ACMQ Site - ACM Queue

Time 2020-11-07 23:07:45

Web Name: ACMQ Site - ACM Queue

WebSite: http://queue.acm.org

ID:108403

Keywords:

Site,ACMQ,Queue,

Description:

Our free bi-weekly newsletter showcases all of ACM Queue's latest articles and columns.The future of hardware security will evolve with hardware. As packaging advances and focus moves to beyond Moore's law technologies, hardware security experts will need to keep ahead of changing security paradigms, including system and process vulnerabilities. Research focused on quantum hacking is emblematic of the translation of principles of security on the physical attack plane for emerging communications and computing technologies. Perhaps the commercial market will evolve such that the GAO will run a study on compromised quantum technologies in the not-too-distant future.Hardware,SecurityCommit to Memory:Out-of-this-World Additive Manufacturing Jessie FrazelleFrom thingamabobs to rockets, 3D printing takes many forms.Popular culture uses the term '3D printing' as a synonym for additive manufacturing processes. In 2010, the ASTM (American Society for Testing and Materials) came up with a set of standards to classify additive manufacturing processes into seven categories. Each process uses different materials and machine technology, which affects the use cases and applications, as well as the economics. I went down a rabbit hole researching the various processes in my hunt to buy the best 3D printer. In this article I will share what I learned about each process, as well as some of the more interesting use cases I found along the way.Commit to Memory,Hardware,The Identity in Everyone's Pocket Phil VachonKeeping users secure through their smartphonesThis article is meant to leave you with ideas about how to bring a hardware-backed and biometrics-based concept of user identity into your ecosystem. The goal is simple: Make it as hard as possible for attackers to steal credentials and use them at their leisure. Let's even make it difficult for users to clone their own credentials to share with other users. In addition to this protection, let's ensure that adding extra factors such as biometric authentication provides a stronger assurance of who the user is. Bringing keys and other secrets closer and closer to something that is physically attached to the user provides a stronger assurance of the identity of the user who just authenticated to the device.Messaging,Privacy and Rights,SecurityKode ViciousRemoving KodeDead functions and dead featuresRemoving dead code from systems is one of KV's favorite koding pastimes because there is nothing quite like that feeling you get when you get rid of something you know wasn't being used. Code removal is like cleaning house, only sometimes you clean house with a flame thrower, which, honestly, is very satisfying. Since you're using a version-control system (you had better be using a VCS!), it's very easy to remove code without worry. If you ever need the code you removed, you can retrieve it from the VCS at will.Development,Kode ViciousSecurity Analysis of SMS as a Second Factor of Authentication Roger Piqueras JoverThe challenges of multifactor authentication based on SMS, including cellular security deficiencies, SS7 exploits, and SIM swappingDespite their popularity and ease of use, SMS-based authentication tokens are arguably one of the least secure forms of two-factor authentication.This does not imply, however, that it is an invalid method for securing an online account.The current security landscape is very different from that of two decades ago.Regardless of the critical nature of an online account or the individual who owns it, using a second form of authentication should always be the default option, regardless of the method chosen.In the wake of a large number of leaks and other intrusions, there are many username and password combinations out there in the wrong hands that make password spraying attacks cheap and easy to accomplish.Messaging,SecurityDrill Bits:Efficient Graph Search Terence KellyStop when done.Welcome to Drill Bits, a new column about programming that aims to augment your toolbox and help you write better software. This pilot episode of Drill Bits borrows from the zeitgeist the principle of eliminating needless work.Graphs provide a versatile, unified abstraction for an exceptionally wide range of practical systems, from electronic circuits to social networks. Graph search is fundamental to analyzing graphs and the real-world systems they represent. Do standard graph-search algorithms leave room for improvement? This column drills down on BFS (breadth-first search), which is useful in its own right and as a building block for more sophisticated analyses.Search,Visualization May/June 2020Commit to Memory:The Life of a Data Byte Jessie FrazelleBe kind and rewind.This article travels in time through various storage media, diving into how data has been stored throughout history. We start off with the state of the art in storage media in 1951 and conclude after looking at the future of storage technology. Storage has changed a lot over time; from paper tape to metal tape, magnetic tape, rope memory, spinning disks, optical disks, flash, and others. Progress has led to faster, smaller, and more performant devices for storing data.Commit to Memory,Computer ArchitectureData and DatabasesScrum Essentials Cards Jeff Sutherland, Ivar Jacobson, and Brian KerrExperiences of Scrum Teams Improving with EssenceThis article presents a series of examples and case studies on how people have used the Scrum Essentials cards to benefit their teams and improve how they work.DevelopmentEverything Sysadmin:Five Nonobvious Remote Work Techniques Thomas A. LimoncelliEmulating the efficiency of in-person conversationsThe physical world has social conventions around conversations and communication that we use without even thinking. As we move to a remote-work world, we have to be more intentional to create such conventions. Developing these social norms is an ongoing commitment that outlasts initial technical details of VPN and desktop videoconference software configuration.Companies that previously forbade remote work can no longer deny its benefits. Once the pandemic-related lockdowns are over, many people will continue working remotely. Those who return to the office will need to work in ways that are compatible with their remotely working associates.Business and Management,Everything SysadminData on the Outside vs. Data on the Inside Pat HellandData kept outside SQL has different characteristics from data kept inside.This article describes the impact of services and trust on the treatment of data. It introduces the notions of inside data as distinct from outside data. The article then examines the notion of reference data and its usage patterns in facilitating the interoperation of services. Finally, JSON and SQL are seen as representations of data, and their strengths are compared and contrasted. It is common practice today to use JSON to represent data on the outside and SQL to store the data on the inside.Data and DatabasesKode ViciousSanity vs. Invisible MarkingsTabs vs. spacesMaking it easy for tools to understand the structure of software is one of the keys to having tools that help programmers prepare proper programs for computers. Since the earliest days of software development, programmers have tried to build tools that show them where there might be issues in the program text. Code editors have added colorization, syntax highlighting, folding, and a host of other features in a desperate, and some might say fruitless, attempt to improve the productivity of programmers.Kode ViciousThe History, Status, and Future of FPGAs Oskar Mencer, et al.Hitting a nerve with field-programmable gate arraysFPGAs (field-programmable gate arrays) have been hitting a nerve in the ASIC community since their inception. In the mid-1980s, Ross Freeman and his colleagues bought the technology from Zilog and started Xilinx, targeting the ASIC emulation and education markets. In parallel, Altera was founded with similar technology at its core. This article is a summary of a three-hour discussion at Stanford University in September 2019 among the authors. It has been written with combined experiences at and with organizations such as Zilog, Altera, Xilinx, Achronix, Intel, IBM, Stanford, MIT, Berkeley, University of Wisconsin, the Technion, Fairchild, Bell Labs, Bigstream, Google, DIGITAL (DEC), SUN, Nokia, SRI, Hitachi, Silicom, Maxeler Technologies, VMware, Xerox PARC, Cisco, and many others.Computer Architecture,Processors March/April 2020Kode ViciousBroken Hearts and Coffee MugsThe ordeal of security reviewsI have to say that I'm not a fan of keeping one's head down, or grinning, or bearing much of anything on someone else's behalf, but you probably knew that before you sent this note. Many practitioners in the security space are neither as organized nor as original in their thinking as KV would like. In fact, this isn't just in the security space, but let me limit my comments, for once, to a single topic. It's a long process littered with broken hearts and coffee mugs, but it can be done if the reviewers are organized and original in their thinking.Kode Vicious,SecurityDebugging Incidents in Google's Distributed Systems Charisma Chan, Beth CooperHow experts debug production issues in complex distributed systemsThis article covers the outcomes of research performed in 2019 on how engineers at Google debug production issues, including the types of tools, high-level strategies, and low-level tasks that engineers use in varying combinations to debug effectively. It examines the research approach used to capture data, summarizing the common engineering journeys for production investigations and sharing examples of how experts debug complex distributed systems. Finally, the article extends the Google specifics of this research to provide some practical strategies that you can apply in your organization.Debugging,Distributed development,Web ServicesCommit to Memory:Power to the People Jessie FrazelleReducing datacenter carbon footprintsBy designing rack-level architectures, huge improvements can be made for power efficiency over conventional servers, since PSUs will be less oversized, more consolidated, and redundant for the rack versus per server. While the hyperscalers have benefited from these gains in power efficiency, most of the industry is still waiting. The Open Compute Project was started as an effort to allow other companies running datacenters to benefit from the power efficiencies as well. If more organizations run rack-scale architectures in their datacenters, the wasted carbon emissions caused by conventional servers can be lessened.Commit to Memory,Power,Dark Patterns: Past, Present, and Future Arvind Narayanan, Arunesh Mathur, Marshini Chetty, Mihir KshirsagarThe evolution of tricky user interfacesDark patterns are an abuse of the tremendous power that designers hold in their hands. As public awareness of dark patterns grows, so does the potential fallout. Journalists and academics have been scrutinizing dark patterns, and the backlash from these exposures can destroy brand reputations and bring companies under the lenses of regulators. Design is power. In the past decade, software engineers have had to confront the fact that the power they hold comes with responsibilities to users and to society. In this decade, it is time for designers to learn this lesson as well.Privacy and Rights,Web ServicesIs Persistent Memory Persistent? Terence KellyA simple and inexpensive test of failure-atomic update mechanismsPower failures pose the most severe threat to application data integrity, and painful experience teaches that the integrity promises of failure-atomic update mechanisms can't be taken at face value. Diligent developers and operators insist on confirming integrity claims by extensive firsthand tests. This article presents a simple and inexpensive testbed capable of subjecting storage devices, system software, and application software to ten thousand sudden whole-system power-interruption tests per week.Failure Testing January/February 2020The Morning Paper:How Do Committees Invent? and Ironies of Automation Adrian ColyerThe formulation of Conway's law and the counterintuitive consequences of increasing levels of automationMy first choice, from 1968, is entitled "How Do Committees Invent?" This is the paper that gave us Conway's law, and while we all know that law today, author Melvin E. Conway provides a lot of great material that led up to the formulation of the law that bears his name.For my second choice we go forward in time to 1983, with Lisanne Bainbridge's "Ironies of Automation." It's a classic treatise on the counterintuitive consequences of increasing levels of automation, and something oh-so-relevant to this forthcoming decade.The Morning PaperKode ViciousKode Vicious Plays in TrafficWith increasing complexity comes increasing risk.The first design principle of any safety-critical system must be simplicity. Systems such as Ethernet are known to be complex, and so it is a poor choice for use in a safety-critical system. But I hear accounting screaming about the cost of extra wiring in the harness of the car's control system. Think how much money we can save if all the signals go over a single pair of wires instead of a harness with 10! Kode ViciousCase StudyTo Catch a Failure: The Record-and-Replay Approach to DebuggingA discussion with Robert O'Callahan, Kyle Huey, Devon O'Dell, and Terry CoattaWhen work began at Mozilla on the record-and-replay debugging tool called rr, the goal was to produce a practical, cost-effective, resource-efficient means for capturing low-frequency nondeterministic test failures in the Firefox browser. Much of the engineering effort that followed was invested in making sure the tool could actually deliver on this promise with a minimum of overhead.Case Studies,Debugging,Escaping the SingularityThe Best Place to Build a Subway Pat HellandBuilding projects despite (and because of) existing complex systemsMany engineering projects are big and complex. They require integrating into the existing environment to tie into stuff that precedes the new, big, complex thing. It is common to bemoan the challenges of dealing with the preexisting stuff. Many times, engineers don't realize that their projects (and their paychecks) exist only because of the preexisting and complex systems that impose constraints on the new work. This column looks at some sophisticated urban redevelopment projects that are very much part of daily life in San Francisco and compares them with the challenges inherent in building software.Systems,Escaping the SingularityDemystifying Stablecoins Jeremy Clark, Didem Demirag, and Seyedehmahsa MoosaviCryptography meets monetary policySelf-sovereign stablecoins are interesting and probably here to stay; however, they face numerous regulatory hurdles from banking, financial tracking, and (likely) securities laws. For stablecoins backed by a governmental currency, the ultimate expression would be a centrally banked digital currency.Networks,SecurityCommit to Memory:Chipping away at Moore's Law Jessie FrazelleModern CPUs are just chiplets connected together.Smaller transistors can do more calculations without overheating, which makes them more power efficient. It also allows for smaller die sizes, which reduce costs and can increase density, allowing more cores per chip. The silicon wafers that chips are made of vary in purity, and none are perfect, which means every chip has a chance of having imperfections that differ in effect. Manufacturers can limit the effect of imperfections by using chiplets.Commit to Memory,Computer architecture,Processors,Everything Sysadmin:Communicate Using the Numbers 1, 2, 3, and More Thomas A. LimoncelliLeveraging expectations for better communicationThe human brain reacts differently to lists of different lengths. When you align what you say with what the human brain expects, you communicate more effectively. In this column I'll explain how to leverage the way the brain reacts to various quantities to make your speaking and writing more effective.People often use lists of various sizes when communicating. I might have 2 reasons for supporting the new company strategy. I might tell you my 3 favorite programming languages. I might make a presentation that describes 4 new features. There is 1 vegetable that I like more than any other.The length of the list affects how the audience interprets what is being said. Not aligning with what the human brain expects is like swimming upstream. Given the choice, why would anyone do that?Business and Management,Everything Sysadmin November/December 2019Special issue on the critical role of human perception in softwareThe Morning Paper:The Way We Think About Data Adrian ColyerHuman inspection of black-box ML models; reclaiming ownership of dataIn "Stop Explaining Black-box Machine-learning Models for High-stakes Decisions and Use Interpretable Models Instead," Cynthia Rudin makes the case for models that can be inspected and interpreted by human experts. And in "Local-first Software: You Own Your Data, in Spite of the Cloud," Martin Kleppmann describes how to retain sovereignty over your data.Data and Databases,The Morning PaperKode ViciousMaster of TicketsValuing the quality, not the quantity, of workMany silly metrics have been created to measure work, including the rate at which tickets are closed, the number of lines of code a programmer writes in a day, and the number of words an author can compose in an hour. All of these measures have one thing in common: They fail to take into account the quality of the output. If Alice writes 1,000 lines of impossible-to-read, buggy code in a day and Carol writes 100 lines of well-crafted, easy-to-use code in the same time, then who should be rewarded?Kode ViciousCommit to Memory:Securing the Boot Process Jessie FrazelleThe hardware root of trustThe goal of a hardware root of trust is to verify that the software installed in every component of the hardware is the software that was intended.This way you can verify and know without a doubt whether a machine's hardware or software has been hacked or overwritten by an adversary.This is an introduction to a complicated topic, but the intention is to provide a full picture of the world of secure booting mechanisms.Commit to Memory,Computer architecture,Processors,System evolutionRevealing the Critical Role of Human Performance in Software David D. Woods, John AllspawIt's time to revise our appreciation of the human side of Internet-facing software systems.Understanding, supporting, and sustaining the capabilities above the line of representation require all stakeholders to be able to continuously update and revise their models of how the system is messy and yet usually manages to work. This kind of openness to continually reexamine how the system really works requires expanding the efforts to learn from incidents.DevelopmentAbove the Line, Below the Line Richard I. Cook, M.D.The resilience of Internet-facing systems relies on what is below the line of representation.Knowledge and understanding of below-the-line structure and function are continuously in flux. Near-constant effort is required to calibrate and refresh the understanding of the workings, dependencies, limitations, and capabilities of what is present there. In this dynamic situation no individual or group can ever know the system state. Instead, individuals and groups must be content with partial, fragmented mental models that require more or less constant updating and adjustment if they are to be useful.Development,Web ServicesCognitive Work of Hypothesis Exploration During Anomaly Response Marisa R. GraysonA look at how we respond to the unexpectedFour incidents from web-based software companies reveal important aspects of anomaly response processes when incidents arise in web operations, two of which are discussed in this article. One particular cognitive function examined in detail is hypothesis generation and exploration, given the impact of obscure automation on engineers' development of coherent models of the systems they manage. Each case was analyzed using the techniques and concepts of cognitive systems engineering. The set of cases provides a window into the cognitive work "above the line" in incident management of complex web-operation systems.DevelopmentManaging the Hidden Costs of Coordination Laura M.D. MaguireControlling coordination costs when multiple, distributed perspectives are essentialSome initial considerations to control cognitive costs for incident responders include: (1) assessing coordination strategies relative to the cognitive demands of the incident; (2) recognizing when adaptations represent a tension between multiple competing demands (coordination and cognitive work) and seeking to understand them better rather than unilaterally eliminating them; (3) widening the lens to study the joint cognition system (integration of human-machine capabilities) as the unit of analysis; and (4) viewing joint activity as an opportunity for enabling reciprocity across inter- and intra-organizational boundaries.Debugging,DevelopmentBeyond the Fix-it Treadmill J. Paul ReedThe Use of Post-Incident Artifacts in High-Performing OrganizationsGiven that humanity's study of the sociological factors in safety is almost a century old, the technology industry's post-incident analysis practices and how we create and use the artifacts those practices produce are all still in their infancy. So don't be surprised that many of these practices are so similar, that the cognitive and social models used to parse apart and understand incidents and outages are few and cemented in the operational ethos, and that the byproducts sought from post-incident analyses are far-and-away focused on remediation items and prevention.Development,Quality Assurance Older Issues

TAGS:Site ACMQ Queue 

<<< Thank you for your visit >>>

Hot Websites