Kode Vicious: KV the Apostate
Faith-based computing versus the unnatural science
Whether we ask an LLM or a recent graduate to type the code is less important than knowing what the code does, how it was built, and when to look under the hood
queue.acm.org/detail.cfm?i...
Bridging the Moat:
Security for the Layperson
Usability is core to effective security controls
Cybersecurity is not just a problem facing enterprises. Individual users face similar risks without expertise and support to back them up.
queue.acm.org/detail.cfm?i...
The Second-System Pit of Failure
Lessons learned from building a second-generation system
Our experience with building a new LMS to replace an existing system provides at least one point of evidence that it is possible to avoid the SSE trap.
queue.acm.org/detail.cfm?i...
Building Malleable Systems, not Future-Proof Ones: Design for Change
The code you write can’t possibly predict every change that comes along.
Code is like a house, and people have to live in it, often for much longer than you expect.
queue.acm.org/detail.cfm?i...
Kode Vicious
Escape Routes
Design your APIs carefully
#Software is almost infinitely fungible, but at some point you have to make choices and pin down what you want a thing to do. This is the art of #API design.
queue.acm.org/detail.cfm?i...
Open Source and the Iceberg Theory:
Why “dependency management” isn’t enough anymore
In an era of AI-generated code and increasing supply-chain attacks, stewardship is now a fiduciary and societal imperative.
queue.acm.org/detail.cfm?i...
@auggie.dev
Paul Vixie on the Evolution of Program State
AI coding assistants mean more software will be created than ever before and by more people and agents than ever before. It's undecided as yet whether this era will be safer or more dangerous than the last.
queue.acm.org/detail.cfm?i...
Data Analysis: Why Is It So Complicated?
A sense of the depth and breadth of why it's so complicated to conduct and interpret data analysis.
Why your models are incomplete and rife with inaccuracies, assumptions, caveats, and limitations
queue.acm.org/detail.cfm?i...
Minimalist Design for Space Camera Flight Software
While many systems drift toward more complexity, we advocate for a minimalist approach, with examples that have performed well in practice, with applications for other embedded software.
queue.acm.org/detail.cfm?i...
Running the “Reflections on Trusting Trust” Compiler
Revisiting Ken Thompson’s sourceless backdoor
This article revisits that backdoored compiler, presenting the original code Thompson wrote more than 50 years ago.
queue.acm.org/detail.cfm?i...
Kode Vicious:
Driven to Distraction
From floats to characters and back again
50 years of doing things the Unix way has left us bereft of better APIs. It's not just the drivers but also the application APIs on top of the operating system.
queue.acm.org/detail.cfm?i...
Operations and Life:
#SRE Is Anti-Transactional
An API for interfacing with automaters
Systems built by SREs are not fully autonomous on day one. It's iteration over time that leads to fully autonomous, functional, reliable service.
queue.acm.org/detail.cfm?i...
@yesthattom.bsky.social
A Practical Guide to Transitioning to Memory-Safe Languages
Turning off the spigot of vulnerabilities: a new strategy for memory safety
Traditional approaches to memory safety are flawed, treating symptoms without addressing the underlying cause.
queue.acm.org/detail.cfm?i...
@ayper.bsky.social
Practical #Security in Production
Hardening the C++ Standard Library at massive scale
Our collective experience at Apple and Google demonstrates that significant safety gains are achievable with surprisingly minimal performance overhead in production environments
queue.acm.org/detail.cfm?i...
Safe Coding
Rigorous modular reasoning about software safety
Safe coding embodies a modular, compositional approach to building and reasoning about the safety of large, complex systems.
queue.acm.org/detail.cfm?i...
Memory Safety for Skeptics
If you're tired of hearing about memory safety, this article is for you.
The state of possibility with memory safety today is similar to the state of automobile safety just prior to the widespread adoption of mandatory seat-belt laws.
queue.acm.org/detail.cfm?i...
Kode Vicious
The Process: From start to finish
While the Scientific Method gives us a way to evaluate a hypothesis, a Scientific Process allows us to organize our minds to form these hypotheses, lay out a piece of code, organize a project, or debug a program.
queue.acm.org/detail.cfm?i...
Operations and Life
No One Has Time to Work on Your Project
queue.acm.org/detail.cfm?i...
What if you could apply a few basic principles that would help make working on your project seem more attractive and worthwhile? How to work effectively with overwhelmed people to get things done
Moving Faster by Not Breaking Things:
Or How Not to Blow Up the Internet
People slow down when they are afraid, and they are afraid when they don't know the consequences of their actions. Initial investments allow for a fearless approach to pushing changes.
queue.acm.org/detail.cfm?i...
Guardians of the Agents
Formal verification of AI workflows
This proof-based approach addresses problems by providing deterministic and verifiable assurances of safety without the need to trust the AI nor any of the artifacts it produces
queue.acm.org/detail.cfm?i...
Unsolved Problems in #MLOps
The practitioners whose job it is to make AI work are scrambling behind the scenes, often more in dread than excitement. Either find a better paradigm or fix the ones we're using now.
queue.acm.org/detail.cfm?i...
Understanding the Harm Teens Experience on Social Media: A systematic approach to mitigating negative experiences online
Every day, millions of kids are having preventable harmful experiences on social media
queue.acm.org/detail.cfm?i...
Kode Vicious
In Search of Quietude
Unless you're writing only for yourself, whatever software you build will need to work with what others are building. So, the meta question is: "How much communication is required?"
queue.acm.org/detail.cfm?i...
Security Is Part of Every Critical User Journey
How else would you make sure that product security decisions serve your customers?
Raise your hand and propose that security outcomes and risks be defined at each step along critical user journeys.
queue.acm.org/detail.cfm?i...
Unleashing the Power of End-User Programmable AI
The design of an AI-first, program-synthesis framework built around a new language, Universalis, designed for workers to read, the computer to execute, and ready to be analyzed and manipulated
queue.acm.org/detail.cfm?i...
Concurrency in #WebAssembly
Experiments in the web and beyond
We discuss how concurrent programs are compiled to #Wasm today given the limitations of multi-core concurrency support, and also discuss further expanding Wasm's concurrency capabilities
queue.acm.org/detail.cfm?i...
When Is WebAssembly Going to Get DOM Support?
Or, how I learned to stop worrying and love glue code
Can I build my C#/Go/Python library/app into my website so it runs with good performance?
queue.acm.org/detail.cfm?i...
WebAssembly: How Low Can a Bytecode Go?:
New performance and capabilities
Wasm is still growing with new features to address performance gaps. With many languages and many targets, Wasm could one day become the universal execution format for compiled applications.
queue.acm.org/detail.cfm?i...
#WebAssembly: Yes, but for What?
WebAssembly has found a niche but not yet filled its habitable space. We look at #Wasm wins and losses, identify patterns, and extract commonalities. From those, we predict the future.
queue.acm.org/detail.cfm?i...
@wingolog.org