Information about the acmqueue app and browser-based digital edition.

Subscribers and ACM Professional members login here

FEATURES

AI: It's All About Inference Now
Optimizing models for inference addresses the critical issues of cost, scalability, response time, and sustainability, thus facilitating AI applications at the edge.
- Michael Gschwind

Develop, Deploy, Operate
Many factors go into understanding the costs and value of software development. The holistic approach presented here balances product outcomes with both the human and machine costs of producing software.
- Leah Rivers and Titus Winters

Generative AI at the Edge: Challenges and Opportunities
The next phase in AI deployment is to bring the power of large generative models to the edge while balancing efficiency, safety, and autonomy. The challenges are significant, but so are the opportunities.
- Vijay Janapa Reddi

DEPARTMENTS

RESEARCH FOR PRACTICE
The Point is Addressing
A collection of papers representing 30 years of research looks at the topic of distributed shared memory. The papers present unique ways of addressing data to solve the problem of sharing memory across computers.
- Daniel Bittman with introduction by Peter Alvaro

DRILL BITS
Sandboxing: Foolproof Boundaries vs. Unbounded Foolishness
Sandboxing mitigates the risks of software so large and complex that it's likely to harbor security vulnerabilities. To safely harness useful yet ominously opaque libraries, a simple mechanism provides ironclad confinement—or does it?
- Terence Kelly with special guest borer Edison Fuh

THE SOFT SIDE OF SOFTWARE
Peer Mentoring
Your peers can often provide more valuable guidance than your superiors. Their advice is realtime, highly relevant, and actionable.
- Kate Matsudaira

KODE VICIOUS
Can't We Have Nice Things?
Is there beauty to be found in a piece of code? It depends on the care with which it has been crafted—and the pressure to publish tends to negate that. KV is still waiting for a fine example.
- George Neville-Neil

Subscribers and ACM Professional members login here

Features

From Function Frustrations to Framework Flexibility
- Erik Meijer
Applying an "extra layer of indirection" to function calling leads to the enhancement of LLM interactions, laying the groundwork for more reliable AI systems.

How to Evaluate AI that's Smarter than Us
- Chip Huyen
AI systems are beginning to outpace their human experts, but there are effective strategies for evaluating these systems without human judgment.

The Surprise of Multiple Dependency Graphs
- Josie Anugerah and Eve Martin-Jones
Dependency management is an underappreciated challenge in software development, especially with the increased use of open source. There is a need for a set of best practices to manage the problem in the interest of better security.

Fifty Years of Open Source Software Supply Chain Security
- Russ Cox
A report by the U.S. Air Force in the 1970s anticipated many ongoing problems with the security of the software supply chain. Decades later the so-called xz attack brought to the fore the importance of addressing these issues in the open source world.

String Matching at Scale
- Dennis Roellke
If only there were a way to track software so if a vulnerability arises, its source can by quickly found. This is a problem waiting to be solved through collaboration and better incentives.

COLUMNS

OPERATIONS AND LIFE
A Clean Approach to Process Optimization
- Thomas A. Limoncelli
Rethinking the order and timing of tasks within a process can lead to significant improvements in efficiency and quality.

KODE VICIOUS
Analyzing Krazy Kode
- George V. Neville-Neil
Reading someone else's code is a little like psychoanalysis. Knowing how a piece of code makes you feel has a bearing on how well you understand it.

Subscribers and ACM Professional members login here

Features

The Price of Intelligence
LLMs have been enthusiastically embraced by AI systems, but often at the expense of overlooking their inherent risks—hallucinations, indirect prompt injection, and jailbreaks.
- Mark Russinovich, Ahmed Salem, Santiago Zanella-Béguelin, and Yonatan Zunger

Intermediate Representations for the Datacenter Computer
Two research projects out of UC Berkeley and UC Santa Cruz show how application programmers can be separated from mechanistic distribution details, allowing them to leverage fleets of computers without becoming experts in distributed computing.
- Achilles Benetopoulos

Systems Correctness Practices at AWS
The rigorous testing methods Amazon Web Services relies on in its development process have become increasingly valuable—not only for ensuring systems correctness but also for performance improvements.
- Marc Brooker and Ankush Desai, Amazon Web Services

Simulation: An Underutilized Tool in Distributed Systems
DevOps engineers may find it difficult to put simulation into practice, but the benefits are many. A case study using SimKube shows why simulation is a tool that should not be overlooked.
- David R. Morrison

COLUMNS

DRILL BITS
Retrofitting: Principles and Practice
Retrofitting radically new functionality onto production software tests every skill of the programmers craft. A practical case study illuminates principles for bolting new tricks onto old dogs.
- Terence Kelly with special guest borer Aaron Su

OPERATIONS AND LIFE
Give Engineers Problems, Not Solutions
Engineers are puzzle-solvers. Don't tell them how to do it; let them figure it out. Both solutions and morale will improve
- Thomas A. Limoncelli

KODE VICIOUS
The Drunken Plagiarists
Despite all the hype, co-pilots have little to offer, whispering semantic nothings in your ear in somewhat inebriated fashion. KV says it's time to move on.
- George V. Neville-Neil

THE SOFT SIDE OF SOFTWARE
My Career-limiting Communication
Your boss has a question. Before you answer, remember every chance you have to engage is a chance for you to shine. Here are three tips for communicating well.
- Kate Matsudaira

Subscribers and ACM Professional members login here

Special issue on accessibility

Features

It's Time to Make Software Accessible
For software developers to embrace accessibility in their products, they must first overcome common misconceptions about the nature of disabilities. Then accessibility support should be incorporated from the operating system all the way to the top of the organization.
- Stacy M. Branham and Shahtab Wahid

The State of Digital Accessibility
A team of experts argues the case for digital accessibility from both a professional and personal perspective. They discuss the challenges, point out the leaders in the field, and share their optimism and warnings for the future.
- Stacy M. Branham, Shahtab Wahid, Sheri Byrne-Haber, Jamal Mazrui, Carlos Muncharaz, and Carl Myhill

System-class Accessibility
Using the example of the iPhone's VoiceOver screen reader, the authors show how they used accessibility support at the operating-system level to reimagine touchscreen input for nonvisual use.
- Chris Fleizach and Jeffrey P. Bigham

Accessibility Considerations for Mobile Applications
Bloomberg Connects is a free mobile app that provides digital guides to more than 350 cultural organizations. Here's how it supports accessibility for as broad an audience as possible.
- Juanami Spencer

Design Systems Are Accessibility Delivery Vehicles
Design systems smooth the way for software developers to build valuable and functional applications for their users. They are also prime vehicles for building accessibility support into those applications.
- Shahtab Wahid

Driving Organizational Accessibility
The director of business management for the chief accessibility officer and the accessibility team at Microsoft makes the business case for elevating accessibility support to priority status.
- Vinnie Donati

DEPARTMENTS

You Don't Know Jack About AI
Modern AI defies a precise definition. It is not the AI of science fiction. Nor is it ChatGPT. It is best characterized as capturing important patterns and variations in data, and it still requires a measure of human judgment calls.
- Sonja Johnson-Yu and Sanket Shah

COLUMNS

THE BIKE SHED
Civics is Boring. So, Let's Encrypt Something!
IT professionals can either passively suffer political solutions to encryption or participate in the process to achieve something less awful. Here's one proposal that won't go far, but it's a start.
- Poul-Henning Kamp

KODE VICIOUS
Building on Shaky Ground
The CrowdStrike debacle tells us we must look at how systems software is built with unsafe languages on unsafe hardware that's connected to an untrusted network. Or we risk the same, and worse, happening again.
- George V. Neville-Neil

Subscribers and ACM Professional members login here

Features

GPTs and Hallucination
While GPTs can be useful tools for mundane tasks, they struggle with topics where there's limited information online, which can lead to nonsensical answers presented as facts.
Jim Waldo and Soline Boussard

Assessing IT Project Success: Perception vs. Reality
A survey of project managers counters the assumption that most IT projects are problematic and tend to fail by surfacing evidence that most of these projects actually are achieving high levels of success.
João Varajão and António Trigo

Questioning the Criteria for Evaluating Non-cryptographic Hash Functions
Security is not the primary requirement of non-cryptographic hash functions, but maybe we need to give that some more thought.
Catherine Hayes and David Malone

Confidential Computing Proofs
CCPs provide an alternative to Zero-Knowledge Proofs. While both cryptographic algorithms deliver similar functionality, there are tradeoffs as to security, performance, usability and scalability.
Mark Russinovich, Cédric Fournet, Greg Zaverucha, Josh Benaloh, Brandon Murdoch, Manuel Costa

CASE STUDY

Program Merge: What's Deep Learning Got to Do with It?
A group of researchers at Microsoft decided to tackle the difficult challenge of resolving program merge conflicts and thought it would be good to see how some deep-learning models might be applied to the problem.
A discussion with Shuvendu Lahiri, Alexey Svyatkovskiy, Christian Bird, Erik Meijer and Terry Coatta

COLUMNS

RESEARCH FOR PRACTICE
Deterministic Record-and-Play
The key insight is that these systems can focus solely on storing information about the non-deterministic actions of the process.
Andrew Quinn with Introduction by Peter Alvaro

BRIDGING THE MOAT
Test Accounts: A Hidden Risk
"Don't test in production" is a rule nearly every software engineer is guilty of breaking at some point. When those occasions arise, here are some rules for avoiding the risks.
Phil Vachon

KODE VICIOUS
Unwanted Surprises
If you don't know what you're operating on, or what the expected output range might be, then maybe you shouldn't be operating on that data in the first place.
George V. Neville-Neil

Subscribers and ACM Professional members login here

Features

Virtual Machinations: Using Large Language Models as Neural Computers
The rapid expansion of generative AI has transformed the potential of the LLM from a glorified database into an end-user programmable neural computer.
- Erik Meijer

Toward Effective AI Support for Developers
A survey of software developers reveals their expectations, hopes, and fears for using AI in their work. The results underscore the need to proceed carefully and not run headlong into creating tools without consulting their prospective users.
- Mansi Khemka and Brian Houck

Transactions and Serverless are Made for Each Other
Transactional serverless platforms enable many new features not possible in either existing serverless platforms or server-based deployments. Among the benefits are debugging, reliable program execution, security, and performance.
- Qian Li and Peter Kraft

You Don't Know Jack about Bandwidth
If you're an ISP whose customers are complaining about poor Internet performance, the reason is probably latency—and take heart. It's a problem that can now be fixed.
- David Collier-Brown

Columns

THE BIKE SHED
The Unimaginable Expense of Unprotected Free Software
The recent sabotage of the widely used XZ compression software points out the role of FOSS maintainers as unheralded heroes. They deserve compensation rather than blame.
- Poul-Henning Kamp

KODE VICIOUS
Repeat, Reproduce, Replicate
In computing science, as in most sciences, the pressure to publish among researchers far too often outweighs the need to defend scientific claims with reproducible results.
- George V. Neville-Neil

THE SOFT SIDE OF SOFTWARE
Working Models for Tackling Tech Debt
Tech debt—that inevitable cruft that accumulates around any software project—must be periodically cleaned out and refreshed to maintain the health of your codebase and to facilitate future development.
- Kate Matsudaira

Subscribers and ACM Professional members login here

Features

Elevating Security with Arm CCA
Arm Confidential Compute Architecture provides a way to assess an implementation's security claims through a process of attestation and verification.
- Charles Garcia-Tobin and Mark Knight

Confidential Container Groups
The authors built and tested Parma to power confidential containers on Azure container instances. With minimal performance overhead, it allows third parties to communicate securely with containers.
- Matthew A. Johnson, Stavros Volos, Ken Gordon, Sean T. Allen, Christoph M. Wintersteiger, Sylvan Clebsch, John Starks, and Manuel Costa

Confidential Computing or Cryptographic Computing?
The two prominent approaches to secure computation today are a purely cryptographic approach or a hardware security approach known as confidential computing. There are tradeoffs between the two in deployment, security, and performance.
- Raluca Ada Popa

Trustworthy AI using Confidential Federated Learning
Ensuring AI's trustworthiness is tantamount to its success, but training machine-learning models often requires access to private data. CFL and confidential computing can work together to achieve better security.
- Kapil Vaswani, Andrew Paverd, Peter Pietzuch, and Jinnan Guo

Columns

DRILL BITS
Zero Tolerance for Bias
From gambling to military conscription, randomization makes crucial real-world decisions. With blood and treasure at stake, fairness is not negotiable. Unfortunately, bad advice and biased methods abound. We'll learn how to navigate around misinformation, develop sound methods, and compile checklists for design and code reviews.
- Terence Kelly

KODE VICIOUS
Structuring Success
The affinity for good program structure tends to come only after you've either been exposed to it in a well-written system or had the need thrust upon you by the problem you are trying to solve.
- George Neville-Neil

OPERATIONS AND LIFE
Make Two Trips
Comedian Larry David's advice to "make two trips" pertains not only to armfuls of groceries, but also to IT. Making two loops when coding or making two smaller projects out of one larger goal can simplify life.
- Thomas A. Limoncelli

Subscribers and ACM Professional members login here

Features

A "Perspectival" Mirror of the Elephant
Language bias is real on Google, ChatGPT, YouTube, and Wikipedia platforms. As in the fable of the blind men and the elephant, such bias leads to an incomplete understanding of information across societal divides.
- Queenie Luo, Michael J. Puett, and Michael D. Smith

Challenges in Adopting and Sustaining Microservice-based Software Development
A microservice-based approach to software development offers real advantages over the traditional monolithic style, but there are organizational challenges—even more than technical difficulties—in adopting this new approach.
- Padmal Vitharana and Shahir A. Daya

Developer Ecosystems for Software Safety
Common software defects persist despite efforts to follow safe and secure design principles. Google's theory is that software safety and security must be incorporated within the design of the developer ecosystem.
- Christopher Kern

From Open Access to Guarded Trust
Gone are the days when companies had free access to the data they collected from their customers. Today the fervor to innovate must be carefully weighed against cultivating the trust of users.
- Yifei Wang

Columns

THE BIKESHED
Free and Open Source Software—and Other Market Failures
The FOSS movement never quite worked out. But it did gain something: freedom from those who held tightly to source code. Today people have realized that source code is more of a liability than an asset.
- Poul-Henning Kamp

KODE VICIOUS
Software Drift
A software fork is like a divorce. Whether messy or amicable, there is a cooling-off period where the parties do not communicate. This leads to the codebases drifting apart, and to inevitable but unnecessary confusion.
- George Neville-Neil

THE SOFT SIDE OF SOFTWARE
Give Your Project a Name
The simple act of naming a project gives your team something concrete to rally behind—a collective goal. It goes a long way toward improving morale, fostering camaraderie, and igniting motivation.
- Kate Matsudaira

Subscribers and ACM Professional members login here

Features

How to Design an ISA
RISC-V made the world of custom instruction sets more accessible, and more people are trying to design them. There are some problems and pitfalls to be aware of before diving in.
- David Chisnall

DevEx in Action
Good developer experience is fundamental to effective software delivery. How do we get more companies to invest in making DevEx better?
- Nicole Forsgren, Eirini Kalliamvakou, Abi Noda, Michaela Greiler, Brian Houck, Margaret-Anne Storey

Resolving the Human-subjects Status of Machine Learning's Crowdworkers
The interaction of ML researchers and crowdworkers currently lacks an ethical framework. The first step in constructing one is to define when ML's crowdworkers constitute human subjects.
- Divyansh Kaushik, Zachary C. Lipton, Alex John London

Departments

CASE STUDY
Multiparty Computation: To Secure Privacy, Do the Math
Introduced in 1982, MPC has been exhumed from the archives and harnessed as a powerful tool for protecting data. We get the views of cybersecurity experts about the reasons for all the buzz.
A discussion with Nigel Smart, Joshua W. Baron, Sanjay Saravanan, Jordan Brandt, and Atefeh Mashatan

RESEARCH FOR PRACTICE
Automatically Testing Database Systems
Recent innovations in software engineering, database systems, and security angles allow automatic testing of DBMSs without user interaction.
- Manuel Rigger
Introduction by Peter Alvaro

Columns

OPERATIONS AND LIFE
What do Trains, Horses, and Home Internet Installation have in Common?
Sometimes you need to separate the installation of a system from the additions and changes in order to create an efficient operation.
- Thomas A. Limoncelli

KODE VICIOUS
Is There Another System?
Perhaps, but KV has yet to see evidence of general AI replacing programmers. Think of these new systems as aids to the programmer, much as early compilers were in the 1960s and '70s.
- George V. Neville-Neil

DRILL BITS
Programmer Job Interviews: The Hidden Agenda
Top tech interviews test coding and CS knowledge overtly, but they also evaluate a deeper technical instinct so subtly that candidates seldom notice the appraisal. We'll learn how interviewers create questions to covertly measure a skill that sets the best programmers above the rest. Equipped with empathy for the interviewer, you can prepare to shine on the job market by seizing camouflaged opportunities.
- Terence Kelly

Subscribers and ACM Professional members login here

Special Issue on Confidential Computing

Features

Device Onboarding using FDO and the Untrusted Installer Model
A comparison of a trusted (Wi-Fi Easy Connect) and an untrusted (FIDO Device Onboard) installer demonstrates the untrusted model has the advantage in automated IoT device onboarding.
- Geoffrey Cooper

Improving Testing of Deep-learning Systems
Deep-learning systems are data driven, and thus it is critical that they are evaluated using a diverse dataset. A combination of differential and mutation testing results in better data representation.
- Harsh Deokuliar, Raghvinder S. Sangwan, Yoaukim Badr, Satish M. Srinivasan

Use Cases Are Essential
As an evaluation tool, use cases temporarily fell out of favor in the software industry. Two of the primary proponents of uses cases argue that the tool is finding renewed popularity today as a way for businesses to focus on what their products are meant to be.
- Ivar Jacobson and Alistair Cockburn

Low-code Development Productivity
Increased productivity is the goal sought by low-code software development. Controlled laboratory experiments using both low-code and code-based technologies bear that out.
- João Varajão, António Trigo, Miguel Almeida

Columns

BRIDGING THE MOAT
The Security Jawbreaker
Letting someone enter your software system should not imply unlimited access. Authority checks must be pervasive, with no shortcuts allowed.
- Phil Vachon

KODE VICIOUS
Dear Diary
In the physical and medical sciences, laboratory notebooks are a way of life. Computer scientists would have much to gain by adopting that practice.
- George Neville-Neil

SOFT SIDE OF SOFTWARE
Software Managers' Guide to Operational Excellence
The concept of checks and balances can be successfully applied to managing your software team, improving your ability to steer the team toward operational excellence.
- Kate Matsudaira

Subscribers and ACM Professional members login here

Special Issue on Confidential Computing

Features

Confidential Computing: Elevating Cloud Security and Privacy
Confidential computing is on track to become the new norm for data safety and privacy in the cloud. An upcoming series of articles in acmqueue examines all aspects of this new technology, which will lead to a more secure and innovative future.
- Mark Russinovich

Hardware VM Isolation in the Cloud
AMD SEV-SNP technology is among the first to embrace confidential computing, adding a needed level of protection for data in the public cloud.
- David Kaplan, Advanced Micro Devices

Creating the First H100 Confidential GPUs
Creating the First Confidential GPUs
Nvidia is bringing confidential computing to its GPUs, protecting user code and data end to end for the most demanding workloads such as AI, machine learning, and high-performance computing.
- Gobikrishna Dhanuskodi, Sudeshna Guha, Vidhya Krishnan, Aruna Manjunatha, Rob Nertney, Michael O'Connor, Phil Rogers

Why Should I Trust Your Code?
Confidential computing can go only so far in determining if code is trustworthy. The solution to this could be a code transparency service that tracks code provenance and holds code providers accountable.
- Antoine Delignat-Lavaud, Cédric Fournet, Kapil Vaswani, Sylvan Clebsch, Maik Riechert, Manuel Costa, Mark Russinovich

Columns

OPERATIONS AND LIFE
Three Ways to Prevent Blockers by Knowing What You Need to Know
Gathering the right information upfront and performing preflight checks on any project can save hours of wasted time later. This is effective at all levels - personal, team, and organizational.
- Thomas A. Limoncelli

KODE VICIOUS
Halfway Around the World
Say you're asked to lead a software development group in a foreign land. Don't shy away if you don't speak their language. KV says dive in and get to know the people. Your job will be easier, and you'll be a better human for it.
- George Neville-Neil

DRILL BITS
Protecting Secrets from Computers
Bob is in prison and Alice is dead; they trusted computers with secrets. Review time-tested tricks that can help you avoid the grim fate of the old crypto couple.
- Terence Kelly

Subscribers and ACM Professional members login here

Features

How Flexible is CXL's Memory Protection?
CXL, a new interconnect standard for cache-coherent memory sharing, is becoming a reality - but its security leaves something to be desired. Decentralized capabilities are flexible and resilient against malicious actors, and should be considered while CXL is under active development.
- Samuel W. Stark, A. Theodore Markettos, Simon W. Moore

Echoes of Intelligence
The growing use and scrutiny of AI systems raises the questions of how closely the LLMs that underlie such systems follow the rules of language games and why it matters.
- Alvaro Videla

Pointers in Far Memory
The concept of far memory promises more capacity but greater latency. It may mean rethinking how data and computations should be organized.
- Ethan Miller, George Neville-Neil, Achilles Benetopoulos, Pankaj Mehra, Daniel Bittman

Columns

BIKESHED
Don't "Think of the Internet!"
Whenever Section 230, which protects social media companies from liability, comes under attack, its defenders invariably cry, "Think of the Internet." That's not what they really mean.
- Poul-Henning Kamp

BRIDGING OVER THE MOAT
Security Mismatch
In software companies a natural conflict exists between security teams and product delivery teams—one's nature is to slow down progress, the other wants to speed it up. The secret is to view security as an enabler, not a hindrance.
- Phil Vachon

KODE VICIOUS
Stone Knives and Bear Skins
Tools for systems software tend to be more primitive than those for applications. If these systems were designed with extensibility, measurement, and debugging in mind, it would make it easier to build better tools for them.
- George V. Neville-Neil

THE SOFT SIDE OF SOFTWARE
Managing Hybrid Teams
In the post-pandemic world, businesses are often handling a combination of on-site and remote workers. To be successful, this requires a new set of management tools.
- Kate Matsudaira

Subscribers and ACM Professional members login here

Features

Beyond the Repository
Research into open source ecosystems must consider their complex nature, involving not only technical, but also social aspects of these multi-layered systems.
- Amanda Casari, Julia Ferraioli, and Juniper Lovato

DevEx: What Actually Drives Productivity
What is the best way to improve developer productivity? Some organizations are finding that a focus on the developer experience leads to new opportunities for improvement.
- Abi Noda, Margaret-Anne Storey, Nicole Forsgren, Michaela Greiler

You Don't Know Jack about Application Performance
A full-scale benchmark is not always necessary when trying to solve a performance problem. All you really need to know is whether you are doomed to fail. A simple measurement can tell you that.
- David Collier-Brown

Cargo Cult AI
The same species that forms cargo cults around unfounded beliefs in things like UFOs and ESP also produces scientific geniuses. Can AI be taught, like humans, how to think scientifically?
- Edlyn V. Levine

Departments

RESEARCH FOR PRACTICE
OS Scheduling
Recent research explores ways to improve OS scheduling policies for modern computing systems.
- Kostis Kaffes with introduction by Peter Alvaro

Columns

OPERATIONS AND LIFE
Improvement on End-to-End Encryption May Lead to Silent Revolution
In the beginning the ability to eavesdrop was unlimited. Then end-to-end encryption restricted access to only the communicators. With tongue firmly planted in cheek, our author looks at the next step in communication privacy.
- Thomas A. Limoncelli

KODE VICIOUS
The Human Touch
Should a company send its employees phishing emails to teach them a lesson in not being gullible? KV thinks not and encourages good, old-fashioned training instead.
- George Neville-Neil

Subscribers and ACM Professional members login here

Features

Opportunity Cost and Missed Chances in Optimizing Cybersecurity
All costs—not just financial—must be considered in making cybersecurity decisions. Opportunity cost is often overlooked, leading to suboptimal outcomes.
- Kelly Shortridge and Josiah Dykstra

Sharpening Your Tools
Digital forensics tools must be frequently updated to keep up with changes in the ways they are used. A description of updates to the bulk-extractor tool serves as an example of what can and should be done.
- Simson Garfinkel and Jonathan Stewart

Designing a Framework for Conversational Interfaces
A look back at one of the first-ever conversational agents provides lessons for today's developers of these interfaces in combining old approaches with cutting-edge machine-learning techniques.
- Zachary Tellman

Departments

CASE STUDY
Data Science: More Than Just Algorithms
The authors of a new textbook, Data Science in Context: Foundations, Challenges, Opportunities, share their ideas about the impact of the field on nearly all aspects of the economy and society.
- A discussion with Alfred Spector, Peter Norvig, Chris Wiggins, Jeannette Wing, Ben Fried, and Michael Tingley

DRILL BITS
Catch-23: The New C Standard Sets the World on Fire
A new major revision of the C programming language standard is nearly upon us. C23 introduces pleasant conveniences, retains venerable traps for the unwary, and innovates a gratuitous catastrophe. A few steps forward, much sideways shuffling, and a drunken backward stumble into the fireplace come together in the official dance of C standardization, the Whiskey Tango Foxtrot.
- Terence Kelly with special guest borer Yekai Pan

Columns

KODE VICIOUS
The Parchment Path?
Is seeking an advanced degree a useful endeavor in the field of computing? Well, it takes a certain sort of driven individual with a crazy focus on knowledge—but, yes, it can be highly rewarding.
- George Neville-Neil

Subscribers and ACM Professional members login here

Features

Taking Flight with Copilot
New AI-powered tools can facilitate pair programming. Github's Copilot is one of those tools, and the early reviews, while not perfect, are promising.
- Christian Bird, Denae Ford, Tom Zimmermann, Nicole Forsgren, Eirini Kalliamvakou, Travis Lowdermilk, Idan Gazit

To PiM or Not to PiM
A data movement bottleneck is developing as AI becomes a pervasive tool for billions of IoT devices at the edge. Processing-in-memory may offer an alternative route.
- Gabriel Falcao and João Dinis Ferreira

Three-part Harmony for Program Managers Who Just Don't Get It, Yet
Open-source software, open standards, and agile software development can ensure more efficient systems acquisition. The Department of Defense cyber strategy offers a telling example.
- Guenever Aldrich, Danny Tsang, Jason McKenney

Departments

RESEARCH FOR PRACTICE
The Fun in Fuzzing
The debugging technique known as fuzzing has grown into a sophisticated way of uncovering security vulnerabilities at scale. A review of three research papers on the topic lends insight into the technique.
- Stefan Nagy with introduction by Peter Alvaro

Columns

KODE VICIOUS
All Sliders to the Right
Bigger is not necessarily better when it comes to hardware. It's more important to use what you've got in the most efficient way.
- George Neville-Neil

Subscribers and ACM Professional members login here

Features

Occam-v2: Combining Static and Dynamic Analysis for Effective and Efficient Whole-program Specialization
Occam-v2 incorporates static analysis using an abstract interpretation framework, as well as dynamic analysis. The combination results in a better tool for specializing LLVM bitcode.
- Jorge A. Navas and Ashish Gehani

Reinventing Backend Subsetting at Google
Google discovered an algorithm it used for over a decade was the cause of connection churn. Google went in search of an alternative, and Rocksteadier Subsetting was the answer.
- Peter Ward and Paul Wankadia with Kavita Guliani

Departments

CASE STUDY
OSS Supply-chain Security: What Will It Take?
The open-source software supply chains that enterprises increasingly rely upon have caught the attention of the cybercrime world for their ease of access. Experts in the trenches tell us what should be done to mitigate the risks.
A discussion with Maya Kaczorowski, Falcon Momot, George Neville-Neil, and Chris McCubbin

Columns

DRILL BITS
Literate Executables
Literate executables redefine the relationship between compiled binaries and source code to be that of chicken and egg, so it's easy to derive either from the other. This episode of Drill Bits provides a general-purpose literacy tool and showcases the advantages of literacy by retrofitting it onto everyone's favorite command-line utility.
- Terence Kelly

OPERATIONS AND LIFE
Split Your Overwhelmed Teams
The solution to an overworked, overwhelmed SRE team could be to divide the team into separate parts, each responsible for fewer tasks.
- Thomas A. Limoncelli, SRE TPM at Stack Overflow

KODE VICIOUS
The Elephant in the Room
By writing code for the elephant that is Posix, we lose the chance to take advantage of modern hardware.
- George Neville-Neil

Subscribers and ACM Professional members login here

Features

Mapping the Privacy Landscape for Central Bank Digital Currencies
As central banks all over the world move to digitize cash, the issue of privacy needs to move to the forefront. The path taken may depend on the needs of each stakeholder group: privacy-conscious users, data holders, and law enforcement.
- Raphael Auer, Rainer Böhme, Jeremy Clark, and Didem Demirag

The Rise of Fully Homomorphic Encryption
Current data security models are struggling to do the job they need to do. The availability of commercial FHE could soon cause a sea change in how confidential information is protected, processed, and shared.
- Mache Creeger

From Zero to One Hundred
Is zero trust architecture a new cybersecurity standard, or just cybersecurity done right—what we should have been doing all along? Either way, it's necessary amid a changing network landscape and rising security threats.
- Matthew Bush, Atefeh Mashatan

Departments

CASE STUDY
The Arrival of Zero Trust: What Does it Mean?
As organizations spread out via cloud computing and more employees working from home—and with the rise of corporate security breaches—there's no such thing as a secure perimeter anymore. Zero trust is the way to go.
A discussion with Michael Loftus, Andrew Vezina, Rick Doten, and Atefeh Mashatan

RESEARCH FOR PRACTICE Crash Consistency
This second reboot edition of RfP examines three papers that address different ways to achieve crash consistency—an important quality in storage systems indicating that their data can survive system crashes.
- Peter Alvaro, Ram Alagappan

Columns

KODE VICIOUS
The Four Horsemen of an Ailing Software Project
A software project struggling with paranoia among team members, restructuring of the team, and increasing bug counts can mean only one thing: impending doom.
- George Neville-Neil

THE BIKESHED
Software Industry Begins Facing its Liability Problem
The newly formed Cyber Safety Review Board released its first report in July on the Log4j security issue. Read it as a warning to future development of free and open-source software.
- Poul-Henning Kamp

Subscribers and ACM Professional members login here

Features

The Challenges of IoT, TLS, and Random Number Generators in the Real World
Bad random numbers endure in today's systems, putting security at risk. An overhaul of the TLS protocol may be in order to make it more resilient to less-than-perfect random number generators.
- James P. Hughes and Whitfield Diffie

Privacy of Personal Information
Every online interaction creates an opportunity for personal information to be misused. Are the privacy-preserving techniques being deployed today sufficient to safeguard data from users with malicious intent?
- Sutapa Mondal, Mangesh S. Gharote, and Sachin P. Lodha

Departments

RESEARCH FOR PRACTICE
Convergence
After a three-year hiatus, our popular review of academic papers returns. This first reboot edition looks at four different ways of achieving data consistency through convergence, coming from four different corners of computer science.
- Martin Kleppmann

KODE VICIOUS
Securing the Company Jewels
Sometimes the people put in charge of system security are not up to the task. These "runbook zombies" go through the motions of a generic checklist without securing anything. A runbook should be viewed as a memory aid, not a substitute for careful thought.
- George Neville-Neil

ESCAPING THE SINGULARITY
I'm Probably Less Deterministic Than I Used to Be
In my youth, I thought the universe was ruled by cause and effect like a big clock. In this light, computing made sense. Now I see that both life and computing can be a crapshoot, and that has given me a new peace.
- Pat Helland

Subscribers and ACM Professional members login here

Features

Long Live Software Easter Eggs!
- Benoit Baudry, Tim Toady, Martin Monperrus
They have been hidden in the nooks and crannies of software since the very beginning. Some argue they serve no purpose. For others, they simply spark joy—and what could be wrong with that?

Walk a Mile in Their Shoes
- Jenna Butler and Catherine Yeh
When work from home became a thing during the Covid pandemic, one major software company asked workers to keep diaries documenting their experiences. The findings could help shape the new world of hybrid work.

Departments

CASE STUDY
FHIR: Reducing Friction in the Exchange of Healthcare Data
A discussion with James Agnew, Pat Helland, and Adam Cole
Compliance with interoperability standards for electronic healthcare records has proved elusive for providers. These industry experts talk about the challenges and look to a better future.

KODE VICIOUS
When Should a Black Box Be Transparent?
- George Neville-Neil
A brick is a brick, right? Not necessarily. You need to see what's inside that brick. So, ask lots of questions when your supplier offers a replacement component for your system.

THE BIKESHED
Linear Address Spaces
- Poul-Henning Kamp
Why do we even need linear addresses in the first place, when pretty much everything today is object-oriented? The short answer is, we don't, and they should be eliminated.

DRILL BITS
Persistent Memory Allocation
- Terence Kelly
A new persistent memory allocator that provides a capability for persistent scripting can multiply programmer impact by leveraging mountains of existing software and hardware.

Subscribers and ACM Professional members login here

Features

Middleware 101
That amorphous layer between hardware and software can be used during several phases of the software cycle—from its architecture and development to its deployment.
- Alexandros Gazis and Eleftheria Katsiri

Persistence Programming
It's often required—but are you doing it right? Redefining the database can allow for reimagining persistence programming to make it a more natural task.
- Archie L. Cobbs

Distributed Latency Profiling through Critical Path Tracing
Many existing tools in large, real-world systems are insufficient for latency analysis. Google's use of critical path tracing demonstrates its value in providing valuable day-to-day data for this purpose.
- Brian Eaton, Jeff Stewart, Jon Tedesco, and N. Cihan Tas, Google, Inc., USA

Autonomous Computing
Fiefdoms, emissaries, and collaborations may sound more like an ancient social structure for governing, but these are the concepts that make up autonomous computing. These patterns can help make it easier for people to solve business problems with their computers.
- Pat Helland

Departments

KODE VICIOUS
The Planning and Care of Data
It's well past the time when those in the business of collecting data must first think seriously about data engineering and data maintenance. The costs of getting it wrong are far too high.
- George Neville-Neil

Subscribers and ACM Professional members login here

Features

Interpretable Machine Learning
There is a disconnect between research into the technical objectives of machine learning and its actual use cases. The field of interpretable machine learning is an attempt to translate methodological advances into widespread practical impact.
- Valerie Chen, Jeffrey Li, Joon Sik Kim, Gregory Plumb, Ameet Talwalkar

The Keys to the Kingdom
Clumsy fingers accidentally deleted the private key needed to sign new firmware updates—and business came to a standstill. The author was called in to save the day by patching a new static root of trust into the bootloader.
- Phil Vachon

FPGAs in Client Compute Hardware
An FPGA may take up more space, consume more power, and cost more to integrate into a device, yet it offers significant security and performance benefits over an ASIC.
- Michael Mattioli, Goldman Sachs & Co.

Departments

THE BIKESHED
Surveillance Too Cheap to Meter
Tech companies often know your next move before you do, but it costs more to turn off this surveillance than it does to continue it.
- Poul-Henning Kamp

KODE VICIOUS
Getting off the Mad Path
By its very nature, debugging is an iterative process, which at its tedious worst, can lead to madness. There are ways to avoid going down this path.
- George Neville-Neil

DRILL BITS
Steampunk Machine Learning
Fitting models to data is all the rage nowadays but has long been an essential skill of engineers. Veterans know that real-world systems foil textbook techniques by interleaving routine operating conditions with bouts of overload and failure; to be practical, a method must model the former without distortion by the latter. Surprisingly effective aid comes from an unlikely quarter: a simple and intuitive model-fitting approach that predates the Babbage Engine. The foundation of industrial-strength decision support and anomaly detection for production datacenters, this approach yields accurate yet intelligible models without hand-holding or fuss. It is easy to practice with modern analytics software and is widely applicable to computing systems and beyond.
- Terence Kelly

Subscribers and ACM Professional members login here

Features

Lamboozling Attackers: A New Generation of Deception
The people behind cyberattacks are human too and can be fooled the same as their victims. By deploying deception environments, software engineers can throw attackers off the scent, while building more resilient systems.
- Kelly Shortridge and Ryan Petrich

Meaning and Context in Computer Programs
Whether debugging or adding new features to a program, programmers must be able to read the code to understand what the program is doing. Then they can share domain knowledge with other programmers, using the source code as the medium.
- Alvaro Videla

Federated Learning and Privacy
Centralized collection of data can pose privacy risks if the data is not properly managed. Federated learning is one approach that sees the benefits of processing large quantities of data, while minimizing risk to data holders.
- Kallista Bonawitz, Peter Kairouz, Brendan McMahan, and Daniel Ramage, Google

Departments

INTERVIEW
A Conversation with Margo Seltzer and Mike Olson
Two people behind the development of Berkeley DB talk about its beginnings as "a stupid grad-student trick" and its wild ride into the successful product it became.

CASE STUDY
It Takes a Community: The Open-source Challenge
How do you build a thriving open-source community? Leaders of some of the most successful open-source projects answer that question by sharing their experiences.
A discussion with Reynold Xin, Wes McKinney, Alan Gates, and Chris McCubbin

KODE VICIOUS
I Unplugged What?
Large systems failures often come from foolish mistakes, like putting all the layers on one cake and not tracking how the cake is layered.
- George Neville-Neil

COMMIT TO MEMORY
Chip Measuring Contest
Some companies—Apple and Tesla among them—are starting to build their own purpose-built chips for better performance, user experience, and economics.
- Jessie Frazelle

Subscribers and ACM Professional members login here

Features

Special Issue on Static Analysis

QUEUE FOCUS
Static-analysis: An Introduction
Software engineering consists of a complex relationship between source code, computers, and people. Static analysis is among the most effective tools available to developers to help manage that complexity.
- Patrick Thomson

Static Analysis at GitHub
Although the numbers of users and the size of the corpus of code hosted by GitHub is daunting, the team there was able to harness static analysis to help streamline its code navigation.
- Patrick Thomson and Timothy Clem

Human-Centered Approach to Static-Analysis-Driven Developer Tools
The human factor cannot be underestimated in directing static-analysis techniques into developer-facing systems that more closely mirror the programmer's mind.
- Ayman Nadeem

Designing UIs for Static-analysis Tools
Although static-analysis tools have been growing more efficient, their usability has been improving at a slower rate. A user-centered approach and design guidelines can help improve usability.
- Daniil Tiganov, Lisa Nguyen Quang Do, and Karim Ali

Columns

KODE VICIOUS
Patent Absurdity
Ignorance is bliss when it comes to software patents. Best advice? Don't read them.
- George Neville-Neil

DRILL BITS
Crashproofing the Original NoSQL Key-Value Store
A new crash-tolerance mechanism vaults the venerable gdbm database into the league of transactional NoSQL data stores.
- Terence Kelly

THE BIKESHED
The Software Industry is Still the Problem
Dozens of jobs, from doctors to plumbers, are regulated by law and require some form of licensing. This is not true of IT engineers. The time is way overdue for some professional liability.
- Poul-Henning Kamp

Subscribers and ACM Professional members login here

Features

Declarative Machine Learning Systems
The next wave of ML systems will thrive if they can be harnessed by an audience beyond just those who can build them.
- Piero Molino and Christopher Ré

When Curation Becomes Creation
As social-media platforms move increasingly into creating content, the authors argue that regulations must change to hold them more accountable.
- Liu Leqi, Dylan Hadfield-Menell, and Zachary C. Lipton

Real-world String Comparison
String comparisons are anything but easy. Knowing how to handle Unicode sequences correctly smooths the process.
- Torsten Ullrich

Digging into Big Provenance (with SPADE)
The open-source SPADE project provides a user interface for analyzing data provenance in cases such as malware detection or tracking bitcoin transactions.
- Ashish Gehani, Raza Ahmad, Hassaan Irshad, Jianqiao Zhu, and Jignesh Patel

Columns

KODE VICIOUS
Divide and Conquer
Bisection can be a great tool for finding a bug in your code—but only in certain limited situations.
- George Neville-Neil

ESCAPING THE SINGULARITY
Don't Get Stuck in the "Con" Game
Consistency, convergence, confluence... what do they all mean? And is eventual consistency a thing?
- Pat Helland

THE BIKESHED
What Went Wrong?
IT system failures can exact a human toll way beyond what is acceptable. In these cases, an IT accident investigation board should root out the causes and prevent similar catastrophes from happening again.
- Poul-Henning Kamp

Subscribers and ACM Professional members login here

Features

Biases in AI Systems
There is a growing need to educate ML developers about the types of biases that creep into the AI pipeline and how to mitigate those biases.
- Ramya Srinivasan and Ajay Chander

The Complex Path to Quantum Resistance
With all its promise of technological progress, quantum computing also threatens today's cryptographic techniques for protecting data. The need for quantum-resistant solutions is now.
- Atefeh Mashatan

Case Study

Quantum-safe Trust for Vehicles
The threat of quantum-powered attacks is particularly acute in the automotive industry. Security experts have a new sense of urgency to make vehicles safe from the quantum threat.
A discussion with Michael Gardiner, Alexander Truskovsky, George Neville-Neil, and Atefeh Mashatan

Columns

KODE VICIOUS
In Praise of the Disassembler
Higher-level languages have blinded developers to the knowledge gleaned from the lower-level details of the machines they work on. There is joy to be found in assembly language.
- George Neville-Neil

ESCAPING THE SINGULARITY
ACID: My Personal "C" Change
The author long dismissed consistency as less important than its ACID partners: atomic, isolated, and durable. Now he admits he was wrong.
- Pat Helland

COMMIT TO MEMORY
A New Era for Mechanical CAD
Many CAD programs still live in the 1980s when they were conceived. The time is overdue to update their design and capabilities.
- Jessie Frazelle

DRILL BITS
Schrödinger's Code
Undefined behavior is a perilous aspect of of popular programming languages. Here are techniques for detecting and preventing such bugs.
- Terence Kelly

Subscribers and ACM Professional members login here

Features

WebRTC: Realtime Communication for the Open Web Platform
What started as an open platform to bring audio and video to the web has expanded as never imagined with the pandemic driving the world to Internet-based communications.
- Niklas Blum, Serge Lachapelle, and Harald Alvestrand

The SPACE of Developer Productivity
Developer productivity has remained difficult to measure and define, despite its value in improving efficiency and quality. A practical framework known as SPACE captures the most important dimensions of this elusive concept.
- Nicole Forsgen, Margaret-Anne Storey, Chandra Maddila, Thomas Zimmermann, Brian Houck, and Jenna Butler

Toward Confidential Cloud Computing
As the cloud continues to grow in importance, it demands increased security. The next step is confidential computing, which means extending cryptographic protection to data while in use.
- Mark Russinovich, Cédric Fournet, David Chisnall, Antoine Delignat-Lavaud, Sylvan Clebsch, Kapil Vaswani, Manuel Costa, Vikas Bhatia

Software Development in Disruptive Times
These pandemic times have emphasized the need for fast decision capability, agile project management, and extreme low-code technology in software development. A sample project shows how it can be done.
- João Varajão

Columns

KODE VICIOUS
Aversion to Versions
Hardcoding a version into the source code itself is a definite no-no. There are ways to get this right, so why do so many people continue to get it wrong?
- George Neville-Neil

ESCAPING THE SINGULARITY
Fail-fast is Failing... Fast
The relentless drive toward cloud computing is a good thing, but it means some of our tried-and-true solutions for fault tolerance don't work anymore.
- Pat Helland

Subscribers and ACM Professional members login here

Features

Best Practice: Application Frameworks
Using Google as an example, the authors look at the benefits and tradeoffs of frameworks. They can be a powerful tool, but they don't necessarily work for everyone.
- Chris Nokleberg and Brad Hawkes

Enclaves in the Cloud
Cloud providers are beginning to feature trusted execution environments, or enclaves, in their services. These offer important security measures that help organizations meet their legal and regulatory obligations.
- Jatinder Singh, Jennifer Cobbe, Do Le Quoc, and Zahra Tarkhani

Departments

CASE STUDY
Always-on Time-series Database: Keeping Up Where There's No Way to Catch Up
The need to write your own database may never arise, but what if...? It happened at Circonus, which performs telemetry analysis on a growing number of IoT devices. Here's why that company did it, and how it worked.
A discussion with Theo Schlossnagle, Justin Sheehy, and Chris McCubbin

Columns

KODE VICIOUS
The Non-psychopath's Guide to Managing an Open-source Project
Crossing into management is fraught with pitfalls, and good managers are rare indeed. Here's KV's take on how to get there.
- George Neville-Neil

DRILL BITS
Offline Algorithms in Low-frequency Trading
The example of an office-space auction demonstrates how well-designed software can effectively create wealth by finding subtle opportunities for gains from trade.
- Terence Kelly

COMMIT TO MEMORY
Let's Play Global Thermonuclear Energy
Where does the electricity come from that powers your computer? Where does the energy come from to run the data center that hosts your services? It pays to know the answers to these questions.
- Jessie Frazelle

ESCAPING THE SINGULARITY
Baleen Analytics
Data analytics is ingesting anything and everything, without regard to provenance, then analyzing it to detect patterns that were overlooked before.
- Pat Helland

Subscribers and ACM Professional members login here

Features

Everything VPN is New Again
The virtual private network is aging, unable to keep up with the evolving Internet. But a new VPN protocol and a change in the way computers are used have revitalized the old security model.
- David Crawshaw

Departments

CASE STUDY
Differential Privacy: The Pursuit of Protections by Default
A rigorous mathematical approach to privacy has had a tough go finding acceptance. Among those companies that have adopted it is Google, which is trying to spread the word about its value.
- A discussion with Miguel Guevara, Damien Desfontaines, Jim Waldo, and Terry Coatta

INTERVIEW
A Second Conversation with Werner Vogels
The Amazon CTO provides an evolutionary view of Amazon S3 and AWS from the inside.
- Tom Killalea

Departments

KODE VICIOUS
Kabin Fever
Many of us are KFH (koding from home) these days. It's not always so easy to be removed from the office hubbub, but never fear. KV has done it before and shows us the way.
- George Neville-Neil

DRILL BITS
Decentralized Computing
Why decentralize? Sometimes it is the best way to solve practical problems. The second installment of our newest column provides some working examples.
- Terence Kelly

COMMIT TO MEMORY
Battery Day
Batteries, fundamental to daily modern life, rarely get their due. The Tesla team is changing that, on a tear to make the technology more efficient and cost-effective.
- Jessie Frazelle

EVERYTHING SYSADMIN
The Time I Stole $10,000 from Bell Labs
Don't fear outages. Celebrate them. Learn from them. You could save your company thousands of dollars.
- Thomas Limoncelli

Subscribers and ACM Professional members login here

Features

Special focus on Key and Identity Management

Security Analysis of SMS as a Second Factor of Authentication
There's no doubt that multifactor authentication is more secure than a password alone, but using SMS for the authentication, while convenient, comes with its own security challenges.
- Roger Piqueras Jover

The Identity in Everyone's Pocket
Smartphones are nearly ubiquitous—thus a compelling option for creating a secure user identity for your service. But it's not so easy, especially with the lack of consistency across platforms.
- Phil Vachon

Hardware Security is Not Assured
Trust starts in silicon, so assuring your system is secure begins with shoring up the manufacturing chain and developing ways to detect and mitigate hardware attacks.
- Edlyn V. Levine

Columns / Departments

KODE VICIOUS
Removing Kode
Deleting dead code sounds straightforward enough, but it can get tricky if it involves a feature that is not completely dead after all.
- George Neville-Neil

New Column: DRILL BITS
Efficient Graph Search
This new acmqueue column presents ways to augment your toolbox and make you a better programmer. The first entry looks at tools that improve the efficiency of graph search.
Terence Kelly

COMMIT TO MEMORY
Out-of-this-World Additive Manufacturing
Additive manufacturing (aka 3D printing) uses a variety of processes to turn a digital file into a physical object—from jewelry to rocket parts .
- Jessie Frazelle

Subscribers and ACM Professional members login here

Features

Data on the Outside versus Data on the Inside
Services are essential to building large applications today. Each service has its own data, and that data may reside inside or outside of that service. Where it resides determines how that data should be treated.
- Pat Helland

The History, Status, and Future of FPGAs
From the early days of telecom, through the high-performance computing and data centers of today, field-programmable gate arrays have been hitting a nerve in the ASIC community.
- Oskar Mencer et al.

Scrum Essentials Cards
The popular agile framework Scrum can improve the way a development team works together. Here we present a set of cards based on the Essence standard, which can make Scrum more effective.
- Jeff Sutherland, Ivar Jacobson, and Brian Kerr

Columns / Departments

KODE VICIOUS
Sanity vs. Invisible Markings
Python and a few other programming languages make significant use of white space. This is a long-time practice that needs to change.
- George Neville-Neil

EVERYTHING SYSADMIN
Five Nonobvious Remote Work Techniques
If ever there were a time to refine the practice of working remotely, it is now. Stack Overflow has been doing it for a while and offers some pointers for emulating in-person efficiency.
- Thomas A. Limoncelli

COMMIT TO MEMORY
The Life of a Data Byte
As we all know, the state-of-the-art in storage media has come a ridiculously long way, from paper tape to flash. And it's still evolving to ever faster, smaller storage technology.
- Jessie Frazelle

Subscribers and ACM Professional members login here

Features

Debugging Incidents in Google's Distributed Systems
There are lessons to be learned in the way Google engineers debug production issues in their complex systems. Their tools, strategies, and tasks can be applied to smaller systems.
- Charisma Chan and Beth Cooper

Is Persistent Memory Persistent?
Job number one of a computer system is protecting its data. But stuff happens. Even when every precaution has been taken, a power failure can destroy data. A simple inexpensive testbed can help prepare for such a catastrophe.
- Terence Kelly

Dark Patterns: Past, Present, and Future
Deceptive sales practices are as old as time, but online services have found new ways to manipulate their customers through user interfaces. The industry needs to shine a light on these so-called dark patterns.
- Arvind Narayanan, Arunesh Mathur, Marshini Chetty, and Mihir Kshirsagar

Columns / Departments

KODE VICIOUS
Broken Hearts and Coffee Mugs
No matter how you approach it, a security review is difficult. KV describes the process, step by step, so you know how to prepare for the ordeal.
- George Neville-Neil

COMMIT TO MEMORY
Power to the People
Reducing the carbon footprints of data centers is a lofty but necessary goal. The large operators are in varying stages of achieving the goal. Each has a slightly different approach.
- Jessie Frazelle

Subscribers and ACM Professional members login here

Features

Demystifying Stablecoins
Volatility has marked the emergence of cryptocurrencies. In response, there has been a flood of proposals for new designs that purport to provide a stable exchange rate. These so-called stablecoins may face numerous regulatory hurdles, but they are probably here to stay.
- Jeremy Clark, Didem Demirag, and Seyedehmahsa Moosavi, Concordia University

Case Study

To Catch a Failure: The Record-and-Replay Approach to Debugging
Mozilla developed the record-and-replay debugging tool, called rr, for internal use, but unexpectedly, it came to be widely used outside of Mozilla. Its developers discuss the challenges of debugging and the reason for the success of rr.
- A discussion with Robert O'Callahan, Kyle Huey, Devon O'Dell, and Terry Coatta

Columns / Departments

COMMIT TO MEMORY
Chipping Away at Moore's Law
The shrinkage of transistors predicted by Moore's law has slowed down in recent years. The technology exists for chips as small as 7nm, but the high cost of manufacturing them has prevented their widespread use.
- Jessie Frazelle

KODE VICIOUS
Kode Vicious Plays in Traffic
The use of software to control moving vehicles raises plenty of safety issues. But there are design principles to follow that may help ameliorate the risk.
- George Neville-Neil

ESCAPING THE SINGULARITY...
The Best Place to Build a Subway
Developing software can be compared with building a city's infrastructure. While it may be easier to start with a clean slate, the reality is that you must work around existing structures. The same holds true for computer systems.
- Pat Helland

EVERYTHING SYSADMIN
Communicate Using the Numbers 1, 2, 3, and More
The length of a list has a bearing on how listeners perceive the content. Knowing this will make you a better communicator.
- Thomas A. Limoncelli

THE MORNING PAPER
How do Committee's Invent? And Ironies of Automation
Two papers that have withstood the test of time hold true today. The first revisits Conway's law and the effect of organizational forces on design and development. The second looks at the idea that the more we automate, the more we depend on human skill.
- Adrian Colyer

Subscribers and ACM Professional members login here

Features

Revealing the Critical Role of Human Performance in Software
Knowing how people detect problems and work together to resolve them is essential for successful Internet-facing systems. The articles in this issue examine the role of human performance in achieving more resilient systems.
- David D. Woods and John Allspaw

Above the Line, Below the Line
Imagine a line running horizontally across an Internet-facing system. Above the line are the forces that shape, direct, and restore the technical artifacts that lie below that line. Understanding what goes on underneath is key to the system's resilience.
- Richard I. Cook, M.D.

Cognitive Work of Hypothesis Exploration during Anomaly Response
A primary function above the line of representation is coordination across multiple roles during service outages, particularly how people explore various hypotheses when responding to an incident.
- Marisa R. Grayson

Managing the Hidden Costs of Coordination
A service outage usually initiates an all-hands-on-deck approach, but smooth coordination of these multiple perspectives is important. Without it, cognitive costs can take a toll.
- Laura M.D. Maguire

Beyond the "Fix-it" Treadmill
Something goes wrong with your software. Chaos ensues until it is fixed. Then comes the postmortem focusing on what went wrong this time. There could be a more holistic approach that will prevent failures down the line.
- J. Paul Reed

Columns / Departments

COMMIT TO MEMORY
Securing the Boot Process
Like a relay race where one team member hands a baton to another team member, the boot sequence of a computer works better when all the parts know and trust each other. Standards and system transparency help achieve that trust.
- Jessie Frazelle

KODE VICIOUS
Master of Tickets
In the course of a day, Alice writes 1,000 lines of buggy code and Carol writes 100 lines of well-crafted code. Which should be rewarded? Quality or quantity? KV's answer won't surprise anyone.
- George Neville-Neil

THE MORNING PAPER
The Way We Think About Data
Consider these ideas when it comes to data: First, interpretable models may offer benefits not found in a black-box model. Second, local-first software may combine the advantages of cloud apps with native, installed apps.
- Adrian Colyer

Subscribers and ACM Professional members login here

Features

Blockchain Technology: What is it Good for?
Many industries want to know how blockchain technology can be applied to their particular universe. Here's a way to judge blockchain's potential across many use cases.
- Scott Ruoti, Ben Kaiser, Arkady Yerukhimovich, Jeremy Clark, and Robert Cunningham

The Reliability of Enterprise Applications
Engineering for enterprise reliability can mean crossing a complex landscape of third-party software that often compromises the very goal it seeks to achieve. With the right set of principles and methodologies, enterprises can avoid the pitfalls and maintain reliability.
- Sanjay Sha

Optimizations in C++ Compilers
In their constant search for perfect algorithms, programmers often overlook the magic of compilers. But after looking at the many types of optimizations your compiler can do, you may just learn to love assembly output.
- Matt Godbolt

Columns / Departments

KODE VICIOUS
Numbers Are for Computers, Strings Are for Humans
Computers like to work with numbers, and they are good at it. Trying to communicate a concept such as time as a string can only cause problems. Let your computer do the math.
- George Neville-Neil

ESCAPING THE SINGULARITY...
It's Not Your Grandmother's Database Anymore
Space Time Discontinuum
You can do so much more with big distributed systems, but they present a dilemma when your calculations are coming from many different sources: Wait for the perfect answer? Or go with a faster but incomplete answer?
- Pat Helland

EVERYTHING SYSADMIN
API Practices If You Hate Your Customers
It's easy to drive customers away by making your external APIs costly and difficult to use. But it's not all that hard to keep customers by following a few best practices in building your APIs.
- Thomas A. Limoncelli

COMMIT TO MEMORY
Opening Up the Baseboard Management Controller
The open sourcing of the data center has led to a number of innovative projects involving the BMC, which monitors and manages the physical state of the hardware.
- Jessie Frazelle

THE MORNING PAPER
Back Under a SQL Umbrella
For data processing at YouTube, Google uses Procella, which the first paper presented here describes as unifying a large-scale data platform with a SQL query engine to address all of the data needs of an organization. Save one: machine learning; a second paper advocates using an RDMS as an ML platform. Do all roads lead to SQL?
- Adrian Colyer

Subscribers and ACM Professional members login here

Features

The Effects of Mixing Machine Learning and Human Judgment
What's the best approach to effective decision making? Solo human, solo computer, or both working in tandem? Two experiments show that collaboration between humans and machines does not necessarily lead to better outcomes.
- Michelle Vaccaro and Jim Waldo

Hack for Hire
An emerging black market offers hack-for-hire services to break into targeted email accounts. A covert investigation reveals this is a niche market and that security keys can be effective in protecting against these attacks—at least for now.
- Ariana Mirian

Columns / Departments

KODE VICIOUS
Koding Academies
So-called coding academies are a quick fix to train front-end plumbers, but they fall short in preparing students for careers in software engineering or computer science.
- George Neville-Neil

ESCAPING THE SINGULARITY...
Write Amplification Versus Read Perspiration
To read, or to write? In computing, writing may create more work—reorganizing, merging, reindexing. Otherwise, you must search or do other work to support future reads. There are tradeoffs to consider between the two.
- Pat Helland

THE MORNING PAPER
Putting Machine Learning into Production Systems
Data validation and software engineering are two different approaches to incorporating machine learning into development projects. Google takes the former approach, while Microsoft chooses the latter. Here are case studies of both.
- Adrian Colyer

Subscribers and ACM Professional members login here

Features

Open-source Firmware
By making the actions of firmware more visible, computing becomes more secure. The key to making this happen is to support platforms that are moving away from proprietary firmware and adopting open-source solutions.
- Jessie Frazelle

The Velocity of Software Engineering
Is your software-engineering team more like a tectonic plate or an F-16? High-velocity teams get the best results. They are optimized for speed, open to experimentation, agile, and subject to regular course correcting.
- Tom Killalea

Columns / Departments

CASE STUDY
DAML: The Contract Language of Distributed Ledgers
DAML (Digital Asset Modeling Language) puts blockchain technology to work for the financial services industry, particularly in distributed ledgers. It was an eventful journey to get there, with many lessons learned along the way.
A discussion with Shaul Kfir and Camille Fournier

KODE VICIOUS
What is a CSO Good for?
A chief security officer, not to be confused with a security engineer, needs to do more than buy a third-party security product. There has to be an understanding of the potential threats and a clear plan to deal with them.
- George Neville-Neil

THE SOFT SIDE
The Evolution of Management
With each step up the ladder—from individual contributor to manager to organization leader—you will face transitions that require a shift in mindset and a focus on new skills.
- Kate Matsudaira

EVERYTHING SYSADMIN
Demo Data as Code
Generating demo data is common practice in many organizations. While it may seem like a one-time task to be over and done with, automating the process will save pain down the road.
- Thomas A. Limoncelli

THE MORNING PAPER
Time Protection in Operating Systems and Speaker Legitimacy Detection
Two diverse security topics for this edition of The Morning Paper: Timing-based attacks are going to require attention from future operating systems that need to offer time protection. Second, voice-imitation software is becoming so good that it will require its own brand of protection from social-engineering attacks.
- Adrian Colyer

Subscribers and ACM Professional members login here

Features

Surviving Software Dependencies
The shift to software reuse has happened so quickly that the risks are not yet fully understood.
- Russ Cox

Industry-scale Knowledge Graphs: Lessons and Challenges
Google, Microsoft, IBM Watson, Facebook, and eBay must each provide structured data that makes their products more intelligent and "magical." Each company serves as an example of how best to build and deploy the knowledge graphs that make this possible.
- Natasha Noy, Yuqing Gao, Anshu Jain, Anant Narayanan, Alan Patterson, and Jamie Taylor

Access Control and Health Care Records: Who Owns the Data?
Data management in health care is burdened by legacy systems and fragmented to the point of no return. A Toronto-based startup called HealthChain set out to bring some sense of control to the field. Here's what the company has learned.
- A discussion with David Evans, Richard McDonald, and Terry Coatta

Columns / Departments

KODE VICIOUS
MUST and MUST NOT
KV has some tips for putting your processes into understandable prose. He draws on wisdom from a more than 20-year-old document known as RFC 2119.
- George Neville-Neil

THE SOFT SIDE OF SOFTWARE
Overly Attached
Becoming emotionally attached to your work can lead to compromised decision-making. A good leader must be able to see when this is happening and insert an objective voice.
- Kate Matsudaira

ESCAPING THE SINGULARITY
Extract, Shoehorn, and Load
An increasing part of the computer landscape is moving data from system to system, but it doesn't always fit. Sometimes it has to be shoehorned into a shape that will allow it to be understood.
- Pat Helland

RESEARCH FOR PRACTICE
The DevOps Phenomenon
DevOps holds a lot of promise for companies hoping to capture market share and deliver value faster, but switching from traditional methods has its challenges. A number of papers have addressed these early implementation hurdles.
- Anna Wiedemann, Nicole Forsgren, Manuel Wiesche, Heiko Gewald, and Helmut Krcmar

THE MORNING PAPER
GAN Dissection and Datacenter RPCs
This edition of "The Morning Paper" tackles two diverse topics. The first paper dissects what happens inside a GAN (generative adversarial network) as it is generating an image. The second argues that in certain cases, RPCs (remote procedure calls) can still do the job in datacenters.
- Adrian Colyer

Subscribers and ACM Professional members login here

Features

Net Neutrality: Unexpected Solution to Blockchain Scaling
Blockchains do not scale well, but cloud-delivery networks may lead to a solution to this problem. The trick is in establishing a provably neutral network design.
- Aleksandar Kuzmanovic

Garbage Collection as a Joint Venture
Google Chrome uses an approach called cross-component tracing to solve the problem of memory management across component boundaries. The result is a safe and efficient reclamation of memory.
- Ulan Degenbaev, Michael Lippautz, and Hannes Payer

Online Event Processing
Online event processing is finding a foothold in data management, particularly in cases where transaction processing has not been up to the task. OLEP allows an application to guarantee strong consistency properties across heterogeneous data systems.
- Martin Kleppmann, Alastair R. Beresford, and Boerge Svingen

Columns / Departments

KODE VICIOUS
The Worst Idea of All Time
KV has been ranting and raving now for 100 columns. From ignoble beginnings, KV, nevertheless, has persisted—and will continue to wrangle with anger management for many columns to come.
- George Neville-Neil

THE SOFT SIDE OF SOFTWARE
How to Create a Great Team Culture (and Why It Matters)
Good teams don't just happen. They spring from a leader who takes the time to build a culture where the team is greater than the sum of its individuals. When that happens, it's electric.
- Kate Matsudaira

EVERYTHING SYSADMIN
Tom's Top Ten Things Executives Should Know about Software
If you're in a company whose executives doesn't understand how software is changing business, beware. If you are one of these execs, it's time to learn about this new world. If you work for these execs, start teaching them.
- Tom Limoncelli

RESEARCH FOR PRACTICE
Troubling Trends in Machine-learning Scholarship
Many research papers in the field of machine learning suffer from flaws that could mislead the public and stymie future research. Becoming aware of these problems could help avoid them in future endeavors.
- Zachary C. Lipton and Jacob Steinhardt

THE MORNING PAPER
SageDB and NetAccel
A new addition to acmqueue examines two papers from the 2019 Conference on Innovative Data Systems Research. Each addresses a bold new direction for data-systems research—one looks at the role of learned models and the other examines network-accelerated query processing.
- Adrian Colyer

Subscribers and ACM Professional members login here

Features

A Hitchhiker's Guide to the Blockchain Universe
The blockchain is purported to be the answer to just about everything, yet not many people can explain exactly what it is. Here is a look at the basics: the individual components, how they fit together, and the problems with blockchain technology.
- James Waldo

Achieving Digital Permanence
Once upon a time, giving permanent life to data meant storing it on a clay tablet, paper scroll or punch card. Then came the Information Age. Now every piece of data is stored on digital media. The challenge is making it last and keeping it accurate.
- Raymond Blum, with Betsy Bower

Identity by Any Other Name
Notions of identity underlie the basic mechanisms of distributed systems, including interchangeability, idempotence, and immutability. Identifiers hold these intertwined systems all together.
- Pat Helland

Metrics That Matter
The Google SRE team has identified some service metrics that are critical to product reliability. Choosing the right metrics is the difference between delighting users or driving them away.
- Ben Treynor, Shylaja Nukala, and Vivek Rau

Columns / Departments

KODE VICIOUS
Know Your Algorithms
Buying newer, faster hardware is not always the answer to your computing problems. It's very often the underlying software that holds the clues to what you are seeking.
- George Neville-Neil

THE SOFT SIDE
Design Patterns for Managing Up
You are always going to encounter situations where you are not at your best—you don't know an answer, you disagree with a decision, you make a mistake. You can recognize these patterns and be prepared to deal with them.
- Kate Matsudaira

RESEARCH FOR PRATICE
Edge Computing
Some applications are better served by moving out of the cloud and into everyday lives. Here is a review of some of the research guiding this trend toward edge computing.
- Nitesh Mor

Subscribers and ACM Professional members login here

Features

Tear Down the Method Prisons! Set Free the Practices!
The professional practices that software developers need in order to work in the most efficient and collaborative way possible are all too often imprisoned within proprietary method jails. Essence may hold the key to liberation.
- Ivar Jacobson and Roly Stimson

Understanding Database Reconstruction Attacks on Public Data
The U.S. Census Bureau is especially vulnerable to database reconstruction attacks and is evaluating ways to lessen the threat. This has implications for the upcoming decennial census and protecting the privacy of millions of U.S. citizens.
- Simson Garfinkel, John Abowd, and Christian Martindale

Benchmarking "Hello, World!"
Tools for observing today's large-scale systems are often lacking. Exploring a very simple environment can help reveal the shortcomings of the tools you are using and direct tool designers and users to fill in the gaps.
- Richard L. Sites

CASE STUDY

Codeflow: Improving the Code Review Process at Microsoft
Large numbers of well-compensated people spend a lot of time on code review. When you're talking about a shop the size of Microsoft, the costs are impressive. That's why a team at the company set out to study the process, making it better for everyone.
A discussion with Jacek Czerwonka, Michaela Greiler, Christian Bird, Lucas Panjer, and Terry Coatta

Columns / Departments

KODE VICIOUS
Writing a Test Plan
How do you create a useful document without turning it into a massive time sink and distraction? Draw on those old lab reports from high school science class.
- George Neville-Neil

EVERYTHING SYSADMIN
Making DevOps Work with SQL
Don't discount DevOps just because you use a SQL database. It may be a difficult transition, but once done, life will be much easier.
- Thomas A. Limoncelli

THE SOFT SIDE
The Importance of a Great Finish
Projects tend to start with a bang and end with a whimper. Don't let this happen. You have to keep your momentum up and finish strong, every time. This is what will get you noticed.
- Kate Matsudaira

RESEARCH FOR PRATICE
Security for the Modern Age
Securely running processes that require the entire syscall interface creates a need for new methods. Solving this problem has led to research into different ways to automate security and defend against attacks in the modern age.
- Jessie Frazelle

Features

How to Live in a Post-Meltdown and -Spectre World
- Rich Bennett, Craig Callahan, Stacy Jones, Matt Levine, Merrill Miller, and Andy Ozment
Major vulnerabilities and their variants create a risk landscape that demands immediate defenses and some tradeoffs. A strong vulnerability management foundation is essential to fight these current and future battles.

Using Remote Cache Service for Bazel
- Alpha Lam
Bazel is an open-source system that provides the power to run build tasks remotely and massively parallel. Its new remote cache feature can help software developers reduce build time by almost an order of magnitude.

Tracking and Controlling Microservice Dependencies
- Silvia Esparrachiari, Tanya Reilly, and Ashleigh Rentz
Dependency cycles are a critical detail of system design that can easily go unnoticed until it's too late. Managing these dependencies is essential to system reliability, especially with the growth of today's massive interdependent software systems.

Why SRE Documents Matter
- Shylaja Nukala and Vivek Rau
Documentation is key to a successful SRE team. Without it, SREs will waste valuable time trying to solve problems through trial and error. With it, teams can scale up and take a principled approach to managing new and unfamiliar services.

Columns / Departments

KODE VICIOUS
A Chance Gardener
- George Neville-Neil
Open source is like a garden with many different species of plants, some of which are beneficial and others of which are toxic. How does a company weed its way through this garden?

THE SOFT SIDE OF SOFTWARE
How to Get Things Done When You Don't Feel Like It
- Kate Matsudaira
Face it, there are days when you're just not feeling it. But there are strategies for dealing with those bad days and turning out good work in spite of it all.

Features

The Mythos of Machine-learning Model Interpretability
- Zachary C. Lipton
The rapid progress of machine learning is making automated decision-making possible, but an important yet misunderstood component is the ability to interpret the models used in the process. What exactly is interpretability and why is it important?

Corp to Cloud: Google's Virtual Desktops
- Matt Fata, Philippe-Joseph Arida, Patrick Hahn, and Betsy Beyer
GDesktop, the internal virtual desktop used at Google, was, until recently, hosted on commercially available hardware on the company's corporate network. Today it runs on the Google Compute Platform. Here's the step-by-step migration to the cloud.

Mind Your State for Your State of Mind
- Pat Helland
Storage and applications have struggled side by side through changing requirements and environments. These changes have implications for durable state and session state, which must be kept in mind when developing applications.

Columns / Departments

KODE VICIOUS
The Obscene Coupling Known as Spaghetti Code
- George Neville-Neil
Needlessly chaining functions, silently mixing and transparently passing data through multiple layers of interfaces, and, most painfully, burying important error output-will it ever stop?

THE SOFT SIDE OF SOFTWARE
The Secret Formula for Choosing the Right Next Role
- Kate Matsudaira
Fancy titles and prestige projects will get you only so far. Better to focus on long-term goals and compatible colleagues when deciding where to go next in your career.

EVERYTHING SYSADMIN
GitOps: A Path to More Self-service IT
- Thomas A. Limoncelli
GitOps is a workflow that empowers users to do their own IT through pull requests. For systems where it is appropriate, GitOps reduces wait times, improves system safety, and increases return on investment.

RESEARCH FOR PRACTICE
Knowledge Base Construction in the Machine-learning Era
- Alex Ratner and Chris Ré
KBC, once reserved for well-funded groups in academia, industry or government, is becoming more accessible thanks to easy-to-use deep-learning models. Three papers summarized here address critical design choices that must be made for these approaches to work.

Features

C is Not a Low-level Language
- David Chisnall
Given the prevalence of parallel hardware today, from multicore CPUs to manycore GPUs, implementations of C have had to become increasingly complex to maintain the illusion that C maps easily to the underlying hardware. This has led to vulnerabilities.

Algorithms Behind Modern Storage Systems
- Alex Petrov
As database systems grow, scaling storage systems becomes more challenging. It's important to know the tradeoffs of the two design approaches used for storage systems in most database systems: read-optimized B-trees and write-optimized LSM-trees.

General Equation and Empirical Verification of Workload Frequency Scaling
- Noor Mubeen
Measuring the productive performance, or scale factor, of workloads requires some workload-scaling equations, presented here. The validation of these equations turns out to be tricky, but a histogram ridge trace can help establish significantly accurate estimates.

Columns / Departments

KODE VICIOUS
Every Silver Lining Has a Cloud
- George Neville-Neil
Moving an application to the cloud may sound good to budget-conscious managers, but suddenly you are fighting for resources with many other cloud tenants. Performance may suffer.

ESCAPING THE SINGULARITY
Consistently Eventual
- Pat Helland
The idea of eventual consistency is that at some point work on a data item will stop and its value will be known. For many items, the work never fully settles on a value. They are more accurately described as consistently eventual.

RESEARCH FOR PRACTICE
FPGAs in Data Centers
- Gustavo Alonso
Field-programmable gate arrays have started to appear in commercial data centers because they are resource- and energy-efficient. Four papers presented here show how FPGA designs are quickly evolving and detail some of the ongoing debates around FPGAs.

Features

Canary Analysis Service
- Štěpàn Davidovič
Google's centralized CAS takes the canary-in- the-coalmine approach to determining whether a partial and time-limited change in service is safe and effective. In the end, CAS quickens development, improves production safety, and helps prevent outages.

Thou Shalt Not Depend on Me
- Tobias Lauinger, Abdelberi Chaabane, and Christo B. Wilson
Websites that use third-party components such as JavaScript libraries are vulnerable to any security issues that these libraries may contain. The first step is understanding the scope of the problem, then determining what can be done to improve the situation.

Designing cluster schedulers for Internet-scale services
- Diptanu Gon Choudhury and Timothy Perrett
Cluster schedulers for distributed systems have become ubiquitous but implementing them is tricky. They must be designed for failure in order to assure system stability and reliability.

Columns / Departments

EVERYTHING SYSADMIN
Manual Work is a Bug
- Thomas A. Limoncelli
A tale of two sysadmins—one who took time to write a lot of code to automate tasks; one who did not. One was successful; one not so much.

KODE VICIOUS
Watchdogs vs. Snowflakes
- George Neville-Neil
How to deal with a distributed system that randomly jams up? There may be no easy answers—only wild-ass guesses.

THE SOFT SIDE OF SOFTWARE
How to Come Up with Great Ideas
- Kate Matsudaira
Train yourself to have the mindset of an entrepreneur, and you will have no shortage of ideas. Here are a few techniques to start thinking in those terms.

RESEARCH FOR PRACTICE
Prediction-serving Systems
- Dan Crankshaw and Joseph Gonzalez
Machine learning involves training a model that can then be used to make predictions based on new inputs. Most research in this area has focused on designing and training these models. Here we look at papers that address the often-overlooked area of managing these models once they are trained.

Features

Continuous Delivery Sounds Great, But Will It Work Here?
- Jez Humble
The ability to get new features, changes, and bug fixes into the hands of users safely and quickly is a competitive advantage. Continuous delivery achieves that, but many people erroneously assume the obstacles to its implementation are too great.

Containers Will Not Fix Your Broken Culture
(and Other Hard Truths)
- Bridget Kromhout
The right DevOps practices can solve a lot of problems, but they go only so far without the right work culture. For these tools to do their job, they must be used in an environment where people can work together in building the future.

Monitoring in a DevOps World
- Theo Schlossnagle
With the emergence of DevOps, the ground has shifted under traditional monitoring paradigms. The new world is fluid and fast, and to keep up, monitoring must be thought about in a completely different way.

DevOps Metrics:
Your Biggest Mistake Might Be Collecting the Wrong Data
- Nicole Forsgren, Ph.D., and Mik Kersten, Ph.D.
Measurement is paramount to the success of DevOps transformations, but determining exactly what to measure can be daunting. Here is a guide to the types of data an organization should collect to ensure effective software development and delivery.

Columns / Departments

KODE VICIOUS
Popping Kernels
- George Neville-Neil
Whether to program in the operating-system kernel or in user space depends on the circumstances. What really matters is following programming best practices, no matter the venue.

THE SOFT SIDE OF SOFTWARE
How Is Your Week Going So Far?
- Kate Matsudaira
Easy to forget, but "Good job!" goes a long way toward inspiring motivation and productivity. To be most effective, praise must have three elements: it must be frequent, specific, and strategic.

RESEARCH FOR PRACTICE
Toward a Network of Connected Things
- Deepak Vasisht
The IoT (Internet of things) is quickly moving from theory to reality. This installment of RfP presents research papers that may help accelerate and capitalize on the trend.

Features

Bitcoin's Underlying Incentives
- Yonatan Sompolinsky and Aviv Zohar

Built into the bitcoin protocol are economic incentives that govern the cryptocurrency's capabilities, security guarantees, and future development. Stronger incentives are crucial to the survival of all cryptocurrencies.

Titus: Introducing Containers to the Netflix Cloud
- Andrew Leung, Andrew Spyker, and Tim Bozarth

While Netflix already went all in on cloud migration, it is now investing in container technology. To do so, it developed Titus, a container-management system, which facilitated container adoption in its existing infrastructure.

Abstracting the Geniuses Away from Failure Testing
- Peter Alvaro and Severine Tymon

Failure testing has long relied on super-users to supply the appropriate faults to inject to expose design flaws, but this approach has limitations. What is needed is a way to automate the super-user's process.

Columns / Departments

KODE VICIOUS
Reducing the Attack Surface
- George Neville-Neil

Be careful what code you supply your development teams—it may be dangerous.

THE SOFT SIDE OF SOFTWARE
Views from the Top
- Kate Matsudaira

The perspective can be quite different, depending on which side of the org chart you fall.

EVERYTHING SYSADMIN
Operational Excellence in April Fools' Pranks
- Thomas A. Limoncelli

The best AFPs are topical and absurdist. They don't get in the way of customers or business. And they don't just happen—they require careful planning and execution.

RESEARCH FOR PRACTICE
Cluster Scheduling for Data Centers
- Malte Schwarzkopf

This curated selection of research papers will help readers understand how to use cluster managers to schedule workloads efficiently and how to scale these managers and their schedulers.

Features

Bitcoin's Academic Pedigree
- Arvind Narayanan and Jeremy Clark

Cryptocurrency is not a 21st century concept but originated in the academic literature of the 1980s and 1990s. Building on this research, digital cash will continue to find commercial success, aided by collaboration among academia, outside researchers, and practitioners.

Cache Me If You Can
- Jacob Loveless

Building a better, decentralized Internet is the goal, but how to get there? The tools and technology are available. The first step is defining the problem as completely as possible.

Network Applications Are Interactive
- Antony Alappatt

The network era brings opportunity for new applications, but their development requires a move away from the old sequential model centered on algorithms to new models with interactions at their core.

Columns / Departments

Kode Vicious
Cold, Hard Cache
- George Neville-Neil

KV reveals secrets to implementing and maintaining a well-organized cache.

The Soft Side of Software
Breadth and Depth
- Kate Matsudaira

When it comes to growing your career, is it better to go wide and learn a lot of different things, or go deep and learn a few things really well?

Escaping the Singularity
XML and JSON Are Like Cardboard
- Pat Helland

Like the sturdy packaging around your new purchases, XML and JSON offer savings and efficiencies in protecting your data that more than make up for the overhead.

Research for Practice
Private Online Communication; Highlights in Systems Verification

Albert Kwon reviews several papers that take on the increasingly important topic of ensuring privacy in our daily online communication. Then James R. Wilcox looks at research into systems verification techniques, aiming to eliminate entire classes of bugs.

Features

Is There a Single Method for the Internet of Things?
- Ivar Jacobson, Ian Spence, Pan-Wei Ng

The IoT will demand new and better methods of developing the vast amount of new software that will be required. The OMG standard Essence can help keep it all from becoming unwieldy.

Metaphors We Compute By
- Alvaro Videla

Programmers must be able to tell a story with their code. Like writers, they must know their metaphors. Thus we get concepts such as queues, nodes, traffic, congestion—all shaping the way people understand what's happening in a program.

Hootsuite: In Pursuit of Reactive Systems
- A discussion with Edward Steel, Yanik Berube, Jonas Bonér, Ken Britton, and Terry Coatta

In a case study of this most widely used SaaS platform for managing social media, participants discuss Hootsuite's transition from a LAMP platform to a microservices architecture, aided by Scala and Lightbend.

Columns / Departments

Kode Vicious
IoT: The Internet of Terror
- George Neville-Neil

Don't ever, ever underestimate the need for encryption in IoT software, no matter the cost in battery life or anything else.

The Soft Side of Software
10 Ways to be a Better Interviewer
- Kate Matsudaira

You have an hour in a room with two chairs and a whiteboard to determine if a job candidate is the right fit. Preparation is key to choosing the best person for the job.

Everything Sysadmin
Four Ways to Make CS and IT Curricula More Immersive
- Thomas A. Limoncelli

Computer science and IT curricula in today's universities should be immersive, more reliably reflecting the real world. Better to start off experiencing a well-run system than figuring out how to fix a badly run one.

Research for Practice
Vigorous Public Debates in Academic Computer Science
- John Regehr

As with any academic discipline, computer science has inspired energetic public debates over what works and what doesn't—from GoTo statements to security protocols.

Features

The IDAR Graph
- Mark A. Overton

UML comes up short in conveying the hierarchy of a design, making it difficult for humans to understand exactly how it's put together. The IDAR graph is a clearer alternative for representing object-oriented designs, resulting in cleaner software with fewer bugs.

The Calculus of Service Availability
- Ben Treynor, Mike Dahlin, Vivek Rau, Betsy Beyer

Most software services and systems should aim for almost-perfect reliability. Google maintains an aggressive SLO of 99.99 percent availability (the "four nines") on its products. Here's how it happens.

Data Sketching
- Graham Cormode

The vast scale of information today means making some compromises—for example, maintaining a summary, or sketch, of data rather than every last bit. Here we look at four innovative algorithmic ideas behind data sketching.

Columns / Departments

Kode Vicious
The Observer Effect
- George Neville-Neil

Frequently polling a system for information can easily overtax it. For it to be useful, you need to find just the right frequency, depending on the task at hand.

The Soft Side of Software
Conversations with Technology Leaders: Erik Meijer
- Kate Matsudaira

Renowned for his innovative work in software development, Meijer has many engineering and leadership lessons to share. Great leaders in this field share a desire for constant learning and a passion for technology.

Escaping the Singularity
Side Effects, Front and Center!
- Pat Helland

The work that software developers do often results in side effects. These unintended consequences may be just too much information—but they may also be relevant.

Research for Practice
- Technology for Underserved Communities
- Personal Fabrication
- Peter Bailis

Finding ways to support the technology needs of underserved communities is a worthy goal. Tawanna Dillahunt looks at three efforts to do so. Then Stefanie Mueller and Patrick Baudisch examine the future of 3D printers, especially their potential for innovation among nontechnical users.

Features

Making Money from Math
- Erik Meijer

Machine-learned models differ from human coding in that they acknowledge uncertainty in their code rather than assuming all computations are precise. Probabilistic programming is a way to bridge the gap between the two.

MongoDB's JavaScript Fuzzer
- Robert Guo

A home-grown JavaScript fuzzer has become MongoDB's most prolific bug-finding tool. It will find the inevitable edge case that defies other code-testing methods.

Too Big NOT to Fail
- Pat Helland, Simon Weaver, and Ed Harris

In web-scale computing, running hundreds of thousands of servers, everything must be simple, predictable, and designed to expect and embrace failure—a fundamentally different approach from smaller environments.

The Debugging Mindset
- Devon H. O'Dell

Applying the psychology of problem solving to the science of debugging can only help programmers become more efficient and effective at their jobs.

Columns / Departments

Kode Vicious
Forced Exception Handling
- George Neville-Neil

Why do nonfatal errors often lead to catastrophic failures? The answer most likely has to do with human nature.

The Soft Side of Software
Does Anybody Listen to You?
- Kate Matsudaira

Knowing the right people, the right time, and the right way to introduce your ideas at work will give them life.

Research for Practice
- Tracing and Debugging Distributed Systems
- Programming by Examples
- Peter Bailis

To bring us up to speed on the state of the art in debugging distributed systems, Peter Alvaro looks at techniques for dealing with the challenges of large-scale tracing systems. Then Sumit Gulwani looks at recent advances in PBE—programming - examples. Why write a program when you can synthesize one from existing examples?

Features

Time, but Faster
- Theo Schlossnagle

Time may be an illusion, but in computing it is a necessary one. As computers get faster, system performance can improve, but only if it can be measured against some concept of time.

Heterogeneous Computing: Here to Stay
- Mohamed Zahran

Heterogeneous computing is quickly becoming the norm. Making the best use of it will require revisiting practices and methods on both the hardware and software sides.

Uninitialized Reads
- Robert C. Seacord

A look at object initialization, indeterminate values, and trap representations demonstrates the need for addressing uninitialized reads in the proposed revision to the current C standard.

Pervasive, Dynamic Authentication of Physical Items
- Meng-Day (Mandel) Yu and Srinivas Devadas

Silicon PUFs (physical unclonable functions) offer advantages in the authentication and security of physical items over other more common approaches such as bar codes, QR codes, holograms, and RFID tags.

Columns / Departments

Research for Practice:
- Cryptocurrencies, Blockchains, and Smart Contracts
- Hardware for Deep Learning
In this issue RfP turns to Arvind Narayanan and Andrew Miller to present research into both the promise and dangers of using and applying cryptocurrencies. Song Han looks at ways of deploying deep neural networks using specialized hardware.

Everything SysAdmin:
Are You Load Balancing Wrong?
The use of load balancers to increase capacity and improve resiliency is widespread in today's web-centric, service-centric environments. Most people, however, are doing it all wrong.

Kode Vicious:
The Chess Player who Couldn't Pass the Salt
Computer scientists can get their AI machines to play chess really well—but is this really intelligence, or is it just a way of applying statistics to very large data sets?

Features

FAUCET: Deploying SDN in the Enterprise
-Josh Bailey

With Faucet and OpenFlow 1.3 hardware, network operators can migrate toward SDN, taking advantage of DevOps practices to deploy features rapidly in the enterprise.

BBR: Congestion-Based Congestion Control
- Neal Cardwell, Yuchung Cheng, C. Stephen Gunn, Van Jacobson, and Soheil Yeganeh

TCP's loss-based congestion control is the culprit in slowing down data on the Internet. The solution could be BBR, Google's new approach to congestion control based on bottleneck bandwidth and round-trip propagation time.

Life Beyond Distributed Transactions
- Pat Helland

Programmers who simply want to solve business problems in today's world are distracted by problems of scale. The potential exists for using patterns to build successful scalable enterprise applications.

Industrial Scale Agile: from Craft to Engineering
- Ivar Jacobson, Ian Spence, and Ed Seidewitz

With software becoming more essential to the world's activities, it's time for software development to become more of an engineering discipline than a craft. Essence provides a language and kernel to help achieve this shift.

Columns / Departments

Research for Practice:
- Practical Information Flow for Web Security
- Distributed Transactions and Networks as Physical Sensors
RfP continues with Irene Zhang describing three papers that dispute the perception of distributed transactions being prohibitively expensive. Then Fadel Adib delves into the previously fantastical world of using computer networks for such tasks as seeing through walls.

The Soft Side of Software:
Resolving Conflict
It's not all about winning. Conflict can be productive if you negotiate and manage it well.

Kode Vicious:
The Unholy Trinity of Software Development
Will your project self-destruct if you combine tests, documentation, and code into one file?

Features

• Marius Eriksen
Functional at Scale

• Adam Morrison
Scaling Synchronization in Multi-Core Programs


• Case Study
React: Facebook's Functional Turn on Writing JavaScript

Columns / Departments

• Research for Practice:
- Practical Information Flow for Web Security
- The Red Future of Mobile Web Computing

• Escaping the Singularity:
The Power of Babble

• Everything Sysadmin:
10 Optimizations on Linear Search

• The Soft Side of Software:
Fresh Starts

• Kode Vicious:
Cloud Calipers

Features

• The Hidden Dividends of Microservices
• Idle-Time Garbage-Collection Scheduling
• Dynamics of Change: Why Reactivity Matters
• Cluster-Level Logging of Containers with Containers

Columns / Departments

• Research for Practice:
Distributed Consensus and Implications of NVM on Database Management Systems
• Escaping the Singularity:
  The Singular Success of SQL
• The Soft Side of Software:
  Bad Software Architecture is a People Problem
• Kode Vicious:
  Chilling the Messenger

Features

• Debugging Distributed Systems
• Flame Graphs
• Should I Upload or Ship My Big Data to the Cloud?

Columns / Departments

• Introducing RfP - Research for Practice
• Escaping the Singularity:
  Standing on Giant Distributed Shoulders
• The Soft Side of Software:
  Nine Things I Didn't Know I Would Learn Being an Engineer Manager
• Everything Sysadmin:
  The Small Batches Principle
• Kode Vicious:
  What Are You Trying to Pull?

Features

• Statistics for Engineers
• Why Logical Clocks are Easy
• Borg, Omega, and Kubernetes
• Use-Case 2.0

Columns / Departments

• The Bikeshed:
  More Encryption Means Less Privacy
• The Soft Side of Software:
  Delegation as Art
• Kode Vicious:
  GNL is Not Linux

Features

• Non-volatile Storage
• Time is an Illusion
• Schema.org: Evolution of Structured Data on the Web
• Immutability Changes Everything
• Accountability in Algorithmic Decision-Making
• The Verification of a Distributed System

Columns / Departments

• The Soft Side of Software:
  The Paradox of Autonomy and Recognition
• Everything Sysadmin:
  How Sysadmins Devalue Themselves
• Kode Vicious:
  Code Hoarding

Features

• How to De-identify Your Data
• Fail at Scale: Reliability in the Face of Rapid Change
• Optimizing NUMA Systems Applications with Carrefour
• Componentizing the Web
• It Probably Works

Case Study

• A Purpose-built Global Network: Google's Move to SDN

Columns / Departments

• Version Status:
  Still Finding the Right Questions
• The Soft Side of Software:
  Lean Software Development—Building and Shipping Two Versions
• Everything Sysadmin:
  Automation Should Be Like Iron Man, Not Ultron
• Kode Vicious:
  Pick a Peck of Pickled Patches and Zapped