Search for: All records

Abstract Studying convection, which is one of the least understood physical mechanisms in the tropical atmosphere, is very important for weather and climate predictions of extreme events such as storms, hurricanes, monsoons, floods and hail. Collecting more observations to do so is critical. It is also a challenge. The OTREC (Organization of Tropical East Pacific Convection) field project took place in the summer of 2019. More than thirty scientists and twenty students from the US, Costa Rica, Colombia, México and UK were involved in collecting observations over the ocean (East Pacific and Caribbean) and land (Costa Rica, Colombia). We used the NSF NCAR Gulfstream V airplane to fly at 13 kilometers altitude sampling the tropical atmosphere under diverse weather conditions. The plane was flown in a ‘lawnmower’ pattern and every 10 minutes deployed dropsondes that measured temperature, wind, humidity and pressure from flight level to the ocean. Similarly, over the land we launched radiosondes, leveraged existing radars and surface meteorological networks across the region, some with co-located Global Positioning System (GPS) receivers and rain sensors, and installed a new surface GPS meteorological network across Costa Rica, culminating in an impressive systematic data set that when assimilated into weather models immediately gave better forecasts. We are now closer than ever in understanding the environmental conditions necessary for convection as well as how convection influences extreme events. The OTREC data set continues to be studied by researchers all over the globe. This article aims to describe the lengthy process that precedes science breakthroughs. 

Abstract This study investigates the transition of a Panama Bight mesoscale convective system (MCS) into the easterly wave (EW) that became Hurricane Carlotta (2012). Reanalysis, observations, and a convective-permitting Weather Research and Forecasting (WRF) Model simulation are used to analyze the processes contributing to EW genesis. A vorticity budget analysis shows that convective coupling and vortex stretching are very important to the transition in this case, while horizontal advection is mostly responsible for the propagation of the system. In the model, the disturbance is dominated by stratiform vertical motion profiles and a midlevel vortex, while the system is less top-heavy and is characterized by more prominent low-level vorticity later in the transition in reanalysis. The developing disturbance starts its evolution as a mesoscale convective system in the Bight of Panama. Leading up to MCS formation the Chocó jet intensifies, and during the MCS-to-EW transition the Papagayo jet strengthens. Differences in the vertical structure of the system between reanalysis and the model suggest that the relatively more bottom-heavy disturbance in reanalysis may have stronger interactions with the Papagayo jet. Field observations like those collected during the Organization of Tropical East Pacific Convection (OTREC) campaign are needed to further our understanding of this east Pacific EW genesis pathway and the factors that influence it, including the important role for the vertical structure of the developing disturbances in the context of the vorticity budget. 

Identifying privacy-sensitive data leaks by mobile applications has been a topic of great research interest for the past decade. Technically, such data flows are not “leaks” if they are disclosed in a privacy policy. To address this limitation in automated analysis, recent work has combined program analysis of applications with analysis of privacy policies to determine the flow-to-policy consistency, and hence violations thereof. However, this prior work has a fundamental weakness: it does not differentiate the entity (e.g., first-party vs. third-party) receiving the privacy-sensitive data. In this paper, we propose POLICHECK, which formalizes and implements an entity-sensitive flow-to-policy consistency model. We use POLICHECK to study 13,796 applications and their privacy policies and find that up to 42.4% of applications either incorrectly disclose or omit disclosing their privacy-sensitive data flows. Our results also demonstrate the significance of considering entities: without considering entity, prior approaches would falsely classify up to 38.4% of applications as having privacy-sensitive data flows consistent with their privacy policies. These false classifications include data flows to third-parties that are omitted (e.g., the policy states only the first-party collects the data type), incorrect (e.g., the policy states the third-party does not collect the data type), and ambiguous (e.g., the policy has conflicting statements about the data type collection). By defining a novel automated, entity-sensitive flow-to-policy consistency analysis, POLICHECK provides the highest-precision method to date to determine if applications properly disclose their privacy-sensitive behaviors. 

The importance of secure development of new technologies is unquestioned, yet the best methods to achieve this goal are far from certain. A key issue is that while significant effort is given to evaluating the outcomes of development (e.g., security of a given project), it is far more difficult to determine what organizational practices result in secure projects. In this paper, we quantitatively examine efforts to improve the consideration of security in Requests for Comments (RFCs)--- the design documents for the Internet and many related systems --- through the mandates and guidelines issued to RFC authors. We begin by identifying six metrics that quantify the quantity and quality of security informative content. We then apply these metrics longitudinally over 8,437 documents and 49 years of development to determine whether guidance to RFC authors changed these security metrics in later documents. We find that even a simply worded --- but effectively enforced --- mandate to explicitly consider security created a significant effect in increased discussion and topic coverage of security content both in and outside of a mandated security considerations section. We find that later guidelines with more detailed advice on security also improve both volume and quality of security informative content in RFCs. Our work demonstrates that even modest amounts of guidance can correlate to significant improvements in security focus in RFCs, indicating a promising approach for other network standards bodies.