BREACH (a backronym: Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is a security vulnerability against HTTPS when using HTTP compression. BREACH is built based on the CRIME security exploit. BREACH was announced at the August 2013 Black Hat USA conference by security researchers Angelo Prado, Neal Harris and Yoel Gluck. == Details == While the CRIME attack was presented as a general attack that could work effectively against a large number of protocols, only exploits against SPDY request compression and TLS compression were demonstrated and largely mitigated in browsers and servers. The CRIME exploits against HTTP compression has not been mitigated at all, even though the authors of CRIME have warned that this vulnerability might be even more widespread than SPDY and TLS compression combined. BREACH is an instance of the CRIME attack against HTTP compression—the use of gzip or DEFLATE data compression algorithms via the content-encoding option within HTTP by many web browsers and servers. Given this compression oracle, the rest of the BREACH attack follows the same general lines as the CRIME exploit, by performing an initial blind brute-force search to guess a few bytes, followed by divide-and-conquer search to expand a correct guess to an arbitrarily large amount of content. == Mitigation == BREACH exploits the compression in the underlying HTTP protocol. Therefore, turning off TLS compression makes no difference to BREACH, which can still perform a chosen-plaintext attack against the HTTP payload. As a result, clients and servers are either forced to disable HTTP compression completely (thus reducing performance), or to adopt workarounds to try to foil BREACH in individual attack scenarios, such as using cross-site request forgery (CSRF) protection. Another suggested approach is to disable HTTP compression whenever the referrer header indicates a cross-site request, or when the header is not present. This approach allows effective mitigation of the attack without losing functionality, only incurring a performance penalty on affected requests. Another approach is to add padding at the TLS, HTTP header, or payload level. Around 2013–2014, there was an IETF draft proposal for a TLS extension for length-hiding padding that, in theory, could be used as a mitigation against this attack. It allows the actual length of the TLS payload to be disguised by the insertion of padding to round it up to a fixed set of lengths, or to randomize the external length, thereby decreasing the likelihood of detecting small changes in compression ratio that is the basis for the BREACH attack. However, this draft has since expired without further action. A very effective mitigation is HTB (Heal-the-BREACH) that adds random-sized padding to compressed data, providing some variance in the size of the output contents. This randomness delays BREACH from guessing the correct characters in the secret token by a factor of 500 (10-byte max) to 500,000 (100-byte max). HTB protects all websites and pages in the server with minimal CPU usage and minimal bandwidth increase.
Sports Card Investor
Sports Card Investor is an American sports collectibles media platform and mobile application founded by Geoff Wilson. The platform provides market data, analysis, and editorial content focused on sports trading cards and related collectibles. It operates a website, mobile app, and digital media channels covering developments in the sports card industry. The company posted its first YouTube video in July 2019, shortly before a period of rapid growth in sports card collecting in the early 2020s, which was marked by increased trading volumes and mainstream media attention. == History == Sports Card Investor was founded by Geoff Wilson, an entrepreneur and collector who began publishing sports card–related content online before launching the platform's dedicated app and subscription tools. In February 2020, the company launched Market Movers, the first website and app to chart sports card prices and track card collections. The platform expanded its media presence through partnerships and distribution agreements. In 2023, Yahoo Sports announced a new collectibles coverage initiative that included additional content from Sports Card Investor. In February 2024, the Sports Card Investor studio relocated to CardsHQ in Atlanta, Georgia, and visitors to the facility can watch Sports Card Investor videos being filmed. == Platform and content == The Sports Card Investor app provides users with pricing data, portfolio-tracking tools, and market-trend analysis for trading cards. The company also produces video and editorial content discussing market developments, grading trends, and major card releases. Coverage in industry publications has referenced Sports Card Investor in discussions about shifts in sports card licensing rights and hobby market reactions. == Industry context == The growth of Sports Card Investor coincided with a broader resurgence in trading card markets, including record sales and expanded retail presence. Mainstream outlets have cited the company and its founder in reporting on collectibles investing trends, grading practices, and market volatility. The Sports Card Investor app has attracted over 37,000 reviews on the Apple App Store, reflecting its strong user engagement within the sports card community.
Smoothing
In statistics and image processing, to smooth a data set is to create an approximating function that attempts to capture important patterns in the data, while leaving out noise or other fine-scale structures/rapid phenomena. In smoothing, the data points of a signal are modified so individual points higher than the adjacent points (presumably because of noise) are reduced, and points that are lower than the adjacent points are increased, leading to a smoother signal. Reducing noise by smoothing may aid in data analysis in two notable ways: Help uncover more meaningful information from the underlying data, such as trends. Provide analyses that are both flexible and robust. Many different algorithms are used in smoothing, most commonly binning, kernels, and local weighted regression. == Compared to curve fitting == Smoothing may be distinguished from the related and partially overlapping concept of curve fitting in the following ways: curve fitting often involves the use of an explicit function form for the result, whereas the immediate results from smoothing are the "smoothed" values with no later use made of a functional form if there is one; the aim of smoothing is to give a general idea of relatively slow changes of value with little attention paid to the close matching of data values, while curve fitting concentrates on achieving as close a match as possible. smoothing methods often have an associated tuning parameter which is used to control the extent of smoothing. Curve fitting will adjust any number of parameters of the function to obtain the 'best' fit. == Linear smoothers == In the case that the smoothed values can be written as a linear transformation of the observed values, the smoothing operation is known as a linear smoother; the matrix representing the transformation is known as a smoother matrix or hat matrix. The operation of applying such a matrix transformation is called convolution. Thus the matrix is also called convolution matrix or a convolution kernel. In the case of simple series of data points (rather than a multi-dimensional image), the convolution kernel is a one-dimensional vector. == Algorithms == One of the most common algorithms is the "moving average", often used to try to capture important trends in repeated statistical surveys. In image processing and computer vision, smoothing ideas are used in scale space representations. The simplest smoothing algorithm is the "rectangular" or "unweighted sliding-average smooth". This method replaces each point in the signal with the average of "m" adjacent points, where "m" is a positive integer called the "smooth width". Usually m is an odd number. The triangular smooth is like the rectangular smooth except that it implements a weighted smoothing function. Some specific smoothing and filter types, with their respective uses, pros and cons are:
ALL-IN-1
ALL-IN-1 was an office automation product developed and sold by Digital Equipment Corporation in the 1980s. It was one of the first purchasable off the shelf electronic mail products. It was later known as Office Server V3.2 for OpenVMS Alpha and OpenVMS VAX systems before being discontinued. == Overview == ALL-IN-1 was advertised as an office automation system including functionality in Electronic Messaging, Word Processing and Time Management. It offered an application development platform and customization capabilities that ranged from scripting to code-level integration. ALL-IN-1 was designed and developed by Skip Walter, John Churin and Marty Skinner from Digital Equipment Corporation who began work in 1977. Sheila Chance was hired as the software engineering manager in 1981. The first version of the software, called CP/OSS, the Charlotte Package of Office System Services, named after the location of the developers, was released in May 1982. In 1983, the product was renamed ALL-IN-1 and the Charlotte group continued to develop versions 1.1 through 1.3. Digital then made the decision to move most of the development activity to its central engineering facility in Reading, United Kingdom, where a group there took responsibility for the product from version 2.0 (released in field test in 1984 and to customers in 1985) onward. The Charlotte group continued to work on the Time Management subsystem until version 2.3 and other contributions were made from groups based in Sophia Antipolis, France (System for Customization Management and the integration with VAX Notes), Reading (Message Router and MAILbus), and Nashua, New Hampshire (FMS). ALL-IN-1 V3.0 introduced shared file cabinets and the File Cabinet Server (FCS) to lay the foundation for an eventual integration with TeamLinks, Digital's PC office client. Previous integrations with PCs included PC ALL-IN-1, a DOS-based product introduced in 1989 that never proved popular with customers. Bob Wyman was the first product manager. He oversaw the growth of the product culminating in over $2 billion per year in revenue and market leadership in the proprietary office automation sector. Other consultants from Digital Equipment Corporation involved include Frank Nicodem, Donald Vickers and Tony Redmond.
PNGOUT
PNGOUT is a freeware command line optimizer for PNG images written by Ken Silverman. The transformation is lossless, meaning that the resulting image is visually identical to the source image. According to its author, this program can often get higher compression than other optimizers by 5–10%. It is possible to compress some inflated PNGs to a size below 1% of the original file. PNGOUT was also available as a plug-in for the freeware image viewer IrfanView and can be enabled as an option when saving files. It allows editing of various PNGOUT settings via a dialog box. PNGOUT integration was removed in IrfanView version 4.58 in favour of OptiPNG. In 2006, a commercial version of PNGOUT with a graphical user interface, known as PNGOUTWin, was released by Ardfry Imaging, a small company Silverman co-founded in 2005. There is also a freeware GUI frontend to PNGOUT available, known as PNGGauntlet. == Main operation == The main function of PNGOUT is to reduce the size of image data contained in the IDAT chunk. This chunk is compressed using the deflate algorithm. Deflate algorithms can vary in speed and compression ratio, with higher compression ratios generally implying lower speed. Ken Silverman wrote a deflate compressor for PNGOUT that is slower than the ones used in most graphics software, but produces smaller files. PNGOUT also performs automatic bit depth, color, and palette reduction where appropriate.
Human-in-the-loop
Human-in-the-loop (HITL) is used in multiple contexts. It can be defined as a model requiring human interaction. HITL is associated with modeling and simulation (M&S) in the live, virtual, and constructive taxonomy. HITL, along with the related human-on-the-loop, are also used in relation to lethal autonomous weapons. Further, HITL is used in the context of machine learning.It is also used in conversational AI to manage complex interactions that require human empathy. == Machine learning == In machine learning, HITL is used in the sense of humans aiding the computer in making the correct decisions in building a model. HITL improves machine learning over random sampling by selecting the most critical data needed to refine the model. == Simulation == In simulation, HITL models may conform to human factors requirements as in the case of a mockup. In this type of simulation, a human is always part of the simulation and consequently influences the outcome in such a way that is difficult if not impossible to reproduce exactly. HITL also readily allows for the identification of problems and requirements that may not be easily identified by other means of simulation. HITL is often referred to as an interactive simulation, which is a special kind of physical simulation in which physical simulations include human operators, such as in a flight or a driving simulator. === Benefits === Human-in-the-loop allows the user to change the outcome of an event or process. The immersion effectively contributes to a positive transfer of acquired skills into the real world. This can be demonstrated by trainees utilizing flight simulators in preparation to become pilots. HITL also allows for the acquisition of knowledge regarding how a new process may affect a particular event. Utilizing HITL allows participants to interact with realistic models and attempt to perform as they would in an actual scenario. HITL simulations bring to the surface issues that would not otherwise be apparent until after a new process has been deployed. A real-world example of HITL simulation as an evaluation tool is its usage by the Federal Aviation Administration (FAA) to allow air traffic controllers to test new automation procedures by directing the activities of simulated air traffic while monitoring the effect of the newly implemented procedures. As with most processes, there is always the possibility of human error, which can only be reproduced using HITL simulation. Although much can be done to automate systems, humans typically still need to take the information provided by a system to determine the next course of action based on their judgment and experience. Intelligent systems can only go so far in certain circumstances to automate a process; only humans in the simulation can accurately judge the final design. Tabletop simulation may be useful in the very early stages of project development for the purpose of collecting data to set broad parameters, but the important decisions require human-in-the-loop simulation. HITL reflects scenarios where human input remains essential despite advances in automation. === Within the virtual simulation taxonomy === Virtual simulations inject HITL in a central role by exercising motor control skills (e.g. flying an airplane), decision making skills (e.g. committing fire control resources to action), or communication skills (e.g. as members of a C4I team). === Examples === Flight simulators Driving simulators Marine simulators Video games Supply chain management simulators Digital puppetry === Misconceptions === Although human-in-the-loop simulation can include a computer simulation in the form of a synthetic environment, computer simulation is not necessarily a form of human-in-the-loop simulation, and is often considered as human-out-of-the loop simulation. In this particular case, a computer model’s behavior is modified according to a set of initial parameters. The results of the model differ from the results stemming from a true human-in-the-loop simulation because the results can easily be replicated time and time again, by simply providing identical parameters. == Weapons == === Taxonomy === Three classifications of the degree of human control of autonomous weapon systems were laid out by Bonnie Docherty in a 2012 Human Rights Watch report. human-in-the-loop: a human must instigate the action of the weapon (in other words not fully autonomous) human-on-the-loop: a human may abort an action human-out-of-the-loop: no human action is involved === Positive human action === In discussions of autonomous weapons and nuclear command and control, the phrase positive human action has been used alongside "human-in-the-loop" to emphasize that a human operator must affirmatively authorize the use of force. Descriptions of the United States Navy's Aegis Combat System have used the phrase in characterizing a requirement for affirmative human action to initiate live firing. A survey of autonomous weapons systems described the Aegis "Auto SM" mode as one in which "the system fully develops the engagement process however engagement requires positive human action". The phrase entered United States federal law in the National Defense Authorization Act for Fiscal Year 2025, which stipulates that artificial intelligence systems not compromise "the principle of requiring positive human actions in execution of decisions by the President with respect to the employment of nuclear weapons".
Passenger drone
A passenger drone is an autonomous aircraft that is designed to carry a small number of passengers to a destination. In 2021, Ehang, a technology company based in Guangzhou, China, developed the Ehang 184, the world's first passenger drone. == History == Unmanned aerial vehicles were first introduced in World War 1, when Britain first developed the Aerial Target, an aircraft controlled remotely through radio signals. A year later in the United States, testing of Kettering Bug, a 12-foot long biplane attached with a bomb and that launched via a “slingshot-like rail”, was also under progress. Both of their unreliable test results and their possibility of endangering friendly troops in deployment caused neither aircraft to be used during the war. Production of UAVs continued after World War I and into World War II and the Vietnam War, where they would be invaluable in assisting with training as well as reconnaissance. Late 20th century also saw the proposition and development of unique methods of travel, including personal jetpacks and even flying cars. While the previously mentioned are not drones, they serve as a precursor and foundation for the passenger drones of today. The first passenger drone was unveiled on January 6 of 2016 at the international Consumer Electronics Show (CES) in Las Vegas. Produced by Ehang, a Chinese company based in Guangzhou, the 184 was a one passenger drone equipped with four propellers that could fly for approximately 23 minutes at a top speed of 63 mph. Since then, many new companies have entered the market, but none yet have been accessible by the public. == Technological development == Since 2013, improvements in designs to wing structures have contributed to the economic feasibility of passenger drones. New structural advancements, such as the flapping-wing propulsion system based on the mechanisms of birds’ wings, are more available as they have proven their capabilities in laboratory testing. As of September 29th, 2015, most market-ready drones are delivery drones with a carrying capacity limited to small packages - with a typical max capacity of under 5 pounds. However, while the technology exists for drones with larger carrying capacities, specifically those capable of carrying multiple humans, the execution of this technology is not yet market accessible. This capacity limit must be addressed for passenger drones; given current designs strive to carry a maximum of 5 people. However, some estimates believe that passengers drones could become a reality, specifically for paid transportation and emergency purposes, as early as 2026. With implementation of this technology, there could be significant effects on ground traffic including reducing gridlock in heavily congested areas and conserving up to 15% of the fuel currently used in heavy traffic patterns. However, extensive growth of the passenger drone market also risks clouding the low-altitude airspace and causing new safety risks. However, this concern is being addressed by recent advancements in the Internet of Drones (IoD) which links drones together to ensure appropriate pathing and reduce mid-air collisions. While this brings additional security issues, including maintaining reliable communication channels in the case of technological failure, researchers hope that this will help reduce crashes that can result in damage to passengers, buildings, and people in and around the airspace. == Notable companies == Ehang is a Chinese company that has developed numerous drones including passenger plane Ehang 184. EHang 184 was their first model, developed as an eight dual rotor wing blade drone that can carry two passengers. The model was retired in 2020 and is replaced by the Ehang 216. Ehang also released a one passenger drone, Ehang 116. Ehang in 2021 unveiled the model VT-30. VT-30 is designed to have eight dual rotor wing blades to complement its fixed wing platform. Flyastro, a Texas-based drone company, developed the Astro ALTA, with two and four person passenger models. The company is known for being the first to develop a solar-powered airplane. The development team initially began with the model, Elroy. It was a two passenger drone with similar design to the ALTA. Once flight was achieved, the model Astro ALTA began development. Joby Aviation is a California based company that has developed a five passenger drone, with one seat for the pilot. The company expects to complete its FAA certification process 2022. Joby in 2020 acquired a 75 million dollar investment from service provider Uber Technologies Inc., leading to Uber Elevate and Expands partnership. Archer Aviation is a California-based company that has developed a two passenger model called Maker. It has fixed wings with twelve rotor wings. Archer is developing five person model. United Airlines has partnered with Archer for commercial sale of the model, Maker. Maker is expected to be released within Los Angeles and Miami by 2024. CityAirbus is a drone project developed by Airbus, a European multinational aerospace company, based in the Netherlands. CityAirbus has developed a four- person passenger drone with fixed wings that include rotor wing blades. Its expected certification for public flight is in 2025. Boeing, an American multinational aviation corporation is developing a passenger drone model called the Passenger Air Vehicle (PAV). The model is a fixed wing with eight rotor blade wings attached onto a platform underneath the base structure. This model can hold two passengers and still is in development. Volocopter is a German aircraft manufacturer that is developing a passenger drone called Volocity. The model consist of eighteen rotor wings above the cockpit on a circular ring. Japan Airlines, an investor of Volocopter plans to have public test in Japan as early as 2023. == Future use == === Potential benefits === Passenger drones can greatly reduce the time for travel. As passenger drones flight paths are not restricted by conventional roads, the travel distance is shortened. Current ventures such as Joby Aviation, after acquiring Uber Air, plan to take advantage of this technology in the form of air taxis. Other potential benefits include the use of passenger drones by emergency services such as search and rescue missions and the delivery of life saving goods. Companies like Ehang have already begun using passenger drones as emergency vehicles as a response to the potential river collapses during the flood season in China. === Concerns === Passenger and air traffic safety remains at the forefront of concerns. Regulations for air traffic centered around passenger drones are still underway and would continue to develop with increasing use cases for passenger drones. Remote security threats on commercial drones such as Man-In-The-Middle (MITM) attack have also exposed the vulnerabilities in current drone systems. Among American adults, 54 percent say that they would feel unsafe flying inside a passenger drone. Passenger drones can be very noisy; a single passenger drone such as Joby Aviation’s all-electric vertical take-off and landing (“eVTOL”) aircraft has an estimated noise production of 70 decibels (dB), a noise level equating to “loud traffic”.