Abstract: This article reviews PsyToolkit, a free web-based service designed for setting up, running, and analyzing online questionnaires and reaction-time (RT) experiments. It comes with extensive documenta...

Abstract: The maturation of the Web platform has given rise to sophisticated and demanding Web applications such as interactive 3D visualization, audio and video software, and games. With that, efficiency and security of code on the Web has become more important than ever. Yet JavaScript as the only built-in language of the Web is not well-equipped to meet these requirements, especially as a compilation target. Engineers from the four major browser vendors have risen to the challenge and collaboratively designed a portable low-level bytecode called WebAssembly. It offers compact representation, efficient validation and compilation, and safe low to no-overhead execution. Rather than committing to a specific programming model, WebAssembly is an abstraction over modern hardware, making it language-, hardware-, and platform-independent, with use cases beyond just the Web. WebAssembly has been designed with a formal semantics from the start. We describe the motivation, design and formal semantics of WebAssembly and provide some preliminary experience with implementations.

Abstract: Nowadays, web applications are becoming one of the standard platforms for representing data and service releases over the World Wide Web. Since web applications are progressively more utilized for security-critical services, therefore they have turned out to be a well-liked and precious target for the web-related vulnerabilities. Even though several defensive mechanisms have been building up to reinforce the modern web applications and alleviate the attacks instigated against them. We have analyzed the major concerns for web applications and Internet-based services which are persistent in several web applications of diverse organizations like banking, health care, financial service, retail and so on by the referring the Website Security Statistics Report of White Hat Security. In this paper, we highlight some of the serious vulnerabilities found in the modern web applications and revealed various serious vulnerabilities. Cross-Site Scripting (XSS) attack is the top most vulnerability found in the today’s web applications which to be a plague for the modern web applications. XSS attacks permit an attacker to execute the malicious scripts on the victim’s web browser resulting in various side-effects such as data compromise, stealing of cookies, passwords, credit card numbers etc. We have also discussed a high level of taxonomy of XSS attacks and detailed incidences of these attacks on web applications. A detailed comprehensive analysis of the exploitation, detection and prevention mechanisms of XSS attacks has also been discussed. Based on explored strength and flaws of these mechanisms, we have discussed some further work.

Abstract: Learn how to use Solidity and the Ethereum project second only to Bitcoin in market capitalization Blockchain protocols are taking the world by storm, and the Ethereum project, with its Turing-complete scripting language Solidity, has rapidly become a front-runner This bookpresents the blockchain phenomenon in context; then situates Ethereum in a world pioneered by Bitcoin See why professionals and non-professionals alike are honing their skills in smart contract patterns and distributed application development You'll review the fundamentals of programming and networking, alongside its introduction to the new discipline of crypto-economics You'll then deploy smart contracts of your own, and learn how they can serve as a back-end for JavaScript and HTML applications on the Web Many Solidity tutorials out there today have the same flaw: they are written for advanced JavaScript developers who want to transfer their skills to a blockchain environment Introducing Ethereum and Solidityis accessible to technology professionals and enthusiasts of all levels Youll find exciting sample code that can move forward real world assets in both the academic and the corporate arenas Find out now why this book is a powerful gateway for creative technologists of all types, from concept to deployment What Youll LearnSee how Ethereum (and other cryptocurrencies) work Compare distributed apps (dapps) to web appsWrite Ethereum smart contracts in Solidity Connect Ethereum smart contracts to your HTML/CSS/JavaScript web applications Deploy your own dapp, coin, and blockchain Work with basic and intermediate smart contracts Who This Book Is For Anyone who is curious about Ethereum or has some familiarity with computer science Product managers, CTOs, and experienced JavaScript programmers Experts will find the advanced sample projects in this book rewarding because of the power of Solidity

Abstract: Our life is characterized by the presence of a multitude of interactive devices and smart objects exploited for disparate goals in different contexts of use. Thus, it is impossible for application developers to predict at design time the devices and objects users will exploit, how they will be arranged, and in which situations and for which objectives they will be used. For such reasons, it is important to make end users able to easily and autonomously personalize the behaviour of their Internet of Things applications, so that they can better comply with their specific expectations. In this paper, we present a method and a set of tools that allow end users without programming experience to customize the context-dependent behaviour of their Web applications through the specification of trigger-action rules. The environment is able to support end-user specification of more flexible behaviour than what can be done with existing commercial tools, and it also includes an underlying infrastructure able to detect the possible contextual changes in order to achieve the desired behaviour. The resulting set of tools is able to support the dynamic creation and execution of personalized application versions more suitable for users’ needs in specific contexts of use. Thus, it represents a contribution to obtaining low threshold/high ceiling environments. We also report on an example application in the home automation domain, and a user study that has provided useful positive feedback.

Abstract: Continued advancements in sequencing technologies have fueled the development of new sequencing applications and promise to flood current databases with raw data. A number of factors prevent the seamless and easy use of these data, including the breadth of project goals, the wide array of tools that individually perform fractions of any given analysis, the large number of associated software/hardware dependencies, and the detailed expertise required to perform these analyses. To address these issues, we have developed an intuitive web-based environment with a wide assortment of integrated and cutting-edge bioinformatics tools in pre-configured workflows. These workflows, coupled with the ease of use of the environment, provide even novice next-generation sequencing users with the ability to perform many complex analyses with only a few mouse clicks and, within the context of the same environment, to visualize and further interrogate their results. This bioinformatics platform is an initial attempt at Empowering the Development of Genomics Expertise (EDGE) in a wide range of applications for microbial research.

Abstract: Many popular web applications incorporate end-to-end secure messaging protocols, which seek to ensure that messages sent between users are kept confidential and authenticated, even if the web application's servers are broken into or otherwise compelled into releasing all their data. Protocols that promise such strong security guarantees should be held up to rigorous analysis, since protocol flaws and implementations bugs can easily lead to real-world attacks. We propose a novel methodology that allows protocol designers, implementers, and security analysts to collaboratively verify a protocol using automated tools. The protocol is implemented in ProScript, a new domain-specific language that is designed for writing cryptographic protocol code that can both be executed within JavaScript programs and automatically translated to a readable model in the applied pi calculus. This model can then be analyzed symbolically using ProVerif to find attacks in a variety of threat models. The model can also be used as the basis of a computational proof using CryptoVerif, which reduces the security of the protocol to standard cryptographic assumptions. If ProVerif finds an attack, or if the CryptoVerif proof reveals a weakness, the protocol designer modifies the ProScript protocol code and regenerates the model to enable a new analysis. We demonstrate our methodology by implementing and analyzing a variant of the popular Signal Protocol with only minor differences. We use ProVerif and CryptoVerif to find new and previously-known weaknesses in the protocol and suggest practical countermeasures. Our ProScript protocol code is incorporated within the current release of Cryptocat, a desktop secure messenger application written in JavaScript. Our results indicate that, with disciplined programming and some verification expertise, the systematic analysis of complex cryptographic web applications is now becoming practical.

Abstract: While simulated game environments have greatly accelerated research in reinforcement learning, existing environments lack the open-domain realism of tasks in computer vision or natural language processing, which operate on artifacts created by humans in natural, organic settings. To foster reinforcement learning research in such settings, we introduce the World of Bits (WoB), a platform in which agents complete tasks on the Internet by performing low-level keyboard and mouse actions. The two main challenges are: (i) to curate a diverse set of natural webbased tasks, and (ii) to ensure that these tasks have a well-defined reward structure and are reproducible despite the transience of the web. To tackle this, we develop a methodology in which crowdworkers create tasks defined by natural language questions and provide demonstrations of how to answer the question on real websites using keyboard and mouse; HTTP traffic is cached to create a reproducible offline approximation of the website. Finally, we show that agents trained via behavioral cloning and reinforcement learning can complete a range of web-based tasks.

Abstract: A recent advancement of the mobile web has enabled features previously only found in natively developed apps. Thus, arduous development for several platforms or using cross-platform approaches was required. The novel approach, coined Progressive Web Apps, can be implemented through a set of concepts and technologies on any web site that meets certain requirements. In this paper, we argue for progressive web apps as a possibly unifying technology for web apps and native apps. After an introduction of features, we scrutinize the performance. Two cross-platform mobile apps and one Progressive Web App have been developed for comparison purposes, and provided in an open source repository for results’ validity verification. We aim to spark interest in the academic community, as a lack of academic involvement was identified as part of the literature search.

Abstract: Many online search facilities allow searching for academic literature. The majority are bibliographic databases that catalogue published research in an iterative, semi-automated manner, e.g. Web of Science Core Collections, which indexes articles published in selected journals. Other resources, such as Google Scholar, identify academic articles by using search engines that crawl the internet for potentially relevant information. Often, systematic reviewers wish to document their searches for transparency or later screening. Indeed, such transparency is a cornerstone of systematic review methodology. Whilst bibliographic databases typically allow users to extract search results as citations in bulk, several other key resources, such as Google Scholar and organisation websites, do not allow this: citations must be extracted individually, which is often prohibitively time consuming. Here, we describe novel methods for downloading results from searches of websites and web-based search engines into comprehensive databases as citations using free-to-use software. Citations from web-based search engines can then be integrated into review procedures along with those from traditional online bibliographic databases. These methods substantially increase transparency and repeatability when searching online resources. They may also significantly reduce resource requirements for such searches and therefore represent a significant increase in efficiency.

Abstract: The primary objective of our project is to construct a fully functional voice based Home automation system that uses Internet of Things, Artificial Intelligence and Natural Language Processing (NLP) to provide a cost-effective, efficient way to work together with home appliances. There are many smart home solutions in the market that aim to automate the basic operations of these home appliances using various technologies such as GSM (Global System for Mobile), NFC (Near-Field Communication) etc. However, most of these systems focus on mimicking the basic operation of the electrical switch. Our project aims at providing a fully automated voice based solution that our users can rely on, to perform more than just switching on/off the appliances. The user sends a command through speech to the mobile device, which interprets the message and sends the appropriate command to the specific appliance. We plan on implementing four basic home appliances as a “Proof-of-Concept” for this project which includes Fan, Light, Coffee Machine and Door Alarms. The voice command given by the user is interpreted by the mobile device using Natural Language processing. The mobile device acts as a central console; it determines what operation must be completed by which appliance to fulfill the user's request. The central console might likewise be either a desktop application, web application or a smart phone application as nearly all of the data transferred can be processed by the cloud. However, for the convenience of the user and increased mobile capabilities we will be using a smart phone in this project. The appliances are associated with the mobile device through an Arduino Board that establishes the concept of Internet of Things. The Arduino Boards are interfaced with the appliances and programmed in a manner that they respond to mobile inputs.

Abstract: The increasingly widespread use of social software (e.g., Wikis, Google Docs) in second language (L2) settings has brought a renewed attention to collaborative writing. Although the current methodological approaches to examining collaborative writing are valuable to understand L2 students’ interactional patterns or perceived experiences, they can be insufficient to capture the quantity and quality of writing in networked online environments. Recently, the evolution of techniques for analyzing big data has transformed many areas of life, from information search to marketing. However, the use of data and text mining for understanding writing processes in language learning contexts is largely underexplored. In this article, we synthesize the current methodological approaches to researching collaborative writing and discuss how new text mining tools can enhance research capacity. These advanced methods can help researchers to elucidate collaboration processes by analyzing user behaviors (e.g., amount of editing, participation equality) and their link to writing outcomes across large numbers of exemplars. We introduce key research examples to illustrate this potential and discuss the implications of integrating the tools for L2 collaborative writing research and pedagogy.

Abstract: Home automation — controlling the fans, lights and other electrical appliances in a house using Internet of things is widely preferred in recent days. In this paper, we propose a web application using which the fans, lights and other electrical appliances can be controlled over the Internet. The important features of the web application is that firstly, we have a chatbot algorithm such that the user can text information to control the functioning of the electrical appliances at home. The messages sent using the chatbot is processed using Natural Language processing techniques. Secondly, any device connected to the local area network of the house can control the devices and other appliances in the house. Thirdly, the web application used to enable home automation also has a security feature that only enables certain users to access the application. And finally, it also has a functionality of sending an email alert when intruder is detected using motion sensors.

Abstract: Growth of the Internet and web applications has led to vast amount of information over web. Information filtering systems such as Recommenders have become potential tools to deal with such plethora of information, help users select and provide relevant information. Collaborative Filtering is the popular approach to recommendation systems. Collaborative Filtering works on the fact that users with similar behavior will have similar interests in future, and using this notion collaborative filtering recommends items to user. However, the sparseness in data and high dimensionality has become a challenge. To resolve such issues, model based, matrix factorization techniques have well emerged. These techniques have evolved from using simple user-item rating information to auxiliary information such as time and trust. In this paper, we present a comprehensive review on such matrix factorization techniques and their usage in recommenders.

Abstract: Background Although many web-based mental health interventions are being released, the actual uptake by end-users is limited. The marginal level of engagement of end-users when developing these interventions is recognized as an important cause for uptake problems. In this paper we offer our perceptive on how to improve user engagement. By doing so we aim to stimulate a discourse on user involvement within the field of online mental health interventions. Methods We shortly describe three different methods (the expert driven method, intervention mapping, and scrum) that were currently used to develop web-based health interventions. We will focus to what extent the end-user was involved in the developmental phase, and what the additional challenges were. In the final paragraph, lessons learned are summarized, and recommendations provided. Results Every method seems to have its trade-off: if end-users are highly involved, availability of end-users and means become problematic. If end users are less actively involved, the product may be less appropriate for the end-user. Other challenges to consider are the funding of the more active role of technological companies, and the time it takes to process the results of shorter development cycles. Conclusions Thinking about user-centred design and carefully planning the involvement of end-users should become standard in the field of web-based (mental) health. When deciding on the level of user-involvement, one should balance the need for input from users with the availability of resources such as time and funding.

Abstract: Motivation Improving the dissemination of information on existing epidemiological studies and facilitating the interoperability of study databases are essential to maximizing the use of resources and accelerating improvements in health. To address this, Maelstrom Research proposes Opal and Mica, two inter-operable open-source software packages providing out-of-the-box solutions for epidemiological data management, harmonization and dissemination. Implementation Opal and Mica are two standalone but inter-operable web applications written in Java, JavaScript and PHP. They provide web services and modern user interfaces to access them. General features Opal allows users to import, manage, annotate and harmonize study data. Mica is used to build searchable web portals disseminating study and variable metadata. When used conjointly, Mica users can securely query and retrieve summary statistics on geographically dispersed Opal servers in real-time. Integration with the DataSHIELD approach allows conducting more complex federated analyses involving statistical models. Availability Opal and Mica are open-source and freely available at [www.obiba.org] under a General Public License (GPL) version 3, and the metadata models and taxonomies that accompany them are available under a Creative Commons licence.

Abstract: The adoption of cloud computing facilities and programming models differs vastly between different application domains. Scalable web applications, low-latency mobile backends and on-demand provisioned databases are typical cases for which cloud services on the platform or infrastructure level exist and are convincing when considering technical and economical arguments. Applications with specific processing demands, including high-performance computing, high-throughput computing and certain flavours of scientific computing, have historically required special configurations such as compute- or memory-optimised virtual machine instances. With the rise of function-level compute instances through Function-as-a-Service (FaaS) models, the fitness of generic configurations needs to be re-evaluated for these applications. We analyse several demanding computing tasks with regards to how FaaS models compare against conventional monolithic algorithm execution. Beside the comparison, we contribute a refined FaaSification process for legacy software and provide a roadmap for future work.

Abstract: The Web today is a growing universe of pages and applications teeming with interactive content. The security of such applications is of the utmost importance, as exploits can have a devastating impact on personal and economic levels. The number one programming language in Web applications is PHP, powering more than 80% of the top ten million websites. Yet it was not designed with security in mind and, today, bears a patchwork of fixes and inconsistently designed functions with often unexpected and hardly predictable behavior that typically yield a large attack surface. Consequently, it is prone to different types of vulnerabilities, such as SQL Injection or Cross-Site Scripting. In this paper, we present an interprocedural analysis technique for PHP applications based on code property graphs that scales well to large amounts of code and is highly adaptable in its nature. We implement our prototype using the latest features of PHP 7, leverage an efficient graph database to store code property graphs for PHP, and subsequently identify different types of Web application vulnerabilities by means of programmable graph traversals. We show the efficacy and the scalability of our approach by reporting on an analysis of 1,854 popular open-source projects, comprising almost 80 million lines of code.

Abstract: This paper introduces the design and implementation of a plug-in free online 3-D interactive laboratory based on networked control system laboratory (NCSLab) framework. The system relying only on HTML5 provides full supports for control engineering experimentation. The users are allowed to design their own control algorithms and apply them to the remote test rigs. Using the web-based interface, multiple widgets such as real-time charts, virtual gauges, and live images are available to customize the monitoring interfaces. To enhance the sense of immersion, 3-D animations which are synchronized with the remote experimental processes are also provided. The users can watch and interact with the remote experiments through the 3-D replicas. Various HTML5 based toolkits are integrated seamlessly under the NCSLab framework. NCSLab provides visualized services for the whole process of control experimentation including remote monitoring, tuning, configuration, and control algorithm implementation. As the network delay could disturb the 3-D representation, a communication scheme using web protocols is also implemented. The feedback from teaching shows the general acceptance and effectiveness of NCSLab is notably high. As most existing online laboratories adopt either native applications or plug-ins, the methodologies and technologies used in NCSLab could be insightful for other online laboratories toward web-based cross-platform systems.

Abstract: Cloud computing is an innovation methodology for giving pay per utilize access to a gathering of shared resources for specific systems, stockpiling, servers, administration and applications, without physically getting them. So it spares overseeing expense and time for organizations. Numerous businesses, for example, keeping money, social insurance and instruction are moving towards the cloud because of the productivity of administrations gave by the compensation per-use design in view of the assets, for example, preparing influence utilized, exchanges completed, storage capacity devoured, information exchanged, or storage room possessed and so on. Cloud computing is a totally web based innovation where customer information is put away and kept in the server farm of a cloud supplier like Google, Amazon, Salesforce.com and Microsoft and so on. Constrained control over the information may acquire different security issues and threats which incorporate data breach, unreliable connectivity, sharing of resources, data accessibility and inside attacks. A breach of security may lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. There are different research challenges likewise there for embracing data breaches on cloud computing. This paper examines about cloud computing, different cloud models and primary security threats and data breach issues that are right now exploring in the cloud computing framework. This paper investigates the noteworthy research and difficulties that presents data breach in cloud computing and provides best practices to service providers and additionally endeavors plan to influence cloud servers to enhance their main concern in this serious economic scenario.

Abstract: Smart LED streetlight system is one of the enabling technologies for a smart city, giving low-cost, low power outdoor lighting also with benefits for vehicle users as well as pedestrians. Integration of sensors and ZigBee-based wireless sensor modules can furnish an optimal platform for an innovative LED streetlight application. Psychological studies suggest that a different level of color temperature can significantly affect human circadian rhythm. For this reason, correlated color temperature (CCT)-based illumination gives a significant lighting performance both in terms of energy efficiency and in overcoming traffic accidents in low visibility areas. Previous works usually assume only specific platform and did not consider CCT-based illumination toward smart LED streetlight system. In this paper, we consider the importance of CCT-based illumination and propose a novel integration of public weather data awareness, ZigBee-based wireless communication, and dynamic web-based management system for the state-of-art of smart LED streetlight system applicable to smart city. In particular, we design a central web server that can receive weather information and real-time sensor data from each LED streetlights and provides a dynamic and flexible web interface for authorized users. Furthermore, real-time implementation of the proposed system shows perfect transmission-reception parameters, such as throughput and signal strength among the different LED streetlights, which fulfills the wireless communication range and signal quality between each LED streetlights.

Abstract: Usability assessment of web applications continues to be an expensive and often neglected practice. While large companies are able to spare resources for studying and improving usability in their products, smaller businesses often divert theirs in other aspects. To help these cases, researches have devised automatic approaches for user interaction analysis, and there are commercial services that offer automated usability statistics at relatively low fees. However, most existing approaches still fall short in specifying the usability problems concretely enough to identify and suggest solutions. In this work we describe usability smells of user interaction, i.e., hints of usability problems on running web applications, and the process in which they can be identified by analyzing user interaction events. We also describe USF, the tool that implements the process in a fully automated way with minimum setup effort. USF analyses user interaction events on-the-fly, discovers usability smells and reports them together with a concrete solution in terms of a usability refactoring, providing usability advice for deployed web applications.

Abstract: In this paper we have developed a system for web based environment monitoring using the WSN Technology. WSN sensor nodes transmit data to the cloud-based database via Web API request. Measured data can be monitored by the user anywhere from internet by using the Web Application which one is also compatible for mobile phones. If the data measured by sensor node exceeds the configured value range in Web Application, Web Application sends a warning e-mail to users for improving environmental conditions.

Abstract: Modern web browsers have accrued an incredibly broad set of features since being invented for hypermedia dissemination in 1990. Many of these features benefit users by enabling new types of web applications. However, some features also bring risk to users' privacy and security, whether through implementation error, unexpected composition, or unintended use. Currently there is no general methodology for weighing these costs and benefits. Restricting access to only the features which are necessary for delivering desired functionality on a given website would allow users to enforce the principle of lease privilege on use of the myriad APIs present in the modern web browser. However, security benefits gained by increasing restrictions must be balanced against the risk of breaking existing websites. This work addresses this problem with a methodology for weighing the costs and benefits of giving websites default access to each browser feature. We model the benefit as the number of websites that require the feature for some user-visible benefit, and the cost as the number of CVEs, lines of code, and academic attacks related to the functionality. We then apply this methodology to 74 Web API standards implemented in modern browsers. We find that allowing websites default access to large parts of the Web API poses significant security and privacy risks, with little corresponding benefit. We also introduce a configurable browser extension that allows users to selectively restrict access to low-benefit, high-risk features on a per site basis. We evaluated our extension with two hardened browser configurations, and found that blocking 15 of the 74 standards avoids 52.0% of code paths related to previous CVEs, and 50.0% of implementation code identified by our metric, without affecting the functionality of 94.7% of measured websites.

Abstract: Well-curated sets of pathology image features will be critical to clinical studies that aim to evaluate and predict treatment responses. Researchers require information synthesized across multiple biological scales, from the patient to the molecular scale, to more effectively study cancer. This article describes a suite of services and web applications that allow users to select regions of interest in whole slide tissue images, run a segmentation pipeline on the selected regions to extract nuclei and compute shape, size, intensity, and texture features, store and index images and analysis results, and visualize and explore images and computed features. All the services are deployed as containers and the user-facing interfaces as web-based applications. The set of containers and web applications presented in this article is used in cancer research studies of morphologic characteristics of tumor tissues. The software is free and open source. Cancer Res; 77(21); e79-82. ©2017 AACR.