Please take a look and let us know what you think.
Volume 23, Issue 6
Running the "Reflections on Trusting Trust" Compiler
Russ Cox
Revisiting Ken Thompson's sourceless backdoor
In October 1983, Dennis Ritchie and Ken Thompson received the Turing Award for their work on Unix. Thompson's lecture, reprinted in Communications of the ACM under the title "Reflections on Trusting Trust," explained in three steps how to modify a C compiler binary to insert a backdoor when compiling a target program, leaving no trace in any source code. This article revisits that backdoored compiler, presenting the original code Thompson wrote more than 50 years ago. First, a brief review of Thompson's three steps.
Code,
Security
Minimalist Design for Space Camera Flight Software
Michael Caplinger
Embedded spaceflight software: Small is beautiful.
This article discusses more than 35 years of experience with writing small software systems that control spaceflight imaging instruments. While many systems drift toward more complexity, this article advocates for a minimalist approach, with examples of minimalist systems that have performed well in practice. Most of the methods are applicable to many other embedded software programs.
Embedded Systems
Data Analysis: Why Is It So Complicated?
Alice Jackson
Why your models are incomplete and rife with inaccuracies, assumptions, caveats, and limitations
This article aims to give you a sense of the depth and breadth of why it's so complicated to conduct and interpret data analysis. It begins with an overview of the purpose of data analysis, reviews different components of data and modeling and how each component introduces complexity to the process of analysis, discusses interpretation of analytic results, and concludes with a few recommendations for productively managing all of these challenges.
Data
Modeling Version Requirements in Open Source Packaging
Josie Anugerah, Caleb Brown, Elitsa Bankova, Eve Martin-Jones, Dr. Nicky Ringland
A universal model for understanding and describing requirements
We propose a universal model of requirement actions. While the concept of requirements is the same across packaging ecosystems, the syntax used to represent them is not, creating unnecessary confusion. The proposed model does not provide a new syntax for adoption but offers a precise way for ecosystems to define the meaning of their requirement operators. All ecosystem-specific requirements can be translated into the model as well as being defined within it, and dependency-resolution tools need not be specific to a requirement syntax.
Open Source
Drill Bits
What Every Experimenter Must Know About Randomization
Terence Kelly
This column is for experimenters and the programmers and statisticians who support them. Randomized controlled experiments offer gold-standard insight into cause and effect—the knowledge that informs our most important decisions. Unfortunately, randomization in such experiments is often botched. Randomization errors silently invalidate the interpretation of experimental results, turning a fruitful quest for knowledge into a waste of time and money—or, worse, a wellspring of misinformation. Fortunately, these fatal errors are easy to spot and fix. So whether you're a webmaster using A/B testing to increase engagement, a medical researcher evaluating vaccines, a factory manager exploring productivity improvements, or a scientist seeking the laws that govern nature or human affairs, read on.
Code,
Development,
Drill Bits
Kode Vicious
A Trunk Full of Swords
The shiniest tool might cut the deepest.
No systems programmer in their right mind reaches first for a kernel modification. The tools available to study problems are far richer above the user/kernel boundary than below. Also, new ideas are easier to try out in a user-space library or program, where the price of failure is that you crash a single program, instead of waiting 10 minutes for a whole server to reboot.
Kode Vicious,
Tools
Volume 23, Issue 5
Memory Safety
Memory Safety for Skeptics
Andrew Lilley Brinker
If you're tired of hearing about memory safety, this article is for you.
The state of possibility with memory safety today is similar to the state of automobile safety just prior to the widespread adoption of mandatory seat-belt laws. As car manufacturers began to integrate seat belts as a standard feature across their model lines and states began to require that drivers wear seat belts while driving, the rate of traffic fatalities and severity of traffic-related injuries dropped drastically. Seat belts did not solve automobile safety, but they credibly improved it, and at remarkably low cost.
Memory,
Security
Safe Coding
Christoph Kern
Rigorous modular reasoning about software safety
Safe coding embodies a modular, compositional approach to building and reasoning about the safety of large, complex systems. Difficult and subtle reasoning about the safety of abstractions is localized to their implementations; the safety of risky operations within an abstraction must rely solely on assumptions supported by the abstraction's APIs and type signatures. Conversely, the composition of safe abstractions with safe code is automatically verified by the implementation language's type checker. While not a formal method itself, safe coding is grounded in principles and techniques from rigorous, formal software verification. It pragmatically adapts concepts such as function contracts and modular proofs for practical large-scale use by lifting safety preconditions into type invariants of custom data types within the chosen implementation language.
Memory,
Security
Practical Security in Production
Louis Dionne, Alex Rebert, Max Shavrick, Konstantin Varlamov
Hardening the C++ Standard Library at massive scale
The challenge of improving the memory safety of the vast landscape of existing C++ code demands pragmatic solutions. Standard library hardening represents a powerful and practical approach, directly addressing common sources of spatial safety vulnerabilities within the foundational components used by nearly all C++ developers. Our collective experience at Apple and Google demonstrates that significant safety gains are achievable with surprisingly minimal performance overhead in production environments. This is made possible by a combination of careful library design, modern compiler technology, and profile-guided optimization.
Memory,
Security
A Practical Guide to Transitioning to Memory-Safe Languages
Jeff Vander Stoep, Alex Rebert, Lars Bergstrom
Turning off the spigot of vulnerabilities: a new strategy for memory safety
Traditional approaches to memory safety have often amounted to best-effort defect discovery after the fact, and sometimes more advanced strategies focused on threat modeling: identifying critical code, applying interventions, and repeating the cycle as the codebase evolves. While this approach is a valuable part of a defense-in-depth strategy, it is fundamentally flawed as a primary strategy. It traps teams in a reactive and never-ending cycle of treating symptoms with solutions empirically shown to be insufficiently complete without ever addressing the underlying cause.
Memory,
Security
Operations and Life
SRE Is Anti-Transactional
Thomas A. Limoncelli, Christian Pearce
An API for interfacing with automaters
Systems built by SREs are not fully autonomous on day one. It's iteration over time that leads to fully autonomous, functional, reliable service. This iterative process requires SREs to evaluate how much time and money should be spent to achieve the objective. It is the heart of engineering to find the fastest, cheapest, and safest way to create and maintain a system.
Business and Management,
Operations and Life
Kode Vicious
Driven to Distraction
From floats to characters and back again
Sometimes, simplifying assumptions are a real problem, and sometimes, they make everything look like a nail, which then makes you think all you need is a hammer. The big challenge with modern systems is that 50 years of doing things the Unix way has left us bereft of better APIs. It's not just the drivers but also the application APIs on top of the operating system that deal only in byte streams. It's as if the operating system designers threw up their hands and said, "Not my job!" and left all the data interpretation to the application programmers and device developers. Since these two parties rarely, if ever, talk to each other, no real progress has been made in this area from that time until now.
Development,
Embedded Systems,
Kode Vicious
Volume 23, Issue 4
Understanding the Harm Teens Experience on Social Media
Arturo Béjar
A systematic approach to mitigating negative experiences online
The current approach to online safety, focusing on objectively harmful content and deletion or downranking, is necessary but not sufficient, as it addresses only a small fraction of the harm that teens experience. In order to understand harm, it is essential to understand it from their perspective by surveying and creating safety tools and reporting that make it easy to capture what happens and provide immediate help. Many of the recommendations in this article come from what you learn when you analyze behavioral correlates: that you need approaches that rely on conduct in context, better personalization, and providing feedback to actors.
Privacy and Rights
Unsolved Problems in MLOps
Niall Murphy, Todd Underwood
Either find a better paradigm or fix the ones we're using now.
The excitement with AI is carrying us along in a big wave, but the practitioners whose job it is to make this all work are scrambling behind the scenes, often more in dread than excitement. In some cases they are using outdated techniques, In others, approaches that only work for now. However, we should be casting about for either a better paradigm or a better patching-up of the existing paradigms.
AI
Guardians of the Agents
Erik Meijer
Formal verification of AI workflows
To mitigate against models going off the rails during inference, people often use so-called guardrails to dynamically monitor, filter, and control model responses for problematic content. Guardrails, however, come with their own set of problems such as false positives caused by pattern matching against a fixed set of forbidden words. This mathematical proof-based approach addresses these limitations by providing deterministic and verifiable assurances of safety without the need to trust the AI nor any of the artifacts it produces.
AI
Moving Faster by Not Breaking Things
Justin Sheehy, Jonathan Reed
Initial investments allow for a fearless approach to pushing changes.
An engineering team that can move without fear, knowing that they have made themselves safe to do so, can ship more often and more quickly and make more dramatic changes without hesitation. This feels great to individual engineers and enables those engineers to be more effective for the business they work in. A bit of investment in safety pays huge dividends in speed as well as by reducing the frequency and severity of change-triggered incidents.
Development
Operations and Life
No One Has Time to Work on Your Project
Strata Chalup (Standing in for Thomas A. Limoncelli)
How to work effectively with overwhelmed people to get things done
What if you could apply a few basic principles that would help make working on your project seem more attractive and worthwhile to people? Success in these matters boils down to a few basic principles and assumptions that seem obvious and unremarkable. What makes them effective is when you manage to combine all of them and apply them consistently.
Business and Management,
Operations and Life
Kode Vicious
The Process
From start to finish
While the Scientific Method gives us a way to evaluate a hypothesis, a Scientific Process allows us to organize our minds to form these hypotheses, lay out a piece of code, organize a project, or debug a program. It's how we get to the point of focusing enough to solve the incredibly challenging problems we've set for ourselves.
Development,
Kode Vicious
Volume 23, Issue 3
Special Issue on WebAssembly
WebAssembly: Yes, but for What?
Andy Wingo
The keys to a successful Wasm deployment
WebAssembly (Wasm) has found a niche but not yet filled its habitable space. What is it that makes for a successful deployment? WebAssembly turns 10 this year, but in the words of William Gibson, we are now as ever in the unevenly distributed future. Here, we look at early Wasm wins and losses, identify winning patterns, and extract commonalities between these patterns. From those, we predict the future, suggesting new areas where Wasm will find purchase in the next two to three years.
Web Development
WebAssembly: How Low Can a Bytecode Go?
Ben Titzer
New performance and capabilities
Wasm is still growing with new features to address performance gaps as well as recurring pain points for both languages and embedders. Wasm has a wide set of use cases outside of the web, with applications from cloud/edge computing to embedded and cyber-physical systems, databases, application plug-in systems, and more. With a completely open and rigorous specification, it has unlocked a plethora of exciting new systems that use Wasm to bring programmability large and small. With many languages and many targets, Wasm could one day become the universal execution format for compiled applications.
Web Development
When Is WebAssembly Going to Get DOM Support?
Daniel Ehrenberg
Or, how I learned to stop worrying and love glue code
What should be relevant for working software developers is not, "Can I write pure Wasm and have direct access to the DOM while avoiding touching any JavaScript ever?" Instead, the question should be, "Can I build my C#/Go/Python library/app into my website so it runs with good performance?" Nobody is going to want to write that bytecode directly, even if some utilities are added to make it easier to access the DOM. WebAssembly should ideally be an implementation detail that developers don't have to think about. While this isn't quite the case today, the thesis of Wasm is, and must be, that it's okay to have a build step.
Web Development
Concurrency in WebAssembly
Conrad Watt
Experiments in the web and beyond
Mismatches between the interfaces promised to programmers by source languages and the capabilities of the underlying web platform are a constant trap in compiling to Wasm. Even simple examples such as a C program using the language's native file-system API present difficulties. Often such gaps can be papered over by the compilation toolchain somewhat automatically, without the developer needing to know all of the details so long as their code runs correctly end to end. This state of affairs is strained to its limits when compiling programs for the web that use multicore concurrency features. This article aims to describe how concurrent programs are compiled to Wasm today given the unique limitations that the Web operates under with respect to multi-core concurrency support and also to highlight some of the current discussions of standards that are taking place around further expanding Wasm's concurrency capabilities.
Web Development
Unleashing the Power of End-User Programmable AI
Erik Meijer
Creating an AI-first program Synthesis framework
As a demonstration of what can be accomplished with contemporary LLMs, this paper outlines the high-level design of an AI-first, program-synthesis framework built around a new programming language, Universalis, designed for knowledge workers to read, optimized for our neural computer to execute, and ready to be analyzed and manipulated by an accompanying set of tools. We call the language Universalis in honor of Gottfried Wilhelm Leibniz. Leibniz's centuries-old program of a universal science for coordinating all human knowledge into a systematic whole comprises two parts: (1) a universal notation by use of which any item of information whatsoever can be recorded naturally and systematically, and (2) a means of manipulating the knowledge thus recorded in a computational fashion, to reveal its logical interrelations and consequences. Exactly what current day LLMs provide!
AI
Bridging the Moat:
Security Is Part of Every Critical User Journey
Phil Vachon
How else would you make sure that product security decisions serve your customers?
Next time you're working on a new product or feature or the next time you're yawning your way through a product development meeting, raise your hand and propose that security outcomes and risks be defined at each step along critical user journeys. Whether you're building an integration between enterprise systems, a user-facing application, or a platform meant to save your customers complexity and money, putting security at the forefront of the product team's challenge will be transformative.
Bridging the Moat,
Security
Kode Vicious
In Search of Quietude
Learning to say no to interruption
KV is old enough to remember a time before ubiquitous cell phones, a world in which email was the predominant form of intra- and interoffice communication, and it was perfectly normal not to read your email for hours in order to concentrate on a task. Of course, back then we also worked in offices where co-workers would readily walk in unannounced to interrupt us. That too, was annoying but could easily be deterred through the clever use of headphones.
Business/Management,
Development,
Kode Vicious
