Search for: All records

Kubernetes is a popular open source software (OSS) tool to manage containers at scale. Despite being beneficial for rapid deployment, Kubernetes-based software deployments are susceptible to defects that can lead to serious consequences. A systematic analysis of development-related factors that cause defects can aid practitioners on how to mitigate these defects. We conduct an exploratory empirical study where we use causal analysis to quantify the impact of one development factor called minor contributors, which refers to practitioners who author < 5% of the total code. By analyzing 29,028 commits from 157 OSS repositories, we observe (i) 5.6% of the 29,028 commits to be authored by minor contributors; and (ii) authorship of minor contributors to impact defects in configuration scripts. Based on our findings, we recommend researchers to (1) further investigate the characteristics of minor contributors; and (2) identify other development-related factors that may have a causal impact on defects in Kubernetes configuration scripts. 

Abstract Parent–child communication is an essential part of developing and sustaining career interests. Parents’ involvement in the process of career interest development and persistence of women in STEM is critical to understand to marshal support for women entering high-barrier fields. This manuscript answers 3 questions about how parents are involved in the processes of career interest development and persistence: What do parents do? What do parents say? And what should parents say? Models of interest development, studies of parental vocational anticipatory socialization, and communication theories such as the support framework and confirmation theory answer these questions. We propose paths for future research that use communication theory to predict effective parental communication while embracing an intersectional lens and considering support gaps. 

Machine learning (ML) deployment projects are used by practitioners to automatically deploy ML models. While ML deployment projects aid practitioners, security vulnerabilities in these projects can make ML deployment infrastructure susceptible to security attacks. A systematic characterization of vulnerabilities can aid in identifying activities to secure ML deployment projects used by practitioners. We conduct an empirical study with 149 vulnerabilities mined from 12 open source ML deployment projects to characterize vulnerabilities in ML deployment projects. From our empirical study, we (i) find 68 of the 149 vulnerabilities are critically or highly severe; (ii) derive 10 consequences of vulnerabilities, e.g., unauthorized access to trigger ML deployments; and (iii) observe established quality assurance activities, such as code review to be used in the ML deployment projects. We conclude our paper by providing a set of recommendations for practitioners and researchers. Dataset used for our paper is available online. 

Abstract ContextPractitioners prefer to achieve performance without sacrificing productivity when developing scientific software. The Julia programming language is designed to develop performant computer programs without sacrificing productivity by providing a syntax that is scripting in nature. According to the Julia programming language website, the common projects are data science, machine learning, scientific domains, and parallel computing. While Julia has yielded benefits with respect to productivity, programs written in Julia can include security weaknesses, which can hamper the security of Julia-based scientific software. A systematic derivation of security weaknesses can facilitate secure development of Julia programs—an area that remains under-explored. ObjectiveThe goal of this paper is to help practitioners securely develop Julia programs by conducting an empirical study of security weaknesses found in Julia programs. MethodWe apply qualitative analysis on 4,592 Julia programs used in 126 open-source Julia projects to identify security weakness categories. Next, we construct a static analysis tool calledJuliaStaticAnalysisTool (JSAT) that automatically identifies security weaknesses in Julia programs. We apply JSAT to automatically identify security weaknesses in 558 open-source Julia projects consisting of 25,008 Julia programs. ResultsWe identify 7 security weakness categories, which include the usage of hard-coded password and unsafe invocation. From our empirical study we identify 23,839 security weaknesses. On average, we observe 24.9% Julia source code files to include at least one of the 7 security weakness categories. ConclusionBased on our research findings, we recommend rigorous inspection efforts during code reviews. We also recommend further development and application of security static analysis tools so that security weaknesses in Julia programs can be detected before execution. 

ABSTRACT: Isoprene, the most abundant nonmethane volatile organic compound in the atmosphere, undergoes photochemical reactions with hydroxyl radical (•OH), a major sink for isoprene, leading to the formation of secondary organic aerosol (SOA). Using a Vocus Chemical Ionization Mass Spectrometer with ammonium-adduct ions (Vocus NH4+ CIMS), this study used the positive ion mode to quantify the yields and time-dependent reactiveuptake of oxidized volatile organic compounds (OVOCs) produced from •OH-initiated oxidation of isoprene under dry conditions. Molar gas-phase yields of key oxidation products were constrained using sensitivities derived from a voltage scan of the front and back end of the Vocus ion−molecule reactor region. Carefully designed chamber experiments measured uptake coefficients (γ) for key isoprene-derived oxidation products onto acidic sulfate particles. The γ values for both C5H10O3 isomers (IEPOX/ISOPOOH) and C5H8O4, another epoxy species from isoprene photo-oxidation, rapidly decreased as the SOA coating thickness increased, demonstrating a self-limiting effect. Despite ISOPOOH/IEPOX contributing around 80% to total reactive uptake, other oxidation products from isoprene photooxidation were estimated to contribute 20% of the total SOA formation. These findings highlight the importance for future models to consider the self-limiting effects of ISOPOOH/IEPOX and SOA formation through non-IEPOX pathways. 

Abstract Challenging goals can induce harder work but also greater stress, in turn potentially undermining goal achievement. We sought to examine how mental effort and subjective experiences thereof interact as a function of the challenge level and the size of the incentives at stake. Participants performed a task that rewarded individual units of effort investment (correctly performed Stroop trials) but only if they met a threshold number of correct trials within a fixed time interval (challenge level). We varied this challenge level (Study 1, n = 40) and the rewards at stake (Study 2, n = 79) and measured variability in task performance and self-reported affect across task intervals. Greater challenge and higher rewards facilitated greater effort investment but also induced greater stress, whereas higher rewards (and lower challenge) simultaneously induced greater positive affect. Within intervals, we observed an initial speed up then slowdown in performance, which could reflect dynamic reconfiguration of control. Collectively, these findings further our understanding of the influence of task demands and incentives on mental effort exertion and well-being.