Keeping master green at scale

Keeping master green at scale Ananthanarayanan et al., EuroSys'19 This paper provides a fascinating look at a key part of Uber’s software delivery machine. With a monorepo, and many thousands of engineers concurrently committing changes, keeping the build green, and keeping commit-to-live latencies low, is a major challenge. This paper introduces a change management system … Continue reading Keeping master green at scale

Teaching rigorous distributed systems with efficient model checking

Teaching rigorous distributed systems with efficient model checking Michael et al., EuroSys'19 On the surface you might think today’s paper selection an odd pick. It describes the labs environment, DSLabs, developed at the University of Washington to accompany a course in distributed systems. During the ten week course, students implement four different assignments: an exactly-once … Continue reading Teaching rigorous distributed systems with efficient model checking

Time protection: the missing OS abstraction

Time protection: the missing OS abstraction Ge et al., EuroSys'19 Ever since the prominent emergence of timing-based microarchitectural attacks (e.g. Spectre, Meltdown, and friends) I’ve been wondering what we can do about them. When a side-channel is based on observing improved performance, a solution that removes the improved performance can work, but is clearly undesirable. … Continue reading Time protection: the missing OS abstraction

Master of web puppets: abusing web browsers for persistent and stealthy computation

Master of web puppets: abusing web browsers for persistent and stealthy computation Papadopoulus et al., NDSS'19 UPDATE 2019-04-14: An author update has been published for this paper which details that with current browser versions, ServiceWorkers can only stay alive for about a minute after the user navigates away from the site. This mitigates the main … Continue reading Master of web puppets: abusing web browsers for persistent and stealthy computation

Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild

Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild Steffens et al., NDSS'19 Does your web application make use of local storage? If so, then like many developers you may well be making the assumption that when you read from local storage, it will only contain the data that … Continue reading Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild

How bad can it git? Characterizing secret leakage in public GitHub repositories

How bad can it git? Characterizing secret leakage in public GitHub repositories Meli et al., NDSS'19 On the one hand you might say there’s no new news here. We know that developers shouldn’t commit secrets, and we know that secrets leaked to GitHub can be discovered and exploited very quickly. On the other hand, this … Continue reading How bad can it git? Characterizing secret leakage in public GitHub repositories