I regularly get pulled in to help w/ projects that are in trouble @work. And I go up to them and say 'where are your unit tests'. And they say 'what tests?', or 'yeah, we read that bit but didnt have time'. And I say 'you're late now, arent you?'
I actually despair at how there are many projects that do have my book, but completely fail to grasp the idea of testing. And that saddens me. Because the main reward for having a book is not the sales figures, it is the belief that you are benefiting the world by passing on your knowledge. And if they skimp on JUnit, well, the rest is irrelevant.
In the absence of formal qualifications for software dev the way there is for, say, plumbing or surgery, you could argue we all all amateurs. The only issue is then whether we are volunteers or paid.
one interesting feature about some communities is the amount of contribution by non-programmers. I'd point to Celestia as an example here; whoever provides the planet designs there are artists, not programmers. Perhaps for the OSS methodology to go mainstream, we have to appeal to more end users.
James Duncan D. only wrote Ant to make Tomcat open source; they used Make inside Sun. So it was created by a Sun employee for a goal, but it has been OSS for its entire life.
As the author of the best selling ant book, I have probably received most compensation in that direction, but even after three years, the revenue has still not justified the hours in writing the book. I think I earned $1000 last quarter, before tax. None of the other contributors active write now are authors, some do other products that live in the OSS build chain.
The primary way I get reward for working on ant is this: the projects I work in come in on time. Ant is only one of the tools and processes needed to manage this, but it helps.
There is one IDE person on the team, primarily because netbeans were submitting so many patches related to documentation that nobody could keep up. IBM/Eclipse provide some performance tuning too, but dont have commit rights. And we ignore their complaints that ant is broken on Win98, because we dont think anyone should be using win98 any more.
The build tool that JBoss use was built by us hobbiests. I hope a product built by "amateurs" with no support other than the user mail list and the defect tracking site is not so low quality that it isnt up to the 'commercial' needs of teams like JBoss. If it aint, well, they are free to fork it and do their own implementation ---let's see how far they get.
I am really pissed off with the "amateur" quote. Ant was built by its end users, but they were software developers, each solving their own little problem. As most software dev problems are common, the tool shares out. but amateur? Software professional in their spare time is more accurate.
If there is one thing that OSS has shown, it is that
1. full time software teams do not produce better quality products than the amateurs (example: Linux v. windows)
2. end user involvement produces products that meet user needs far better than a marketing department telling engineers in cubicles what to do.
Imagine if Ant was a private company. We'd have to have meetings with the VCs. We'd have a marketing department. We'd have to deliver things on deadlines, whether they were ready or not. And we' d have to convince the world we were better than a planet full of software developers collaborating to solve their own problems, and sharing the results. This is what jboss are like: they have to slag off the rest of the OSS community, to justify their very existence.
I contacted the lib dems and UKIP a few months back.
lib dems: Email back about how they were very unhappy about the way the council was ignoring parliament, possibly planning to take a stance simply for the power-struggle between parliament and council, rather than for the merits of patents. Though I guess if they had been in favour of the legislation, they would have gone with it.
UK Independence Party: a letter in the post (!) back complaining about how the EU was always interfering, it was our right to set our own patent laws, etc. I don't know if they were in favour or not; their ideology was in the way.
Actually, with some knowledge of CPU load you can do better; cranking up when the workload increases, scaling back when it goes down, and you can also distribute jobs to systems that are under less load.
the way speedstep cores work is that the final 25% of performance comes at the expense of 50% of the power consumption (as the core switches to max voltage). Its a bit like running a car at high rpms -you get power, but it is inefficient.
if your load balancer sends load to cpus running at below 70%-or-thereabouts load, you can do more efficient work.
no, i am not aware of anything that does this (yet), though a lot of the grid work is very power aware.
I knew that, I just wasnt going to go into the specifics, though I suppose with GPS speed limits it would have a 60 limit, and that bit from broadmead to the begin of the motorway limited to 30.
I dont know what the speed limit of that bit from st-werbughs to m32 is, the one where you start off @30 and have to be doing 70+ almost immediately. I think any GPS map would have a hard time there.
I saw some some posters from the fraunhofer institute in germany on the subject of power, with a graph of specint/watt.
0. all modern cores switch off idle things (like the FPU) and have done for some time.
1. those opteron cores have best in class performance
2. intel centrino cores, like the i740, have about double the specint/watt figure. That means they do their computation twice as efficiently.
In a datacentre, power and air conditioning costs are major operational expenses. If we can move to lower power cores there -and have adaptive aircon that cranks back the cooling when the system is idle, the power savings would be significant. of course, putting the datacentre somewhere cooler with cheap non-fossil-fueled electicity (like British Columbia) is also a good choice.
1. stopping distance depends on the vehicle. My old VW passat 1.8T could decellarate in a snap, because it had great breaks and was light. Whereas the Dodge Grand Caravan also had execellent brakes, but it had the mass and stopping distance of an oil tanker. And it was minimally agile.
2. Pedestrians, cyclists and other road users have not evolved better resistance to survivability than before.
So yes, cars are often better at stopping and surviving crashes, but the people they run in to have not. Which means that it is hard to justify raising the speed limits in towns or on mixed use roads (i.e. anything other than freeways/motorways)
The problem with raising speed limits on the fast roads is that it corrupts you; after 5 hours spent at 90mph, then urban roads seem slow, you go faster and then suddenly someone pulls out a side road and bang! its collision time.
Does this mean that low speed limits are good? Not always. I found the biggest threat in the US was not from speeding drivers, but inattentive ones. You know, the pickup going along with two wheels in the oncoming lane, or the honda with the driver on the phone while eating breakfast. The combination of moderate speeds and simple road junctions means that it is easy to do other things while driving, and then get distracted.
-steve
(not a fan of GPS enforced speed limits, and fond of driving at 85mph)
That is my pet peeve about this plan. So far, the trials can say "In controlled circumstances, some people who volunteered to drive a speed-limited vehicle, didn't speed".
But it doesnt say "stick these in the cars of people who want to speed, and they will not be subverted" or "the system is resistant to abuse". Where I live (bristol), there is a 70+mph motorway flyover which goes over and alongside 30mph roads. all you need to be is 5m off your GPS fix and suddenly your car thinks it should be doing 25mph, no 70. And guess what, 5m is well within the margin of error for non-WAAS-enhanced GPS triangulation.
Or what about motorway tunnels? You'd have to assume that the tunnel retained the speed going in. So you enter a motorway tunnel, snip the GPS antenna, and for the rest of the vehicle's life (or until the next MoT vehicle safety check) it thinks it can do 70mph. Better yet, drive over to germany and then snip the connection.
The other thing is that you are so dependent upon map accuracy. Old maps are likely to miss out new fast roads, but wont include extra information about the (inevitable) lowering of limits on existing roads. I can see a market (and the inevitable spam) for illegal roadmaps which tell the car that the speed limit for the country is 120+ mph...
..I didnt know about the flag burning stuff till you said it, now I see your point. A classic bit of minor-rewards-for-a-subset-of-voters payback for the elections, leaving the govt to get on with the complexity of resolving hard problems like Exxon's stance of Global Warming with the rest of the worlds' consensus.
It is notable that in france, companies can write of bribes to foreign companies/govts as tax deductible expenses. Only in-france bribes are illegal. Its going to take a lot of effort to move the EU forward...
My home music/cvs server is a laptop, which can live anywhere. It is currently hidden up my attic, not through fear of the police, but through the fear that anyone who broke in to my house would steal a laptop without knowing that a 1999 PII unit is effectively worthless.
If I were worried about data-on-site, I could leave the laptop with my neighbours, in coverage of the WLAN. As far as the net is concerned, it is in my house, but as far as warrants go, well, it would be harder.
If you have virtual PC or vmware you dont need to activate more than once.
I have winXP VMs (domained, undomained), and a win98 vm (historical quirk). Once you get a stable image with msoffice, activate it, snapshot it, and duplicate the VM image. One tip: activate and snapshot before you domain it, as it is a real pain to undomain a win2k-domained image.
one of the original paper authors was actually on the MS trusted computing groups, peter biddle.
What this paper says is what is clearly MS-internal knowledge, that flawless DRM is impossible. They know that because whenever they try and copy-protect software, all it does is delay the inevitable and inconvenience the legit people. If you can't protect software (which is the only data which can integrate its own legitimacy checks), what hope do you have against passive content like music or video?
MS (and the PC vendors) come in for inordinate amounts of grief from the media companies, those vendors who still beleive that DRM is workable, and if the PC people dont put it in voluntarily, then the government will have to mandate it.
darknet says that all you do is increase the effort required to produce a rip (routing via a good A/D & D/A conversion setup, for example), and that content sharing is so integral to the network, that you cannot stop ripped data being shared.
It sounds like the book exposes some of this war that goes on behind the scenes. One thing that worries me is that as the PC/OS vendors make more money from content sales (music, video), they will be more motivated to add DRM in, whether it is required or not. the Mac/x86 will be the metric: will the TPM be used just to stop MacOS being installed on other boxes, or will they try and lock down all itunes content.
that is a good point. the card number space isnt big enough to resist brute force. And if you dont seed the hashes with some uniqueness, anyone malicious can create a file with all the pre-generated md5 hashes for the keys, and then lookup time is instantly trivial. If you were going to attack many hashed card numbers, that is the approach to take, as it scales better.
I work at a corporate F100 R&D lab, most of what gets written up is either
-prescriptive stuff that you'd like adopted -things you built that you'd like the world to know about.
For a corporate group, a paper is only a half-success, depending on the ranking mechanism. A Popular paper is good, but not as good as getting into shipping product. And there MSR have the same problem I have -the gulf between research code and production stuff. Actually, their problem is worse, they have to go through the MS lifecycle, whereas our codebase is now open source (http://smartfrog.org/) so that we can have stuff in users hands in real time.
Summary: the presence of an MSR paper on its own is meaningless.
returning to MS and P2P, note that MS own groove, which has an excellent P2P filesystem, though one that will forever be windows only. They already do P2P products, they just are not as common as say, Exchange Server.
in theory, walmart could store a good hash of the card, say a SHA1#, and then use that as the key in the database to lookup transactions. Steal the DB and all you get are a set of SHA1 values, pretty meaningless on their own.
I say in theory, as you could do the same with SSN numbers, but as we know, everyone is too lazy to do that.
At least the card companies do care more about loss of card numbers than the government cares about SSN abuse.
true, but it lets the ISP know there is a phishing problem.
however, going near any phish site makes you vulnerable to any viruses/worms on there, at least if you are daft enough to use IE as your browser.
IMO a better target to attack is the courier biz; those idiots who sign up as "courier for east european financial business" when they get that junk mail, the one that lets you work at home and keep 10% of the financial transfers. These are the people used to hide the fact that money is going abroad, making it look local to the bank or country, and the ones holding the pot when the deal fails.
If everyone signs up for those when they get the mails (on a disposable account), gets the details and then does nothing with it, the cost of courier recruitment increases and it becomes less profitable,
now, banks and the police could do it properly; pretend to be a courier for a month or two just to track where the money goes and who has been phished...
the 2.6 kernel knows enough about ACPI and laptops to be usable on the move, with a laptop that can switch from network location to location, the WLAN rebinding, power management engaging. It also knows enough about mainstream hardware that I managed to get both ubuntu and Suse 9.3 working on a 2 year old laptop, even the WLAN working. It suspends to disk! and comes back!
I suspect solaris is more server/desk workstation centric. I know sun dont make laptops, and stopped funding powerbook purchases a few years back. I also know that Java (J2SE) lacks any APIs for power management features, and the implementation cannot handle things like IP addresses changing during the lifespan of a process. (e.g. all DNS lookups are cached forever by default, there is no way to turn this off in an app itself, only the command line).
If solaris drivers dont have power management in there, it will take a lot of work to retrofit it.
Can anyone dredge a copy of the old NeWS windowing system and release that now too; that could do stuff so much cooler than X11 can do today, even, what, 15 years later. Or is the tar file of the source slowly rotting away in a tape that wont be readable before long.
First, I want to observe that 'configuration management' is still an academic research. nobody gets it right. But you are making some valid points.
IMO one mistake that linux distros do is have a single central place for all binaries, all installed by root. Whereas having a per-app configuration makes more sense. If my app wants version 4.3 of a library, it can live in my user space while another app has version 4.2. This works. right up until a security alert forces upgrades to 4.2.1 and 4.3.1 and you have to locate every single instance of a library and pacth. Across 500 machines on a site.
The Maven2 stuff from Apache is leading the way for Java JAR versioning and retrieval; other apps are using it too. There each user has their own local cache of JARs, all stored in different dirs for project/artifact/version. Each artifact is md5 signed and includes a descriptor of what other files it depends on.
I am working with this, and it is, well, interesting. There are some quirks, especially with transitive dependency inference. Whenever a library declares the files it depends on, those have to be treated as hints, hints you can override.
The other thing that interests me is vmware, who are now hosting prebuilt system images. Want a copy of suse linux with mysql configured. Download it. Want a debian distro with kde3.4? download it. Each OS is a self contained thing you pull down.
there are some interesting security issues there, I am sure..
Slashdot Mirror
I regularly get pulled in to help w/ projects that are in trouble @work. And I go up to them and say 'where are your unit tests'. And they say 'what tests?', or 'yeah, we read that bit but didnt have time'. And I say 'you're late now, arent you?'
I actually despair at how there are many projects that do have my book, but completely fail to grasp the idea of testing. And that saddens me. Because the main reward for having a book is not the sales figures, it is the belief that you are benefiting the world by passing on your knowledge. And if they skimp on JUnit, well, the rest is irrelevant.
In the absence of formal qualifications for software dev the way there is for, say, plumbing or surgery, you could argue we all all amateurs. The only issue is then whether we are volunteers or paid.
one interesting feature about some communities is the amount of contribution by non-programmers. I'd point to Celestia as an example here; whoever provides the planet designs there are artists, not programmers. Perhaps for the OSS methodology to go mainstream, we have to appeal to more end users.
James Duncan D. only wrote Ant to make Tomcat open source; they used Make inside Sun. So it was created by a Sun employee for a goal, but it has been OSS for its entire life.
As the author of the best selling ant book, I have probably received most compensation in that direction, but even after three years, the revenue has still not justified the hours in writing the book. I think I earned $1000 last quarter, before tax. None of the other contributors active write now are authors, some do other products that live in the OSS build chain.
The primary way I get reward for working on ant is this: the projects I work in come in on time. Ant is only one of the tools and processes needed to manage this, but it helps.
There is one IDE person on the team, primarily because netbeans were submitting so many patches related to documentation that nobody could keep up. IBM/Eclipse provide some performance tuning too, but dont have commit rights. And we ignore their complaints that ant is broken on Win98, because we dont think anyone should be using win98 any more.
The build tool that JBoss use was built by us hobbiests. I hope a product built by "amateurs" with no support other than the user mail list and the defect tracking site is not so low quality that it isnt up to the 'commercial' needs of teams like JBoss. If it aint, well, they are free to fork it and do their own implementation ---let's see how far they get.
I am really pissed off with the "amateur" quote. Ant was built by its end users, but they were software developers, each solving their own little problem. As most software dev problems are common, the tool shares out. but amateur? Software professional in their spare time is more accurate.
If there is one thing that OSS has shown, it is that
1. full time software teams do not produce better quality products than the amateurs (example: Linux v. windows)
2. end user involvement produces products that meet user needs far better than a marketing department telling engineers in cubicles what to do.
Imagine if Ant was a private company. We'd have to have meetings with the VCs. We'd have a marketing department. We'd have to deliver things on deadlines, whether they were ready or not. And we' d have to convince the world we were better than a planet full of software developers collaborating to solve their own problems, and sharing the results. This is what jboss are like: they have to slag off the rest of the OSS community, to justify their very existence.
-Steve
I contacted the lib dems and UKIP a few months back.
lib dems: Email back about how they were very unhappy about the way the council was ignoring parliament, possibly planning to take a stance simply for the power-struggle between parliament and council, rather than for the merits of patents. Though I guess if they had been in favour of the legislation, they would have gone with it.
UK Independence Party: a letter in the post (!) back complaining about how the EU was always interfering, it was our right to set our own patent laws, etc. I don't know if they were in favour or not; their ideology was in the way.
yes indeed :)
Actually, with some knowledge of CPU load you can do better; cranking up when the workload increases, scaling back when it goes down, and you can also distribute jobs to systems that are under less load.
the way speedstep cores work is that the final 25% of performance comes at the expense of 50% of the power consumption (as the core switches to max voltage). Its a bit like running a car at high rpms -you get power, but it is inefficient.
if your load balancer sends load to cpus running at below 70%-or-thereabouts load, you can do more efficient work.
no, i am not aware of anything that does this (yet), though a lot of the grid work is very power aware.
I knew that, I just wasnt going to go into the specifics, though I suppose with GPS speed limits it would have a 60 limit, and that bit from broadmead to the begin of the motorway limited to 30.
I dont know what the speed limit of that bit from st-werbughs to m32 is, the one where you start off @30 and have to be doing 70+ almost immediately. I think any GPS map would have a hard time there.
I saw some some posters from the fraunhofer institute in germany on the subject of power, with a graph of specint/watt.
0. all modern cores switch off idle things (like the FPU) and have done for some time.
1. those opteron cores have best in class performance
2. intel centrino cores, like the i740, have about double the specint/watt figure. That means they do their computation twice as efficiently.
In a datacentre, power and air conditioning costs are major operational expenses. If we can move to lower power cores there -and have adaptive aircon that cranks back the cooling when the system is idle, the power savings would be significant. of course, putting the datacentre somewhere cooler with cheap non-fossil-fueled electicity (like British Columbia) is also a good choice.
1. stopping distance depends on the vehicle. My old VW passat 1.8T could decellarate in a snap, because it had great breaks and was light. Whereas the Dodge Grand Caravan also had execellent brakes, but it had the mass and stopping distance of an oil tanker. And it was minimally agile.
2. Pedestrians, cyclists and other road users have not evolved better resistance to survivability than before.
So yes, cars are often better at stopping and surviving crashes, but the people they run in to have not. Which means that it is hard to justify raising the speed limits in towns or on mixed use roads (i.e. anything other than freeways/motorways)
The problem with raising speed limits on the fast roads is that it corrupts you; after 5 hours spent at 90mph, then urban roads seem slow, you go faster and then suddenly someone pulls out a side road and bang! its collision time.
Does this mean that low speed limits are good? Not always. I found the biggest threat in the US was not from speeding drivers, but inattentive ones. You know, the pickup going along with two wheels in the oncoming lane, or the honda with the driver on the phone while eating breakfast. The combination of moderate speeds and simple road junctions means that it is easy to do other things while driving, and then get distracted.
-steve
(not a fan of GPS enforced speed limits, and fond of driving at 85mph)
That is my pet peeve about this plan. So far, the trials can say "In controlled circumstances, some people who volunteered to drive a speed-limited vehicle, didn't speed".
But it doesnt say "stick these in the cars of people who want to speed, and they will not be subverted" or "the system is resistant to abuse". Where I live (bristol), there is a 70+mph motorway flyover which goes over and alongside 30mph roads. all you need to be is 5m off your GPS fix and suddenly your car thinks it should be doing 25mph, no 70. And guess what, 5m is well within the margin of error for non-WAAS-enhanced GPS triangulation.
Or what about motorway tunnels? You'd have to assume that the tunnel retained the speed going in. So you enter a motorway tunnel, snip the GPS antenna, and for the rest of the vehicle's life (or until the next MoT vehicle safety check) it thinks it can do 70mph. Better yet, drive over to germany and then snip the connection.
The other thing is that you are so dependent upon map accuracy. Old maps are likely to miss out new fast roads, but wont include extra information about the (inevitable) lowering of limits on existing roads. I can see a market (and the inevitable spam) for illegal roadmaps which tell the car that the speed limit for the country is 120+ mph...
..I didnt know about the flag burning stuff till you said it, now I see your point. A classic bit of minor-rewards-for-a-subset-of-voters payback for the elections, leaving the govt to get on with the complexity of resolving hard problems like Exxon's stance of Global Warming with the rest of the worlds' consensus.
It is notable that in france, companies can write of bribes to foreign companies/govts as tax deductible expenses. Only in-france bribes are illegal. Its going to take a lot of effort to move the EU forward...
My home music/cvs server is a laptop, which can live anywhere. It is currently hidden up my attic, not through fear of the police, but through the fear that anyone who broke in to my house would steal a laptop without knowing that a 1999 PII unit is effectively worthless.
If I were worried about data-on-site, I could leave the laptop with my neighbours, in coverage of the WLAN. As far as the net is concerned, it is in my house, but as far as warrants go, well, it would be harder.
If you have virtual PC or vmware you dont need to activate more than once.
I have winXP VMs (domained, undomained), and a win98 vm (historical quirk). Once you get a stable image with msoffice, activate it, snapshot it, and duplicate the VM image. One tip: activate and snapshot before you domain it, as it is a real pain to undomain a win2k-domained image.
Virtualization defeats activation.
one of the original paper authors was actually on the MS trusted computing groups, peter biddle.
What this paper says is what is clearly MS-internal knowledge, that flawless DRM is impossible. They know that because whenever they try and copy-protect software, all it does is delay the inevitable and inconvenience the legit people. If you can't protect software (which is the only data which can integrate its own legitimacy checks), what hope do you have against passive content like music or video?
MS (and the PC vendors) come in for inordinate amounts of grief from the media companies, those vendors who still beleive that DRM is workable, and if the PC people dont put it in voluntarily, then the government will have to mandate it.
darknet says that all you do is increase the effort required to produce a rip (routing via a good A/D & D/A conversion setup, for example), and that content sharing is so integral to the network, that you cannot stop ripped data being shared.
It sounds like the book exposes some of this war that goes on behind the scenes. One thing that worries me is that as the PC/OS vendors make more money from content sales (music, video), they will be more motivated to add DRM in, whether it is required or not. the Mac/x86 will be the metric: will the TPM be used just to stop MacOS being installed on other boxes, or will they try and lock down all itunes content.
that is a good point. the card number space isnt big enough to resist brute force. And if you dont seed the hashes with some uniqueness, anyone malicious can create a file with all the pre-generated md5 hashes for the keys, and then lookup time is instantly trivial. If you were going to attack many hashed card numbers, that is the approach to take, as it scales better.
I work at a corporate F100 R&D lab, most of what gets written up is either
-prescriptive stuff that you'd like adopted
-things you built that you'd like the world to know about.
For a corporate group, a paper is only a half-success, depending on the ranking mechanism. A Popular paper is good, but not as good as getting into shipping product. And there MSR have the same problem I have -the gulf between research code and production stuff. Actually, their problem is worse, they have to go through the MS lifecycle, whereas our codebase is now open source (http://smartfrog.org/) so that we can have stuff in users hands in real time.
Summary: the presence of an MSR paper on its own is meaningless.
returning to MS and P2P, note that MS own groove, which has an excellent P2P filesystem, though one that will forever be windows only. They already do P2P products, they just are not as common as say, Exchange Server.
in theory, walmart could store a good hash of the card, say a SHA1#, and then use that as the key in the database to lookup transactions. Steal the DB and all you get are a set of SHA1 values, pretty meaningless on their own.
I say in theory, as you could do the same with SSN numbers, but as we know, everyone is too lazy to do that.
At least the card companies do care more about loss of card numbers than the government cares about SSN abuse.
true, but it lets the ISP know there is a phishing problem.
however, going near any phish site makes you vulnerable to any viruses/worms on there, at least if you are daft enough to use IE as your browser.
IMO a better target to attack is the courier biz; those idiots who sign up as "courier for east european financial business" when they get that junk mail, the one that lets you work at home and keep 10% of the financial transfers. These are the people used to hide the fact that money is going abroad, making it look local to the bank or country, and the ones holding the pot when the deal fails.
If everyone signs up for those when they get the mails (on a disposable account), gets the details and then does nothing with it, the cost of courier recruitment increases and it becomes less profitable,
now, banks and the police could do it properly; pretend to be a courier for a month or two just to track where the money goes and who has been phished...
the 2.6 kernel knows enough about ACPI and laptops to be usable on the move, with a laptop that can switch from network location to location, the WLAN rebinding, power management engaging. It also knows enough about mainstream hardware that I managed to get both ubuntu and Suse 9.3 working on a 2 year old laptop, even the WLAN working. It suspends to disk! and comes back!
I suspect solaris is more server/desk workstation centric. I know sun dont make laptops, and stopped funding powerbook purchases a few years back. I also know that Java (J2SE) lacks any APIs for power management features, and the implementation cannot handle things like IP addresses changing during the lifespan of a process. (e.g. all DNS lookups are cached forever by default, there is no way to turn this off in an app itself, only the command line).
If solaris drivers dont have power management in there, it will take a lot of work to retrofit it.
...at least solaris will survive now.
Can anyone dredge a copy of the old NeWS windowing system and release that now too; that could do stuff so much cooler than X11 can do today, even, what, 15 years later. Or is the tar file of the source slowly rotting away in a tape that wont be readable before long.
The ASF take ownership of your code when you donate it to them.
difference is, you know that Apache themselves wont run off with your code, though they may change the ASF license to something you dont agree with.
good point. And of course the PC vendors get hosed by games consoles. go sony!
The reason for adding CPU and RAM last is because they depreciate the fastest; the later you add them, the less you have to pay.
Both mechanisms: customise in the channel and direct-from-ODM are solutions to this.
First, I want to observe that 'configuration management' is still an academic research. nobody gets it right. But you are making some valid points.
IMO one mistake that linux distros do is have a single central place for all binaries, all installed by root. Whereas having a per-app configuration makes more sense. If my app wants version 4.3 of a library, it can live in my user space while another app has version 4.2. This works. right up until a security alert forces upgrades to 4.2.1 and 4.3.1 and you have to locate every single instance of a library and pacth. Across 500 machines on a site.
The Maven2 stuff from Apache is leading the way for Java JAR versioning and retrieval; other apps are using it too. There each user has their own local cache of JARs, all stored in different dirs for project/artifact/version. Each artifact is md5 signed and includes a descriptor of what other files it depends on.
I am working with this, and it is, well, interesting. There are some quirks, especially with transitive dependency inference. Whenever a library declares the files it depends on, those have to be treated as hints, hints you can override.
The other thing that interests me is vmware, who are now hosting prebuilt system images. Want a copy of suse linux with mysql configured. Download it. Want a debian distro with kde3.4? download it. Each OS is a self contained thing you pull down.
there are some interesting security issues there, I am sure..
yup. call it vmware.
I have separate windows VMs for work and play, and when my child gets big enough to need his own pc, he gets his own vm too.