is not always perfectly implemented. For example, the founder of Progeny Linux Systems, Lan Murdock, had not been active in the Debian Project for several years. However, when the company started to become active in Debian affairs, his status remained undiminished within the project. Despite the fact that he would not actively involve in the project personally, he was still offered the opportunity to skip the usual process for becoming a Debian Maintainer, although he turned it down. There are many other cases where people gain influence in OSS or industries not for hardworking and time input, but because they have the energy and money to create the position for themselves.

Another issue is that some OSS projects paid some people to do code contribution, and also accept volunteers. In those projects, the paid contributors usually have higher influences not entirely because they devote more time than volunteers, but because they were paid for positions of responsibilities.

Since coding parts always attract more attention in a OSS project, it is more likely for people to learn the names of developers or hear them speak at conferences than anyone else. Although there are people that devote their time and energy to write documentation, translation, art, and technical support, etc, they normally do not get the credits they are worth for.

11/19/2020 Is It Really Safe For Business To Use OSS?

Open source software is widely used for business, for benefits like, being most free of cost, the good quality, and a community it provides which helps with the popularity of the business. However, open source means the software’s code is available to the public. Then would not it make the software easier to hack? Would not the business loss a lot of money and data if the software get hacked?

Firstly, most open source software are coded and run on virtual machine. This article talks about how using a virtual machine protects people’s computers. A virtual machine(VM) is a fake machine running inside the real computer. The virtual machine, the guest, gets its own virtual hard drive and takes a chunk of the computer’s memory, but it is just a file on the real hard drive. This means the virtual machine is separate from all other information in the real computer, the host. This means even if the guest is hacked, the host is still safe. That is also the reason why security researchers often use VMs to study computer viruses by unleashing the viruses on the guest VMs, and safely monitor how they work.

According to this article, there are generally two types of Linux hackers: hobbyists, who are often hackers looking for new solutions to software problems or tinkerers looking for new uses for their software/hardware, and malicious actors, who use Linux hacking tools to exploit vulnerabilities in Linux applications, software, and networks. The latter type of hacking is used for gaining unauthorized access to systems and steal data.

The malicious actors typically use tools such as password crackers, and network and vulnerability scanners. Password crackers are software developed for decoding passwords in a variety of formats, such as encrypted or hashed passwords. These tools are used to fai access to an organization’s network, databases, directories, and more. Some of the password crackers also have wireless packet sniffing, which are commonly used in Linux wifi hacking. Linux network scanners are used to detect other devices on a network, which are used to discover network security holes in Linux wifi hacking. They are used to gather information used for hacking target software, applications, and operating systems.

How open source software developers protect the software is to use these tools to test the software in order to discover software and network vulnerabilities before attacker. Thus, if there are more eyes on the protectors side in open source software, it might be even safer then the closed software.

11/16/2020 Factors That May Cause Agile Process to Fail

Agile is a new software design strategy that is widely applied today in well-know companies like Apple, IBM, and Microsoft. There are many benefits in using agile software development. For example, it is humanitarian in that people working in the agile group trust each other for the work they are going to do, the work is not assigned to people but rather selected by the workers for themselves. Agile is also very adaptive to the changing environments since it keeps looking back at the requirements during the development. However, there are many hidden factors that may cause an agile process to fail.

The first one is the lack of overall product design. Although agile works well in a changing environment, and it does not depend on the documentation as much as waterfall software development, the lack of overall picture from the beginning might lead to a huge revision of work in the middle or at the end of the process. This revision could be very expensive and avoidable.

The most significant cause for failure in agile implementations is the lack of understanding and training for agile. The group members always think agile means the lack of rules and reduced development process.

Inefficient daily standup meeting may be time-consuming and not efficient. Some difficult problems that only involve a few members should not be focused on in a daily standup meeting and should be set aside until a sub-team can discuss after the standup meeting.

Another situation is when the scrum master also works as a contributor. Although it is technically allowed in the scrum process, the responsibility of a scrum master is to ensure the scrum process is taking place and coaching the team through this process. Having a scrum master facilitate the process while also creating the product may result in too many context switches to be productive.

11.10.2020 Scenario Testing and How to Create Testing Scenarios

According to this article, scenario testing is a software testing method in which actual scenarios are used instead of test cases for testing the software application and put the testers in the users’ shoes, and test scenario is any functionality that can be tested. The test scenarios could be approved by stakeholders like Business Analyst, Developers, and Customers to ensure the application is thoroughly tested.

In order to create a test scenario, the tester needs to carefully study the Requirement Documents, such as the Business Requirement Specification (BRS), Software Requirement Specification (SRS), and the Functional Requirement Specification (FRS). Then identify every possible user action, and the technical problems associated with these actions. The testers also need to stand in the hankers’ shoes to find out possible system abuse scenarios and create tests for them. After enumerating every test scenario, the tester will pass it to the supervisor, and then the test cases will be given to the stakeholders of this project.

For example, the test scenarios for e-commerce website may involve questions like: if the user can create an account with valid email address and password? If the user can log in with a valid email id and password? What happens when the email address is not valid? What happens when the email address and the password does not match in the database? And so on.

11/06/2020 Possible Usage Scenarios of Proxy Software Design Pattern

 Proxy pattern is a class functioning as an interface to something else. A proxy is like an agent object that is called by the client to access the real serving object behind the scene. According to this wiki page, the possible usage scenarios include remote proxy, virtual proxy, and protection proxy.

Remote proxy is a local object that represents a remote object. The local object is a proxy of the remote object, and the invocation of the local proxy results in the invocation of the remote object. For example, an ATM is a remote proxy for bank information in a remote server.

Virtual proxy is used to preserve memory from being allocated to an object that may not be used at this moment or in the future. A virtual proxy, which is a simplified copy of the object is created and shown to the users. For example, if the students would like to borrow books from a library, then it will take up a considerable amount of RAM to load all the detailed information of all the books in the library. That is where a virtual proxy that only contains the book names, authors, and publish years of books is needed, and it only presents the book details when the book is considered by the student.

Protection proxy is used to control access to a resource based on access rights. The protection proxy often lies between the application layer and the database access layer. For example, in a bank system, in order to have access to a users’ bank information, a client must pass the authentication in the protection proxy layer.

10/23/2020 Rewriting in Software Development

There are some good techniques to practice when developing a software, for example, not being too specific in comments, and not being too generic in code. However, as the real world changes, the user demand may vary at different time, and for many other reasons, the current code may not be the best to base further work on, and this is where people think of rewriting the code.

Rewrite in computer programming refers to the act of reimplementing a large portion of existing functionality without reuse of its source code. According to this resource, oftware developers usually choose to rewrite the source code when: the old source code structure is too complicated to understand or to extend; the source code cannot be adapted to the new target platform or utility; the programming language of the source code has to be changed.

Here are some risks in rewriting: The coupling of components are usually high, so rewriting single components may lead to the necessity in rewriting in a larger picture; the sponsors may lose patience in continuing funding, and the users may be reluctant to adapt to the new front-end structure.

However, while rewriting, the best practice is to start as we are writing it for the first time rather than constantly trying to reuse code from the past. It is always good to practice the techniques like trying to know more and more about the real-world user interactions, not making unpractical assumptions in if statements, and not trying to write code for the future.

10/16/2020 What happens after a piece of software(work) goes into the public domain?

First of all, there are four common ways that software(works) arrives in the public domain found in this article:

1.     The copyright has expired

2.     the copyright owner failed to follow copyright renewal rules

3.     the copyright owner deliberately places it in the public domain, known as “dedication”

4.     copyright law does not protect this type of work.

Once a piece of work goes to public domain, it belongs to the public, and no one can own this work. Although individual works might belong to public domain, the collection of work may be copyrighted. For example, the book selected poems – E.E.Cummings is copyrighted by all E.E.Cummings’ poems are in public domain. Although works in public domain are not copyrighted, derivative works based on works in public domain can be copyrighted. For example, if people take a piece of code from the public domain and make changes to the object names then they can release this piece of code as their own intellectual property. Here are some examples of things that copyright law does not protect: short phrases such as “Good morning”, titles of books or movies, facts or theories, any work created by a federal government employee or officer is in the public domain.