Search for: All records

Recent high-profile incidents in open-source software have greatly raised practitioner attention on software supply chain attacks. To guard against potential malicious package updates, security practitioners advocatepinningdependency to specific versions rather thanfloatingin version ranges. However, it remains controversial whether pinning carries a meaningful security benefit that outweighs the cost of maintaining outdated and possibly vulnerable dependencies. In this paper, we quantify, through counterfactual analysis and simulations, the security and maintenance impact of version constraints in the npm ecosystem. By simulating dependency resolutions over historical time points, we find that pinning direct dependencies not only (as expected) increases the cost of maintaining vulnerable and outdated dependencies, but also (surprisingly) even increases the risk of exposure to malicious package updates in larger dependency graphs due to the specifics of npm’s dependency resolution mechanism. Finally, we explore collective pinning strategies to secure the ecosystem against supply chain attacks, suggesting specific changes to npm to enable such interventions. Our study provides guidance for practitioners and tool designers to manage their supply chains more securely. 

Agent-based models (ABMs) are used to simulate human-subject experiments. A comprehensive understanding of these human systems often requires executing large numbers of simulations, but these requirements are constrained by computational and other resources. In this work, we build a framework of digital twins for modeling human-subject experiments. The framework has three modules: ABMs of player behaviors built from game data; extensions of these models to represent virtual assistants (agents that are exogenously manipulated to create controlled environments for human agents); and an uncertainty quantification module composed of functional ANOVA and a Gaussian process-based emulator. The emulator is built from the extended ABM; we focus on emulator validation. By incorporating experimental data and agent-based simulation data, our proposed framework enhances the virtual representation of the dynamics in human-subject word formation experiments, which we consider a digital twin. Networked anagram experiments are used as an exemplar to demonstrate the methods. 

Abstract Climate change is closely monitored and numerous studies reports increasing air temperature and weather extremes across the globe. As a direct consequence of the increase of global temperature, the increased heat stress is becoming a global threat to public health. While most climate change and epidemiological studies focus on air temperature to explain the increasing risks, heat strain can be predicted using comprehensive indices such as Universal Thermal Climate Index (UTCI). The Asia–Pacific region is prone to thermal stress and the high population densities in the region impose high health risk. This study evaluated the air temperature and UTCI trends between 1990 and 2019 and found significant increasing trends for air temperature for the whole region while the increases of UTCI are not as pronounced and mainly found in the northern part of the region. These results indicate that even though air temperature is increasing, the risks of heat stress when assessed using UTCI may be alleviated by other factors. The associations between El Niño Southern Oscillation (ENSO) and heat stress was evaluated on a seasonal level and the strongest regional responses were found during December-January (DJF) and March–May (MAM). 

Abstract Exceptional points (EPs)—singularities in the parameter space of non-Hermitian systems where two nearby eigenmodes coalesce—feature unique properties with applications such as sensitivity enhancement and chiral emission. Existing realizations of EP lasers operate with static populations in the gain medium. By analyzing the full-wave Maxwell–Bloch equations, here we show that in a laser operating sufficiently close to an EP, the nonlinear gain will spontaneously induce a multi-spectral multi-modal instability above a pump threshold, which initiates an oscillating population inversion and generates a frequency comb. The efficiency of comb generation is enhanced by both the spectral degeneracy and the spatial coalescence of modes near an EP. Such an “EP comb” has a widely tunable repetition rate, self-starts without external modulators or a continuous-wave pump, and can be realized with an ultra-compact footprint. We develop an exact solution of the Maxwell–Bloch equations with an oscillating inversion, describing all spatiotemporal properties of the EP comb as a limit cycle. We numerically illustrate this phenomenon in a 5-μm-long gain-loss coupled AlGaAs cavity and adjust the EP comb repetition rate from 20 to 27 GHz. This work provides a rigorous spatiotemporal description of the rich laser behaviors that arise from the interplay between the non-Hermiticity, nonlinearity, and dynamics of a gain medium. 

Common knowledge (CK) is a phenomenon where a group of individuals each knows some collection of information, and, in essence, everyone knows that everyone knows the information. There are many applications involving CK, including business decision making, protests and rebellions, and online advertising. CK can lead to contagion and collective action but in ways that are fundamentally different from classic (e.g., Granovetter) threshold models used in the social sciences. Researchers developed CK models to enable the computation of contagion in networked populations. But these models have largely not been investigated using experiments with human subjects. In this work, we conduct a successive analysis of online CK experiments. We devise a flexible and interpretable statistical method to investigate the effects of significant factors, such as network structure and communication type. Among our findings, we demonstrate a phase change in group payout in the games that is caused by prohibiting player communication. 

Abstract We present 0.6–3.2 pc resolution mid-infrared (MIR) JWST images at 7.7μm (F770W) and 21μm (F2100W) covering the main star-forming regions of two of the closest star-forming low-metallicity dwarf galaxies, NGC 6822 and Wolf–Lundmark–Melotte (WLM). The images of NGC 6822 reveal filaments, edge-brightened bubbles, diffuse emission, and a plethora of point sources. By contrast, most of the MIR emission in WLM is pointlike, with a small amount of extended emission. Compared to solar-metallicity galaxies, the ratio of 7.7μm intensity ( $I_{\nu }^{\mathrm{F770W}}$), tracing polycyclic aromatic hydrocarbons (PAHs), to 21μm intensity ( $I_{\nu }^{\mathrm{F2100W}}$), tracing small, warm dust grain emission, is suppressed in these low-metallicity dwarfs. Using Atacama Large Millimeter/submillimeter Array CO(2–1) observations, we find that detected CO intensity versus $I_{\nu }^{\mathrm{F770W}}$at ≈2 pc resolution in dwarfs follows a similar relationship to that at solar metallicity and lower resolution, while the CO versus $I_{\nu }^{\mathrm{F2100W}}$relationship in dwarfs lies significantly below that derived from solar-metallicity galaxies at lower resolution, suggesting more pronounced destruction of CO molecules at low metallicity. Finally, adding in Local Group L-Band Survey 21 cm Hiobservations from the Very Large Array, we find that $I_{\nu }^{\mathrm{F2100W}}$and $I_{\nu }^{\mathrm{F770W}}$versus total gas ratios are suppressed in NGC 6822 and WLM compared to solar-metallicity galaxies. In agreement with dust models, the level of suppression appears to be at least partly accounted for by the reduced galaxy-averaged dust-to-gas and PAH-to-dust mass ratios in the dwarfs. Remaining differences are likely due to spatial variations in dust model parameters, which should be an exciting direction for future work in local dwarf galaxies. 

Abstract Ongoing climate variability and change are increasing the burden of diarrhoeal disease worldwide. Meaningful early warning systems with adequate lead times (weeks to months) are needed to guide public health decision–making and enhance community resilience against health threats posed by climate change. Toward this goal, we trained various machine-learning models to predict diarrhoeal disease rates in Nepal (2002–2014), Taiwan (2008–2019), and Vietnam (2000–2015) using temperature, precipitation, previous disease rates, and El Niño Southern Oscillation phases. We also compared the performance of shallow time-series neural network (NN), Random Forest Regressor, artificial nn, gradient boosting regressor, and long short-term memory–based methods for their effectiveness in predicting diarrhoeal disease burden across multiple countries. We evaluated model performance using a test dataset and assessed the accuracy of predicted diarrhoeal disease incidence rates for the last year of available data in each district. Our results suggest that even in the absence of the most recent disease surveillance data, a likely scenario in most low- and middle-income countries, our NN-based early warning system using historical data performs reasonably well. However, future studies are needed to perform prospective evaluations of such early warning systems in real-world settings. 

Abstract In the Asia–Pacific region (APR), extreme precipitation is one of the most critical climate stressors, affecting 60% of the population and adding pressure to governance, economic, environmental, and public health challenges. In this study, we analyzed extreme precipitation spatiotemporal trends in APR using 11 different indices and revealed the dominant factors governing precipitation amount by attributing its variability to precipitation frequency and intensity. We further investigated how these extreme precipitation indices are influenced by El Niño-Southern Oscillation (ENSO) at a seasonal scale. The analysis covered 465 ERA5 (the fifth-generation atmospheric reanalysis of the European Center for Medium-Range Weather Forecasts) study locations over eight countries and regions during 1990–2019. Results revealed a general decrease indicated by the extreme precipitation indices (e.g., the annual total amount of wet-day precipitation, average intensity of wet-day precipitation), particularly in central-eastern China, Bangladesh, eastern India, Peninsular Malaysia and Indonesia. We observed that the seasonal variability of the amount of wet-day precipitation in most locations in China and India are dominated by precipitation intensity in June–August (JJA), and by precipitation frequency in December–February (DJF). Locations in Malaysia and Indonesia are mostly dominated by precipitation intensity in March–May (MAM) and DJF. During ENSO positive phase, significant negative anomalies in seasonal precipitation indices (amount of wet-day precipitation, number of wet days and intensity of wet-day precipitation) were observed in Indonesia, while opposite results were observed for ENSO negative phase. These findings revealing patterns and drivers for extreme precipitation in APR may inform climate change adaptation and disaster risk reduction strategies in the study region. 

High-quality source code comments are valuable for software development and maintenance, however, code often contains low-quality comments or lacks them altogether. We name such source code comments as suboptimal comments. Such suboptimal comments create challenges in code comprehension and maintenance. Despite substantial research on low-quality source code comments, empirical knowledge about commenting practices that produce suboptimal comments and reasons that lead to suboptimal comments are lacking. We help bridge this knowledge gap by investigating (1)  independent comment changes (ICCs) —comment changes committed independently of code changes—which likely address suboptimal comments, (2) commenting guidelines, and (3) comment-checking tools and comment-generating tools, which are often employed to help commenting practice—especially to prevent suboptimal comments. We collect 24M+ comment changes from 4,392 open-source GitHub Java repositories and find that ICCs widely exist. The ICC ratio —proportion of ICCs among all comment changes—is ~15.5%, with 98.7% of the repositories having ICC. Our thematic analysis of 3,533 randomly sampled ICCs provides a three-dimensional taxonomy for what is changed (four comment categories and 13 subcategories), how it changed (six commenting activity categories), and what factors are associated with the change (three factors). We investigate 600 repositories to understand the prevalence, content, impact, and violations of commenting guidelines. We find that only 15.5% of the 600 sampled repositories have any commenting guidelines. We provide the first taxonomy for elements in commenting guidelines: where and what to comment are particularly important. The repositories without such guidelines have a statistically significantly higher ICC ratio, indicating the negative impact of the lack of commenting guidelines. However, commenting guidelines are not strictly followed: 85.5% of checked repositories have violations. We also systematically study how developers use two kinds of tools, comment-checking tools and comment-generating tools, in the 4,392 repositories. We find that the use of Javadoc tool is negatively correlated with the ICC ratio, while the use of Checkstyle has no statistically significant correlation; the use of comment-generating tools leads to a higher ICC ratio. To conclude, we reveal issues and challenges in current commenting practice, which help understand how suboptimal comments are introduced. We propose potential research directions on comment location prediction, comment generation, and comment quality assessment; suggest how developers can formulate commenting guidelines and enforce rules with tools; and recommend how to enhance current comment-checking and comment-generating tools.