Pascal Meunier

Diurnal rhythms in metabolism: A day in the life of a unicellular, diazotrophic cyanobacterium

N2 fixation and oxygenic photosynthesis are important metabolic processes that are at odds with each other, since the N2-fixing enzyme, nitrogenase, is highly sensitive to oxygen. This review will discuss the strategies devised by the unicellular, diazotrophic cyanobacterium, Cyanothece sp. ATCC 51142, to permit N2 fixation and photosynthesis to coexist in the same cell. This strain, like a number of other unicellular and filamentous (non-heterocystous) cyanobacteria, has developed a type of temporal regulation in which N2 fixation and photosynthesis occur at different times throughout a diurnal cycle. For nitrogenase, everyday dawns anew. The nifHDK operon is tightly regulated, such that transcription and translation occur within the first four hours of the dark period; nitrogenase is then proteolytically degraded. Photosynthesis also varies throughout the day reaching a minimum at the peak of nitrogenase activity and a maximum by late afternoon. This review will mainly concentrate on the various changes that occur in the photosynthetic apparatus as the cell modulates O2 evolution. The results indicate that the redox poise of the plastoquinone pool and the overall cellular energy needs are the basic driving forces behind these changes in the photosynthetic apparatus. Throughout the course of the diurnal cycle, Photosystem II becomes very heterogeneous as determined by 77 K fluorescence spectra, PAM fluorescence and O2-flash yield experiments. This system provides some important insight into cyanobacterial state transitions and, especially, on the organization of the photosystems within the membrane. Overall, PS II is altered on both the oxidizing and reducing sides of the photosystem.

Temporal Changes in State Transitions and Photosystem Organization in the Unicellular, Diazotrophic Cyanobacterium Cyanothece sp. ATCC 51142

The unicellular Cyanobacterium Cyanothece sp. ATCC 51142, grown under alternating 12-h light/12-h dark conditions, temporally separated N2 fixation from photosynthesis. The regulation of photosynthesis was studied using fluorescence spectra and kinetics to determine changes in state transitions and photosystem organization. The redox poise of the plastoquinone (PQ) pool appeared to be central to this regulation. Respiration supported N2 fixation by oxidizing carbohydrate granules, but reduced the PQ pool. This induced state 2 photosystem II monomers and lowered the capacity for O2 evolution. State 2 favored photosystem I trimers and cyclic electron transport, which could stimulate N2 fixation; the stimulation suggested an ATP limitation to N2 and CO2 fixation. The exhaustion of carbohydrate granules at around 6 h in the dark resulted in reduced respiratory electron flow, which led to a more oxidized PQ pool and produced a sharp transition from state 2 to state 1. This transient state 1 returned to state 2 in the remaining hours of darkness. In the light phase, photosystem II dimerization correlated with increased phycobilisome coupling to photosystem II (state 1) and increased rates of O2 evolution. However, dark adaptation did not guarantee state 2 and left photosystem I centers in a mostly monomeric state at certain times.

Can source code auditing software identify common vulnerabilities and be used to evaluate software security

Software vulnerabilities are a growing problem (c.f. MITREs CVE, http://eve.mitre.org). Moreover, many of the mistakes leading to vulnerabilities are repeated often. Source code auditing tools could be a great help in identifying common mistakes, or in evaluating the security of software. We investigated the effectiveness of the auditing tools we could access, using the following criteria: number of false positives, false negatives by comparison to known vulnerabilities, and time required to validate the warnings related to vulnerabilities. Some of the known vulnerabilities could not be found by any code auditor, because they were fairly unusual or involved knowledge not contained or codified in the source code. The coding problems that could be identified consisted of string format vulnerabilities, buffer overflows, race conditions, memory leaks, and symlink attacks. However, we found it extremely time-consuming to validate warnings related to the latter four types, because the number of false positives was very high, and because it was not easily apparent if they were real vulnerabilities. These required that the code be audited locally, by people familiar with the code, and carefully inspected to see if the values could be manipulated in such a way as to produce malicious effects. However, the string format vulnerabilities were much easier to recognize. In small and medium scale projects, the open source program Pscan was useful in finding a mix of coding style issues that could potentially enable string format vulnerabilities, as well as actual vulnerabilities. The limitations of Pscan were more obvious in large scale projects like OpenBSD, as more false positives occurred. Clearly, auditing source code for all vulnerabilities remains a time-consuming process, even with the help of the current tools, and more research is needed in identifying and avoiding other common mistakes.

Improved 5-step modeling of the Photosystem II S-state mechanism in cyanobacteria.

We present a model of the S-state mechanism, as well as an improved eigenvalue analysis, that integrate into a coherent ensemble several features found since the S-state model was initially developed. These features include the presence of S−1, deactivations in the dark interval between flashes, and the change in the number of active PS II centers by photoinhibition or photoactivation. A new feature is the capacity to predict the steady-state distribution of S-states under conditions of steady photoinhibition or photoactivation. The improved eigenvalue analysis allowed the calculation of the initial S-state distribution. In addition, the model resolved ‘true’ photochemical misses from apparent misses due to deactivations in the dark interval between flashes. The model suggested that most of the misses that are commonly reported are due to deactivations, and not to an intrinsic inefficiency of the photochemical mechanism of PS II. Because models that allow double-hits encompassing the S2 to S3 transition often predict negative initial quantities of S2 in cyanobacteria, our proposed model specifically prohibited them. The model accounts for inhomogeneous misses and a steady-state distribution of the type (S2)≈(S1)>(S3)≈(S0). This 5-step model uses only 4 probabilities, and is therefore easy to handle. The use of this model is critical for the analysis of several cyanobacterial strains, as well as for any species that show non-negligible deactivations in the dark interval between flashes.

Interaction of the photosynthetic and respiratory electron transport chains producing slow O2 signals under flashing light in Synechocystis sp. PCC 6803

We investigated the slow signal of apparent O2 release under brief light flashes by using mutants of Synechocystis sp. PCC 6803 which lacked CP43 and D1. The slow signal was present at higher amplitudes in the mutants. It was inhibited by starving the mutants of glucose (>90%), by 10 mM NaN3 (85%) and by boiling samples for 2 min (100%). In the mutants and in the wild-type, the slow signal was 95% inhibited by the combination of DBMIB (2,5-dibromo-3-methyl-6-isopropyl-p-benzoquinone) and HQNO (2-n-heptyl-4-hydroxyquinoline-N-oxide). In the wild type, the addition of DCMU (3-(3,4-dichlorophenyl)-1,1-dimethylurea) or CCCP (carbonylcyanide m-chlorophenylhydrazone) completely inhibited photosynthetic O2 evolution, yet failed to inhibit the slow signal. We explain the kinetics of the wild-type signal as a positive deflection due to the inhibition of respiration by PS I activity, and a negative deflection due to the stimulation of respiration by electrons originating from PS II. We found no evidence of a ‘meta-stable S3’ in Synechocystis sp. PCC 6803 that could contribute to the slow signal of apparent O2 release. We present a calculation which involves only averaging, division and subtraction, that can remove the contribution of the slow signal from the true photosynthetic O2 signal and provide up to a 10-fold improved accuracy of the S-state models.

Software transparency and purity

Many software programs contain unadvertised functions that upset users when they discover them. These functions are not bugs, but rather operations intended by their designers to be hidden from end users. The problem is not new—Trojan horses and Easter eggs were among the earliest instances—but it is increasingly common and a source of many risks. I define software transparency as a condition that all functions of software are disclosed to users. Transparency is necessary for proper risk management. The term “transparency” should be used instead of “fully disclosed” to avoid confusion with the “full disclosure” of vulnerabilities. There is a higher standard to be named, because disclosure does not by itself remove objectionable functions. They pose risks while being irrelevant to the software’s stated purpose and utility, and are foreign to its advertised nature. Freedom from such functions is a property that needs a name: loyalty, nonperfidiousness, fidelity, and purity come to mind, but none of them seems exactly right. For the purposes of this column, I shall call it purity. “Pure Software” can theoretically exist without disclosure, but disclosure would be a strong incentive, as previously discussed by Garfinkel (see www.technologyreview.com/Infotech/13556/?a=f ). Purity does not mean free of errors or unchanged since release. It’s possible for pure software to contain errors or to be corrupted. The following examples illustrate some of the risks from opaque and impure software. In 2004, the digital video recording (DVR) equipment maker TiVo was able to tell how many people had paused and rewound to watch Janet Jackson’s wardrobe malfunction in the televised Super Bowl. People could opt out of the data collection by making a phone call. The privacy policy, if it was read, did mention some data collection, but did not disclose its full extent and surprising detail. Very few would likely have opted-in to allow this foreign function. Software purity as a desirable property is highlighted by some of the differences between the GNU Public License (GPL) v2 and v3. The changes can be viewed as intended to protect the capability to remove unwanted functionality from software, including firmware based on GPL code (for example, TiVo). In 2005, the anti-cheating Warden software that was installed with the World of Warcraft online game was found to snoop inside computers. Some people love knowing it is there, whereas others find it distasteful but are unable to make a convincing argument that it is malicious spyware. Despite being authorized by the End-User License Agreement (EULA), it poses risks that were not made clear, through undisclosed, objectionable behaviors. Also in 2005, copy prevention software unexpectedly present on Sony BMG CDs was installed surreptitiously when users attempted to play a CD on their computer. It was later recognized as a rootkit. Ironically, it was reused to attack the Warden. In 2007, people who had paid for Major League Baseball videos from previous years found they were unable to watch them anymore because of a broken Digital Rights Management (DRM) system, because the server providing authorization was decommissioned without warning. Fragile DRM systems, such as those requiring an available server, are undesirable because of the risks they present while being foreign to the advertised features or content. Also in 2007, Microsoft Live OneCare surreptitiously changed user settings when installed to enable automatic updates and re-enable Windows services that were disabled on purpose; this is documented obscurely. Whereas it was not malicious, it caused many problems to users and system administrators and was vehemently protested. Surreptitious functions pose risks, even if well intentioned. Software transparency and purity are often valued but not explicitly identified. Beyond the obvious information security risks to users, opaque or impure software also poses business risks in the form of loss of reputation, trust, goodwill, sales, and contracts. It may be that transparency alone is enough for some purposes, and others may also require software purity. An explicit requirement of whichever is appropriate would decrease risks.

ActiveSync, TCP/IP and 802.11b wireless vulnerabilities of WinCE-based PDAs

Researching the vulnerabilities and security concerns of WinCE-based personal digital assistants (PDAs) in an 802.11 wireless environment resulted in identifying CAN-2001-{0158 to 0163}. The full understanding and demonstration of vulnerabilities would have required reverse engineering ActiveSync, which was beyond the scope of this research. Moreover, the WinCE IP stack demonstrated instabilities under a number of attacks, one of which produced symptoms in hardware. The inaccessibility of the 802.11b standard documentation was a source of delays in the research; however, we created three proof-of-concept applications to defeat 802.11b security. One collects valid MAC addresses on the network, which defeats MAC-address-based restrictions. Another builds a code book using known-plaintext attacks, and the third decrypts 802.11b traffic on-the-fly using the code book.

Procedures for the Isolation of Cyanobacterial Random Mutants with a Digital Imaging Spectrophotometer

We investigated the use of the Digital Imaging Spectrophotometer (Youvan et al., 1995) for the primary isolation of photosynthetic mutants in the cyanobacterium Synechocystis sp. PCC 6803. We tested the system with two previously characterized mutants of Synechocystis sp. PCC 6803: the Del-1 mutant, a partial deletion mutant of the psbB gene (Eaton-Rye and Vermaas, 1991), and the ΔpsbO mutant, a complete deletion of the psbO gene (Burnap and Sherman, 1991). We found that the considiration of colony sizes vs camera resolution is important for avoiding the isolation of false positive mutants. We modified the instrument by adding a magnifying lens for fluorescence imaging of plates inside the sphere. We proposed three ways in which the DIS can be used to isolate cyanobacterial random mutants: direct fluorescence intensity, fluorescence image ratios, and PC/Chl ratios calculated from absorbance. The reliabilty of each of those methods is excellent for differentiating existing PSII deletion mutants. We also proposed a statistical criterion for selecting significantly different mutants.