After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance

Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem

Improving Communication in Scrum Teams

Communication in teams is an important but difficult issue. In a Scrum development process, we use the Daily Scrum meetings to inform others about important problems, news and events in the project. When persons are absent due to holiday, illness or travel, they miss relevant information because there is no document that protocols the content of these meetings. We present a concept and a Twitter-like tool that improves communication in a Scrum development process. We take advantage out of the observation that many people do not like to create documentation but they do like to share what they did. We used the tool in industrial practice and observed an improvement in communication

DATUM in Action

This collaborative research data management planning project (hereafter the RDMP project) sought to help a collaborative group of researchers working on an EU FP7 staff exchange project (hereafter the EU project) to define and implement good research data management practice by developing an appropriate DMP and supporting systems and evaluating their initial implementation. The aim was to "improve practice on the ground" through more effective and appropriate systems, tools/solutions and guidance in managing research data. The EU project (MATSIQEL - (Models for Ageing and Technological Solutions For Improving and Enhancing the Quality of Life), funded under the Marie Curie International Research Staff Exchange Scheme, is accumulating expertise for the mathematical and computer modelling of ageing processes with the aim of developing models which can be implemented in technological solutions (e.g. monitors, telecare, recreational games) for improving and enhancing quality of life.1 Marie Curie projects do not fund research per se, so the EU project has no resources to fund commercial tools for research data management. Lead by Professor Maia Angelova, School of Computing, Engineering and Information Sciences (SCEIS) at Northumbria University, it comprises six work packages involving researchers at Northumbria and in Australia, Bulgaria, Germany, Mexico and South Africa. The RDMP project focused on one of its work packages (WP4 Technological Solutions and Implementation) with some reference to another work package lead by the same person at Northumbria University (WP5 Quality of Life). The RDMP project‟s innovation was less about the choice of platform/system, as it began with existing standard office technology, and more about how this can be effectively deployed in a collaborative scenario to provide a fit-for-purpose solution with useful and usable support and guidance. It built on the success of the Datum for Health project by taking it a stage further, moving from a solely health discipline to an interdisciplinary context of health, social care and mathematical/computer modelling, and from a Postgraduate Research Student context to an academic researcher context, with potential to reach beyond the University boundaries. In addition, since the EU project is re-using data from elsewhere as well as creating its own data; a wide range of RDM issues were addressed. The RDMP project assessed the transferability of the DATUM materials and the tailored DATUM DMP

Looking before leaping: Creating a software registry

What lessons can be learned from examining numerous efforts to create a repository or directory of scientist-written software for a discipline? Astronomy has seen a number of efforts to build such a resource, one of which is the Astrophysics Source Code Library (ASCL). The ASCL (ascl.net) was founded in 1999, had a period of dormancy, and was restarted in 2010. When taking over responsibility for the ASCL in 2010, the new editor sought to answer the opening question, hoping this would better inform the work to be done. We also provide specific steps the ASCL is taking to try to improve code sharing and discovery in astronomy and share recent improvements to the resource.Comment: 11 pages; submission for WSSSPE2. Revised after review for publication in the Journal of Open Research Softwar

The impact of knowledge management processes on organisational performance

Copyright @ 2012 ISEing.In today's increasingly competitive business environment, the use of knowledge to gain a competitive advantage has become a serious concern for all organisations. However, despite the increasing number of studies relating to Knowledge Management (KM) in developed countries, few studies have explored this issue within the context of developing countries. Moreover, some industries have been affected more acutely than others in the transition to a knowledge-based economy. Towards covering this gap, this study aims at investigating the impact of Knowledge Management processes on Organisational Performance (OP). In this paper, the authors propose a conceptual model through an in-depth investigation of the previous and current studies in the area of Knowledge Management and Organisational Performance. Through an extensive classification of Knowledge Management processes, the proposed model explores the impact of each Knowledge Management process on improving the level of Organisational Performance. It is envisaged that this model can play a role in guiding the process of Knowledge Management implementation in order to maximise the beneficial effects of Knowledge Management processes on Organisational Performance

Continuous Rationale Management

Continuous Software Engineering (CSE) is a software life cycle model open to frequent changes in requirements or technology. During CSE, software developers continuously make decisions on the requirements and design of the software or the development process. They establish essential decision knowledge, which they need to document and share so that it supports the evolution and changes of the software. The management of decision knowledge is called rationale management. Rationale management provides an opportunity to support the change process during CSE. However, rationale management is not well integrated into CSE. The overall goal of this dissertation is to provide workflows and tool support for continuous rationale management. The dissertation contributes an interview study with practitioners from the industry, which investigates rationale management problems, current practices, and features to support continuous rationale management beneficial for practitioners. Problems of rationale management in practice are threefold: First, documenting decision knowledge is intrusive in the development process and an additional effort. Second, the high amount of distributed decision knowledge documentation is difficult to access and use. Third, the documented knowledge can be of low quality, e.g., outdated, which impedes its use. The dissertation contributes a systematic mapping study on recommendation and classification approaches to treat the rationale management problems. The major contribution of this dissertation is a validated approach for continuous rationale management consisting of the ConRat life cycle model extension and the comprehensive ConDec tool support. To reduce intrusiveness and additional effort, ConRat integrates rationale management activities into existing workflows, such as requirements elicitation, development, and meetings. ConDec integrates into standard development tools instead of providing a separate tool. ConDec enables lightweight capturing and use of decision knowledge from various artifacts and reduces the developers' effort through automatic text classification, recommendation, and nudging mechanisms for rationale management. To enable access and use of distributed decision knowledge documentation, ConRat defines a knowledge model of decision knowledge and other artifacts. ConDec instantiates the model as a knowledge graph and offers interactive knowledge views with useful tailoring, e.g., transitive linking. To operationalize high quality, ConRat introduces the rationale backlog, the definition of done for knowledge documentation, and metrics for intra-rationale completeness and decision coverage of requirements and code. ConDec implements these agile concepts for rationale management and a knowledge dashboard. ConDec also supports consistent changes through change impact analysis. The dissertation shows the feasibility, effectiveness, and user acceptance of ConRat and ConDec in six case study projects in an industrial setting. Besides, it comprehensively analyses the rationale documentation created in the projects. The validation indicates that ConRat and ConDec benefit CSE projects. Based on the dissertation, continuous rationale management should become a standard part of CSE, like automated testing or continuous integration

How Do Tor Users Interact With Onion Services?

Onion services are anonymous network services that are exposed over the Tor network. In contrast to conventional Internet services, onion services are private, generally not indexed by search engines, and use self-certifying domain names that are long and difficult for humans to read. In this paper, we study how people perceive, understand, and use onion services based on data from 17 semi-structured interviews and an online survey of 517 users. We find that users have an incomplete mental model of onion services, use these services for anonymity and have varying trust in onion services in general. Users also have difficulty discovering and tracking onion sites and authenticating them. Finally, users want technical improvements to onion services and better information on how to use them. Our findings suggest various improvements for the security and usability of Tor onion services, including ways to automatically detect phishing of onion services, more clear security indicators, and ways to manage onion domain names that are difficult to remember.Comment: Appeared in USENIX Security Symposium 201

The Borrowers: Researching the cognitive aspects of translation

The paper considers the interdisciplinary interaction of research on the cognitive aspects of translation. Examples of influence from linguistics, psychology, neuroscience, cognitive science, reading and writing research and language technology are given, with examples from specific sub-disciplines within each one. The breadth of borrowing by researchers in cognitive translatology is made apparent, but the minimal influence of cognitive translatology on the respective disciplines themselves is also highlighted. Suggestions for future developments are made, including ways in which the domain of cognitive translatology might exert greater influence on other disciplines

Improving the Delivery of Key Work Supports: Policy & Practice Opportunities at a Critical Moment

Examines the consequences of a lack of coordination and seamless service delivery across support programs. Outlines policy, procedural, and data utilization options and best practices to expedite receipt of benefits across programs, as well as challenges