Principles of Antifragile Software

The goal of this paper is to study and define the concept of "antifragile software". For this, I start from Taleb's statement that antifragile systems love errors, and discuss whether traditional software dependability fits into this class. The answer is somewhat negative, although adaptive fault tolerance is antifragile: the system learns something when an error happens, and always imrpoves. Automatic runtime bug fixing is changing the code in response to errors, fault injection in production means injecting errors in business critical software. I claim that both correspond to antifragility. Finally, I hypothesize that antifragile development processes are better at producing antifragile software systems.Comment: see https://refuses.github.io

A Critical Review of "Automatic Patch Generation Learned from Human-Written Patches": Essay on the Problem Statement and the Evaluation of Automatic Software Repair

At ICSE'2013, there was the first session ever dedicated to automatic program repair. In this session, Kim et al. presented PAR, a novel template-based approach for fixing Java bugs. We strongly disagree with key points of this paper. Our critical review has two goals. First, we aim at explaining why we disagree with Kim and colleagues and why the reasons behind this disagreement are important for research on automatic software repair in general. Second, we aim at contributing to the field with a clarification of the essential ideas behind automatic software repair. In particular we discuss the main evaluation criteria of automatic software repair: understandability, correctness and completeness. We show that depending on how one sets up the repair scenario, the evaluation goals may be contradictory. Eventually, we discuss the nature of fix acceptability and its relation to the notion of software correctness.Comment: ICSE 2014, India (2014

Sensory and cognitive mechanisms of change detection in the context of speech

The aim of this study was to dissociate the contributions of memory-based (cognitive) and adaptation-based (sensory) mechanisms underlying deviance detection in the context of natural speech. Twenty healthy right-handed native speakers of English participated in an event-related design scan in which natural speech stimuli, /de:/ (“deh”) and /deI/ (“day”); (/te:/ (“teh”) and /teI/ (“tay”) served as standards and deviants within functional magnetic resonance imaging event-related “oddball” paradigm designed to elicit the mismatch negativity component. Thus, “oddball” blocks could involve either a word deviant (“day”) resulting in a “word advantage” effect, or a non-word deviant (“deh” or “tay”). We utilized an experimental protocol controlling for refractoriness similar to that used previously when deviance detection was studied in the context of tones. Results showed that the cognitive and sensory mechanisms of deviance detection were located in the anterior and posterior auditory cortices, respectively, as was previously found in the context of tones. The cognitive effect, that was most robust for the word deviant, diminished in the “oddball” condition. In addition, the results indicated that the lexical status of the speech stimulus interacts with acoustic factors exerting a top-down modulation of the extent to which novel sounds gain access to the subject’s awareness through memory-based processes. Thus, the more salient the deviant stimulus is the more likely it is to be released from the effects of adaptation exerted by the posterior auditory cortex

Vowel reduction in word-final position by early and late Spanish-English bilinguals

Vowel reduction is a prominent feature of American English, as well as other stress-timed languages. As a phonological process, vowel reduction neutralizes multiple vowel quality contrasts in unstressed syllables. For bilinguals whose native language is not characterized by large spectral and durational differences between tonic and atonic vowels, systematically reducing unstressed vowels to the central vowel space can be problematic. Failure to maintain this pattern of stressed-unstressed syllables in American English is one key element that contributes to a ?foreign accent? in second language speakers. Reduced vowels, or ?schwas,? have also been identified as particularly vulnerable to the co-articulatory effects of adjacent consonants. The current study examined the effects of adjacent sounds on the spectral and temporal qualities of schwa in word-final position. Three groups of English-speaking adults were tested: Miami-based monolingual English speakers, early Spanish-English bilinguals, and late Spanish-English bilinguals. Subjects performed a reading task to examine their schwa productions in fluent speech when schwas were preceded by consonants from various points of articulation. Results indicated that monolingual English and late Spanish-English bilingual groups produced targeted vowel qualities for schwa, whereas early Spanish-English bilinguals lacked homogeneity in their vowel productions. This extends prior claims that schwa is targetless for F2 position for native speakers to highly-proficient bilingual speakers. Though spectral qualities lacked homogeneity for early Spanish-English bilinguals, early bilinguals produced schwas with near native-like vowel duration. In contrast, late bilinguals produced schwas with significantly longer durations than English monolinguals or early Spanish-English bilinguals. Our results suggest that the temporal properties of a language are better integrated into second language phonologies than spectral qualities. Finally, we examined the role of nonstructural variables (e.g. linguistic history measures) in predicting native-like vowel duration. These factors included: Age of L2 learning, amount of L1 use, and self-reported bilingual dominance. Our results suggested that different sociolinguistic factors predicted native-like reduced vowel duration than predicted native-like vowel qualities across multiple phonetic environments

Eudaemon: Involuntary and On-Demand Emulation Against Zero-Day Exploits

Eudaemon is a technique that aims to blur the borders between protected and unprotected applications, and brings together honeypot technology and end-user intrusion detection and prevention. Eudaemon is able to attach to any running process, and redirect execution to a user-space emulator that will dynamically instrument the binary by means of taint analysis. Any attempts to subvert control flow, or to inject malicious code will be detected and averted. When desired Eudaemon can reattach itself to the emulated process, and return execution to the native binary. Selective emulation has been investigated before as a mean to heal an attacked program or to generate a vaccine after an attack is detected, by applying intensive instrumentation to the vulnerable region of the program. Eudaemon can move an application between protected and native mode at will, e.g., when spare cycles are available, when a system policy ordains it, or when it is explicitly requested. The transition is performed transparently and in very little time, thus incurring minimal disturbance to an actively used system. Systems offering constant protection against similar attacks have also been proposed, but require access to source code or explicit operating system support, and often induce significant performance penalties. We believe that Eudaemon offers a flexible mechanism to detect a series of attacks in end-user systems with acceptable overhead. Moreover, we require no modification to the running system and/or installation of a hypervisor, with an eye on putting taint analysis within reach of the average user

Social Network Users ’ Religiosity and the Design of Post Mortem Aspects

Abstract. Social networks increase the challenges of designing real-world aspects whose computational abstraction is not simple. This includes death and digital legacy, strongly influenced by cultural phenomena, such as religion. Therefore, it is important to analyze youngsters ‟ concepts of death in the web, as the Internet Generation outnumbers other groups of social network users. Besides, due to their age, many of them face other people´s death for the first time on the web. This paper analyzes to what extent these users ‟ religion and the belief in afterlife may signal guidelines for a social network project that considers volition towards digital legacy. The data herein analyzed qualitatively and quantitatively come from a survey-based research with Brazilian high school students. The contributions for Human-Computer Interaction (HCI) studies comprise design solutions that may consider aspects of religion, death and digital legacy, also improving users ‟ and designers ‟ understanding on these issues in system design

Flexible access control for JavaScript

International audienceProviding security guarantees for systems built out of untrusted components requires the ability to define and enforce access control policies over untrusted code. In Web 2.0 applications, JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We present a security infrastructure which allows users and content providers to specify access control policies over subsets of a JavaScript program by leveraging the concept of delimited histories with revocation. We implement our proposal in WebKit and evaluate it with three policies on 50 widely used websites with no changes to their JavaScript code and report performance overheads and violations