Volume 22, Issue 5
Special Issue on Accessibility
It's Time to Make Software Accessible
Stacy M. Branham, Shahtab Wahid
Here's how, from OS to organization
The articles that constitute this special issue on accessibility show that, regardless of whether you work on the back end, front end, design, or are part of an organization's leadership, there are steps you can take to make progress. Before we get to writing software and making policy, however, there is an even more fundamental concern: the widespread misconception of the nature of disability and assistive and accessible technology. If we are going to change the status quo, we must start there.
HCI
The State of Digital Accessibility
Stacy M. Branham, Shahtab Wahid, Sheri Byrne-Haber,
Jamal Mazrui, Carlos Muncharaz, Carl Myhill
If you are new to digital accessibility, and even if you are not, it can be difficult to stay abreast of the big picture, and the tech industry moves fast. So, we asked a team of experts to bring us up to speed. Not only do they have day jobs that involve digital accessibility, but they also have lived experience of disability. We posed the following questions to them: What's the state of accessibility? Key challenges? Why do we need accessible software? How can we make the case for accessibility? Who's leading the way? Where do we go from here?
HCI
System-class Accessibility
Chris Fleizach, Jeffrey P. Bigham
The architectural support for making a whole system usable by people with disabilities
This article illustrates system-class accessibility with our work enabling iPhones to be used nonvisually using the VoiceOver screen reader. We reimagined touchscreen input for nonvisual use, introducing new gestures suitable for control of a screen reader, and for output we added support for synthesized speech and refreshable braille displays (hardware devices that output tactile braille characters). We added new accessibility APIs that applications could adopt and made our user interface frameworks include them by default. Finally, we added an accessibility service to bridge between these new inputs and outputs and the applications. Because we implemented support for VoiceOver at the system level, future accessibility features that we have released since have directly leveraged this work to provide a consistent user experience.
HCI
Accessibility Considerations for Mobile Applications
Juanami Spencer
How the Bloomberg Connects app supports accessibility in the product and process
Considering accessibility is essential when creating mobile applications to ensure they are usable and enjoyable for as broad an audience as possible. Mobile accessibility has unique considerations compared with desktop experiences, but it provides immense value to those users who rely on mobile devices in their day-to-day activities. By keeping these considerations in mind, mobile product development teams can better support and enhance the lives of all users. This article explores some of the key accessibility considerations for a mobile application and highlights a few ways the Bloomberg Connects app supports accessibility in both the product and process.
HCI
Design Systems Are Accessibility Delivery Vehicles
Shahtab Wahid
Making accessibility support for applications scalable, productive, and consistent
Design systems are infrastructure built for consumers—the designers and developers—working on applications. A successful one allows consumers in an organization to quickly scale design and development across applications, increase productivity, and establish consistency. Many consumers, however, are not prepared to build for accessibility. Couldn't an organization make building accessibility support for applications scalable, productive, and consistent? This article explores how a design system becomes an important vehicle to supporting accessibility.
HCI
Driving Organizational Accessibility
Vinnie Donati
People often ask about the secret sauce behind Microsoft's approach to accessibility and inclusion. It's simple: We run it like a business.
In this article we'll explore how Microsoft drives accessibility throughout its organization and we'll look closely at essential frameworks and practices that promote an inclusive culture. Through examining aspects like awareness building, strategic development, accessibility maturity modeling, and more, we aim to offer a guide for organizations starting their accessibility journey. The idea is to share what we've learned in the hope that you can take it, tweak it to fit your company's purpose, and nurture accessibility in a way that's not just a checkbox activity but genuinely integrated into your culture.
HCI
You Don't Know Jack About AI
Sonja Johnson-Yu, Sanket Shah
And ChatGPT probably doesn't either
For a long time, it was hard to pin down what exactly AI was. A few years back, such discussions would devolve into hours-long sessions of sketching out Venn diagrams and trying to map out the different subfields of AI. Fast-forward to 2024, and we all now know exactly what AI is. AI = ChatGPT. Or not.
AI
The Bikeshed
Civics is Boring. So, Let's Encrypt Something!
Poul-Henning Kamp
IT professionals can either passively suffer political solutions or participate in the process to achieve something better.
The proposal offered here ought to make everybody happy. Law enforcement will have ways to gain access to communications, provided they can convince a judge it's necessary. Important communications will be able to continue using the same strength of encryption they use today. Communications that didn't require encryption in the first place will be able to employ sufficient encryption to prevent trivial wiretapping, but nothing strong enough to prevent brute-force access should a judge decide that's necessary.
The Bikeshed,
Security
Kode Vicious
Building on Shaky Ground
George V. Neville-Neil
We owe it to the world to make systems work safely and reliably.
The CrowdStrike catastrophe happened because of architectural issues in hardware and in systems software. We should be building systems that make writing a virus difficult, not child's play. But that's an expensive proposition now.
Kode Vicious,
Security
Volume 22, Issue 4
Case Study
Program Merge: What's Deep Learning Got to Do with It?
A discussion with Shuvendu Lahiri, Alexey Svyatkovskiy, Christian Bird, Erik Meijer and Terry Coatta
If you regularly work with open-source code or produce software for a large organization, you're already familiar with many of the challenges posed by collaborative programming at scale. Some of the most vexing of these tend to surface as a consequence of the many independent alterations inevitably made to code, which, unsurprisingly, can lead to updates that don't synchronize. Difficult merges are nothing new, of course, but the scale of the problem has gotten much worse. This is what led a group of researchers at MSR (Microsoft Research) to take on the task of complicated merges as a grand program-repair challenge, one they believed might be addressed at least in part by machine learning.
AI,
Case Studies
Research for Practice
Deterministic Record-and-Replay
Peter Alvaro, Andrew Quinn
Zeroing in only on the nondeterministic actions of the process
This column describes three recent research advances related to deterministic record-and-replay, with the goal of showing both classical use cases and emerging use cases. A growing number of systems use a weaker form of deterministic record-and-replay. Essentially, these systems exploit the determinism that exists across many program executions but intentionally allow some nondeterminism for performance reasons. This trend is exemplified in GPUReplay in particular, but also in systems such as ShortCut and Dora.
Debugging,
Research for Practice
Bridging the Moat
Test Accounts: A Hidden Risk
You may decide the risks are acceptable. But, if not, here are some rules for avoiding them.
A test account that's shared among many can be used by anyone who happens to have the password. This leaves a trail of poorly managed or unmanaged accounts that only increases your attack surface. A test account could be a treasure trove of information, even revealing information about internal system details. If you really need to take this approach, give your developers their own test accounts and then educate them about the risks of misusing these accounts. Also, if you can periodically expire these accounts, all the better.
Bridging the Moat,
Security
Kode Vicious
Unwanted Surprises
When that joke of an API is on you
There is the higher-order question of whether loosely typed languages with coercion are really a good idea in the first place. If you don't know what you're operating on, or what the expected output range might be, then maybe you ought not to be operating on that data in the first place. But now these languages have gotten into the wild and we'll never be able to hunt them down and kill them soon enough for my liking, or for the greater good.
Development,
Kode Vicious
GPTs and Hallucination
Jim Waldo, Soline Boussard
Why do large language models hallucinate?
The findings in this experiment support the hypothesis that GPTs based on LLMs perform well on prompts that are more popular and have reached a general consensus yet struggle on controversial topics or topics with limited data. The variability in the applications's responses underscores that the models depend on the quantity and quality of their training data, paralleling the system of crowdsourcing that relies on diverse and credible contributions. Thus, while GPTs can serve as useful tools for many mundane tasks, their engagement with obscure and polarized topics should be interpreted with caution. LLMs' reliance on probabilistic models to produce statements about the world ties their accuracy closely to the breadth and quality of the data they're given.
AI,
Privacy and Rights
Confidential Computing Proofs
Mark Russinovich, Cédric Fournet, Greg Zaverucha, Josh Benaloh, Brandon Murdoch, Manuel Costa
An alternative to cryptographic zero-knowledge
Proofs are powerful tools for integrity and privacy, enabling the verifier to delegate a computation and still verify its correct execution, and enabling the prover to keep the details of the computation private. Both CCP and ZKP can achieve soundness and zero-knowledge but with important differences. CCP relies on hardware trust assumptions, which yield high performance and additional confidentiality protection for the prover but may be unacceptable for some applications. CCP is also often easier to use, notably with existing code, whereas ZKP comes with a large prover overhead that may be unpractical for some applications.
Privacy and Rights,
Security
Assessing IT Project Success: Perception vs. Reality
João Varajão, António Trigo
We would not be in the digital age if it were not for the recurrent success of IT projects.
This study has significant implications for practice, research, and education by providing new insights into IT project success. It expands the body of knowledge on project management by reporting project success (and not exclusively project management success), grounded in several objective criteria such as deliverables usage by the client in the post-project stage, hiring of project-related support/maintenance services by the client, contracting of new projects by the client, and vendor recommendation by the client to potential clients. Researchers can find a set of criteria they can use when studying and reporting the success of IT projects, thus expanding the current perspective on evaluation and contributing to more accurate conclusions. For practitioners, this study provides a rich set of criteria that can be used for evaluating their projects, as well as strong evidence of the importance of considering not only project execution, but also post-project outcomes and impacts in the evaluation.
Business and Management,
Education
Questioning the Criteria for Evaluating Non-cryptographic Hash Functions
Catherine Hayes, David Malone
Maybe we need to think more about non-cryptographic hash functions.
Although cryptographic and non-cryptographic hash functions are everywhere, there seems to be a gap in how they are designed. Lots of criteria exist for cryptographic hashes motivated by various security requirements, but on the non-cryptographic side there is a certain amount of folklore that, despite the long history of hash functions, has not been fully explored. While targeting a uniform distribution makes a lot of sense for real-world datasets, it can be a challenge when confronted by a dataset with particular patterns.
Development
Volume 22, Issue 3
Virtual Machinations: Using Large Language Models as Neural Computers
Erik Meijer
LLMs can function not only as databases, but also as dynamic, end-user programmable neural computers.
We explore how Large Language Models (LLMs) can function not just as databases, but as dynamic, end-user programmable neural computers. The native programming language for this neural computer is a Logic Programming-inspired declarative language that formalizes and externalizes the chain-of-thought reasoning as it might happen inside a large language model.
AI,
Development,
Virtualization
Toward Effective AI Support for Developers
Mansi Khemka and Brian Houck
A survey of desires and concerns
The journey of integrating AI into the daily lives of software engineers is not without its challenges. Yet, it promises a transformative shift in how developers can translate their creative visions into tangible solutions. As we have seen, AI tools such as GitHub Copilot are already reshaping the code-writing experience, enabling developers to be more productive and to spend more time on creative and complex tasks. The skepticism around AI, from concerns about job security to its real-world efficacy, underscores the need for a balanced approach that prioritizes transparency, education, and ethical considerations. With these efforts, AI has the potential not only to alleviate the burdens of mundane tasks, but also to unlock new horizons of innovation and growth.
AI,
Development
You Don't Know Jack about Bandwidth
David Collier-Brown
If you're an ISP and all your customers hate you, take heart. This is now a solvable problem.
Bandwidth probably isn't the problem when your employees or customers say they have terrible Internet performance. Once they have something in the range of 50 to 100 Mbps, the problem is latency, how long it takes for the ISP's routers to process their traffic. If you're an ISP and all your customers hate you, take heart. This is now a solvable problem, thanks to a dedicated band of individuals who hunted it down, killed it, and then proved out their solution in home routers.
Networks,
Performance
Transactions and Serverless are Made for Each Other
Qian Li, Peter Kraft
If serverless platforms could wrap functions in database transactions, they would be a good fit for database-backed applications.
Database-backed applications are an exciting new frontier for serverless computation. By tightly integrating application execution and data management, a transactional serverless platform enables many new features not possible in either existing serverless platforms or server-based deployments.
Databases,
Distributed Computing
The Soft Side of Software
Working Models for Tackling Tech Debt
Kate Matsudaira
Understand the options to tailor an approach that suits your needs
Remember that not all debt is bad, and sometimes, in fact, strategic tech debt can even be used as a valuable tool to achieve certain business goals?just as financial debt can be taken on to obtain capital that can be invested in other profitable ventures. For example, taking a shortcut to get a product to market quickly could prove to be a wise decision if it allows the company to learn from customer feedback and then iterate accordingly on the product. But like barnacles on a ship, too much tech debt can slow you down, so be vigilant about managing it.
Business/Management
The Soft Side of Software
Kode Vicious
Repeat, Reproduce, Replicate
The pressure to publish versus the will to defend scientific claims
Unless a result relies on a specific hardware trick, such as a proprietary accelerator or modified instruction set, it is possible to reproduce the results of one group by a different one. Unlike the physicists we don't have to build a second Hadron Collider to verify the result of the first. We have millions of similar, and sometimes identical, devices, on which to reproduce our results. All that is required is the will to do so.
Education,
Kode Vicious
The Bikeshed
The Expense of Unprotected Free Software
It's high time FOSS maintainers got a bit of appreciation
Poul-Henning Kamp
Until the big guns manage to sort things out, we're just going to need to take care of things however we can. The best we can hope for, of course, is to convince companies, institutions, and governments that it would be a really good idea to cut monthly checks for those people who maintain the software that these organizations absolutely depend upon.
The Bikeshed,
Open Source