16,039 research outputs found
Refactoring Legacy JavaScript Code to Use Classes: The Good, The Bad and The Ugly
JavaScript systems are becoming increasingly complex and large. To tackle the
challenges involved in implementing these systems, the language is evolving to
include several constructions for programming- in-the-large. For example,
although the language is prototype-based, the latest JavaScript standard, named
ECMAScript 6 (ES6), provides native support for implementing classes. Even
though most modern web browsers support ES6, only a very few applications use
the class syntax. In this paper, we analyze the process of migrating structures
that emulate classes in legacy JavaScript code to adopt the new syntax for
classes introduced by ES6. We apply a set of migration rules on eight legacy
JavaScript systems. In our study, we document: (a) cases that are
straightforward to migrate (the good parts); (b) cases that require manual and
ad-hoc migration (the bad parts); and (c) cases that cannot be migrated due to
limitations and restrictions of ES6 (the ugly parts). Six out of eight systems
(75%) contain instances of bad and/or ugly cases. We also collect the
perceptions of JavaScript developers about migrating their code to use the new
syntax for classes.Comment: Paper accepted at 16th International Conference on Software Reuse
(ICSR), 2017; 16 page
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
Hosting providers play a key role in fighting web compromise, but their
ability to prevent abuse is constrained by the security practices of their own
customers. {\em Shared} hosting, offers a unique perspective since customers
operate under restricted privileges and providers retain more control over
configurations. We present the first empirical analysis of the distribution of
web security features and software patching practices in shared hosting
providers, the influence of providers on these security practices, and their
impact on web compromise rates. We construct provider-level features on the
global market for shared hosting -- containing 1,259 providers -- by gathering
indicators from 442,684 domains. Exploratory factor analysis of 15 indicators
identifies four main latent factors that capture security efforts: content
security, webmaster security, web infrastructure security and web application
security. We confirm, via a fixed-effect regression model, that providers exert
significant influence over the latter two factors, which are both related to
the software stack in their hosting environment. Finally, by means of GLM
regression analysis of these factors on phishing and malware abuse, we show
that the four security and software patching factors explain between 10\% and
19\% of the variance in abuse at providers, after controlling for size. For
web-application security for instance, we found that when a provider moves from
the bottom 10\% to the best-performing 10\%, it would experience 4 times fewer
phishing incidents. We show that providers have influence over patch
levels--even higher in the stack, where CMSes can run as client-side
software--and that this influence is tied to a substantial reduction in abuse
levels
BlackWatch:increasing attack awareness within web applications
Web applications are relied upon by many for the services they provide. It is essential that applications implement appropriate security measures to prevent security incidents. Currently, web applications focus resources towards the preventative side of security. Whilst prevention is an essential part of the security process, developers must also implement a level of attack awareness into their web applications. Being able to detect when an attack is occurring provides applications with the ability to execute responses against malicious users in an attempt to slow down or deter their attacks. This research seeks to improve web application security by identifying malicious behaviour from within the context of web applications using our tool BlackWatch. The tool is a Python-based application which analyses suspicious events occurring within client web applications, with the objective of identifying malicious patterns of behaviour. This approach avoids issues typically encountered with traditional web application firewalls. Based on the results from a preliminary study, BlackWatch was effective at detecting attacks from both authenticated, and unauthenticated users. Furthermore, user tests with developers indicated BlackWatch was user friendly, and was easy to integrate into existing applications. Future work seeks to develop the BlackWatch solution further for public release
Programming patterns and development guidelines for Semantic Sensor Grids (SemSorGrid4Env)
The web of Linked Data holds great potential for the creation of semantic applications that can combine self-describing structured data from many sources including sensor networks. Such applications build upon the success of an earlier generation of 'rapidly developed' applications that utilised RESTful APIs. This deliverable details experience, best practice, and design patterns for developing high-level web-based APIs in support of semantic web applications and mashups for sensor grids. Its main contributions are a proposal for combining Linked Data with RESTful application development summarised through a set of design principles; and the application of these design principles to Semantic Sensor Grids through the development of a High-Level API for Observations. These are supported by implementations of the High-Level API for Observations in software, and example semantic mashups that utilise the API
HiER 2015. Proceedings des 9. Hildesheimer Evaluierungs- und Retrievalworkshop
Die Digitalisierung formt unsere Informationsumwelten. Disruptive Technologien dringen verstÀrkt und immer schneller in unseren Alltag ein und verÀndern unser Informations- und Kommunikationsverhalten. InformationsmÀrkte wandeln sich. Der 9. Hildesheimer Evaluierungs- und Retrievalworkshop HIER 2015 thematisiert die Gestaltung und Evaluierung von Informationssystemen vor dem Hintergrund der sich beschleunigenden Digitalisierung. Im Fokus stehen die folgenden Themen: Digital Humanities, Internetsuche und Online Marketing, Information Seeking und nutzerzentrierte Entwicklung, E-Learning
A methodology for full-system power modeling in heterogeneous data centers
The need for energy-awareness in current data centers has encouraged the use of power modeling to estimate their power consumption. However, existing models present noticeable limitations, which make them application-dependent, platform-dependent, inaccurate, or computationally complex. In this paper, we propose a platform-and application-agnostic methodology for full-system power modeling in heterogeneous data centers that overcomes those limitations. It derives a single model per platform, which works with high accuracy for heterogeneous applications with different patterns of resource usage and energy consumption, by systematically selecting a minimum set of resource usage indicators and extracting complex relations among them that capture the impact on energy consumption of all the resources in the system. We demonstrate our methodology by generating power models for heterogeneous platforms with very different power consumption profiles. Our validation experiments with real Cloud applications show that such models provide high accuracy (around 5% of average estimation error).This work is supported by the Spanish Ministry of Economy and Competitiveness under contract TIN2015-65316-P, by the Gener-
alitat de Catalunya under contract 2014-SGR-1051, and by the European Commission under FP7-SMARTCITIES-2013 contract 608679 (RenewIT) and FP7-ICT-2013-10 contracts 610874 (AS- CETiC) and 610456 (EuroServer).Peer ReviewedPostprint (author's final draft
- âŠ