Tootfinder

«5% of our systems is infrastructure as code. 95% is infrastructure as Powerpoint»
I've seen too much of that 😂
https://www.youtube.com/watch?v=rXPpkzdS-q4

Ouch, very familiar:
> I maintain the project alone, as over the years the community has not expressed a need for more active participation. This is typical for infrastructure-level solutions that users don’t interact with directly.
From https://www.theregister.com/2025/08/27/pop

Putin on the code: DoD reportedly relies on utility written by Russian dev
updated: Fast-glob is widely used in government, security lab says

Code once, Run Green: Automated Green Code Translation in Serverless Computing
Sebastian Werner, Mathis K\"ahler, Alireza Hakamian
https://arxiv.org/abs/2509.22068 https://…

Code once, Run Green: Automated Green Code Translation in Serverless Computing
The rapid digitization and the increasing use of emerging technologies such as AI models have significantly contributed to the emissions of computing infrastructure. Efforts to mitigate this impact typically focus on the infrastructure level such as powering data centers with renewable energy, or through the specific design of energy-efficient software. However, both strategies rely on stakeholder intervention, making their adoption in legacy and already-deployed systems unlikely. As a result, …

Security smells in infrastructure as code: a taxonomy update beyond the seven sins
Aicha War, Serge L. B. Nikiema, Jordan Samhi, Jacques Klein, Tegawende F. Bissyande
https://arxiv.org/abs/2509.18761

Ethical Classification of Non-Coding Contributions in Open-Source Projects via Large Language Models
Sergio Cobos, Javier Luis C\'anovas Izquierdo
https://arxiv.org/abs/2507.21583

Ethical Classification of Non-Coding Contributions in Open-Source Projects via Large Language Models
The development of Open-Source Software (OSS) is not only a technical challenge, but also a social one due to the diverse mixture of contributors. To this aim, social-coding platforms, such as GitHub, provide the infrastructure needed to host and develop the code, but also the support for enabling the community's collaboration, which is driven by non-coding contributions, such as issues (i.e., change proposals or bug reports) or comments to existing contributions. As with any other social endea…

Any developer worth their salt knows that the outputting code is the easiest part of software development, and that code as an artifact has little value without everything that surrounds it: the people, the shared knowledge, the practices (both formal and informal), the infrastructure, the networks of trust, etc etc.
And yet!! like fools, we’ve got ourselves hung up on OSS licenses and copyright — the legal structures surrounding the code itself — as if code were in fact the only thing that really matters. As if we didn’t know better.
4/

Self-Healing Network of Interconnected Edge Devices Empowered by Infrastructure-as-Code and LoRa Communication
Rob Carson, Mohamed Chahine Ghanem, Feriel Bouakkaz
https://arxiv.org/abs/2508.16268

Self-Healing Network of Interconnected Edge Devices Empowered by Infrastructure-as-Code and LoRa Communication
This Paper proposes a self-healing, automated network of Raspberry Pi devices designed for deployment in scenarios where traditional networking is unavailable. Leveraging the low-power, long-range capabilities of the LoRa (Long Range) protocol alongside Infrastructure as Code (IaC) methodologies, the research addresses challenges such as limited bandwidth, data collisions, and node failures. Given that LoRa's packet-based system is incompatible with conventional IaC tools like Ansible and Terra…

Benchmarking Web API Integration Code Generation
Daniel Maninger, Leon Chemnitz, Amir Molzam Sharifloo, Jannis Brugger, Mira Mezini
https://arxiv.org/abs/2509.20172 https://

Benchmarking Web API Integration Code Generation
API integration is a cornerstone of our digital infrastructure, enabling software systems to connect and interact. However, as shown by many studies, writing or generating correct code to invoke APIs, particularly web APIs, is challenging. Although large language models~(LLMs) have become popular in software development, their effectiveness in automating the generation of web API integration code remains unexplored. In order to address this, we present a dataset and evaluation pipeline designed…

So I had this terrible idea a few years ago to write some infrastructure automation that provisions a new compute instance, sets up secrets storage, configures IAM roles, authorizes the new instance to be able to provision new instance and roles via infra-as-code automation, and then the new instance tears down the instance and roles that created it, before then creating its own new compute instance, etc
Like a self-propagating glider in Conway's Game of Life, except with cloud inf…

Manchmal habe ich den Eindruck, dieses Infrastructure as Code haben uns Programmierer eingebrockt, weil sie Kommandozeile und Shell-Scripts nicht verstehen. #justthinkin

Multi-IaC-Eval: Benchmarking Cloud Infrastructure as Code Across Multiple Formats
Sam Davidson, Li Sun, Bhavana Bhasker, Laurent Callot, Anoop Deoras
https://arxiv.org/abs/2509.05303

Multi-IaC-Eval: Benchmarking Cloud Infrastructure as Code Across Multiple Formats
Infrastructure as Code (IaC) is fundamental to modern cloud computing, enabling teams to define and manage infrastructure through machine-readable configuration files. However, different cloud service providers utilize diverse IaC formats. The lack of a standardized format requires cloud architects to be proficient in multiple IaC languages, adding complexity to cloud deployment. While Large Language Models (LLMs) show promise in automating IaC creation and maintenance, progress has been limite…

"Digital Camouflage": The LLVM Challenge in LLM-Based Malware Detection
Ekin B\"oke, Simon Torka
https://arxiv.org/abs/2509.16671 https://ar…

"Digital Camouflage": The LLVM Challenge in LLM-Based Malware Detection
Large Language Models (LLMs) have emerged as promising tools for malware detection by analyzing code semantics, identifying vulnerabilities, and adapting to evolving threats. However, their reliability under adversarial compiler-level obfuscation is yet to be discovered. In this study, we empirically evaluate the robustness of three state-of-the-art LLMs: ChatGPT-4o, Gemini Flash 2.5, and Claude Sonnet 4 against compiler-level obfuscation techniques implemented via the LLVM infrastructure. Thes…

ARPaCCino: An Agentic-RAG for Policy as Code Compliance
Francesco Romeo, Luigi Arena, Francesco Blefari, Francesco Aurelio Pironti, Matteo Lupinacci, Angelo Furfaro
https://arxiv.org/abs/2507.10584

ARPaCCino: An Agentic-RAG for Policy as Code Compliance
Policy as Code (PaC) is a paradigm that encodes security and compliance policies into machine-readable formats, enabling automated enforcement in Infrastructure as Code (IaC) environments. However, its adoption is hindered by the complexity of policy languages and the risk of misconfigurations. In this work, we present ARPaCCino, an agentic system that combines Large Language Models (LLMs), Retrieval-Augmented-Generation (RAG), and tool-based validation to automate the generation and verificati…

OMG. I love #Multipass for Infrastructure as Code. I tried creating my own Multipass YAML and it actually worked!
========
package_update: true
package_upgrade: true
runcmd:
- sudo add-apt-repository ppa:fish-shell/release-4
- sudo apt update -y
- sudo apt install fish -y
- usermod -s /usr/bin/fish ubuntu
=========
$ multipass launch 24.04 \

HARD: A Performance Portable Radiation Hydrodynamics Code based on FleCSI Framework
Julien Loiseau, Hyun Lim, Andr\'es Yag\"ue L\'opez, Mammadbaghir Baghirzade, Shihab Shahriar Khan, Yoonsoo Kim, Sudarshan Neopane, Alexander Strack, Farhana Taiyebah, Benjamin K. Bergen
https://arxiv.org/abs/2509.08971

HARD: A Performance Portable Radiation Hydrodynamics Code based on FleCSI Framework
Hydrodynamics And Radiation Diffusion} (HARD) is an open-source application for high-performance simulations of compressible hydrodynamics with radiation-diffusion coupling. Built on the FleCSI (Flexible Computational Science Infrastructure) framework, HARD expresses its computational units as tasks whose execution can be orchestrated by multiple back-end runtimes, including Legion, MPI, and HPX. Node-level parallelism is delegated to Kokkos, providing a single, portable code base that runs eff…

Crosslisted article(s) found for cs.SE. https://arxiv.org/list/cs.SE/new
[1/1]:
- Security smells in infrastructure as code: a taxonomy update beyond the seven sins
Aicha War, Serge L. B. Nikiema, Jordan Samhi, Jacques Klein, Tegawende F. Bissyande

AgentSight: System-Level Observability for AI Agents Using eBPF
Yusheng Zheng, Yanpeng Hu, Tong Yu, Andi Quinn
https://arxiv.org/abs/2508.02736 https://arx…

AgentSight: System-Level Observability for AI Agents Using eBPF
Modern software infrastructure increasingly relies on LLM agents for development and maintenance, such as Claude Code and Gemini-cli. However, these AI agents differ fundamentally from traditional deterministic software, posing a significant challenge to conventional monitoring and debugging. This creates a critical semantic gap: existing tools observe either an agent's high-level intent (via LLM prompts) or its low-level actions (e.g., system calls), but cannot correlate these two views. This …

Efficient Detection of Intermittent Job Failures Using Few-Shot Learning
Henri A\"idasso, Francis Bordeleau, Ali Tizghadam
https://arxiv.org/abs/2507.04173

Efficient Detection of Intermittent Job Failures Using Few-Shot Learning
One of the main challenges developers face in the use of continuous integration (CI) and deployment pipelines is the occurrence of intermittent job failures, which result from unexpected non-deterministic issues (e.g., flaky tests or infrastructure problems) rather than regular code-related errors such as bugs. Prior studies developed machine-learning (ML) models trained on large datasets of job logs to classify job failures as either intermittent or regular. As an alternative to costly manual …

OpenLambdaVerse: A Dataset and Analysis of Open-Source Serverless Applications
Angel C. Chavez-Moreno, Cristina L. Abad
https://arxiv.org/abs/2508.01492 https://

OpenLambdaVerse: A Dataset and Analysis of Open-Source Serverless Applications
Function-as-a-Service (FaaS) is at the core of serverless computing, enabling developers to easily deploy applications without managing computing resources. With an Infrastructure-as-Code (IaC) approach, frameworks like the Serverless Framework use YAML configurations to define and deploy APIs, tasks, workflows, and event-driven applications on cloud providers, promoting zero-friction development. As with any rapidly evolving ecosystem, there is a need for updated insights into how these tools …