My outrage at their outage

You are reading the maiden issue of the Software Engineering newsletter. In this issue: CloudFlare outage and the lesson that should have been drawn; vibe coding requires formal verification; the interplay between AI and software engineering; the scourge of predatory publishing; and pointers to good SE papers (for next time).

CloudFlare outage: the lesson that will not be drawn

I might sound like a broken record, but the CloudFlare outage is one more example of the consequences of the software industry making the wrong technical choices. Where were the contracts? Rust, by all accounts the language of the code at the source of the problem, is one of the fashionable choices at the moment but does nothing to provide what serioius software engineering demands.

In simple terms, an invariant was violated: a change to database permissions resulted in a “feature file” growing out of proportions. In Eiffel, you express the consistency constraints as invariants, you monitor them, and catch violations. Simple as that.

Just in case you did not know, you can find everything you will ever need to know about invariants, Design by Contract and Eiffel at eiffel.com.

Vibe coding: from fun experiments to quality software

Using AI tools to program provides a great sense of elation — at first. Then reality hits: the result can be brilliant; or it can be pathetic. Hallucinations are an ever-present threat.

A Viewpoint article entitled AI for Software Engineering: from Probable to Provable, to be published in Communications of the ACM, argues that the only viable solution lies in combining the creativity of generative AI with the rigor of formal verification, as illustrated by the “marriage” figure which introduces the article (the CACM editors might want to redo it). Here is a link to the preprint.

The Interplay between Artificial Intelligence and Software Verification

If you like the idea that the path to a marriage between AI and SE goes through verification, you may consider attending the VERIFAI workshop on “the interplay between Artificial Intelligence and Software Verification” near Toulouse on March 8 to 11 of the coming year. The event is focused on discussion; you can participate on the basis of a full paper but also contribute just an extended abstract of 2 to 5 pages. The deadline is approaching: 20 December.

The workshop page is here. Post-workshop proceedings will be published as a volume of Springer Lecture Notes in Computer Science.

Predatory publishing: the real problem

As soon as your email has been listed on an academic paper anywhere, you start receiving offers from various outlets to publish your next work, with all but guaranteed acceptance but at a cost of typically around a thousand dollars. The phenomenon borders on fraud; actually it often crosses the border. I receive several such emails each week, often several in a day. Here is one of the latest: 

Publication in 48 hours. Sounds good. With an in-depth peer-review process of course.

I checked the journal site. It has the audacity to use the Elsevier logo! Of course it is not an Elsevier journal (I checked in their official list). I know, not likes Elsevier in the academic community, but it's not a reason for passing yourself off as them. Then the journal's name is strikingly similar to that of a Chinese journal, Journal of Computer Research and Development (Chinese title, copy-pasted: 计算机研究与发展, ISSN 1000-1239) published by the Institute of Computing Technology, Chinese Academy of Sciences. Not only did they imitate the name, they reused the ISSN! Probably some of the statistics they use to try to fool the naïve reader:

They also boast an international editorial board. It looked strange: it includes academics, some of them quite senior and prestigious, on various topics including shark behavior and monkey studies (the journal's name, as a reminder, is Computer Research and Development). To confirm my guess I contacted a few of them and, sure enough, they had never heard of this journal.

The web site does have articles, which typically look like non-proofread and not-yet-graded undergraduate course papers

This is not just predatory publishing but a full-fledged scam; just as more general-purpose Internet scams (the Nigeria donation, the romance scam, the refund scam) affect the the uninformed and unprotected, these academic scams mostly ensnare beginning researchers in desperate search of some entries to fill their incipient publication lists (although in a couple of cases I have been surprised to see serious people circulate such emails with comments along the lines “an interesting publication venue for us?”). But they do cause damage. While there have been exaggerated claims as to the extent of the phenomenon, a credible estimate is that predatory publishing accounts for $75 to 100 million yearly.

I will come back to this matter in a future post because I think it is not just a sordid case of scammers finding a new way of (as the saying goes)  separating fools from their money. It is partly, for the academic community, a self-imposed scourge. I wrote several times about the degradation of the publication culture (see among others a CACM blog article of earlier this year about “reversing the fossilization of computer science conferences”). A big role has been played by the careless move to so-called open publishing. The publication edifice is cracking at the joints; predatory publishing is a consequence of that crisis, but only a small part of it. More on publishing in the future, but in the meantime beware of publication offers!

Current papers

Subsequent editions of this newsletter will include a section of links to interesting recent papers (and books) on software engineering topics. If you spot a good contribution and think I should look at it for inclusion here, please drop me a note.

Cover photo: freshly picked organically-grown olives waiting to be processed at oil-producing cooperative, Manosque, Provence