Comment apprendre à programmer un robot en 30 minutes? Atelier organisé par Tom Mens (en collaboration avec Pierre Zielinski, Gauvain Devillez et Sebastien Bonte) lors des Journées Math-Sciences du Printemps des Sciences 2022 à l'Université de Mons
Keynote talk targeted to PhD students, during the BENEVOL 2023 research seminar (focused on software evolution) in Nijmegen, 27 November 2023, by Tom Mens (full professor in software engineering at University of Mons, Belgium). The keynote aims to provide tips, tricks and practical advice on how to become successful as a PhD student.
Recognising bot activity in collaborative software developmentTom Mens
Presentation by Natarajan Chidambaram during the International ICSE Workshop on Bots in Software Engineering (BotSE 2023) in Australia. Joint work with Mehdi Golzadeh, Tom Mens, Alexandre Decan of the Software Engineering Lab of the University of Mons and with Eleni Constantinou.
A Dataset of Bot and Human Activities in GitHubTom Mens
Presentation at the IEEE International Conference on Mining Software Repositories (MSR 2023) by Natarajan Chidambaram (Software Engineering Lab, University of Mons, Belgium) of a dataset of bot and human activities extracted from GitHub
This document discusses the rise of GitHub Actions (GHA) as a dominant continuous integration (CI) service based on a longitudinal study of 91,810 GitHub repositories. The study analyzed the evolution and usage of seven popular CI services over nine years, focusing on their co-usage and migration patterns. The study provides statistical evidence that GHA became the most used CI service within 18 months of its introduction, coinciding with a decrease in Travis usage likely due to policy changes and migrations to GHA. Interviews with software practitioners revealed competition between services and reasons for co-using or migrating between alternatives.
Nurturing the Software Ecosystems of the FutureTom Mens
In January 2018, four Software Engineering research groups located in different Belgian Universities launched a five year research project to nurture the software ecosystems of the future. We assembled a diverse team of about a dozen researchers and embarked on an exciting journey leading to a rich and diverse suite of papers, tools and datasets. Halfway into the project the corona pandemic intervened, but despite several months of lockdown, we succeeded in increasing inter-university collaboration. In this paper we share our achievements so that the BENEVOL community may benefit from our experience.
On the rise and fall of CI services in GitHubTom Mens
Presentation of SANER 2022 conference article "On the rise and fall of CI services in GitHub" by Mehdi Golzadeh (co-authored with Alexandre Decan and Tom Mens).
On backporting practices in package dependency networksTom Mens
Presentation at FOSDEM 2022 Composition and Dependency Management DevRoom of empirical research on backporting practices in package dependency networks, published in the IEEE Transactions in Software Engineering in 2021 (https://doi.org/10.1109/TSE.2021.3112204)
Joint work by Alexandre Decan, Tom Mens; Ahmed Zeourali, Coen De Roover as part of the Belgian Excellence of Science research project SECOASSIST (https://secoassist.github.io)
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsTom Mens
Presentation by Tom Mens at PackagingCon 2021 on Wednesday 10 November 2021.
Abstract: Semantic versioning (semver) is a commonly accepted open source practice, used by many package management systems to inform whether new package releases introduce possibly backward incompatible changes. Maintainers depending on such packages can use this practice to reduce the risk of breaking changes in their own packages by specifying version constraints on their dependencies. Depending on the amount of control a package maintainer desires to assert over her package dependencies, these constraints can range from very permissive to very restrictive. We empirically compared the evolution of semver compliance in four package management systems: Cargo, npm, Packagist and Rubygems. We discuss to what extent ecosystem-specific characteristics influence the degree of semver compliance, and we suggest to develop tools adopting the wisdom of the crowds to help package maintainers decide which type of version constraints they should impose on their dependencies.
We also studied to which extent the packages distributed by these package managers are still using a 0.y.z release, suggesting less stable and immature packages. We explore the effect of such "major zero" packages on semantic versioning adoption.
Our findings shed insight in some important differences between package managers with respect to package versioning policies.
Our empirical results have been published in two peer-reviewed academic journals: the IEEE Transactions in Software Engineering (https://doi.org/10.1109/TSE.2019.2918315) and Elsevier Science of Computer Programming (https://doi.org/10.1016/j.scico.2021.102656).
Achknowledgments: Research conducted in the context of the SECOASSIST "Excellence of Science" Research Project.
Keynote talk targeted to PhD students, during the BENEVOL 2023 research seminar (focused on software evolution) in Nijmegen, 27 November 2023, by Tom Mens (full professor in software engineering at University of Mons, Belgium). The keynote aims to provide tips, tricks and practical advice on how to become successful as a PhD student.
Recognising bot activity in collaborative software developmentTom Mens
Presentation by Natarajan Chidambaram during the International ICSE Workshop on Bots in Software Engineering (BotSE 2023) in Australia. Joint work with Mehdi Golzadeh, Tom Mens, Alexandre Decan of the Software Engineering Lab of the University of Mons and with Eleni Constantinou.
A Dataset of Bot and Human Activities in GitHubTom Mens
Presentation at the IEEE International Conference on Mining Software Repositories (MSR 2023) by Natarajan Chidambaram (Software Engineering Lab, University of Mons, Belgium) of a dataset of bot and human activities extracted from GitHub
This document discusses the rise of GitHub Actions (GHA) as a dominant continuous integration (CI) service based on a longitudinal study of 91,810 GitHub repositories. The study analyzed the evolution and usage of seven popular CI services over nine years, focusing on their co-usage and migration patterns. The study provides statistical evidence that GHA became the most used CI service within 18 months of its introduction, coinciding with a decrease in Travis usage likely due to policy changes and migrations to GHA. Interviews with software practitioners revealed competition between services and reasons for co-using or migrating between alternatives.
Nurturing the Software Ecosystems of the FutureTom Mens
In January 2018, four Software Engineering research groups located in different Belgian Universities launched a five year research project to nurture the software ecosystems of the future. We assembled a diverse team of about a dozen researchers and embarked on an exciting journey leading to a rich and diverse suite of papers, tools and datasets. Halfway into the project the corona pandemic intervened, but despite several months of lockdown, we succeeded in increasing inter-university collaboration. In this paper we share our achievements so that the BENEVOL community may benefit from our experience.
On the rise and fall of CI services in GitHubTom Mens
Presentation of SANER 2022 conference article "On the rise and fall of CI services in GitHub" by Mehdi Golzadeh (co-authored with Alexandre Decan and Tom Mens).
On backporting practices in package dependency networksTom Mens
Presentation at FOSDEM 2022 Composition and Dependency Management DevRoom of empirical research on backporting practices in package dependency networks, published in the IEEE Transactions in Software Engineering in 2021 (https://doi.org/10.1109/TSE.2021.3112204)
Joint work by Alexandre Decan, Tom Mens; Ahmed Zeourali, Coen De Roover as part of the Belgian Excellence of Science research project SECOASSIST (https://secoassist.github.io)
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsTom Mens
Presentation by Tom Mens at PackagingCon 2021 on Wednesday 10 November 2021.
Abstract: Semantic versioning (semver) is a commonly accepted open source practice, used by many package management systems to inform whether new package releases introduce possibly backward incompatible changes. Maintainers depending on such packages can use this practice to reduce the risk of breaking changes in their own packages by specifying version constraints on their dependencies. Depending on the amount of control a package maintainer desires to assert over her package dependencies, these constraints can range from very permissive to very restrictive. We empirically compared the evolution of semver compliance in four package management systems: Cargo, npm, Packagist and Rubygems. We discuss to what extent ecosystem-specific characteristics influence the degree of semver compliance, and we suggest to develop tools adopting the wisdom of the crowds to help package maintainers decide which type of version constraints they should impose on their dependencies.
We also studied to which extent the packages distributed by these package managers are still using a 0.y.z release, suggesting less stable and immature packages. We explore the effect of such "major zero" packages on semantic versioning adoption.
Our findings shed insight in some important differences between package managers with respect to package versioning policies.
Our empirical results have been published in two peer-reviewed academic journals: the IEEE Transactions in Software Engineering (https://doi.org/10.1109/TSE.2019.2918315) and Elsevier Science of Computer Programming (https://doi.org/10.1016/j.scico.2021.102656).
Achknowledgments: Research conducted in the context of the SECOASSIST "Excellence of Science" Research Project.
Presentation by Tom Mens at FOSDEM21 (Free Open Source Developers Meeting, February 2021). Published in Science of Computer Programming, August 2021.
https://doi.org/10.1016/j.scico.2021.102656
Abstract: When developing open source software end-user applications or reusable software packages, developers depend on software packages distributed through package managers such as npm, Packagist, Cargo, RubyGems. In addition to this, empirical evidence has shown that these package managers adhere to a large extent to semantic versioning principles. Packages that are still in major version zero are considered unstable according to semantic versioning, as some developers consider such packages as immature, still being under initial development.
This presentation reports on large-scale empirical evidence on the use of dependencies towards 0.y.z versions in four different software package distributions: Cargo, npm, Packagist and RubyGems. We study to which extent packages get stuck in the zero version space, never crossing the psychological barrier of major version zero. We compare the effect of the policies and practices of package managers on this phenomenon. We do not reveal the results of our findings in this abstract yet, as it would spoil the fun of the presentation.
Evaluating a bot detection model on git commit messagesTom Mens
Detecting the presence of bots in distributed software development activity is very important in order to prevent bias in socio-technical empirical studies. In previous work, we proposed a classification model to detect bots in GitHub repositories based on the pull request and issue comments of GitHub accounts. The current study generalises the approach to git contributors based on their commit messages. We train and evaluate the classification model on a large dataset of 6,922 git contributors. The original model based on pull request and issue comments obtained a precision of 0.77 on this dataset, whereas retraining the classification model on git commit messages increased the precision to 0.80. As a proof-of-concept, we implemented this model in BoDeGiC, an open source command-line tool to detect bots in git repositories.
Is my software ecosystem healthy? It depends!Tom Mens
QUATIC 2020 keynote presentation by Tom Mens (University of Mons) on dependency-related health issues in software ecosystems and research advances to address such health issues. Part of the presented research has been conducted as part of the Belgian SECO-ASSIST Excellence of Science Research Project.
Bot or not? Detecting bots in GitHub pull request activity based on comment s...Tom Mens
Presentation by Mehdi Golzadeh (Software Engineering Lab, University of Mons) of an article published at the 2nd International ICSE Workshop on Bots In Software Engineering (BotSE). See https://doi.org/10.1145/3387940.3391503
Abstract: Many empirical studies focus on socio-technical activity in social coding platforms such as GitHub, for example to study the onboarding, abandonment, productivity and collaboration among team members. Such studies face the difficulty that GitHub activity can also be generated automatically by bots of a different nature. It therefore becomes imperative to distinguish such bots from human users. We propose an automated approach to detect bots in GitHub pull request activity. Relying on the assumption that bots contain repetitive message patterns in their pull request comments, we analyse the similarity between multiple messages from the same GitHub identity, using a clustering method that combines the Jaccard and Levenshtein distance. We empirically evaluate our approach by analysing 20,090 comments of 250 users and 42 bots in 1,262 GitHub repositories. Our results show that the method is able to clearly separate bots from human users.
How magic is zero? An Empirical Analysis of Initial Development Releases in S...Tom Mens
1. 0.y.z packages are highly prevalent, contributing to 90% of packages in some distributions even though documentation states they are for initial development.
2. It generally takes a few months for packages to reach ≥1.0.0 but 20% take over a year, suggesting packages get stuck in 0.y.z.
3. 0.y.z packages are updated slightly more frequently but the difference is negligible, and there is little practical difference in how 0.y.z and ≥1.0.0 packages are used.
Comparing dependency issues across software package distributions (FOSDEM 2020)Tom Mens
This talk reports on our findings based on multiple empirical studies that we have conducted to understand different aspects of dependency management and their practical implications. This includes:
* the outdatedness of package dependencies, the transitive impact of such "technical lag", and its relation to the presence of bugs and security vulnerabilities.
* the impact of using either more permissive or more restrictive version contraints on dependencies.
* the virtues and limitations of being compliant to semantic versioning, a common policy to inform dependents whether new releases of software packages introduce possibly backward incompatible changes.
* the impact of specific characteristics, policies and tools used by the packaging ecosystem and its supporting community on all of the above.
The contents of the talk is primarily based on the following peer-reviewed scientific articles:
* What do package dependencies tell us about semantic versioning? Alexandre Decan, Tom Mens. IEEE Transactions on Software Engineering, 2019. https://doi.org/10.1109/TSE.2019.2918315
* An empirical comparison of dependency network evolution in seven software packaging ecosystems. Alexandre Decan, Tom Mens, Philippe Grosjean. Empirical Software Engineering 24(1):381-416, 2019. https://doi.org/10.1007/s10664-017-9589-y
* A formal framework for measuring technical lag in component repositories and its application to npm. Ahmed Zerouali, Tom Mens, Jesus Gonzalez‐Barahona, Alexandre Decan, Eleni Constantinou, Gregorio Robles. Journal of Software: Evolution and Process 31(8), 2019. https://doi.org/10.1002/smr.2157
* On the Impact of Security Vulnerabilities in the npm Package Dependency Network. Alexandre Decan, Tom Mens, Eleni Constantinou. International Conference on Mining Software Repositories, 2018. https://doi.org/10.1145/3196398.3196401
* On the Evolution of Technical Lag in the npm Package Dependency Network. Alexandre Decan, Tom Mens, Eleni Constantinou. International Conference on Software Maintenance and Evolution, 2018. https://doi.org/10.1109/ICSME.2018.00050
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Tom Mens
Presentation at CHAOSSCon Europe 2020 about the generic technical lag software measurement framework. Technical lag measures the increasing difference between deployed software components and the ideal upstream software components.
For more information, see https://doi.org/10.1002/smr.2157
This presentation reports on the research results achieved in the context of the interuniversity interdisciplinary research project SECOHealth "Vers une méthodologie et analyse socio-technique interdisciplinaire de la santé des écosystèmes logiciels" co-financed by FRS-FNRS Belgium and FRQ (FRSC - FRNT, Québec) with principal investigators Tom Mens (UMONS), Bram Adams (Polytechnique Montréal) and Josianne Marsan (Université Laval).
Introduction to the research seminar on empirical analysis of open source software ecosystems, organised by the SECO-ASSIST "excellence of science" research project, on September 4th, 2019 at the University of Mons, Belgium. With invited presentations by Alexander Serebrenik, Jesus Gonzalez-Barahona, Dario Di Nucci and Henrique Nucci. The seminar concludes with the public PhD defense of Ahmed Zerouali (supervised by Tom Mens) on the topic of "A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems"
Empirically Analysing the Socio-Technical Health of Software Package ManagersTom Mens
Invited presentation at Concordia University (Montreal, Canada) by Eleni Constantinou and Tom Mens on recent research about the socio-technical health issues in software package management ecosystems.
Abstract: The large majority of today’s software is relying on open software software components. Such components are typically distributed through package managers for a wide variety of programming languages, and developed and maintained through online distributed software development services like GitHub. Software component repositories are perceived as software ecosystems that constitute complex and evolving socio-technical software dependency networks. Because of their complexity and evolution, these ecosystems tend to suffer from a wide variety of software health issues that can be either technical or social in nature. Examples of such issues include the ecosystem fragility due to exponential growth and transitive dependencies; the abundance of outdated, unmaintained or obsolete software components; the prolonged presence of unfixed bugs and security vulnerabilities; the abandonment or high turnover of key contributors, suboptimal collaboration between contributors, and many more. This presentation will report on our past and ongoing empirical research that studies such health factors within and across different software packaging ecosystems (such as npm, RubyGems, Cargo, CRAN, CPAN). We provide empirical evidence of some of the health problems, compare their presence across different ecosystems, and suggest ways to reduce their potential impact by providing concrete guidelines and tools. The presented research Is being conducted by researchers of the Software Engineering Lab at the University of Mons in the context of two ongoing projects SECOHealth and SECO-ASSIST, aiming to analyse and improve the health of software ecosystems.
ConPan: Analysing Packages Installed in Docker ContainersTom Mens
ConPan is a tool that analyzes software packages installed in Docker containers to identify outdated and vulnerable packages. It combines information about outdatedness and known security vulnerabilities. ConPan works by scanning Docker images and comparing package information to vulnerability databases. The goal is to help identify security risks from outdated and vulnerable packages in container images to improve container security.
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...Tom Mens
Presentation by Tom Mens of SANER 2019 paper that was awarded as best paper. The topic concerns Docker containers, and more in particular the relation between outdated packages, technical lag, security vulnerabilities and bugs.
On the diversity of software popularity metrics: An empirical study of npmTom Mens
Presentation by Prof. Tom Mens (University of Mons) of an ERA-track paper at SANER 2019, the International Conference on Software Analysis, Evolution and Reengineering (Hangzhou, China, February 2019).
Abstract: Software systems often leverage on open source software libraries to reuse functionalities. Such libraries are readily available through software package managers like npm for JavaScript. Due to the huge amount of packages available in such package distributions, developers often decide to rely on or contribute to a software package based on its popularity. Moreover, it is a common practice for researchers to depend on popularity metrics for data sampling and choosing the right candidates for their studies. However, the meaning of popularity is relative and can be defined and measured in a diversity of ways, that might produce different outcomes even when considered for the same studies. In this paper, we show evidence of how different is the meaning of popularity in software engineering research. Moreover, we empirically analyse the relationship between different software popularity measures. As a case study, for a large dataset of 175k npm packages, we computed and extracted 9 different popularity metrics from three open source tracking systems: libraries.io, npmjs.com and GitHub. We found that indeed popularity can be measured with different unrelated metrics, each metric can be defined within a specific context. This indicates a need for a generic framework that would use a portfolio of popularity metrics drawing from different concepts.
Acknowledgments: This work was partially supported by the EU Research FP (H2020-MSCA-ITN-2014-642954, Seneca), the Spanish Government (TIN2014-59400-R, SobreVision), the Excellence of Science Project SECO-Assist (O015718F, FWO - Vlaanderen and F.R.S.-FNRS).
How to increase the technical health of your software?Tom Mens
Presentation by Prof. Tom Mens (University of Mons) about the relation between, and guidelines for increasing, the internal and external technical debt and technical health of software. This talk was presented at the Business and Technology Club of the Infopole Cluster TIC in Gosselies (Belgium) on 19 February 2019. The ideas presented are partly based on research conducted in the context of the FRNS-FWO co-financed "Excellence of Science" Research Project SECO-ASSIST (http://secoassist.github.io)
"Software Ecosystem Health" lightning talkTom Mens
A 5-minute lightning talk at CHAOSSCon Europe (Brussels, 1 February 2019), presenting our recent activities around software ecosystem health, as part of the SECOHealth (secohealth.github.io) and SECO-ASSIST (secoassist.github.io) collaborative research projects.
On the health of the npm packaging ecosystemTom Mens
Presentation at DrupalCamp 2018 (Ghent) by Tom Mens (University of Mons) about lessons learned and guidelines based on a historical empirical analysis of the npm JavaScript packaging ecosystem, and the impact of technical problems in its package dependency network. This work is part of the SECOHealth and SECO-ASSIST research projects, co-financed by the FNRS-FRS.
On the evolution of technical lag in the npm package dependency networkTom Mens
Presentation at the International Conference on Software Maintenance and Evolution (ICSME2018), Madrid, Spain, 28 September 2018. Joint research by Alexandre Decan, Eleni Constantinou, Tom Mens at the Software Engineering Lab of the University of Mons. Research conducted in the context of the SECOHealth and SECO-ASSIST research projects (https://secohealth.github.io, https://secoassist.github.io)
We empirically analyse the context of technical lag in the JavaScript npm package dependency network to assess to which extent npm software packages and their dependencies are outdated.
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
Presentation slides of MSR 2018 article, co-authored by Alexandre Decan, Tom Mens and Eleni Constantinou from University of Mons, Belgium. Research carried out as part of the SECOHealth and SECO-ASSIST research projects. Abstract: Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vul- nerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they affect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.
SoHeal 2018 Welcome Slides: First International Workshop on Software HealthTom Mens
This document provides information about the 1st International Workshop on Software Health (SoHeal 2018) which is being held on May 27th, 2018 in Gothenburg, Sweden and is co-located with the 40th International Conference on Software Engineering. The workshop will include an opening, keynote presentation, sessions on software ecosystem health, open source software health, and other topics. There will also be a joint discussion session between CHAOSS and SECOHealth. The organizing committee and program committee are listed.
Presentation by Tom Mens at FOSDEM21 (Free Open Source Developers Meeting, February 2021). Published in Science of Computer Programming, August 2021.
https://doi.org/10.1016/j.scico.2021.102656
Abstract: When developing open source software end-user applications or reusable software packages, developers depend on software packages distributed through package managers such as npm, Packagist, Cargo, RubyGems. In addition to this, empirical evidence has shown that these package managers adhere to a large extent to semantic versioning principles. Packages that are still in major version zero are considered unstable according to semantic versioning, as some developers consider such packages as immature, still being under initial development.
This presentation reports on large-scale empirical evidence on the use of dependencies towards 0.y.z versions in four different software package distributions: Cargo, npm, Packagist and RubyGems. We study to which extent packages get stuck in the zero version space, never crossing the psychological barrier of major version zero. We compare the effect of the policies and practices of package managers on this phenomenon. We do not reveal the results of our findings in this abstract yet, as it would spoil the fun of the presentation.
Evaluating a bot detection model on git commit messagesTom Mens
Detecting the presence of bots in distributed software development activity is very important in order to prevent bias in socio-technical empirical studies. In previous work, we proposed a classification model to detect bots in GitHub repositories based on the pull request and issue comments of GitHub accounts. The current study generalises the approach to git contributors based on their commit messages. We train and evaluate the classification model on a large dataset of 6,922 git contributors. The original model based on pull request and issue comments obtained a precision of 0.77 on this dataset, whereas retraining the classification model on git commit messages increased the precision to 0.80. As a proof-of-concept, we implemented this model in BoDeGiC, an open source command-line tool to detect bots in git repositories.
Is my software ecosystem healthy? It depends!Tom Mens
QUATIC 2020 keynote presentation by Tom Mens (University of Mons) on dependency-related health issues in software ecosystems and research advances to address such health issues. Part of the presented research has been conducted as part of the Belgian SECO-ASSIST Excellence of Science Research Project.
Bot or not? Detecting bots in GitHub pull request activity based on comment s...Tom Mens
Presentation by Mehdi Golzadeh (Software Engineering Lab, University of Mons) of an article published at the 2nd International ICSE Workshop on Bots In Software Engineering (BotSE). See https://doi.org/10.1145/3387940.3391503
Abstract: Many empirical studies focus on socio-technical activity in social coding platforms such as GitHub, for example to study the onboarding, abandonment, productivity and collaboration among team members. Such studies face the difficulty that GitHub activity can also be generated automatically by bots of a different nature. It therefore becomes imperative to distinguish such bots from human users. We propose an automated approach to detect bots in GitHub pull request activity. Relying on the assumption that bots contain repetitive message patterns in their pull request comments, we analyse the similarity between multiple messages from the same GitHub identity, using a clustering method that combines the Jaccard and Levenshtein distance. We empirically evaluate our approach by analysing 20,090 comments of 250 users and 42 bots in 1,262 GitHub repositories. Our results show that the method is able to clearly separate bots from human users.
How magic is zero? An Empirical Analysis of Initial Development Releases in S...Tom Mens
1. 0.y.z packages are highly prevalent, contributing to 90% of packages in some distributions even though documentation states they are for initial development.
2. It generally takes a few months for packages to reach ≥1.0.0 but 20% take over a year, suggesting packages get stuck in 0.y.z.
3. 0.y.z packages are updated slightly more frequently but the difference is negligible, and there is little practical difference in how 0.y.z and ≥1.0.0 packages are used.
Comparing dependency issues across software package distributions (FOSDEM 2020)Tom Mens
This talk reports on our findings based on multiple empirical studies that we have conducted to understand different aspects of dependency management and their practical implications. This includes:
* the outdatedness of package dependencies, the transitive impact of such "technical lag", and its relation to the presence of bugs and security vulnerabilities.
* the impact of using either more permissive or more restrictive version contraints on dependencies.
* the virtues and limitations of being compliant to semantic versioning, a common policy to inform dependents whether new releases of software packages introduce possibly backward incompatible changes.
* the impact of specific characteristics, policies and tools used by the packaging ecosystem and its supporting community on all of the above.
The contents of the talk is primarily based on the following peer-reviewed scientific articles:
* What do package dependencies tell us about semantic versioning? Alexandre Decan, Tom Mens. IEEE Transactions on Software Engineering, 2019. https://doi.org/10.1109/TSE.2019.2918315
* An empirical comparison of dependency network evolution in seven software packaging ecosystems. Alexandre Decan, Tom Mens, Philippe Grosjean. Empirical Software Engineering 24(1):381-416, 2019. https://doi.org/10.1007/s10664-017-9589-y
* A formal framework for measuring technical lag in component repositories and its application to npm. Ahmed Zerouali, Tom Mens, Jesus Gonzalez‐Barahona, Alexandre Decan, Eleni Constantinou, Gregorio Robles. Journal of Software: Evolution and Process 31(8), 2019. https://doi.org/10.1002/smr.2157
* On the Impact of Security Vulnerabilities in the npm Package Dependency Network. Alexandre Decan, Tom Mens, Eleni Constantinou. International Conference on Mining Software Repositories, 2018. https://doi.org/10.1145/3196398.3196401
* On the Evolution of Technical Lag in the npm Package Dependency Network. Alexandre Decan, Tom Mens, Eleni Constantinou. International Conference on Software Maintenance and Evolution, 2018. https://doi.org/10.1109/ICSME.2018.00050
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Tom Mens
Presentation at CHAOSSCon Europe 2020 about the generic technical lag software measurement framework. Technical lag measures the increasing difference between deployed software components and the ideal upstream software components.
For more information, see https://doi.org/10.1002/smr.2157
This presentation reports on the research results achieved in the context of the interuniversity interdisciplinary research project SECOHealth "Vers une méthodologie et analyse socio-technique interdisciplinaire de la santé des écosystèmes logiciels" co-financed by FRS-FNRS Belgium and FRQ (FRSC - FRNT, Québec) with principal investigators Tom Mens (UMONS), Bram Adams (Polytechnique Montréal) and Josianne Marsan (Université Laval).
Introduction to the research seminar on empirical analysis of open source software ecosystems, organised by the SECO-ASSIST "excellence of science" research project, on September 4th, 2019 at the University of Mons, Belgium. With invited presentations by Alexander Serebrenik, Jesus Gonzalez-Barahona, Dario Di Nucci and Henrique Nucci. The seminar concludes with the public PhD defense of Ahmed Zerouali (supervised by Tom Mens) on the topic of "A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems"
Empirically Analysing the Socio-Technical Health of Software Package ManagersTom Mens
Invited presentation at Concordia University (Montreal, Canada) by Eleni Constantinou and Tom Mens on recent research about the socio-technical health issues in software package management ecosystems.
Abstract: The large majority of today’s software is relying on open software software components. Such components are typically distributed through package managers for a wide variety of programming languages, and developed and maintained through online distributed software development services like GitHub. Software component repositories are perceived as software ecosystems that constitute complex and evolving socio-technical software dependency networks. Because of their complexity and evolution, these ecosystems tend to suffer from a wide variety of software health issues that can be either technical or social in nature. Examples of such issues include the ecosystem fragility due to exponential growth and transitive dependencies; the abundance of outdated, unmaintained or obsolete software components; the prolonged presence of unfixed bugs and security vulnerabilities; the abandonment or high turnover of key contributors, suboptimal collaboration between contributors, and many more. This presentation will report on our past and ongoing empirical research that studies such health factors within and across different software packaging ecosystems (such as npm, RubyGems, Cargo, CRAN, CPAN). We provide empirical evidence of some of the health problems, compare their presence across different ecosystems, and suggest ways to reduce their potential impact by providing concrete guidelines and tools. The presented research Is being conducted by researchers of the Software Engineering Lab at the University of Mons in the context of two ongoing projects SECOHealth and SECO-ASSIST, aiming to analyse and improve the health of software ecosystems.
ConPan: Analysing Packages Installed in Docker ContainersTom Mens
ConPan is a tool that analyzes software packages installed in Docker containers to identify outdated and vulnerable packages. It combines information about outdatedness and known security vulnerabilities. ConPan works by scanning Docker images and comparing package information to vulnerability databases. The goal is to help identify security risks from outdated and vulnerable packages in container images to improve container security.
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...Tom Mens
Presentation by Tom Mens of SANER 2019 paper that was awarded as best paper. The topic concerns Docker containers, and more in particular the relation between outdated packages, technical lag, security vulnerabilities and bugs.
On the diversity of software popularity metrics: An empirical study of npmTom Mens
Presentation by Prof. Tom Mens (University of Mons) of an ERA-track paper at SANER 2019, the International Conference on Software Analysis, Evolution and Reengineering (Hangzhou, China, February 2019).
Abstract: Software systems often leverage on open source software libraries to reuse functionalities. Such libraries are readily available through software package managers like npm for JavaScript. Due to the huge amount of packages available in such package distributions, developers often decide to rely on or contribute to a software package based on its popularity. Moreover, it is a common practice for researchers to depend on popularity metrics for data sampling and choosing the right candidates for their studies. However, the meaning of popularity is relative and can be defined and measured in a diversity of ways, that might produce different outcomes even when considered for the same studies. In this paper, we show evidence of how different is the meaning of popularity in software engineering research. Moreover, we empirically analyse the relationship between different software popularity measures. As a case study, for a large dataset of 175k npm packages, we computed and extracted 9 different popularity metrics from three open source tracking systems: libraries.io, npmjs.com and GitHub. We found that indeed popularity can be measured with different unrelated metrics, each metric can be defined within a specific context. This indicates a need for a generic framework that would use a portfolio of popularity metrics drawing from different concepts.
Acknowledgments: This work was partially supported by the EU Research FP (H2020-MSCA-ITN-2014-642954, Seneca), the Spanish Government (TIN2014-59400-R, SobreVision), the Excellence of Science Project SECO-Assist (O015718F, FWO - Vlaanderen and F.R.S.-FNRS).
How to increase the technical health of your software?Tom Mens
Presentation by Prof. Tom Mens (University of Mons) about the relation between, and guidelines for increasing, the internal and external technical debt and technical health of software. This talk was presented at the Business and Technology Club of the Infopole Cluster TIC in Gosselies (Belgium) on 19 February 2019. The ideas presented are partly based on research conducted in the context of the FRNS-FWO co-financed "Excellence of Science" Research Project SECO-ASSIST (http://secoassist.github.io)
"Software Ecosystem Health" lightning talkTom Mens
A 5-minute lightning talk at CHAOSSCon Europe (Brussels, 1 February 2019), presenting our recent activities around software ecosystem health, as part of the SECOHealth (secohealth.github.io) and SECO-ASSIST (secoassist.github.io) collaborative research projects.
On the health of the npm packaging ecosystemTom Mens
Presentation at DrupalCamp 2018 (Ghent) by Tom Mens (University of Mons) about lessons learned and guidelines based on a historical empirical analysis of the npm JavaScript packaging ecosystem, and the impact of technical problems in its package dependency network. This work is part of the SECOHealth and SECO-ASSIST research projects, co-financed by the FNRS-FRS.
On the evolution of technical lag in the npm package dependency networkTom Mens
Presentation at the International Conference on Software Maintenance and Evolution (ICSME2018), Madrid, Spain, 28 September 2018. Joint research by Alexandre Decan, Eleni Constantinou, Tom Mens at the Software Engineering Lab of the University of Mons. Research conducted in the context of the SECOHealth and SECO-ASSIST research projects (https://secohealth.github.io, https://secoassist.github.io)
We empirically analyse the context of technical lag in the JavaScript npm package dependency network to assess to which extent npm software packages and their dependencies are outdated.
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
Presentation slides of MSR 2018 article, co-authored by Alexandre Decan, Tom Mens and Eleni Constantinou from University of Mons, Belgium. Research carried out as part of the SECOHealth and SECO-ASSIST research projects. Abstract: Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vul- nerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they affect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.
SoHeal 2018 Welcome Slides: First International Workshop on Software HealthTom Mens
This document provides information about the 1st International Workshop on Software Health (SoHeal 2018) which is being held on May 27th, 2018 in Gothenburg, Sweden and is co-located with the 40th International Conference on Software Engineering. The workshop will include an opening, keynote presentation, sessions on software ecosystem health, open source software health, and other topics. There will also be a joint discussion session between CHAOSS and SECOHealth. The organizing committee and program committee are listed.
M2i Webinar - « Participation Financière Obligatoire » et CPF : une opportuni...M2i Formation
Suite à l'entrée en vigueur de la « Participation Financière Obligatoire » le 2 mai dernier, les règles du jeu ont changé !
Pour les entreprises, cette révolution du dispositif est l'occasion de revoir sa stratégie de formation pour co-construire avec ses salariés un plan de formation alliant performance de l'organisation et engagement des équipes.
Au cours de ce webinar de 20 minutes, co-animé avec la Caisse des Dépôts et Consignations, découvrez tous les détails actualisés sur les dotations et les exonérations, les meilleures pratiques, et comment maximiser les avantages pour les entreprises et leurs salariés.
Au programme :
- Principe et détails de la « Participation Financière Obligatoire » entrée en vigueur
- La dotation : une opportunité à saisir pour co-construire sa stratégie de formation
- Mise en pratique : comment doter ?
- Quelles incidences pour les titulaires ?
Webinar exclusif animé à distance en coanimation avec la CDC
Conseils pour Les Jeunes | Conseils de La Vie| Conseil de La JeunesseOscar Smith
Besoin des conseils pour les Jeunes ? Le document suivant est plein des conseils de la Vie ! C’est vraiment un document conseil de la jeunesse que tout jeune devrait consulter.
Voir version video:
➡https://youtu.be/7ED4uTW0x1I
Sur la chaine:👇
👉https://youtube.com/@kbgestiondeprojets
Aimeriez-vous donc…
-réussir quand on est jeune ?
-avoir de meilleurs conseils pour réussir jeune ?
- qu’on vous offre des conseils de la vie ?
Ce document est une ressource qui met en évidence deux obstacles qui empêchent les jeunes de mener une vie épanouie : l'inaction et le pessimisme.
1) Découvrez comment l'inaction, c'est-à-dire le fait de ne pas agir ou d'agir alors qu'on le devrait ou qu'on est censé le faire, est un obstacle à une vie épanouie ;
> Comment l'inaction affecte-t-elle l'avenir du jeune ? Que devraient plutôt faire les jeunes pour se racheter et récupérer ce qui leur appartient ? A découvrir dans le document ;
2) Le pessimisme, c'est douter de tout ! Les jeunes doutent que la génération plus âgée ne soit jamais orientée vers la bonne volonté. Les jeunes se sentent toujours mal à l'aise face à la ruse et la volonté politique de la génération plus âgée ! Cet état de doute extrême empêche les jeunes de découvrir les opportunités offertes par les politiques et les dispositifs en faveur de la jeunesse. Voulez-vous en savoir plus sur ces opportunités que la plupart des jeunes ne découvrent pas à cause de leur pessimisme ? Consultez cette ressource gratuite et profitez-en !
En rapport avec les " conseils pour les jeunes, " cette ressource peut aussi aider les internautes cherchant :
➡les conseils pratiques pour les jeunes
➡conseils pour réussir
➡jeune investisseur conseil
➡comment investir son argent quand on est jeune
➡conseils d'écriture jeunes auteurs
➡conseils pour les jeunes auteurs
➡comment aller vers les jeunes
➡conseil des jeunes citoyens
➡les conseils municipaux des jeunes
➡conseils municipaux des jeunes
➡conseil des jeunes en mairie
➡qui sont les jeunes
➡projet pour les jeunes
➡conseil des jeunes paris
➡infos pour les jeunes
➡conseils pour les jeunes
➡Quels sont les bienfaits de la jeunesse ?
➡Quels sont les 3 qualités de la jeunesse ?
➡Comment gérer les problèmes des adolescents ?
➡les conseils de jeunes
➡guide de conseils de jeunes
Impact des Critères Environnementaux, Sociaux et de Gouvernance (ESG) sur les...mrelmejri
J'ai réalisé ce projet pour obtenir mon diplôme en licence en sciences de gestion, spécialité management, à l'ISCAE Manouba. Au cours de mon stage chez Attijari Bank, j'ai été particulièrement intéressé par l'impact des critères Environnementaux, Sociaux et de Gouvernance (ESG) sur les décisions d'investissement dans le secteur bancaire. Cette étude explore comment ces critères influencent les stratégies et les choix d'investissement des banques.
Cours de conjugaison des verbes du premier, deuxième et troisième groupe
Comment programmer un robot en 30 minutes?
1. Comment programmer un robot en 30 minutes?
Sciences Informatiques
Faculté des Sciences
Université de Mons
24-25 mars 2022
2. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Contact
Courriel
secretariat.FS@umons.ac.be
informatique@umons.ac.be
Sites web
Université de Mons
https://web.umons.ac.be/fr/
Département d’informatique
http://informatique.umons.ac.be
Enseignement en sciences informatiques
http://informatique.umons.ac.be/index.php?p=teaching
https://web.umons.ac.be/fr/formations/
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 2 / 24
3. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Objectif
Dans cet atelier nous allons :
apprendre un robot à sortir d’un labyrinthe de manière autonome
https://youtu.be/_tKUm0VoYI4
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 3 / 24
4. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Objectif
Dans cet atelier nous allons :
Apprendre un robot à sortir d’un labyrinthe de manière autonome
à l’aide du langage de programmation Blockly
https://blockly.games
sur base d’un algorithme (une sorte de recette) permettant de
trouver son chemin dans un labyrinthe
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 4 / 24
5. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Blockly est un langage de programmation visuel :
plus simple à comprendre
composé de briques représentant les éléments principaux
permettant de construire un programme exécutable
un alternatif visuel à des langages de programmation
textuels (par exemple, Java, Python, JavaScript, . . . )
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 5 / 24
6. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Le langage de programmation Blockly
Un programme est composé de blocs rattachés comme un puzzle.
Cet ensemble de blocs correspond aux instructions que le programme
va exécuter.
Les instructions seront interprétées et exécutées par le programme
de haut en bas.
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 6 / 24
7. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Exemple
Un astronaute doit trouver son chemin dans une station spatiale
vers le sas où se trouve ses outils
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 7 / 24
8. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Exemple
Pour ce faire, l’astronaute peut e↵ectuer les actions suivantes :
avancer
tourner à gauche (sur lui-même à 90 )
tourner à droite (sur lui-même à 90 )
Ces actions seront exécutées par l’astronaute
grâce aux blocs d’instructions suivants :
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 8 / 24
9. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Comment peut-on éviter de devoir écrire plusieurs fois la même
instruction ?
Grâce aux boucles !
Une boucle répétera une ou plusieurs actions tant que la condition de la
boucle est respectée
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 9 / 24
10. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
On peut utiliser des conditions pour que le programme
prenne une décision selon la situation rencontrée.
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 10 / 24
11. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Le programme exécutera les instructions (les blocs) de haut en bas.
S’il tombe sur une condition, il évaluera la réponse :
Si la condition est vérifiée, une certaine suite d’instructions sera
exécutée
Sinon, une autre suite d’instructions sera exécutée
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 11 / 24
12. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Considérez le plan d’une station spatiale comme un labyrinthe.
Quel algorithme peut être utilisé par l’astronaute pour trouver son
chemin, s’il ne connaı̂t pas le plan de la station ?
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 12 / 24
13. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
L’algorithme de la main droite
Il suffit de garder sa main droite sur le mur situé à sa droite et le suivre.
Il faut tourner à droite si on ne touche plus le mur.
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 13 / 24
14. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Solution alternative
La technique peut aussi être utilisée avec la main gauche.
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 14 / 24
15. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Demo time !
https://blockly.games/maze?lang=fr&level=10&skin=1
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 15 / 24
16. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Qu’est-ce qu’un robot ?
Un robot c’est tout d’abord une base
Ensuite vient le processeur qui exécutera les instructions.
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 16 / 24
17. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
De quoi un robot a besoin pour évoluer dans son environnement ?
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 17 / 24
18. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
De quoi un robot a besoin pour évoluer dans son environnement ?
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 18 / 24
19. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Un robot peut apercevoir son environnement et l’état de ses composants
grâce aux capteurs. Ceux-ci comprennent :
Les caméras
Les capteurs de proximité
Les capteurs de contact
Les capteurs de température
...
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 19 / 24
20. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Un robot peut interagir avec son environnement grâce aux actuateurs.
Ceux-ci comprennent :
Les moteurs
Les bras robotiques
Les divers outils d’un robot
...
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 20 / 24
21. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Quels capteurs et actuateurs doit-on donner à un robot
pour qu’il puisse trouver son chemin dans le labyrinthe
grâce à l’algorithme de la main droite ?
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 21 / 24
22. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Demo time !
https://www.robotmesh.com/studio
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 22 / 24
23. Introduction Le langage Blockly Sortir d’un labyrinthe Programmer un robot Questions
Sciences Informatiques UMONS Comment programmer un robot en 30 minutes? 24-25 mars 2022 23 / 24