Tamara Lee Berg is a tenured associate professor at the University of North Carolina at Chapel Hill and a research scientist manager at Facebook AML/FAIR. == Education == Berg obtained her PhD in computer science from the University of California, Berkeley in 2007 as a member of the Berkeley Computer Vision Group. She was an assistant professor at Stony Brook University from 2008 to 2013 before joining University of North Carolina Chapel Hill in 2013. == Research == Berg's research interests are at the boundary of computer vision and natural language processing. In particular, she focuses on understanding the connections between vision and language, for example, to automatically identify people in news photographs, for generating natural language descriptions for images, or for recognising clothing and style. == Selected awards and honours == 2019 Mark Everingham Prize 2013 Marr Prize at the International Conference on Computer Vision 2011 National Science Foundation Career Award == Personal life == Berg is married to fellow computer vision researcher Alexander Berg.
Confused deputy problem
In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deputy problem is often cited as an example of why capability-based security is important. Capability systems protect against the confused deputy problem, whereas access-control list–based systems do not. Such systems can mitigate the confused deputy problem by eliminating ambient authority, allowing programs to act only on resources for which they hold explicit capabilities, whereas access-control list–based systems are more susceptible to it. However, this protection depends on correct implementation; in formally verified capability systems such as seL4, it can be shown that the kernel enforces capability constraints correctly, preventing such behavior at the system level. == Example == In the original example of a confused deputy, there was a compiler program provided on a commercial timesharing service. Users could run the compiler and optionally specify a filename where it would write debugging output, and the compiler would be able to write to that file if the user had permission to write there. The compiler also collected statistics about language feature usage. Those statistics were stored in a file called "(SYSX)STAT", in the directory "SYSX". To make this possible, the compiler program was given permission to write to files in SYSX. But there were other files in SYSX: in particular, the system's billing information was stored in a file "(SYSX)BILL". A user ran the compiler and named "(SYSX)BILL" as the desired debugging output file. This produced a confused deputy problem. The compiler made a request to the operating system to open (SYSX)BILL. Even though the user did not have access to that file, the compiler did, so the open succeeded. The compiler wrote the compilation output to the file (here "(SYSX)BILL") as normal, overwriting it, and the billing information was destroyed. === The confused deputy === In this example, the compiler program is the deputy because it is acting at the request of the user. The program is seen as 'confused' because it was tricked into overwriting the system's billing file. Whenever a program tries to access a file, the operating system needs to know two things: which file the program is asking for, and whether the program has permission to access the file. In the example, the file is designated by its name, “(SYSX)BILL”. The program receives the file name from the user, but does not know whether the user had permission to write the file. When the program opens the file, the system uses the program's permission, not the user's. When the file name was passed from the user to the program, the permission did not go along with it; the permission was increased by the system silently and automatically. It is not essential to the attack that the billing file be designated by a name represented as a string. The essential points are that: the designator for the file does not carry the full authority needed to access the file; the program's own permission to access the file is used implicitly. == Other examples == A cross-site request forgery (CSRF) is an example of a confused deputy attack that uses the web browser to perform sensitive actions against a web application. A common form of this attack occurs when a web application uses a cookie to authenticate all requests transmitted by a browser. Using JavaScript, an attacker can force a browser into transmitting authenticated HTTP requests. The Samy computer worm used cross-site scripting (XSS) to turn the browser's authenticated MySpace session into a confused deputy. Using XSS the worm forced the browser into posting an executable copy of the worm as a MySpace message which was then viewed and executed by friends of the infected user. Clickjacking is an attack where the user acts as the confused deputy. In this attack a user thinks they are harmlessly browsing a website (an attacker-controlled website) but they are in fact tricked into performing sensitive actions on another website. An FTP bounce attack can allow an attacker to connect indirectly to TCP ports to which the attacker's machine has no access, using a remote FTP server as the confused deputy. Another example relates to personal firewall software. It can restrict Internet access for specific applications. Some applications circumvent this by starting a browser with instructions to access a specific URL. The browser has authority to open a network connection, even though the application does not. Firewall software can attempt to address this by prompting the user in cases where one program starts another which then accesses the network. However, the user frequently does not have sufficient information to determine whether such an access is legitimate—false positives are common, and there is a substantial risk that even sophisticated users will become habituated to clicking "OK" to these prompts. Not every program that misuses authority is a confused deputy. Sometimes misuse of authority is simply a result of a program error. The confused deputy problem occurs when the designation of an object is passed from one program to another, and the associated permission changes unintentionally, without any explicit action by either party. It is insidious because neither party did anything explicit to change the authority. Another example is when an administrator authorizes an AI agent to act on their behalf, and that AI subsequently delegates authority to another AI agent neither vetted nor authorized by the original administrator. The unvetted AI can then act without permissions or oversight from the original developer. == Solutions == In some systems it is possible to ask the operating system to open a file using the permissions of another client. This solution has some drawbacks: It requires explicit attention to security by the server. A naive or careless server might not take this extra step. It becomes more difficult to identify the correct permission if the server is in turn the client of another service and wants to pass along access to the file. It requires the client to trust the server to not abuse the borrowed permissions. Note that intersecting the server and client's permissions does not solve the problem either, because the server may then have to be given very wide permissions (all of the time, rather than those needed for a given request) in order to act for arbitrary clients. The simplest way to solve the confused deputy problem is to bundle together the designation of an object and the permission to access that object. This is exactly what a capability is. Using capability security in the compiler example, the client would pass to the server a capability to the output file, such as a file descriptor, rather than the name of the file. Since it lacks a capability to the billing file, it cannot designate that file for output. In the cross-site request forgery example, a URL supplied "cross"-site would include its own authority independent of that of the client of the web browser.
Best AI Text-to-video Tools in 2026
In search of the best AI text-to-video tool? An AI text-to-video tool is software that uses machine learning to help you get more done — it turns a rough idea into a polished result in seconds. When choosing one, weigh output quality, pricing, export formats, and how well it fits the tools you already use. Whether you are a beginner or a pro, the right AI text-to-video tool slots into your workflow and pays for itself fast. We tested the leading options and ranked them by quality, value, and ease of use.
Indic OCR
Indic OCR refers to the process of converting text images written in Indic scripts into e-text using Optical character recognition (OCR) techniques. Broadly, it can also refer to the OCR systems of Brahmic scripts for languages of South Asia and Southeast Asia, not just the scripts of the Indian subcontinent, which are all written in an abugida-based writing system. OCR for Latin characters is still not 100% accurate but a relatively high degree of accuracy in conversion has been able to be achieved. Such accuracy has not yet been able to be achieved for Indic scripts using OCR. This is due in part to the writing systems of Indic languages as well as a lack of standard representation, encoding, and support among operating systems and keyboards. The Centre for Development of Advanced Computing (C-DAC) and Technology Development for Indian Languages, the premier R&D organisation of the Ministry of Electronics and Information Technology (also known as MeitY) of India have carried out many projects relating to OCR. Their projects include OCR for Malayalam, Odia, Punjabi, Telugu and Devanagari script. == Properties of Indian writing systems == There are 22 officially recognised languages in India. Of these, Hindi, Bengali and Punjabi are the most widely spoken Indo-Aryan languages and are also the fourth, seventh and tenth most widely spoken languages in the world respectively. Two or more languages can be written with same script. For example, Devanagari is used to write Hindi, Marathi, Rajasthani, Sanskrit, Bhojpuri and others, while Eastern Nagari is used to write Bengali, Assamese, Manipuri and others. Apart from basic characters as consonants and vowels, most Indic languages combine 2 or more basic characters to form compound characters. The shape of a compound character is more complex than the constituent basic characters. Some Indo-Aryan languages (including Hindi and Punjabi) have a horizontal line over the characters, while other languages (including Gujarati) and Dravidian languages (Malayalam, Kannada, Tamil, and Telugu) do not. These are some of the main challenges for creating a single OCR for all Indic languages. Indic OCR also generally includes support for recently invented scripts in India like Ol Chiki, Warang Citi, Mundari Bani, etc. which are mainly created for writing Munda languages of Austroasiatic family. The concept of upper/lower case is absent in Indic scripts. Apart from Urdu, Sindhi, Kashmiri and Thaana, all other Indic languages are written from left to right. == Examples == SanskritOCR - OCR software for Sanskrit, Hindi and other Indo-Aryan languages based on the Devanagari script. Sanskrit OCR is developed by a Sanskrit scholar from Germany - Dr. Oliver Hellwig of Department for Languages and Cultures of Southern Asia, Freie Universität Berlin. The official website is in German. The interface of earlier versions of the software was also in German, but later versions have an English interface too. E-aksharayan - Optical character recognition engine for Indian languages Chitrankan - This technology was developed by ISI, Kolkata, and transferred to C-DAC. It processes printed Hindi text from a scanner or from an image. Indic OCR models for Tesseract (software) == OCR in use == OCR has been used for Wikisource and other projects.
Is an AI Code-review Tool Worth It in 2026?
Looking for the best AI code-review tool? An AI code-review tool is software that uses machine learning to help you get more done — it can save you hours every week by automating repetitive work. Most options offer a generous free tier, with paid plans unlocking higher limits, faster processing, and team features. Whether you are a beginner or a pro, the right AI code-review tool slots into your workflow and pays for itself fast. Read on for hands-on impressions, pricing tiers, and the standout features that matter.
Sentence embedding
In natural language processing, a sentence embedding is a representation of a sentence as a vector of numbers which encodes meaningful semantic information. State of the art embeddings are based on the learned hidden layer representation of dedicated sentence transformer models. BERT pioneered an approach involving the use of a dedicated [CLS] token prepended to the beginning of each sentence inputted into the model; the final hidden state vector of this token encodes information about the sentence and can be fine-tuned for use in sentence classification tasks. In practice however, BERT's sentence embedding with the [CLS] token achieves poor performance, often worse than simply averaging non-contextual word embeddings. SBERT later achieved superior sentence embedding performance by fine tuning BERT's [CLS] token embeddings through the usage of a siamese neural network architecture on the SNLI dataset. Other approaches are loosely based on the idea of distributional semantics applied to sentences. Skip-Thought trains an encoder-decoder structure for the task of neighboring sentences predictions; this has been shown to achieve worse performance than approaches such as InferSent or SBERT. An alternative direction is to aggregate word embeddings, such as those returned by Word2vec, into sentence embeddings. The most straightforward approach is to simply compute the average of word vectors, known as continuous bag-of-words (CBOW). However, more elaborate solutions based on word vector quantization have also been proposed. One such approach is the vector of locally aggregated word embeddings (VLAWE), which demonstrated performance improvements in downstream text classification tasks. == Applications == In recent years, sentence embedding has seen a growing level of interest due to its applications in natural language queryable knowledge bases through the usage of vector indexing for semantic search. LangChain for instance utilizes sentence transformers for purposes of indexing documents. In particular, an indexing is generated by generating embeddings for chunks of documents and storing (document chunk, embedding) tuples. Then given a query in natural language, the embedding for the query can be generated. A top k similarity search algorithm is then used between the query embedding and the document chunk embeddings to retrieve the most relevant document chunks as context information for question answering tasks. This approach is also known formally as retrieval-augmented generation. Though not as predominant as BERTScore, sentence embeddings are commonly used for sentence similarity evaluation which sees common use for the task of optimizing a Large language model's generation parameters is often performed via comparing candidate sentences against reference sentences. By using the cosine-similarity of the sentence embeddings of candidate and reference sentences as the evaluation function, a grid-search algorithm can be utilized to automate hyperparameter optimization. == Evaluation == A way of testing sentence encodings is to apply them on Sentences Involving Compositional Knowledge (SICK) corpus for both entailment (SICK-E) and relatedness (SICK-R). In the best results are obtained using a BiLSTM network trained on the Stanford Natural Language Inference (SNLI) Corpus. The Pearson correlation coefficient for SICK-R is 0.885 and the result for SICK-E is 86.3. A slight improvement over previous scores is presented in: SICK-R: 0.888 and SICK-E: 87.8 using a concatenation of bidirectional Gated recurrent unit.
Barney Pell
Barney Pell (born March 18, 1968) is an American entrepreneur, angel investor and computer scientist. He was co-founder and CEO of Powerset, a pioneering natural language search startup, search strategist and architect for Microsoft's Bing search engine, a pioneer in the field of general game playing in artificial intelligence, and the architect of the first intelligent agent to fly onboard and control a spacecraft. He was co-founder, Vice Chairman and Chief Strategy Officer of Moon Express; co-founder and chairman of LocoMobi; and Associate Founder of Singularity University. == Career == === Education === Pell received his Bachelor of Science degree in symbolic systems from Stanford University in 1989, where he graduated Phi Beta Kappa and was a National Merit Scholar. Pell earned a PhD in computer science from Cambridge University in 1993, supervised by Stephen Pulman, where he was a Marshall Scholar. === Research === Pell's research is focused on basic problems in the study of intelligence, computer game playing, machine learning, natural language processing, autonomous robotics, and web search. Barney Pell has published over 30 technical papers on topics related to information retrieval, knowledge management, machine learning, artificial intelligence, and scheduling systems. In computer game playing and machine learning, he was a pioneer in the field of General Game Playing, and created programs to generate the rules of chess-like games and programs to play individual games directly from the rules without human assistance. He also did early work on machine learning in the game of Go and on an architecture for pragmatic reasoning for bidding in the game of Bridge. In natural language processing, he was a scientist in the Artificial Intelligence Center at SRI International, where he worked on the Core Language Engine. Barney Pell was the Technical Area Manager of the Collaborative and Assistant Systems area within the Computational Sciences Division (now the Intelligent Systems Division) at NASA Ames Research Center, where he oversaw a staff of 80 scientists working on information retrieval, search, knowledge management, machine learning, semantic technology, human centered systems, collaboration technology, adaptive user interfaces, human robot interaction, and other areas of artificial intelligence. From 1993 to 1998, Barney Pell worked as a Principal Investigator and Senior Computer Scientist at NASA Ames, where he conducted advanced research and development of autonomous control software for NASA's deep space missions. He was the Architect for the Deep Space One Remote Agent Experiment and the Project Lead for the Executive component of the Remote Agent Experiment, the first intelligent agent to fly onboard and control a spacecraft. === Business === Pell is an entrepreneur who has founded or co-founded several business ventures, including Powerset, Moon Express, and LocoMobi. He was the founder and CEO of Powerset, a San Francisco startup company that built a search engine based on natural language processing technology originally developed at XEROX PARC. On May 11, 2008, the company unveiled a tool for searching a fixed subset of Wikipedia using conversational phrases rather than keywords. On July 1, 2008, Microsoft signed an agreement to acquire Powerset for an estimated $100 million. Powerset became a part of Microsoft's search engine, Bing. From 2008 until August 2011, Pell served as Partner, Search Strategist, and Evangelist for Microsoft's search engine, Bing and as Head of Bing's Local and Mobile Search teams. Prior to joining Powerset, Pell was an Entrepreneur-in-Residence at Mayfield Fund, a venture capital firm in Silicon Valley. Pell is also a founder of Moon Express, Inc., a U.S. company awarded a $10M commercial lunar contract by NASA and a competitor in the Google Lunar X PRIZE. Pell was also co-founder and chairman of LocoMobi, Inc., a U.S. company developing mobile, software and hardware technology solutions for the parking industry. LocoMobi was winner of the Tie50 Award in 2014. Pell is also an associate founder of Singularity University and a Machine Learning Fellow at the Creative Destruction Lab at the Rotman School of Management From 1998 to 2000, Pell served as chief strategist and vice president of business development at StockMaster.com (acquired by Red Herring in March, 2000). From 2000 to 2002, Pell was Chief Strategist and Vice President of Business Development for Whizbang Labs. Pell has been an angel investor and advisor to numerous startup companies, including Pulse.io (acquired by Google), Aardvark (acquired by Google), Appjet (acquired by Google), Jibe Mobile (acquired by Google), Movity (acquired by Trulia), QuestBridge, BrandYourself, CrowdFlower (acquired by Appen), and LinkedIn. === Views and predictions === Pell has expressed views and predictions regarding technological advancements in coming years. He believes that humans will soon have "brain-machine interfaces that will let people interact with each other as if they had 'hangouts' in their mind." Pell predicts these interfaces to become available within 20 to 30 years. Pell also predicts advancements in bodily augmentation, such as "even-better-than-human prosthetics and high-quality tissue engineering within 10 years." Pell believes that with advancements in space exploration technology the moon will soon be a commercially viable resource for material such as platinum and water. == Awards and recognition == In 1986, Pell was awarded a National Merit Scholarship. In 1989, Pell was awarded a Marshall Scholarship. In 1989, Pell was elected Phi Beta Kappa. In 1997, Pell was part of the team award a NASA Software of the Year Award for the Deep Space 1 Remote Agent.