Static detection of silent misconfigurations with deep interaction analysis

The behavior of large systems is guided by their configurations: users set parameters in the configuration file to dictate which corresponding part of the system code is executed. However, it is often the case that, although some parameters are set in the configuration file, they do not influence the system runtime behavior, thus failing to meet the user’s intent. Moreover, such misconfigurations rarely lead to an error message or raising an exception. We introduce the notion of silent misconfigurations which are prohibitively hard to identify due to (1) lack of feedback and (2) complex interactions between configurations and code. This paper presents ConfigX, the first tool for the detection of silent misconfigurations. The main challenge is to understand the complex interactions between configurations and the code that they affected. Our goal is to derive a specification describing non-trivial interactions between the configuration parameters that lead to silent misconfigurations. To this end, ConfigX uses static analysis to determine which parts of the system code are associated with configuration parameters. ConfigX then infers the connections between configuration parameters by analyzing their associated code blocks. We design customized control- and data-flow analysis to derive a specification of configurations. Additionally, we conduct reachability analysis to eliminate spurious rules to reduce false positives. Upon evaluation on five real-world datasets across three widely-used systems, Apache, vsftpd, and PostgreSQL, ConfigX detected more than 2200 silent misconfigurations. We additionally conducted a user study where we ran ConfigX on misconfigurations reported on user forums by real-world users. ConfigX easily detected issues and suggested repairs for those misconfigurations. Our solutions were accepted and confirmed in the interaction with the users, who originally posted the problems.

Reproducibility study of the Fabbri et al. 2017 model of the human sinus node action potential

The sinoatrial node (SAN) is the natural pacemaker of the mammalian heart. It has been the subject of several mathematical studies, aimed at reproducing its electrical response under normal sinus rhythms, as well as under various conditions. Such studies were traditionally done using data from rabbit SAN cells. More recently, human SAN cell data have become available, resulting in the publication of a human SAN cell model (Fabbri et al., 2017), along with its CellML version. Here, we used the CellML file provided by the model authors, together with some SED-ML files and Python scripts that we created to reproduce the main results of the aforementioned modeling study. EDITOR'S NOTE (v2): this article and its OMEX archive are republished with technical changes made to the corresponding Python scripts to remove a run-time error message displayed when executing each simulation.

Reproducibility study of the Fabbri et al. 2017 model of the human sinus node action potential

The sinoatrial node (SAN) is the natural pacemaker of the mammalian heart. It has been the subject of several mathematical studies, aimed at reproducing its electrical response under normal sinus rhythms, as well as under various conditions. Such studies were traditionally done using data from rabbit SAN cells. More recently, human SAN cell data have become available, resulting in the publication of a human SAN cell model (Fabbri et al., 2017), along with its CellML version. Here, we used the CellML file provided by the model authors, together with some SED-ML files and Python scripts that we created to reproduce the main results of the aforementioned modeling study. EDITOR'S NOTE (v2): this article and its OMEX archive are republished with technical changes made to the corresponding Python scripts to remove a run-time error message displayed when executing each simulation.

Penerapan Sistem Keamanan Web Menggunakan Metode Web Aplication Firewall

The application of a security system on the web needs to be done considering that the web itself can be accessed through a public network. In this study, a Web Application Firewall (WAF)-based security system will be implemented using modsecurity, in which the purpose of implementing this web security system is to understand the concept of a security system on the web and pay attention to the results before the application of the firewall and after the application of the firewall on the web. This research uses experimental research methods, in this study the implementation of a web application firewall (WAF) using modsecurity as a web security system is carried out, then an analysis is carried out to get the right recommendations for a firewall as a web security system. The results of this study indicate that a firewall using the modSecurity module and rule based on the Web Application Firewall (WAF) on a web security system can block SQL Injection, Cross Site Scripting (XSS), and Command Execution by displaying an error message to the user who performs the command.

Transform DOI system into a giant science hub

In its current mode of identification of scientific publications, the digital object identifier (DOI) is not more than a web linking of published material to their publishing sources. When a given DOI is searched in the DOI website (doi.org), we are redirected to the publishing websites, if the material is available, or an error message (Not Found) will appear if the DOI-associated content is not available or has moved to a new location. To bestow a worthwhile value to DOI assignations, I suggest the establishment of a unique persistent DOI database (for e.g., as a DOI hub, DOI library, or DOI indexer) in which all the DOI assigned by publishers and journals will be listed in one and same place with basics bibliographic metadata and complete citation information, including the DOI link itself, authors’ names, manuscripts’ titles, publishing source, date of publication, and ideally abstracts and full text if available for free (open access). As a result, when a DOI is searched in the DOI hub, full bibliographic information should be retrievable regardless of its status in the publishing source. Basic indexation information and metadata associated with published articles will thus be always accessible and findable independently from the publishing sources. A unique, general and long-term preserved DOI hub will make it easy to search, find and cite scientific literature from the various scientific fields even if a journal or publisher ceases its publishing activity.

Reference rot degrades information preservation and induces the loss of intellectual integrity

The age of open access has ushered in a greater desire to cross-cite information from a multitude of sources, some of which may have a determined fate and life cycle. Information insecurity caused by the loss or transposition of information also negatively impacts information integrity by reducing its use and usefulness. Reference rot refers to the phenomenon in which the link to a web resource or journal article URL no longer function, revealing instead a “404 not found” error message. Reference rot can reduce the reliability and usefulness of a manuscript because access to information supporting claims and/or positions within a paper ceases to exist. Academic papers carry a complex mixture of information that is derived from a multitude of sources. Collectively, they ensure a paper’s health and functionality, aspects that fade as access to supporting information becomes truncated, i.e., reference rot, ultimately reducing the usefulness of the academic paper, and making it, and its claims, unreliable. Although it is a cumbersome task, as the curators of academic and scientific information, extant journals and their editors should revisit URLs in the reference lists regularly to update any broken links or URLs, and correct reference lists accordingly. This laborious task should involve close coordination between editors and authors to ensure, as best as possible, the sustained integrity of citations and thus the information backbone of a manuscript. An academic paper with a strong, or fortified, citation base, has greater information integrity, reliability and use for science and society.

Management of Internet Bandwidth Implementing CoovaChilli and Free Radius

With rapid growth in popularity and use of Internet in academic institutions, the institutions are struggling to keep up with the demand. They need capability to effectively control, monitor and optimize the available bandwidth to ensure good service at optimum cost. This paper has described implementation of Coovachilli and free radius for management of internet bandwidth in academic institutions. During this research, freeware tools such as Freeradius and CoovaChilli have been used to manage Internet bandwidth on a per-user basis based on user credentials. The mechanisms have been used to control bandwidth of Wireless users. Same can be used for wired connections also. When a user tries to connect, the user is redirected to a captive portal under CoovaChilli. There the user provides login and password. Based on the credentials thus provided, CoovaChilli checks identity with the Freeradius. If authorized, the client is allowed access with the bandwidth as mentioned in the profile of the user in WISPr attributes define in Radreply table of Freeradius. When the user is not authorized, CoovaChilli sends an error message. This paper demonstrates that bandwidth can be effectively monitored, managed and optimized by using cost-effective open-source tools in the existing network scenario of the institution.

Meta-analytic structural equation modeling made easy: A tutorial and web application for one-stage MASEM

Meta-analytic Structural Equation Modeling (MASEM) refers to fitting structural equation models (such as path models or factor models) to meta-analytic data. Currently, fitting MASEMs may be challenging for researchers that are not accustomed to working with R software and packages. Therefore, we developed webMASEM; a web application for MASEM. This app implements the one-stage MASEM approach, and allows users to apply MASEM in a user-friendly way. The aim of this article is to provide a tutorial on one-stage MASEM and a practical guide to webMASEM. We will pay specific attention to how the data should be structured and prepared for webMASEM, because mistakes in this step may lead to faulty results without receiving an error message. The use of webMASEM is illustrated with an analysis of a meta-analytic path model in which the path coefficients are moderated by a study-level variable, and a meta-analytic factor model in which the factor loadings are moderated by a study-level variable. All used datafiles and R-codes are available online.

Random missing tooth error detection in crankshaft function of an engine control unit

Automotive industry is migrating to electronic based control which has promoted the evaluation and enhancement of engine control performance using electronic components in the research field. Modern engines are controlled by Engine Control Unit (ECU) where not only functions and control systems are in placed, but also the fail-safe mechanisms must be integrated in the ECU to ensure user safety when an error occurred. This work focuses on developing a reliable crankshaft function in an ECU using field-programmable gate array (FPGA). ABa test is carried out and the number of occurrences at unintended location are being monitored in the system to detect the random missing tooth. The reliability of the function is tested by evaluating response of the crankshaft function in an ECU when an unexpected missing tooth occurs during its operation. The developed system is able to detect the random missing tooth on a crank trigger wheel at an accuracy of 100% when the wheel is on a run at a constant wheel rotational speed. It also flags error message for further processing in other functional units of the ECU as a safe-fail mechanism for the system. Implementation of the random missing tooth detection in the crankshaft function is shown to work in the system which is developed using Verilog code