On the Feasibility of Fine-Grained TLS Security Configurations in Web Browsers Based on the Requested Domain Name

Most modern web browsers today sacrifice optimal TLS security for backward compatibility. They apply coarse-grained TLS configurations that support (by default) legacy versions of the protocol that have known design weaknesses, and weak ciphersuites that provide fewer security guarantees (e.g. non Forward Secrecy), and silently fall back to them if the server selects to. This introduces various risks including downgrade attacks such as the POODLE attack [15] that exploits the browsers silent fallback mechanism to downgrade the protocol version in order to exploit the legacy version flaws. To achieve a better balance between security and backward compatibility, we propose a mechanism for fine-grained TLS configurations in web browsers based on the sensitivity of the domain name in the HTTPS request using a whitelisting technique. That is, the browser enforces optimal TLS configurations for connections going to sensitive domains while enforcing default configurations for the rest of the connections. We demonstrate the feasibility of our proposal by implementing a proof-of-concept as a Firefox browser extension. We envision this mechanism as a built-in security feature in web browsers, e.g. a button similar to the \quotes{Bookmark} button in Firefox browsers and as a standardised HTTP header, to augment browsers security

Admission Control and Scheduling for High-Performance WWW Servers

In this paper we examine a number of admission control and scheduling protocols for high-performance web servers based on a 2-phase policy for serving HTTP requests. The first "registration" phase involves establishing the TCP connection for the HTTP request and parsing/interpreting its arguments, whereas the second "service" phase involves the service/transmission of data in response to the HTTP request. By introducing a delay between these two phases, we show that the performance of a web server could be potentially improved through the adoption of a number of scheduling policies that optimize the utilization of various system components (e.g. memory cache and I/O). In addition, to its premise for improving the performance of a single web server, the delineation between the registration and service phases of an HTTP request may be useful for load balancing purposes on clusters of web servers. We are investigating the use of such a mechanism as part of the Commonwealth testbed being developed at Boston University

The construction of global management consulting - a study of consultancies’ web presentations

Management consulting increasingly appears as a global endeavour as reflected in the increasing dominance of a few large, global management-consulting firms. However, features of the consulting service (e.g. its immaterial and interactional character) as well as aspects of management (e.g. its cultural anchoredness) highlight the locality of management consulting. In this paper we approach this tension between the global and the local by seeing consulting as involving the creation of generalised myths. More specifically, we ask the question: How do global consulting companies construct the viability and desirability of their services? Based on a view of management consultants as mythmakers, we study the argumentation on corporate web sites of four leading global consultancies in five different countries. Applying a framework based on the sociology of translation, we analyze the translation strategies used in making the service of global consultancies both viable and indispensable. We find that the need for consultants is to a large extent constructed through defining management as an expert activity, thus creating a need for external advisors possessing globally applicable expert knowledge. In this effort, the consultants ally with three widely spread rationalized managerial myths – the rationality myth, the globalization myth and the universality myth. We conclude, that global consulting firms are actively involved in creating and reinforcing the very same institutions, which are the prerequisites for their future success.management consulting; globalization; myth making

Where are your Manners? Sharing Best Community Practices in the Web 2.0

The Web 2.0 fosters the creation of communities by offering users a wide array of social software tools. While the success of these tools is based on their ability to support different interaction patterns among users by imposing as few limitations as possible, the communities they support are not free of rules (just think about the posting rules in a community forum or the editing rules in a thematic wiki). In this paper we propose a framework for the sharing of best community practices in the form of a (potentially rule-based) annotation layer that can be integrated with existing Web 2.0 community tools (with specific focus on wikis). This solution is characterized by minimal intrusiveness and plays nicely within the open spirit of the Web 2.0 by providing users with behavioral hints rather than by enforcing the strict adherence to a set of rules.Comment: ACM symposium on Applied Computing, Honolulu : \'Etats-Unis d'Am\'erique (2009

The construction of global management consulting - a study of consultancies’ web presentations

Management consulting increasingly appears as a global endeavour as reflected in the increasing dominance of a few large, global management-consulting firms. However, features of the consulting service (e.g. its immaterial and interactional character) as well as aspects of management (e.g. its cultural anchoredness) highlight the locality of management consulting. In this paper we approach this tension between the global and the local by seeing consulting as involving the creation of generalised myths. More specifically, we ask the question: How do global consulting companies construct the viability and desirability of their services? Based on a view of management consultants as mythmakers, we study the argumentation on corporate web sites of four leading global consultancies in five different countries. Applying a framework based on the sociology of translation, we analyze the translation strategies used in making the service of global consultancies both viable and indispensable. We find that the need for consultants is to a large extent constructed through defining management as an expert activity, thus creating a need for external advisors possessing globally applicable expert knowledge. In this effort, the consultants ally with three widely spread rationalized managerial myths – the rationality myth, the globalization myth and the universality myth. We conclude, that global consulting firms are actively involved in creating and reinforcing the very same institutions, which are the prerequisites for their future success.management consulting; globalization; myth making

Basis Token Consistency: A Practical Mechanism for Strong Web Cache Consistency

With web caching and cache-related services like CDNs and edge services playing an increasingly significant role in the modern internet, the problem of the weak consistency and coherence provisions in current web protocols is becoming increasingly significant and drawing the attention of the standards community [LCD01]. Toward this end, we present definitions of consistency and coherence for web-like environments, that is, distributed client-server information systems where the semantics of interactions with resource are more general than the read/write operations found in memory hierarchies and distributed file systems. We then present a brief review of proposed mechanisms which strengthen the consistency of caches in the web, focusing upon their conceptual contributions and their weaknesses in real-world practice. These insights motivate a new mechanism, which we call "Basis Token Consistency" or BTC; when implemented at the server, this mechanism allows any client (independent of the presence and conformity of any intermediaries) to maintain a self-consistent view of the server's state. This is accomplished by annotating responses with additional per-resource application information which allows client caches to recognize the obsolescence of currently cached entities and identify responses from other caches which are already stale in light of what has already been seen. The mechanism requires no deviation from the existing client-server communication model, and does not require servers to maintain any additional per-client state. We discuss how our mechanism could be integrated into a fragment-assembling Content Management System (CMS), and present a simulation-driven performance comparison between the BTC algorithm and the use of the Time-To-Live (TTL) heuristic.National Science Foundation (ANI-9986397, ANI-0095988

The effectiveness of the creativity trigger module in achieving higher levels of creative thinking among prospective teachers

The unoptimised level of creative thinking is seen as an issue among Semester 8 prospective teachers in Malaysian Teacher-Education Institutes (IPG). This could impede their teaching of creative thinking as one of the four components of 21st century skills in schools. In relation to this, this study sets out to investigate prior creativity levels of IPG prospective teachers and develop the Creativity Trigger Module (CTM) as a training module for enhancing their creativity. The Torrance Tests of Creative Thinking (TTCT) was used to compare the prior creativity levels of four respondent groups and test the effectiveness of the CTM on five dimensions of figural creativity, namely fluency, originality, elaboration, resistance to premature closure, abstractness of titles, and their overall creativity. A two-stage cluster sampling technique identified two IPGs with 68 respondents in the state of Johor namely, IPG-Kampus Tun Hussein Onn, Batu Pahat (IPGKTHO) as the control group site (34 respondents), and IPG- Kampus Temenggong Ibrahim, Johor Bahru (IPGKTI) as the treatment group site (34 respondents). Mathematics (MT) and Design and Technology (RBT) are the only two specialist subject combinations that provided enough sample size at both test sites. A quasi-experimental research design was used and this involved intact classes. Data analysis was carried out as follows: ANOVA, ANCOVA, and Wilcoxon Signed Rank Test analysis for TTCT scores while data analysis based on the NVivo software was used for the focus group interviews. Findings on prior creativity levels showed average or low creativity levels among all 4 test groups with IPGKTHO and RBT options having significantly higher posttest marks as compared to IPGKTI and MT option respectively. The CTM was found to improve significantly respondents’ posttest marks for the treatment group in all the five dimensions of figural creativity and, their overall creativity. Feedback from respondents revealed positive support for the CTM. In conclusion, the prior creativity of IPG prospective teachers was at an unoptimised level before treatment but the CTM has been successfully developed as an effective resource for enhancing the creative thinking levels among IPG prospective teachers

The Art of Legislative Lawyering and the Six Circles Theory of Advocacy

A legislative lawyer is a person who exists in Washington, D.C., and in almost every city and state in this country where legislation and administrative regulations are developed. But most people do not know who that person is or what that person does. In fact, most advocacy organizations that should be hiring legislative lawyers have no idea who a legislative lawyer is. The author coined the term legislative lawyer when she created a Federal Legislation Clinic at the Georgetown University Law Center in Washington, D.C. over a decade ago. The author needed to explain to her faculty colleagues what type of law she intended to teach her students in the Clinic and why such learning deserved six (now ten) law school credits. The author explained at the time, legislative lawyers are individuals who practice law in a political, advocacy context. Good legislative lawyers are: (1) good at comprehending, analyzing, and manipulating legal text and, at the same time, good at understanding the political dynamics of legislative and administrative systems; (2) able to gain the trust and respect of both legal players and political players in an advocacy effort because of their joint competency in law and politics; and (3) able, because of such trust and respect, to be effective and creative translators and negotiators between the often disparate worlds of law, policy, and politics. The author’s primary goal in this article is to describe the skills and talents of a good legislative lawyer. The legislative lawyer is a key component of the author’s Six Circles Theory of Effective Advocacy. She developed this theory mostly (although not exclusively) out of her experience working on the Americans with Disabilities Act from 1988 to 1990. An additional goal of this article, therefore, is to set forth the Six Circles Theory of Effective Advocacy and to highlight its potential contribution towards structuring an effective legislative or regulatory effort. The author’s final goal of this article is to provide an overview of how she teaches legislative lawyering in a law school clinical setting. The author hopes this section of the article, together with its appendices, will be useful to anyone who wishes to establish a similar clinic focusing on legislation and administrative regulations

Online cooperation learning environment : a thesis presented in partial fulfillment of the requirements for the degree of Master of Science in Computer Science at Massey University, Albany, New Zealand

This project aims to create an online cooperation learning environment for students who study the same paper. Firstly, the whole class will be divided into several tutorial peer groups. One tutorial group includes five to seven students. The students can discuss with each other in the same study group, which is assigned by the lecturer. This is achieved via an online cooperation learning environment application (OCLE), which consists of a web based J2EE application and a peer to peer (P2P) java application, cooperative learning tool (CLT). It can reduce web server traffic significantly during online tutorial discussion time