Abstract: Detection of malicious direct memory access (DMA) device used for direct device assignment. A virtualization computer system assigns a peripheral device to an operating context within a virtualization environment. The peripheral device is DMA capable. The virtualization computer system monitors a signal source that is affected by DMA operations initiated by the peripheral device while the peripheral device is assigned to the operating context. Based on monitoring the signal source, the virtualization computer system identifies a signal pattern characterizing the DMA operations that are initiated by the peripheral device. Using the signal pattern, the virtualization computer system determines that the DMA operations initiated by the peripheral device are abnormal and the virtualization computer system identifies the peripheral device as malicious.

Abstract: Probation of direct memory access (DMA) device used for direct device assignment. A virtualization computer system identifies a peripheral device as being removed from a direct assignment to a first operating context of a virtualization environment. The peripheral device is DMA capable. The virtualization computer system assigns the peripheral device to a second operating context of the virtualization environment and initiates a device validation against the peripheral device. Based on the device validation indicating that the peripheral device is normal, the virtualization computer system reassigns the peripheral device to a third operating context of the virtualization environment. Based on the device validation indicating that the peripheral device is abnormal, the virtualization computer system excludes the peripheral device from assignment to a third operating context of the virtualization environment.

Abstract: A pneumatic tool includes a motor, a drive mechanism connected to the motor and adapted to drive a piston, and a cylinder filled with high-pressure gas. The piston is accommodated in the cylinder and suitable for a reciprocating motion within the cylinder. The piston is connected to a striking element suitable for striking a workpiece. The drive mechanism includes a blade fixed to the piston and a gear coupled to the motor. The gear includes a plurality of teeth adapted to engage with a plurality of lugs on the blade such that a rotation of the gear is transformed to a linear movement of the blade. The pneumatic tool further includes an electronic device adapted to lock the blade.

Abstract: A method for controlling a plurality of autonomous robots for performing environment maintenance operations includes: generating a setup command that indicates a selected location, a plurality of selected robots, an available time slot, and a distribution mode signal that indicates whether the selected robots are to be controlled based on the available time slot or an inputted priority section; and generating a plurality of sub-routes based on different parameters, depending on the distribution mode signal. The sub-routes are generated to be connected into an unbroken trail. Then, the sub-routes are transmitted to the selected robots, respectively, so as to control each of the selected robots to move along the respective one of the sub-routes.

Abstract: Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.

Abstract: A method of detecting a workpiece jam condition in a pneumatic tool includes striking a workpiece by a blade of the tool, detecting whether a piston to which the blade is attached reaches a predetermined position within a predetermined time, and determining a workpiece jam condition has occurred if the piston does not reach the predetermined position within the predetermined time.

Abstract: A testing device is disclosed. The testing device includes a socket configured to support a DUT and a first detection module disposed at a first side of the socket and configured to detect a location relationship between the DUT and the socket.

Abstract: Virtual baseboard management controller capability to monitor and manage a virtual machine (VM). A guest firmware is operated within a first guest privilege context of a guest partition operating as a VM. The guest partition also includes a second guest privilege context that is restricted from accessing memory associated with the first guest privilege context, and that operates a guest operating system. The guest firmware establishes a communications channel between the first guest privilege context and a client device, and receives a request for performance of a management operation against the VM. The guest firmware initiates the management operation, which includes changing a power state of the VM; stopping or restarting the guest OS; presenting a graphical or serial console associated with the guest OS; updating a firmware associated with the guest partition; or managing a virtual device presented by the first guest privilege context.

Abstract: Handling a memory fault based on detecting whether a memory pointer was invalidated by a pointer authentication (PA) failure. After an access to a memory pointer causes a memory fault, detecting that the memory pointer was invalidated by a PA failure includes creating a new memory pointer by replacing reserved bits of the memory pointer with a default value, and determining that the new memory pointer corresponds to a memory address that falls within executable memory. This determination includes determining that the memory address is within an executable memory page, determining that a call instruction is stored at a prior memory address that immediately precedes the memory address, and/or determining that the memory address corresponds to a code section of an executable file. The PA failure is handled based on logging the PA failure, terminating the application program, and/or resuming execution at an instruction stored at the memory address.

Abstract: A public transport vehicle charging system is applied to multiple charging stations and an electric vehicle. The public transport vehicle charging system includes a server communicatively connected to the charging stations and the electric vehicle. The server is configured to establish a charging decision model according to multiple historical conditions and a transport schedule. The server is configured to calculate multiple ideal decisions according to the historical conditions and the transport schedule, so as to adjust multiple parameters in the charging decision model. When the electric vehicle drives toward a first charging station according to the transport schedule, the server is configured to input a current condition into the charging decision model, so as to selectively charge the electric vehicle by the first charging station. The current condition includes a current remaining power and a current position of the electric vehicle.

Abstract: Transparently providing a virtualization feature to an unenlightened guest operating system (OS). A guest partition, corresponding to a virtual machine, is divided into a first guest privilege context and a second guest privilege context. A compatibility component executes within the first guest privilege context, while a guest OS executes within the second guest privilege context. The compatibility component is configured to intercept input/output (I/O) operations associated with the guest operating OS. Based on the compatibility component intercepting an I/O operation associated with the guest OS, the compatibility component processes the I/O operation using a virtualization feature that is unsupported by the guest OS. Examples of the virtualization feature include accelerated access to a hardware device and virtual machine guest confidentiality.

Abstract: Disclosed herein is a method for identifying and treating an early-stage hepatocellular carcinoma (HCC) in a subject. The method mainly includes determining the level of serum amyloid A (SAA) protein, and providing anti-cancer treatment based on the determined level of SAA protein. According to some embodiments of the present disclosure, the anti-cancer treatment is provided when the determined level of SAA protein is lower than that of a first control sample, or when the determined level of SAA protein is higher than that of a second control sample. In some embodiments, the first control sample is derived from a subject having a late stage HCC, and the second control sample is derived from a subject having a liver disease that is any of hepatitis, liver cirrhosis, or a combination thereof.

Abstract: Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.

Abstract: A method for generating and outputting a message is implemented using an electronic device the stores a computer program product and a text database. The text database includes a main message template, a template text that includes a placeholder, and a word group that includes a plurality of preset words for replacing the placeholder. The method includes: in response to receipt of a command for execution of the computer program product, displaying an editing interface including the main message template; in response to receipt of user operation of a selection of the main message template, displaying the template text; in response to receipt of user operation of a selection of one of the preset words via the user interface, generating an edited text by replacing the placeholder with the one of the preset words in the template text; and outputting the edited text as a message.

Abstract: Data-at-rest protection for virtual machines includes operating a data protection component within a first privilege context of a guest partition, and operating a guest operating system (OS) within a second privilege context of the guest partition. The data protection component participates in data input/output operations of the guest OS. Based on a data output operation of the guest OS, the data protection component applies a first data protection operation to first data associated with the data output operation; and initiates storage of a first result of the first data protection operation to a data storage device. Based a data input operation of the guest OS, the data protection component applies a second data protection operation to second data associated with the data input operation; and, based on applying the second data protection operation to the second data, communicates an outcome of the data input operation to the guest OS.

Abstract: A method against snake envenomation includes administering to a subject in need thereof a pharmaceutical composition containing a flavonoid compound. The flavonoid compound is selected from the group consisting of isorhamnetin, quercetin, and a combination thereof.

Abstract: A method for controlling a plurality of mobile robots is to be implemented by a server that communicates with the plurality of mobile robots and a communication device. The server stores a predetermined working route related to a target area. The method includes steps of: receiving a working instruction from the communication device, the working instruction including area information related to the target area and an input quantity of mobile robots; in response to receipt of the working instruction, dividing the predetermined working route into a plurality of sub-routes, wherein a quantity of the sub-routes equals the input quantity of mobile robots; and sending the sub-routes respectively to a plurality of selected robots that are selected from among the plurality of mobile robots to make the selected robots cooperatively implement a task on the target area by moving along the sub-routes, respectively.

Abstract: A method for controlling a plurality of autonomous robots for performing environment maintenance operations includes: generating a setup command that indicates a selected location, a plurality of selected robots, an available time slot, and a distribution mode signal that indicates whether the selected robots are to be controlled based on the available time slot or an inputted priority section; and generating a plurality of sub-routes based on different parameters, depending on the distribution mode signal. The sub-routes are generated to be connected into an unbroken trail. Then, the sub-routes are transmitted to the selected robots, respectively, so as to control each of the selected robots to move along the respective one of the sub-routes.

Abstract: Performing shadow stack functionality for a thread in an audit mode includes initiating execution of a thread at the processor. Execution of the thread includes initiating execution of executable code of an application binary as part of the thread and enabling shadow stack functionality for the thread in an audit mode. Based at least on the execution of the thread in the audit mode, at least a portion of the shadow stack is enabled to be a circular stack. In response to determining that usage of the shadow stack has reached the defined threshold, one or more currently used entries of the shadow stack are overwritten, preventing the shadow stack from overflowing.

Abstract: Isolating resources of a virtual machine (VM) guest from a host operating system. A computer system receives an acceptance request from a guest partition corresponding to an isolated VM. The acceptance request identifies a guest memory page that is mapped into a guest physical address space of the guest partition, and a memory page visibility class. The computer system determines whether a physical memory page that is mapped to the guest memory page meets the memory page visibility class. The computer system sets a page acceptance indication for the guest memory page from an unaccepted state to an accepted state based on the physical memory page meeting the memory page visibility class.