With Great Humor Comes Great Developer Engagement

The worldwide collaborative effort for the creation of software is technically and socially demanding. The more engaged developers are, the more value they impart to the software they create. Engaged developers, such as Margaret Hamilton programming Apollo 11, can succeed in tackling the most difficult engineering tasks. In this paper, we dive deep into an original vector of engagement - humor - and study how it fuels developer engagement. First, we collect qualitative and quantitative data about the humorous elements present within three significant, real-world software projects: faker, which helps developers introduce humor within their tests; lolcommits, which captures a photograph after each contribution made by a developer; and volkswagen, an exercise in satire, which accidentally led to the invention of an impactful software tool. Second, through a developer survey, we receive unique insights from 125 developers, who share their real-life experiences with humor in software. Our analysis of the three case studies highlights the prevalence of humor in software, and unveils the worldwide community of developers who are enthusiastic about both software and humor. We also learn about the caveats of humor in software through the valuable insights shared by our survey respondents. We report clear evidence that, when practiced responsibly, humor increases developer engagement and supports them in addressing hard engineering and cognitive tasks. The most actionable highlight of our work is that software tests and documentation are the best locations in code to practice humor

WebAssembly Diversification for Malware Evasion

WebAssembly has become a crucial part of the modern web, offering a faster alternative to JavaScript in browsers. While boosting rich applications in browser, this technology is also very efficient to develop cryptojacking malware. This has triggered the development of several methods to detect cryptojacking malware. However, these defenses have not considered the possibility of attackers using evasion techniques. This paper explores how automatic binary diversification can support the evasion of WebAssembly cryptojacking detectors. We experiment with a dataset of 33 WebAssembly cryptojacking binaries and evaluate our evasion technique against two malware detectors: VirusTotal, a general-purpose detector, and MINOS, a WebAssembly-specific detector. Our results demonstrate that our technique can automatically generate variants of WebAssembly cryptojacking that evade the detectors in 90% of cases for VirusTotal and 100% for MINOS. Our results emphasize the importance of meta-antiviruses and diverse detection techniques, and provide new insights into which WebAssembly code transformations are best suited for malware evasion. We also show that the variants introduce limited performance overhead, making binary diversification an effective technique for evasion

Automatic Specialization of Third-Party Java Dependencies

Modern software systems rely on a multitude of third-party dependencies. This large-scale code reuse reduces development costs and time, and it poses new challenges with respect to maintenance and security. Techniques such as tree shaking or shading can remove dependencies that are completely unused by a project, which partly address these challenges. Yet, the remaining dependencies are likely to be used only partially, leaving room for further reduction of third-party code. In this paper, we propose a novel technique to specialize dependencies of Java projects, based on their actual usage. For each dependency, we systematically identify the subset of its functionalities that is necessary to build the project, and remove the rest. Each specialized dependency is repackaged. Then, we generate specialized dependency trees where the original dependencies are replaced by the specialized versions and we rebuild the project. We implement our technique in a tool called DepTrim, which we evaluate with 30 notable open-source Java projects. DepTrim specializes a total of 343 (86.6%) dependencies across these projects, and successfully rebuilds each project with a specialized dependency tree. Moreover, through this specialization, DepTrim removes a total of 60,962 (47.0%) classes from the dependencies, reducing the ratio of dependency classes to project classes from 8.7x in the original projects to 4.4x after specialization. These results indicate the relevance of dependency specialization to significantly reduce the share of third-party code in Java projects.Comment: 17 pages, 2 figures, 4 tables, 1 algorithm, 2 code listings, 3 equation

Long Live Software Easter Eggs!

It's a period of unrest. Rebel developers, striking from continuous deployment servers, have won their first victory. During the battle, rebel spies managed to push an epic commit in the HTML code of https://pro.sony. Pursued by sinister agents, the rebels are hiding in commits, buttons, tooltips, API, HTTP headers, and configuration screens.</jats:p

Long Live Software Easter Eggs!

It's a period of unrest. Rebel developers, striking from continuous deployment servers, have won their first victory. During the battle, rebel spies managed to push an epic commit in the HTML code of https://pro.sony. Pursued by sinister agents, the rebels are hiding in commits, buttons, tooltips, API, HTTP headers, and configuration screens. </p

WebAssembly diversification for malware evasion

WebAssembly has become a crucial part of the modern web, offering a faster alternative to JavaScript in browsers. While boosting rich applications in browser, this technology is also very efficient to develop cryptojacking malware. This has triggered the development of several methods to detect cryptojacking malware. However, these defenses have not considered the possibility of attackers using evasion techniques. This paper explores how automatic binary diversification can support the evasion of WebAssembly cryptojacking detectors. We experiment with a dataset of 33 WebAssembly cryptojacking binaries and evaluate our evasion technique against two malware detectors: VirusTotal, a general-purpose detector, and MINOS, a WebAssembly-specific detector. Our results demonstrate that our technique can automatically generate variants of WebAssembly cryptojacking that evade the detectors in 90% of cases for VirusTotal and 100% for MINOS. Our results emphasize the importance of meta-antiviruses and diverse detection techniques and provide new insights into which WebAssembly code transformations are best suited for malware evasion. We also show that the variants introduce limited performance overhead, making binary diversification an effective technique for evasion.</p

Automatic Specialization of Third-Party Java Dependencies

Modern software systems rely on a multitude of third-party dependencies. This large-scale code reuse reduces developmentcosts and time, and it poses new challenges with respect to maintenance and security. Techniques such as tree shaking or shading canremove dependencies that are completely unused by a project, which partly address these challenges. Yet, the remaining dependenciesare likely to be used only partially, leaving room for further reduction of third-party code. In this paper, we propose a novel technique tospecialize dependencies of Java projects, based on their actual usage. For each dependency, we systematically identify the subset of itsfunctionalities that is necessary to build the project, and remove the rest. Each specialized dependency is repackaged. Then, wegenerate specialized dependency trees where the original dependencies are replaced by the specialized versions and we rebuild theproject. We implement our technique in a tool called DepTrim, which we evaluate with 30 notable open-source Java projects. DepTrim specializes a total of 343 (86.6%) dependencies across these projects, and successfully rebuilds each project with a specializeddependency tree. Moreover, through this specialization, DepTrim removes a total of 60,962 (47.0%) classes from the dependencies,reducing the ratio of dependency classes to project classes from 8.7× in the original projects to 4.4 × after specialization. Theseresults indicate the relevance of dependency specialization to significantly reduce the share of third-party code in Java projects.QC 20230511</p

Automatic Specialization of Third-Party Java Dependencies

Large-scale code reuse significantly reduces both development costs and time. However, the massive share of third-party code in software projects poses new challenges, especially in terms of maintenance and security. In this paper, we propose a novel technique to specialize dependencies of Java projects, based on their actual usage. Given a project and its dependencies, we systematically identify the subset of each dependency that is necessary to build the project, and we remove the rest. As a result of this process, we package each specialized dependency in a JAR file. Then, we generate specialized dependency trees where the original dependencies are replaced by the specialized versions. This allows building the project with significantly less third-party code than the original. As a result, the specialized dependencies become a first-class concept in the software supply chain, rather than a transient artifact in an optimizing compiler toolchain. We implement our technique in a tool called DepTrim, which we evaluate with 30 notable open-source Java projects. DepTrim specializes a total of 343 (86.6%) dependencies across these projects, and successfully rebuilds each project with a specialized dependency tree. Moreover, through this specialization, DepTrim removes a total of 57,444 (42.2%) classes from the dependencies, reducing the ratio of dependency classes to project classes from 8.7×× in the original projects to 5.0×× after specialization. These novel results indicate that dependency specialization significantly reduces the share of third-party code in Java projects.</p

Automatic Specialization of Third-Party Java Dependencies

Modern software systems rely on a multitude of third-party dependencies. This large-scale code reuse reduces developmentcosts and time, and it poses new challenges with respect to maintenance and security. Techniques such as tree shaking or shading canremove dependencies that are completely unused by a project, which partly address these challenges. Yet, the remaining dependenciesare likely to be used only partially, leaving room for further reduction of third-party code. In this paper, we propose a novel technique tospecialize dependencies of Java projects, based on their actual usage. For each dependency, we systematically identify the subset of itsfunctionalities that is necessary to build the project, and remove the rest. Each specialized dependency is repackaged. Then, wegenerate specialized dependency trees where the original dependencies are replaced by the specialized versions and we rebuild theproject. We implement our technique in a tool called DepTrim, which we evaluate with 30 notable open-source Java projects. DepTrim specializes a total of 343 (86.6%) dependencies across these projects, and successfully rebuilds each project with a specializeddependency tree. Moreover, through this specialization, DepTrim removes a total of 60,962 (47.0%) classes from the dependencies,reducing the ratio of dependency classes to project classes from 8.7× in the original projects to 4.4 × after specialization. Theseresults indicate the relevance of dependency specialization to significantly reduce the share of third-party code in Java projects.QC 20230511</p

Automatic Specialization of Third-Party Java Dependencies [Elektronisk resurs]

Modern software systems rely on a multitude of third-party dependencies. This large-scale code reuse reduces developmentcosts and time, and it poses new challenges with respect to maintenance and security. Techniques such as tree shaking or shading canremove dependencies that are completely unused by a project, which partly address these challenges. Yet, the remaining dependenciesare likely to be used only partially, leaving room for further reduction of third-party code. In this paper, we propose a novel technique tospecialize dependencies of Java projects, based on their actual usage. For each dependency, we systematically identify the subset of itsfunctionalities that is necessary to build the project, and remove the rest. Each specialized dependency is repackaged. Then, wegenerate specialized dependency trees where the original dependencies are replaced by the specialized versions and we rebuild theproject. We implement our technique in a tool called DepTrim, which we evaluate with 30 notable open-source Java projects. DepTrim specializes a total of 343 (86.6%) dependencies across these projects, and successfully rebuilds each project with a specializeddependency tree. Moreover, through this specialization, DepTrim removes a total of 60,962 (47.0%) classes from the dependencies,reducing the ratio of dependency classes to project classes from 8.7× in the original projects to 4.4 × after specialization. Theseresults indicate the relevance of dependency specialization to significantly reduce the share of third-party code in Java projects.</p