Iasa Minnesota IT Architect Community

What's actually changed: building software with AI when everyone feels overwhelmed
AI is changing faster than almost anyone can track. Not the people using AI every day, not the people paying for it, not the people deciding whether to use it at all, and not the people building the architectures. The volume of news is unmanageable, partly because a lot of it is now being written by the AIs themselves. Half of this talk is about what deserves your attention. The other half is Bob.
Software engineering used to have a guy named Bob. Bob's job was to look at what you were doing, ask why, and tell you to slow the hell down. Bob read the spec before the code, the code before the commit, the commit before the deploy. Bob was annoying. Bob was correct. I miss Bob.
Vibe coding does not have Bob.
I tried to get him back into the room by creating four tools. Duplo is Bob creating the spec from whatever reference material you have. McLoop is Bob running the build while you sleep, with discipline about what gets committed. Orchestra is grumpy Bob fighting LLM slop by putting multiple models in specific roles, because any single LLM can fail spectacularly and Bob does not like that. Vroom is Bob reading what shipped and asking what should have been done differently.
Short live demo of Bob. Where Bob came from. Where Bob breaks. Bring questions, and bring the kind of skepticism the field used to have before it fired Bob.

***

Self-supervised learning deals with problems that have little or no available labeled data. Recent work has shown impressive results when underlying classes have significant semantic differences. We will discuss strategies to tackle to enable learning from unlabeled data even when samples from different classes are not prominently diverse. We approach the problem by leveraging novel ensemble-based clustering strategies where clusters derived from different configurations are combined to generate a better grouping for the data samples in a fully-unsupervised way. We will see results for Person Re-Identification and Text Authorship Verification but the techniques are useful in other applications as well. Moreover, we also detail recent efforts on Causal Analysis to refine AI methods.
Anderson Rocha (F) is a Full Professor of Artificial Intelligence and Digital Forensics at the Institute of Computing, University of Campinas (Unicamp), Brazil. He is the head of the Artificial Intelligence Lab., Recod.ai, at Unicamp and was the former Director of the Institute for the 2019-2023 term. He holds a bachelor's degree in Computer Science (2003) from Federal University of Lavras, Brazil, a Masters Degree in Computer Science (2006) from Unicamp and a Ph.D. degree in Computer Science (2009) also from Unicamp, Brazil.

Prof. Rocha is an elected affiliate of the Brazilian Academy of Sciences (ABC) and the Brazilian Academy of Forensic Sciences (ABC). He is a three-term elected member of the IEEE Information Forensics and Security Technical Committee (IFS-TC, 2011-2013, 2014-2016, 2023-2026) and a two-term former Chair of such committee (2015-2016, 2025-2026). He is a Microsoft Research (2011) and a Google (2017-2022) Research Faculty Fellow, an IEEE Fellow (2023), and IEEE Biometrics Distinguished Lecturer (2025-2027). In addition, in 2016, he was awarded the Tan Chin Tuan (TCT) Fellowship, and the Asia Pacific Artificial Intelligence Association Fellowship.

Prof. Rocha has been the principal investigator of several research projects in partnership with public funding agencies in Brazil and abroad and national and multi-national companies, having already filed and licensed several patents. He is a Brazilian CNPq research scholar (PQ1C). Finally, he is now a LinkedIn Top Voice in Artificial Intelligence for continuously raising awareness of Al and its potential impacts on society at large.

online: https://youtube.com/live/DTOTDmrAjq4?feature=share

Fuzz testing has passed its 35th birthday and, in that time, has gone from a disparaged and mocked
technique to one that is the foundation of many efforts in software engineering and testing. The key
idea behind fuzz testing is using random input and having an extremely simple test oracle that only looks
for crashes or hangs in the program. Importantly, in all our studies, all our tools, test data, and results
were made public so that others could reproduce the work. In addition, we located the cause of each
failure that we caused and identified the common causes of such failures.

In the last several years, there has been a huge amount of progress and new developments in fuzz
testing. Hundreds of papers have been published on the subject and dozens of PhD dissertations have
been produced. In this talk, I will review the progress over the last 35 years describing our simple
approach – using what is now called black box generational testing – and show how it is still relevant
and effective today.

In 1990, we published the results of a study of the reliability of standard UNIX application/utility
programs. This study showed that by using simple (almost simplistic) random testing techniques, we
could crash or hang 25-33% of these utility programs. In 1995, we repeated and significantly extended
this study using the same basic techniques: subjecting programs to random input streams. This study
also included X-Window applications and servers. A distressingly large number of UNIX applications still
crashed with our tests. X-window applications were at least as unreliable as command-line applications.
The commercial versions of UNIX fared slightly better than in 1990, but the biggest surprise was that
Linux and GNU applications were significantly more reliable than the commercial versions.

In 2000, we took another stab at random testing, this time testing applications running on Microsoft
Windows. Given valid random mouse and keyboard input streams, we could crash or hang 45% (NT) to
64% (Win2K) of these applications.

In 2006, we continued the study, looking at both command-line and GUI-based applications on the
relatively new Mac OS X operating system. While the command-line tests had a reasonable 7% failure
rate, the GUI-based applications, from a variety of vendors, had a distressing 73% failure rate.

Recently, we decided to revisit our basic techniques on commonly used UNIX systems. We were
interested to see that these techniques were still effective and useful.

In this talk, I will discuss our testing techniques and then present the various test results in more detail.
These results include, in many cases, identification of the bugs and the coding practices that caused the
bugs. In several cases, these bugs introduced issues relating to system security. The talk will conclude
with some philosophical musings on the current state of software development.
Papers on the four studies (1990, 1995, 2000, 2006, and 2020), the software and the bug reports can be
found at the UW fuzz home page:

http://www.cs.wisc.edu/~bart/fuzz/

Also online: https://youtube.com/live/DTOTDmrAjq4?feature=share

Fuzz testing has passed its 35 th birthday and, in that time, has gone from a disparaged and mocked
technique to one that is the foundation of many efforts in software engineering and testing. The key
idea behind fuzz testing is using random input and having an extremely simple test oracle that only looks
for crashes or hangs in the program. Importantly, in all our studies, all our tools, test data, and results
were made public so that others could reproduce the work. In addition, we located the cause of each
failure that we caused and identified the common causes of such failures.
In the last several years, there has been a huge amount of progress and new developments in fuzz
testing. Hundreds of papers have been published on the subject and dozens of PhD dissertations have
been produced. In this talk, I will review the progress over the last 35 years describing our simple
approach – using what is now called black box generational testing – and show how it is still relevant
and effective today.

In 1990, we published the results of a study of the reliability of standard UNIX application/utility
programs. This study showed that by using simple (almost simplistic) random testing techniques, we
could crash or hang 25-33% of these utility programs.

In 1995, we repeated and significantly extended
this study using the same basic techniques: subjecting programs to random input streams. This study
also included X-Window applications and servers. A distressingly large number of UNIX applications still
crashed with our tests. X-window applications were at least as unreliable as command-line applications.

The commercial versions of UNIX fared slightly better than in 1990, but the biggest surprise was that
Linux and GNU applications were significantly more reliable than the commercial versions.

In 2000, we took another stab at random testing, this time testing applications running on Microsoft
Windows. Given valid random mouse and keyboard input streams, we could crash or hang 45% (NT) to
64% (Win2K) of these applications.

In 2006, we continued the study, looking at both command-line and GUI-based applications on the
relatively new Mac OS X operating system. While the command-line tests had a reasonable 7% failure
rate, the GUI-based applications, from a variety of vendors, had a distressing 73% failure rate.
Recently, we decided to revisit our basic techniques on commonly used UNIX systems. We were
interested to see that these techniques were still effective and useful.
In this talk, I will discuss our testing techniques and then present the various test results in more detail.

These results include, in many cases, identification of the bugs and the coding practices that caused the
bugs. In several cases, these bugs introduced issues relating to system security. The talk will conclude
with some philosophical musings on the current state of software development.

Papers on the four studies (1990, 1995, 2000, 2006, and 2020), the software and the bug reports can be
found at the UW fuzz home page:
http://www.cs.wisc.edu/~bart/fuzz/

Brief bio:

Barton Miller is the Vilas Distinguished Achievement Professor at UW-Madison
Miller is a co-PI on the Trusted CI NSF Cybersecurity Center of Excellence, where he leads the
software assurance effort. His research interests include software security, in-depth vulnerability
assessment, binary and malicious code analysis and instrumentation, extreme scale systems, and
parallel and distributed program measurement and debugging. In 1988, Miller founded the field of
Fuzz random software testing, which is the foundation of many security and software engineering
disciplines. In 1992, Miller (working with his then­student Prof. Jeffrey Hollingsworth) founded the
field of dynamic binary code instrumentation and coined the term “dynamic instrumentation”.
Miller is a Fellow of the ACM and recently won the Jean Claude Laprie Award in dependable
computing for his work on fuzz testing.

Miller was a member of the FAA VECTOR Task Force reviewing cybersecurity of the U.S. aviation
infrastructure. He was the chair of the Institute for Defense Analysis Center for Computing Sciences
Program Review Committee, member of the U.S. National Nuclear Safety Administration Los
Alamos and Lawrence Livermore National Labs Cyber Security Review Committee (POFMR),
member of the Los Alamos National Laboratory Computing, Communications and Networking
Division Review Committee, has been on the U.S. Secret Service Electronic Crimes Task Force
(Chicago Area) is currently an advisor to the Wisconsin National Guard 176 th Cyber Prevention
Team and the Wisconsin Security Research Consortium.