Package Hallucinations: How LLMs Can Invent Vulnerabilities
Package hallucinations are an AI-enabled threat to users and the software supply chain. Our research reveals this phenomenon is a systemic and persistent issue across all models.
Authors: Joseph Spracklen, Raveen Wijewickrama, A.H.M. Nazmus Sakib, Anindya Maiti, Bimal Viswanath, Murtuza Jadliwala
Article shepherded by: Rik Farrow
Asterinas: A Rust-Based Framekernel to Reimagine Linux in the 2020s
Asterinas reimagines Linux in safe Rust with a novel “framekernel” architecture—combining microkernel security with monolithic performance.
Authors: Hongliang Tian, Yuke Peng, Yingwei Luo, Shoumeng Yan, Yinqian Zhang
Article shepherded by: Rik Farrow
Memory Safety is Merely Table Stakes
Rust makes new systems programs safer, but developers still need to use existing libraries. Omniglot ensures both type and memory safety when working with untrusted foreign code.
Authors: Leon Schuermann, Jack Toubes, Tyler Potyondy, Pat Pannuto, Mae Milano, Amit Levy
Article shepherded by: Rik Farrow
Interview with Ben Pfaff
In 2015, Ben Pfaff et al won a Best Paper award for The Design and Implementation of Open vSwitch. In 2025, they received the NSDI Test-of-Time award.
Authors: Ben Pfaff, Rik Farrow
Article shepherded by: Rik Farrow
The Democratization of AI Image Generation
The democratization of AI image generation has enabled a new era of deception. Learn to spot fakes and protect yourself online.
Authors: Sanjnah Ananda Kumar
Article shepherded by: Rik Farrow
Production Readiness Reviews: A Surprisingly Versatile Practice
Pedro Alves describes his experiences running PRRs: they not only improve service reliability but also serve as a valuable feedback loop in an infrastructure organisation.
Authors: Pedro Alves
Article shepherded by: Laura Nolan
Running Disaster Recovery Plan Tabletop Exercises
Josh Simon describes how to run a 'terrifying' Disaster Recovery Planning tabletop exercise.
Authors: Joshua Simon
Article shepherded by: Laura Nolan
A Developer-friendly approach to Application-integrated Far memory
Far memory is a promising idea to address memory stranding; we present Eden, our far memory system that better navigates the trade-off between performance and programmer effort.
Authors: Anil Yelam, Stewart Grant, Nadav Amit, Radhika Niranjan Mysore, Amy Ousterhout, Marcos K. Aguilera, Alex C. Snoeren
Article shepherded by: Rik Farrow
Codon: Python Compiler Update
Codon now includes NumPy, is more accepting of existing Python scripts, and Exaloop has changed their license to a more open one.
Authors: Rik Farrow
Article shepherded by: Rik Farrow
License to Observe: Why Observability Solutions Need Agents
A deep-dive on the tradeoffs involved in getting telemetry from your services into your observability system
Authors: Dominik Suess
Article shepherded by: Laura Nolan
NVLog: an Elegant Approach to Integrate NVM
Researchers have been attempting to redesign various system infrastructures for NVM, but is redesigning everything really the only solution? NVLog offers a different perspective...
Authors: Guoyu Wang, Juncheng Hu
Article shepherded by: Rik Farrow
Quantum Computing Notes: Why Is It Always Ten Years Away?
Written for software engineers, an overview of the advantages, challenges, and limitations of Quantum Computing. Is the technology ready to become a disruptive force?
Authors: Konstantin V. Shvachko
Article shepherded by: Rik Farrow
The Evolution of SRE at Google
In response to the vast increase in scale of their systems, Google SREs have been using the STAMP (System-Theoretic Accident Model and Processes) framework for finding problems.
Authors: Tim Falzone, Ben Treynor Sloss
Article shepherded by: Rik Farrow
Enabling Reproducibility through the SPHERE Research Infrastructure
SPHERE transforms cybersecurity and privacy research by enabling reproducible, sophisticated experiments, fostering peer review, and accelerating scientific progress
Authors: Jelena Mirkovic, Brian Kocoloski, David Balenson
Article shepherded by: Rik Farrow
Synthetic Monitoring & End-to-End Testing: Two Sides of the Same Coin
Monitoring-as-code can help to support better communication and collaboration between development, operations, and testing, as well as reduce cost and complexity.
Authors: Carly Richmond
Article shepherded by: Laura Nolan
Sieve: Chaos Testing for Kubernetes Controllers
Ensuring Kubernetes controller correctness and reliability is challenging, and chaos testing can uncover many severe bugs.
Authors: Xudong Sun, Wenqing Luo, Jiawei Tyler Gu, Aishwarya Ganesan, Ramnatthan Alagappan, Michael Gasch, Lalith Suresh, Tianyin Xu
Article shepherded by: Laura Nolan
Gear Shift Hacks: Uncovering the Security Risks of Wireless Technology in Professional Cycling
In the midst of the Tour de France, the race leader faces unexpected gear malfunctions while climbing L’Alpe D’Huez. Is it a mere technical glitch or a sign of high-tech foul play?
Authors: Maryam Motallebighomi, Earlence Fernandes, Aanjhan Ranganathan
Article shepherded by: Rik Farrow
Exploiting Smartphones
Some history of exploiting smartphones, starting with the iPhone, and a description of a paper about Android and Linux kernel defenses and where they are lacking.
Authors: Rik Farrow
Article shepherded by: Rik Farrow
