Friday, September 26, 2014

BAD iOS 8

Greetings:

I received this from Chelanie Israel this morning.  If you are running a recent iPhone and want to upgrade to iOS 8 - OR - if you updated to iOS8 already, PLEASE read the following message (onlhy slightly edited for content and space).

===================================
iOS UPATE:  The update (8.02) to the bad code was released Thursday night (9/25/14) about 10 pm. I have tested the new update and we are ready to update iOS devices (iPads and iPhones) from 8.0 to 8.02 or you can move from 7 to 8.02 safely. Please do so as quickly as you can.

FYI: The original code that was effected was 8.01. It was released Thursday morning (9/25/14) at 6:00 am CST and pulled from the Apple servers at 9:00 am CST.

On the same note there is a vulnerability that was found early yesterday and confirmed all
  • Linux
  • BSD
  • MacOS
  • iOS if Jailbroken
  • Android with bash services turned on
  • Windows machines running IISS (server software).

If you haven’t upgraded to iOS 8.02, please do so as this will protect your iPads and iPhones (which are not suppose to be effected, but this is something that is being suggested by Apple), if you have a jailbroken phone, you will need to restore your iPhone to factory settings until they can fix the cydia breakpoint.

All versions of MacOS are vulnerable at this point. I have a call with Apple this morning (9/26/14) to find out if they will have a software update today.  So far, nothing.  I will be updating both of my servers this evening.

All versions of Mac OS Computers have the Shellshock vulnerability. However, some are more susceptible than others. To be completely safe you will need to update your bash (part of your command line from the BSD which is part of your operating system) from 3.2.51 to 3.2.53. This is done via one of two ways:

1. You can manually update the machine through the terminal
2. You can use the software update to do the update when it is available.  It looks as though this will be sometime within the next week.

Most personal machines are not vulnerable to Shellshock as someone would have to crack the firewall or router to which you are connected, to access your machine.  If you are only accessing the internet via your home or office network, then you have reasonable safety.  If you have a double firewall, again you have reasonable safety, but your machine is still vulnerable to Shellshock.

You can also make sure that Sharing, Remote Login and Remote Management are turned off. Although this helps, this does not fix the vulnerability to Shellshock.

The reason you may want to update manually is because your machine either sits on the web for people to access (i.e. servers) or you travel and use public WiFi (i.e. hotels, McDonald's, Starbucks, etc) often. If you are using a private MiFi device, that is not a public WiFi.

What is Shellshock? It is a vulnerability or hole in the code that allows someone to take over your computer without you giving them permission. It is definitely something that needs to be protected from.

______________________________________
Chelanie Israel aka Miss Mac

email:    chelanie@missmac.ch • missmac@mac.com
web:    http://www.designbymissmac.com
blog:    http://www.dearmissmac.com
twitter:     MissMacsMuses
                c: 214.718.1967  • f: 469.327.0843

======================================
Later on Chelanie sent this out:

From a terminal window:

$ mkdir bash-fix
$ cd bash-fix
$ curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
$ cd bash-92/bash-3.2
$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0   
$ # Note: The bash23-053 patch does not apply cleanly on OSX because
$ # of a missing y.tab.c file. This can be ignored or the alblue
$ # one used instead. Upstream commits the y.tab.c file so doesn't
$ # have that problem.
$ # Not-yet-released-patch - replace alblue.bandlem.com line with:
$ # curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0 
$ curl http://alblue.bandlem.com/bash32-053.patch | patch -p0
$ cd ..
$ sudo xcodebuild
$ sudo cp /bin/bash /bin/bash.old
$ sudo cp /bin/sh /bin/sh.old
$ build/Release/bash --version # GNU bash, version 3.2.53(1)-release
$ build/Release/sh --version   # GNU bash, version 3.2.53(1)-release
$ sudo cp build/Release/bash /bin
$ sudo cp build/Release/sh /bin

To verify it worked:

$ bash --version

Source: http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an


======================================

Here is a link to an InfoWorld article on Shellshock:

http://www.infoworld.com/article/2687975/security/four-no-bull-facts-to-know-about-the-shellshock-bash-bug.html

 I hope this helps some of you.  If not, contact Apple Support - if you can get through their clogged telephone lines right now.  And, as normal, it is a crisis with the weekend coming up.

Shalom
Ya'akov

Thursday, September 4, 2014

Wet Blankets Throughout History

Greetings:

To help develop an open-minded and defiant attitude to other' rejection of your ideas, remember that many creative contributions are initially met with skepticism if not outright hostility.  Keep a list of creative contributions that we now know to be significant but that were once thought to be crazy, stupid, useless, offensive and doomed to failure.  The next time you or someone you know has an idea, give an idea a chance - or at least to not immediately shoot it down - than to be one of those who always say, "That wor't work." or "That is a bad idea" or "That is too risky" and, hence, never do anything great.  Here are some examples to begin your list:
  • "This 'telephone' has too many shortcomings to be seriously considered as a means of communications.  The device is inherently of no value to us." [Western Union internal memo, 1876]
  • "The wireless music box has no imaginable commercial value.  Who would pay for a message sent to nobody in particular?" [David Sarnoff's associates in response to his urgings for investment in the radio in the 1920's]
  • "The concept is interesting and well-formed, but in order to earn better than a 'C,' the idea must be feasible." [A Yale University management professor in response to Fred Smith's paper proposing reliable overnight delivery service.  Smith on on to found Federal Express Corp.]
  • "Who the hell wants to hear actors talk?" [H. M. Warner, Warner Brothers, 1927]
  • "I'm just glad it'll be Clark Gable who's falling on his face and not Gary Cooper."  [Gary Cooper on his decision not to take the leading role in "Gone With The Wind."]
  • "A cookie store is a bad idea.  Besides, the market research reports say American likes crispy cookies, not soft and chewy cookies like you made." [Response to Debbie Fields' idea of starting Mrs. Fields's Cookies]
  • "We don't like their sound, and guitar music is on the way out." [Decca Recording Company rejecting the Beatles, 1962]
  • "Heavier-than-air flying machines are impossible." [Lord Kelvin, President, Royal Society, 1895]
  • "If I had thought about, I wouldn't have doen the experiment.  The literature was full of examples that said you can't do this."  [Spencer Silver on the work that led to the unique adhesive for 3-M "Post-It" notepads.]
  • "So we went to Atari and said, 'Hey, we've got this amazing thing, even built with some of your parts, and what do you thing about funding us?  Or, we'sll give it to you.  We just want to do it.  Pay our salary, we'll come work for you.'  And they said, 'No.'  So then we went to Hewlett-Packard, and they said, 'Hey, we don't need you.  You havent' got through college yet.' "  Apple Computer Inc. founder Steve jobs on attempts to get Atari and H-P interested in his and Steve Wozniak's personal computer.
  • Professor Goddard does not know the relations between action and reaction and the need to have something better than a vacuum against which to react.  He seems to lack the basic knowledge ladled out daily in high schools." [1921 New York Times editorial about Robert Goddard's revolutionary rocket work.]
  • "Your want to have consistent and uniform muscle development across all of uyour muscles?  It can't be done.  It just a fact of life.  You just have to accept inconsistent muscle development as an unalterable condition of weight training." [Resons to Arthur Jones, who solved the "unsolvable" problem by inventing Nautilus.]
  • "Drill for oil?  You mean drill into the ground to try and find oil?  You're crazy!" [Drillers whom Edwin L. Drake tried to enlist to his project to drill for oil in 1859.]
I am not sure of the original author of the above but this went the rounds when I was at FedEx back in 1995-1997.  I think that Fred Smith must have been the instigator but we could never prove it.  :-)  If you have any more "documented" Wet Blankets, please send them to me or post them in the comments section.  Thanks,

Shalom,
James

Thursday, June 26, 2014

Where Can I Find a Good Rulebase ?

Greetings:
[Updated 10 July 2014]
[Updated 20 July 2014]

Basically, this is a major part of Chapter Four of our new book that should be coming out the first of next year.  If you work for one of these products or companies and I have made an error, please contact me at jco@kbsc.com rather than making a comment here.  Thanks,


Shareware

-        C/C++, LISP, et. al.  Most of the early AI engines were written in List Processor (LISP) language that, while very descriptive and modular, was, nevertheless, quite slow.  There were also many that were written in languages such as BASIC, Pascal, C/C++ and even in COBOL.  However, very few of those were commercial engines.  LISP was a beautiful language (except for the over use of the parenthesis) and was the darling of most of the academia.  Nevertheless, LISP was so exceedingly slow that there were LISP machines dedicated to doing only one job; running programs in LISP.  Most of the early (and even some of the later incarnations) of the Production Systems rulebase programs were written in LISP.

-        Common LISP Reasoner : The Common Lisp Reasoner extends the Common Lisp Object System (CLOS) to incorporate a powerful rule language suitable for all kinds of reasoning tasks, vanilla XML and RDF/XML interfaces, and support for a variety of AI-related applications, such as scheduling, planning and diagnosis.  The main site is http://sourceforge.net/projects/reasoner/?source=pdlp and the download site is http://sourceforge.net/projects/reasoner/files/latest/download?source=pdlp .

-        CLIPS (C-Language Interface to Production Systems): Written mainly by Gary Riley (when he was still at NASA) it was one of the first to have book associated with just one particular RuleBased System:  Girratano and Riley, Introduction to Expert Systems.  The syntax is still OPS-style but it will run almost any Jess rulebase if the classes are re-written into C/C++ syntax.  It also has many, many FORTRAN-like subroutines because that was what NASA wanted at the time.  This can still be obtained free from http://sourceforge.net/projects/clipsrules/?source=directory.  Also available are

o   CLIPS with Lock Support: CLIPS is a forward-chaining rule-based programming language written in C that also provides procedural and object-oriented programming facilities.  CLIPS is probably one of the first implementations of a “modern-langauge” Rulebase outside of OPS environments.  It can be found at http://sourceforge.net/projects/clipswl/?source=directory  

o   CLIPSwl is a modified project based on CLIPS(C Language Integrated Production System)(https://sourceforge.net/projects/clipsrules/), a public domain open-source software tool for building expert systems. CLIPS(ver. 6.24) is unsafe when access simultaneously occurs at the same environment, because the environment data of CLIPS are not protected for simultaneous access.

We modified the CLIPS (ver. 6.24) to support lock/unlock functions in a flexible way.
CLIPSwl doesn't use complicated logic such as platform-independent mutex,
but newly defines 4 abstract functions (i.e. using function pointers) for allocating, acquiring, releasing and deallocating locks of the environment data.
Users may define their own functions that fit for their system by using their platform-dependent mutex.  My Note:  CLIPS 6.24 is significantly slower than CLIPS 6.3.

CLIPSwl also support the safe string-related functions treating the rules,
and refining the warning parts of the code when compiling with gnu g++ compiler.

o   CLIPS Editor: An editor just for CLIPS: http://sourceforge.net/projects/clipseditor/?source=directory

o   Interface to CLIPS Library: clipsmm is a C++ interface to the CLIPS libray, a C library for developing expert systems. http://sourceforge.net/projects/clipsmm/?source=directory

o   DCLIPS or OO-CLIPS: Implementation of Rete pattern-matching algorithm, with scripting language based on COOL (CLIPS Object Oriented Language): http://sourceforge.net/projects/clips-sharp/?source=directory

(Comments by Gary Riley - 20 July 2014)  It was written mainly by myself and Brian Dantes.
I think Programming Expert Systems in OPS5, http://www.amazon.com/Programming-Expert-Systems-Ops5-Addison-Wesley/dp/0201106477, predated CLIPS as the first book associated with a particular language.
I'm not sure what the "many, many FORTRAN-like subroutines" statement is referring to. Being able to integrate with languages used operationally with NASA, such as C and FORTRAN, was a key goal for CLIPS, but  having FORTRAN-like subroutines, whatever that means, was never a consideration.

 (jco) Many of the sub-routines are FORTRAN-like and seem designed for engineers.  "Seem" being the operative word.
 

-        DROOLS (Dynamic Rule Object Oriented Language System - http://drools.jboss.org ) has the distinction of being one of the few (only one of which we are aware) XML-based rulebased systems and uses Java as it’s shell.  Source code is available.  Drools uses a slightly modified version of the Rete algorithm called the Rete-OO algorithm.  This has to do with root-nodes available in XML as part of OO languages.  However, one should also remember that anything to do with XML (at the time of this writing) also has a name space problem.  Meaning that there are many times that the same name can NOT be used, even with proper name space declaration.  In 2013 Mark Proctor (Drools inventor and project lead for JBoss) changed the main algorithm to a more OO approach and he is still dealing with the consequences as of the time of this writing.

-        Intelligent Agents for LISP -∫: Lisa is a production rule system for Common Lisp, whose purpose is to provide a foundation for the development of "intelligent" applications. Lisa employs a modern CLOS implementation of Rete and is based on CLIPS and Jess.

-        Jess (Java Expert System Shell - http://herzberg.ca.sandia.gov/jess/ )  is the brainchild of Dr. Ernest Freidman-Hill of Sandia labs. Initially, Dr. Friedman-Hill did some work on optimization of the Rete algorithm and it was quite fast for its time.  However, it has not improved much over the years and, as a result, seems to be lagging behind ReteNT, OPSJ, Blaze Advisor, ODM and Drools in terms of speed.  Source code is available but there is a charge for commercial use of the product with certain export limits for used outside the USA.  Dr. Freidman-Hill maintains an email list of Jess users and is quite quick in his response time on answers to questions; sometimes within seconds, but usually within a few hours and within 24 hours the very most.

o   There is a fuzzy logic addendum for Jess that can be obtained for a nominal charge from Bob Orchard, http://www.iit.nrc.ca/IR_public/fuzzy/fuzzyJToolkit2.html .  Please contact Bob.Orchard@nrc-cnrc.gc.ca for more details on Jess Fuzzy logic.  .

-        JEOPS: Jave Extended OPS: JEOPS is a Java based forward chaining RULE ENGINE.
This Rule Engine is used to power up the business process by rules in Java Application Servers, client applications, and Servlets.  The main page is http://sourceforge.net/projects/jeops/?source=pdl and the download link is http://sourceforge.net/projects/jeops/files/latest/download?source=recommended .

-        JLisa – Intelligent Agenst for LISP: JLisa, "Java Lisp-based Intelligent Software Agents", is based on Lisa, http://lisa.sourceforge.net/, a production rule system similar to Jess. It runs in java through ABL, armed-bear Lisp.  It can be found at and the download link is http://sourceforge.net/projects/jlisa/files/latest/download?source=recommended .

-        JRule Engine : The project consists of a library based on Java Specification Request 94, release 1.1, i.e. is a java rule engine. Please refer to "Java Rule Engine API - JSR-94" document (file jsr94_spec.pdf) included in JSR-94 distribution. The main page (from IBM – NOT JRules nor ODM) is at http://sourceforge.net/projects/jruleengine/?source=pdlp and is still downloadable at http://sourceforge.net/projects/jruleengine/files/latest/download?source=files .

-        JxBRE - Light-weight Java based Business Rules Engine (BRE) that uses XML as a way to control process flow for an application in an external entity. Soon to comply to JSR 94.  The home site is http://sourceforge.net/projects/jxbre/ and the download site is http://sourceforge.net/projects/jxbre/files/latest/download .

-        NxBRE is a lightweight Business Rule Engine (aka Rule Based Engine) for the .NET platform, composed of a forward-chaining inference engine and an XML-driven flow control engine. It supports RuleML 0.9 Naf Datalog and Visio 2003 modeling.  Their home page is at http://sourceforge.net/projects/nxbre/?source=recommended but I could not find anything that said anything about the Rete Algorithm.

Commercial

-        Aion is one of the elders statesmen of the industry.  It is most designed for mainframe applications.  Wikipedia describes it as such but thier website, http://en.wikipedia.org/wiki/Cleverpath_AION_Business_Rules_Expert , tells a different story.  They have many rulebase tools and even a Java interface as well as a C/C++ interface.  Further, Aion seems to be an IBM company in disguise.  Colossus, a computer program, developed by Computer Sciences Corporation, is the insurance industry’s leading expert system for assisting adjusters in the evaluation of bodily injury claims (aka "pain and suffering"). Colossus helps adjusters reduce variance in payouts on similar bodily injury claims through objective use of industry standard rules.  Kirk Wilson and Michael Parish are award winning Aion developers who have done much to advance the use of the tool within various industries.

-        Fair Isaac Corporation “Blaze Advisor” was originally founded as Neuron Data in about 1984 with their flagship product, Nexpert, a true full-opportunistic, backward-chaining rulebased system written in C.  Later, the product moved to the OO world with C++.  With the advent of Java in 1986-87, ND developed their version of a forward-chaining system called Advisor.  The original version, like Nexpert, did not use Rete but a home-grown version of an optimizer.  Version 2, introduced as a beta product in mid-1988 and as the full-blown version in February of 1989, did use the an updated version of the Rete algorithm.  By this time, the company was already moving to become public and had replaced the original founders with IBM-type corporate figure heads. 

o   When the company went public in April of 2000, they changed the name to Blaze Software to try to move away from the Artificial Intelligence stigma and toward a more business-like approach, though how in the world a corporate name like “Blaze” was supposed to do this one can hardly imagine.  At any rate, the company was bought by Brokat, a web consulting company in Germany for $585 million straight stock swap.  All this before the six-month lock-out period expired for the original stockholders.   With the stock market already in a downward spiral, Brokat never had a chance and they eventually sold the Blaze Advisor rulebase system, along with the personnel and software, to HNC.  HNC then sold it off to Fair Isaac Corporation (FICO) where it is at this time. 

o   Commercially, the Blaze Advisor is the Cadillac of all the rulebased systems; meaning that it has all of the comforts of home but at an extremely high price.  Before the acquisition of Rules Power, which gave FICO the Rete 2, aka Rete III, algorithm, it has the worst benchmarks on Solaris systems .  However, BlazeAdvisor performed with the best of the systems (except for OPSJ) on Windows NT, Win2K, Windows XP  and Windows 7/8.  Today, it ranks #3, right behind OPSJ-ReteNT (#10 and Sparkling Logic SMARTS (#2). 

-        ILOG JRules, now IBM ODM:  ILOG originally started in Paris, France (like Neuron Data) in 1987 and opened and office in Mountain View, CA, shortly thereafter.  The company was bought by IBM in 2009 and the product name was changed to IBM ODM (Optimized Decision Manager.)  The main link is http://www-01.ibm.com/software/info/ilog/ .  Originally the breadth of the ILOG products were (shown as IBM products for the main description):
·       IBM WebSphere ILOG JRules, a business rule management system (BRMS) that enables both business and IT users to write and maintain the logic applied by applications that automatically implement decisions.
·       IBM ILOG CPLEX, optimization software for mathematical programming
·       IBM ILOG JViews, a visualization development system based on Java and supported with add-ons for Gantt charts, graphs, maps and diagrams
·       IBM ILOG Elixir component sets for Adobe AIR and Adobe Flex platforms
·       ILOG Solver was considered the market leader in commercial constraint programming software as of 2006.[1]  
  • InRule: [InRule Marketing Blurb] A Microsoft Certified Gold Partner, InRule Technology has been delivering InRule, another .NET Business Rule Management System for the Microsoft platform, since 2002.  InRule Technology helps you turn your rules into measureable IT and business results by making it easy to align the logic of core applications with ever-changing marketplace and customer needs.  InRule Technology is trusted by hundreds of organizations for mission-critical and customer-facing applications.   [There was a major meeting of InRule with the National WIC in Dallas, TX, on 21 September 2013.
-        (PST) OPSJ is the latest invention of Dr. Charles Forgy, the inventor of the Rete Algorithm in about 1989. (Forgy-79)  The Rete algorithm has been credited with making commercialization of rulebased systems possible (Girratano-98) and has since been superceded by the proprietary Rete 2 algorithm.  Dr. Forgy also laid the ground work for Rete systems with CLIPS/R2 (a C/C++ version of CLIPS that uses the Rete 2 algorithm) and with OPS/R2, a LISP-based system that uses Rete 2.  (Yes, Dr. Forgy is also one of the authors of this book.)

o   OPSJ was delivered to the world in 1998 and is, at the time of the writing of this book, at version level 6.  It is still without peer in terms of speed and smallness of footprint, meaning that the runtime engine takes only about 100KB or less.  The speed has to do with the Rete 2 algorithm that optimizes memory space required and number of objects examined.  The size has to do with the absence of any API (at this time) and that OPSJ is a superset of Java rather than just using the Java engine.
o   Since that time, in about 2010, Dr. Forgy introduced Rete-NT.  This version of the Rete Algorithm can be used with almost any forward-chaining rulebase and is 10 times faster than Rete-2 (OPSJ) or Rete-III (Blaze Advisor) when using large datasets and complex rulebase queries such as those for Homeland Security and other massive applications.

-        Pega Systems used to have an independent rulebase system but has since rolled it back into their overall product system.

-        Sparkling Logic SMARTS : These are the new kids on the block.  The company is composed mostly of former FICO VP’s, tool designer and engineers along with a smattering of  former ILOG folks.  SMARTS is actually really cool with the way the basic rules, predictive analytics, decision tables, decision trees and decision graphs all work seamlessly.  They have a thing called a “Red Pen” and “Blue Pen” – the former being the rulebase and the other being the predictive analytics part of the tool.  I would that everyone would do this so that I did not have to bring one down in order to bring up the other.  Besides all of that, SMARTS uses the Rete-NT algorithm, the latest andgreatest from Dr. Charles Forgy, and ranks in performance on very large rulesets/datasets right behind OPSJ-Rete-NT. 


 



BRMS Benchmarks - Decision Camp 2014

Greetings:

Once again we will be covering BRMS Benchmarks, this time at Decision Camp 2014 in San Jose, CA.  I covered most of the BRMS Benchmarks in a previous article (above). The new benchmarks for 2014 come from a series of benchmarks known as “NP complete” benchmarks where NP stands for Non-deterministic Polynomial-time.  We have started using these this year, (3Q2014) since we have found that Manners and/or Waltz to be either (1) easy to cheat or (2) that the benchmark fires only one or two rules over and over.  Manners is guilty on both accounts.  So, this year we have include both the Clique Problem and the Vertex Cover Problem for starters.  Later we can expand this to other NP Complete problems. 

Either of these problems can be converted to Java or C syntax but, for starters, I plan on implementing these in Drools, Jess, CLIPS, Smarts, ODM and Blaze Advisor.  That should be enough for comparisons for this year.  Dr. Forgy has been kind enough to have already provided the initial code for these two NP-Complete problems in OPS syntax that we should be able to convert to Java, C/C++ or C#.   Or BASIC for that matter.  If you would like to work on the OPS syntax, here is his suggested code for the LHS of the rules.  If you do work on it, and would like to submit your code without copyrights (except for Apache Copyrights) for the presentation (with appropriate credit, of course) then please send to me.  Thanks.

-----------
CLIQUES:
(find (size 4))
(node (number ?n1))
(node (number ?n2&:(> ?n2 ?n1)))
(edge (from ?n1) (to ?n2))
(node (number ?n3&:(> ?n3 ?n2)))
(edge (from ?n1) (to ?n3))
(edge (from ?n2) (to ?n3))
(node (number ?n4&:(> ?n4 ?n3)))
(edge (from ?n1) (to ?n4))
(edge (from ?n2) (to ?n4))
(edge (from ?n3) (to ?n4))

VERTEX COVER:
(find (size 4))
(node (number ?n1))
(node (number ?n2&:(> ?n4 ?n3)))
(node (number ?n3&:(> ?n3 ?n2)))
(node (number ?n4&:(> ?n4 ?n3)))
(NOT (edge (from ?x&~?n1&~?n2&~?n3&~?n4)))

These assume that every link between two nodes is represented by two edge objects, one for each direction.
----------

Shalom,
jco