Insufficient. If you hook Windows directly up to broadband to get WindowsUpdate running, you have a good chance of being infected before you are patched. Software firewalls don't block everything, so Step 6 is insufficient, unless you have a machine proxying, NATting firewall or a true firewall. Even then you put a vulnerable machine on your local network, which may have unpleasant surprises in store for you.
A better option is for step 8 becomes: get all windows updates and security fixes ON CD, because otherwise you expose your machine prior lockdown. Likewise, turn off unneeded services (you don't need to be sharing files and printers, why the heck would you leave the SMB server running?) prior to connecting to a network.
Yet, even with all that you end up with the problem of vulnerabilities that are not patched prior to the exploit being generally available. Yes, using alternate programs and avoiding untrustworthy websties sounds good, until you make a typo and end up at an untrustworthy site by accident. (Or shall we decree the typo a death penalty offense). I recently saw a typo site trying to exploit the Firefox 1.9.2 vulnerability to install adware (which didn't work since I was on Linux as I am right now, but they tried...)
In the end, perhaps having a virus scanner in memory to detect things that get through all your other work might be wise. Otherwise that high and mighty "almost no way you can get hit" will bite you back when the almost part comes true and you don't even know it happened. Remember: security is about defense in depth and a big ego provides little depth.
I personally don't care for anti-virus software (it is a little late in the cycle for my taste), but to avoid using it on the corporate networks I care for would be gross negligence on my part, opening me up to potential legal liability. Suddenly $22 a machine a year looks pretty good, even as I take all the other steps to avoid needing it in the first place.
True, however it also means that I can't design a better front end for it - I'm stuck with whatever is released along with the library.
Huh? You can perfectly well improve the front end as long as you don't distribute it while failing to distribute your changes. That was my reason for pointing out it was a code generator. I can improve the code generator, use the code that it writes and all within the bounds of the GPL.
The only thing I can't do is improve the code generator itself and then try to distribute the improved version without the source to those improvements.
I don't see that as being a blockade in any way to useability of this. I can do far *more* than I can with a commercial product (such improve the front end for my personal use).
As far as I can tell, this isn't a library, but a code generator so being under GPL makes little difference for daily use. Output from GPL software is *not* constrained by the GPL, only changes to the code generator *itself* would have to be given back to the community, not any project that used generated code.
Or has Microsoft etc all done such a good job of convincing people the GPL is evil that you think that using GCC or the GIMP means my code/image is somehow GPLed by magic?
OK, this part is off topic, but what the heck does "we broke our duck" mean? I'm sure it is some clever down under slang, but darned if I can decode it.
These lines are the kicker (and send exactly the opposite message from the summary here on/.):
Early this year, O'Shaughnessy warned that SCO had prepared a hit list and would approach Australian Linux users to ensure they had an IP license. But this urgency has dissipated with O'Shaughnessy pointing out that he had enough on his plate and would simply sell licenses as the opportunity arose.
Can anyone seriously say that they are really committed to victory in the courts if they have backpedaled that far on enforcing "their violated rights" down under?
Anyone remember the interfaces in The Diamond Age? The population didn't need to read or write because interfaces had become iconographic and voice/speech based.
I suspect that having access to computers will be beneficial only after some specific infrastructure is in place first. Dumbing down an interface doesn't seem to be a way to improving the chances of that infrastructure will improve to the point that such a device could actually be used.
A far more productive revolution in computing has come about via Internet cafes. A community can build a shared resource like that much easier and the communication between those who visit it is far more likely to spread skills than a bunch of remote controls that don't need any skillset to operate.
Looking at your comment history, I can see that this was a case of foot in mouth from not checking the article, not base carelessness towards others, but boy did you create a firestorm:)
Just so you know, I live in Arizona and our Sheriff is renowned for believing that due process is for wimps and once people are in his "possession" that they have no rights to be treated as humans. He is one of the few in the United States that actually has had Amnesty International and other aid organizations investigate his "Tent City".
Maricopa County, Arizona, is home for over three million Americans. It is a place where dealing with crime figures is the number one election issue. At the center of this community is the self-styled toughest sheriff in the West, Joe Arpaio. Sheriff Joe has a philosophy of zero tolerance towards crime, which has been embraced by deputies and the community alike. Part of the mission of the sheriff's office is "to operate a safe, constitutional jail system," while critics such as Amnesty International claim the sheriff's tactics are questionable and trample an individual's constitutional rights. This program provides unique access into the controversial world of "Tent City," where the sheriff and his men rule with an iron fist. He's put men and women into grueling chain gangs; legalized Wild West style posses; built a 1,200+ person prison out of Korean war tents and razor wire in the baking Arizona desert, dressed inmates into black and white striped clothing and pink underwear, given guards use of 75,000 volt electric stun guns, and with an 85% approval rating in the county proudly boasts of being on the leading edge of law enforcement and incarceration.
-- America's Toughest Sheriff: Joe Arpaio
However, what is fascinating here is that this was about the treatment of people being *arrested*, not *convicted*. Joe doesn't brook much difference between the two: he is a true "out west Sheriff" and believes that he *is* the law, not just its arm.
From that article you can see a pretty balanced view of the guy... for all the things he does, he isn't really all that much more effective than anyone else. Surely not enough so that he shouldn't have to respect people's rights *before* they are convicted of anything.
Having installed wired and wireless networking on manufacturing floors I can tell you that before this dream of magic wireless connectivity comes true, these machines will need vastly better RF shielding. We had a bugger of a time getting wireless to work and even wired networks would act up if you were not careful where you placed the wires. (One company ran fiber optic to the floor machines because the interference issue couldn't be resolved satisfactorily: not a cheap way to go).
So how long will it take to get those machines updated? Well, one of my first jobs out of the U was making a tape punch work on a PC so they could edit programs and load them from paper tape. That was in 1990. I'm guessing that these will be a great concept for someone building a factory floor from scratch, but retrofitting is going to be a big flop.
You must have been trying to play Paranoia *seriously* with a GM who took it too seriously or something. Paranoia was about maiming, killing off or outcasting characters at a blinding rate. That's why you had clones: so you didn't have to keep writing up a new character. It delivers pain and suffering, amusement at the folly of resisting the computer and backstabbing opprotunities at every corner. Basically we used it to blow off steam after long lasting campaigns or for one evening sessions of mayhem. I pity anyone who tried to campaign in Paranoia classic. It would be like trying to campaign as the Christians at the Roman Coliseum.
The reason it was slo-mo is because he was issuing exactly the right blocks at exactly the right time: interrupting Chun-Li's kick is *not* an easy feat. She was my favorite character in fact because that hyper speed kick was death to all but those who were masters of the game (when not intrrupted she issues about 3-4 kicks per second on that special).
According to this survey 17% of desktops needed repairs on average. Is this inflated by crazed users throwing them against walls, or do we really have that bad of a track record in this industry? I have a lot of hardware in my house and at my clients businesses and I don't see a nearly 1 in 5 chance of needing a hardware repair. Fixing a broken OS install and removing malware (usually the cause of the former) appear to be the most popular support calls I get recently.
I think that there are inaccuracies on most of the statements made (not to the point that completely reverse the analysis, but the issues are more complex than they are being made) but point #3 is obviously the impetus behind Neil's questioning "Open Source Myths".
I have seen similar to this quite a bit: "I grew up in the 1980's assuming that I would one day be able to write some really cool software, then *SELL IT*, and make some real money for my trouble." I think that this is *not* a valid argument. While stating a personal opinion and emotional state quite clearly, one could say the same about the farmers who "expected to make a living on the farm" or factory workers who "expected to continue to make a living in the industry".
Efficiencies continue to increase in the world, displacing people from jobs, many times leaving them few good alternatives. Is this good? Surely it seems not to be for those displaced. Yet, few people today would want to be contrained by the living conditions of the early 1900's, or earlier. We live lives that the kings of old would have killed for, by standing on the broken backs of those displaced by efficiencies that were created by new technologies and methodologies. I myself would find it difficult to give up modern amenities while simultaneously understanding the concerns of outsourcing and open source. Hypocrite is one word for it, I guess. At the end of the day, I have decided that luxury trumps a living wage for my fellow man.
So how does this apply to OSS? Simply: we are outsourcing the development of potentially commercial work to *ourselves* and creating the infrastructure for software to be "worth less in dollars spent". If I build operating systems, web servers or databases, I'm pretty sure I would be feeling just like the farmers and factory workers of old: there is a pressure building that is not going to go away, which will sap the monetary reward for what I do.
Does this mean I am against OSS then? Surely not, for I realize that the end result of this change is software development is not the destruction of an industry, but the creation of a bedrock of new technologies and methodologies which will allow me to produce better and better solutions for my customers at lower and lower costs. I can't dream of writing the next "big word processor", but frankly that is an empty dream anyway with the established commercial vendors in place today. The only difference here with OSS is when a type of software reaches a certain threshold of maturity, commercial exploitation of that type of software becomes harder and harder as the OSS packages catch up.
The main difference with our industry is the *speed* at which the effects are felt: it took a generation to destroy the factory worker's job, it took several generations for the farms to be destroyed. We are seeing an industry created and destroyed in one lifetime. Myself, I'm glad I didn't get the opprotunity to get comfortable with the old model and had the chance to learn how to produce viable solutions for my customers using the new model. You see, for every dollar my clients don't spend on commercial operating systems, SQL servers, etc, there is a dollar available for me to apply honest work to solving the problems they are interested in having solved. Where OSS won't work, I'm more than willing to pay the commercial vendors for the parts and pieces I need: because in *those* cases they provided real value for my dollar.
Looks like SOE is taking this browbeating a little hard: anything/. linked to is gone. I always wonder why people bother to vent all over "official" forums when this seems to be the end result. It takes 5 seconds to issue a delete on a thread and silence any criticism. In the name of "good customer relations" (i.e., those who might stumble into the quagmire from the outside).
No, I don't think you are too cynical, I had the same impression. You don't pull a project from the developers to give them a head start on their next project, a project that *isn't* for your firm! These guys at Nihilistic are the only ones who know the code from top to bottom: pulling them can only damage the schedule and quality of the product. Knowing that Blizzard produces high quality games (to the point of cancelling those that don't meet standards) I can only conclude that Nihilistic was creating code on the order of the Matrix in terms of sheer bug ridden nightmareishness, and they want to pull it in house to try to salvage something.
Welcome to school: I got busted for using the fact that VAX (well, let's just date myself here) registers overlap depending on the bit length you use them at. The teacher said that "you can code this function in 13 assembly instructions" during class. Well, most everyone was using 20+ instructions. I had it down to 16, but was driven insane by not meeting the quoted number. Then I had a lightbulb go off. If I were to use adjacent registers but do the rotation of bits using double length registers, I could move my temporary and current accumulated around all at once. A bit later, I was down to 13 and declared victory.
When I came to class the next day (about 5 minutes late, I must admit) I heard "ah... there he is now" from the teacher. I asked the girl next to me what that was all about, and she told me he went off on how I was using non portable optimization techniques. When I got that assignment back, he docked me points for meeting the goal. I complaned that he said it could be done in 13, and yet his code was 18 instructions long. He denied ever saying such.
Bah. On the other hand, I would nearly never resort to such an optimization today, for all the reasons brought up in the article.
Actually, we took into consideration the balance between indexing costs during inserts and the read costs. We have indexed very little except primary keys in our database, which is exactly why we had the opprotunity to introduce a covering index for this operation when it was determined that this *particular* operation was going to be the most heavily read of the system.
If we had more inbound transactions, I would have broken this into a materialized view which would have been background updated on another server, but our inbound transaction count is actually fairly low compared to the amount of reads these tables get.
You are making a pretty wide assumption that I have no idea how to design a database: these tables are not denormalized: the reason we created needed to create a view and indexes was infact to overcome the many normalized tables that needed to be unified to produce the data required. On the other hand, if you are one of those who thinks you should build large systems *on* denormalized tables, may I refer you to www.dbdebunk.com.
One of the concepts touched upon is the idea that optimization is only needed after profiling. Having spent the last few years building a system that sees quite a bit of activity, I have to say that we have only had to optimize three times over the course of the project.
The first was to get a SQL query to run faster: a simple matter of creating a view and supporting indexes.
The second was also SQL related, but on a different level: the code was making many small queries to the same data structures. Simply pulling the relevant subset into a hash table and accessing it from there fixed that one.
The most recent one was more complex: it was similar to the second SQL problem (lots of high overhead small queries) but with a more complex structure. Built an object to cache the data in with a set of hashes and "emulated" the MoveNext, EOF() ADO style access the code expected.
We have also had minor performance issues with XML documents we throw around, may have to fix that in the future.
Point? None of this is "low level optimization": it is simply reviewing the performance data we collect on the production system to determine where we spend the most time and making high level structural changes. In the case of SQL vs a hash based cache, we got a 10 fold speed increase simply by not heading back to the DB so often.
Irony? There are plenty of other places where similar caches could be built, but you won't see me rushing out to do so. For the most part performance has held up in the face of thousands of users *without* resorting to even rudementry optimization. Modern hardware is scary fast for business applications.
Good grief man, you must have too much time on your hands to nickpick a quickly typed tirade. This is worthy of disdain:
so, my ppl went over and was like "no way" lol
My failure to proofread slashdot posts will remain a *feature*, and has nothing to do with my ability to communicate with my co-workers. Yes, you may take that as a value judgement as to where I spend my energy proofreading.
I'm not suggesting SQL 2000 is in the same leauge as Oracle, but the project was for a single server install. Not some mission critical uber-install where Oracle even made financial sense. But you seem to have missed the *real* point: the man was *unwilling* to consider work outside of Oracle to the point he spent a *year* unemployed.
Would you want to work with someone so dedicated to a skillset that they would deride your company during an *interview* and was so fanatical about it that he would prefer to burn his savings than be gainfully employed? In my opinion, he was a *coder*, which was my point. He couldn't see past his coding skill set to understand that I didn't need regional failover between sixteen servers, I needed someone who could understand third normal form, write SQL queries and learn our system enough to be a valuable team member.
Here here and amen! When looking for programmers, I don't care as much about your specific experience as your ability to think. Early on in hiring, I thought experience in a space was the critical element (after all, it was an *easy* assement to make). After several programmers who had to be given specs more detailed than the code, I realized I was wasting a lot of energy because I was trying to work with coders, not programmers. I now make a clear distinction between those who can follow a crystal clear spec, but can't think independently (coders) vs those who can follow a typical rapidly changing spec (programmers) and those who can create a spec to solve a problem (analyst). I have nearly zero use for coders - they cost more to feed specs then the output is worth.
Anyone who thinks programming is "wiring front ends to databases" is probably a coder. Yes, there is quite a bit of that kind of work in the business space, but a programmer will not wire your database to a GUI: they will come up with tools to do so more effectively. Similarly, anyone who thinks "skill X" is the be all and end all of programming is probably a coder. (I once interviewed a guy who was pretty good with Oracle. Commanded a six figure income. When he found out that the offered project used SQL server 2000, he mocked our company, to our face and to the niche community we work for. In a bit of "the best revenge is success", he solicited *us* for work after the dot com crash. Seems he was out of work for over a year due to his disdain for anything but his tiny niche skill, and our project was looking pretty good.
Our system uses e-mail to notify customers of status changes. For a while, AOL decided that we were spammers, althought that has just as mysteriously subsided. We have had intermittent problems across the board... in part because our messages meet a lot of the standard patterns for spam: includes links, unique identifiers (account numbers), etc. We have tweaked them over time to be less likely to be mistaken for spam, but nothing we do seems to make it perfect.
To get around these problems, we have basically had to implement a private communication system in our product so people see notifications when the log in. For frequent users, this works well enough they can turn of the e-mail notifiers, but for very occasional users, having to log in to see notifications takes a lot away from the ease of use.
Frankly, I don't see a great fix anytime soon: the spammers have taken to copying legitimate e-mail messages into "hidden" text, while the actual spam is delivered via CSS and Image tricks...the battle rages, probably for at least the next ten years (at which point I'm hoping that public key cryptography will allow people to prove they are actually who they say they are) which is why we created a backup communication channel.
This just goes to show that SUSE is relying on a full steam ahead adoption of any new version rather than a more carefully planned transition between versions. I still run 2.4 (conversion is set for a couple of months from now) and appreciate backported stable features. Providing the latest and greatest is a good thing I guess if you are a in this individually or as a hobby, but I'm not interested in upgrading until a product matures and I have regression tested everything. SUSE seems to not understand that, which would disqualify it for me as an enterprise vendor.
Ok... here is irony for you: I did yum update on my Kernel and a few other items, as well as my cygwin XServer, and my wish has been granted... everything works correctly. Considering that I upgrade weekly (and I *had* tested it during my tirade) this was a nice surprise.
Having a wife who is in academia and myself working for the last 17 years running a computer consultantry, I'm calling your bluff.
Yes, most professors code sucks. I know, because I have been called it to help repair it. Academia *don't* make a living architecting, designing and coding. They making a living thinking about such things (and then having graduate students code it). Now, I will admit that I have interviewed a lot of "grizzled veteran's" who are very narrow in focus. Programming COBOL and Fortran and old school C. If my project is in that area, I would hire them in a heartbeat. I have also interviewed a lot of 12+ year veteran's who know a broad range of tools, learn quickly and (not coincidently) are valueable members of my team today. Having spent a lot of time on the interview side, I will say point blank that your "there are a lot of guys out there" statement doesn't wash with my interviews. The split is roughly 50/50: focused vs jack of all trades. Additionally, you dismiss those focused programmers far to easily: I have found that with a few weeks of training, those focused programmers can gain the same level of focus on *your* project, and achieve mighty things.
On the flip side, I have interviewed a lot of graduate student with your world view: everyone older than me is washed out, I am gods gift to the world, and those poor BS students are sad sad programmers without the credentials I have. May I suggest, from my "grizzled, out of date perspective" that you grow up that last little bit? You wouldn't pass the personality part of my interview: while I believe technical knowledge can be learned, arrogance takes far too long to beat out of someone.
I have set up the following tools and had good luck for internal projects (assuming you want to use the LAMP model):
Mantis for the bug tracker. I use a downlevel, modified version (based on the 0.15.x version). Simple to use, which is the most important feature. http://www.mantisbt.org/
PHPWiki for notes and design discussions. Very handy to be able to spell out the design of a module, get feedback and have history available (especially useful to prove who made the design change). http://phpwiki.sourceforge.net/
Finally a good discussion board. We used PHPBB fine, except the patch of the week that was required for security for a while... http://www.phpbb.com/
I was originally worried about intregration, but it turned out that hyperlinks were sufficent to reference back and forth (for example, to reference a discussion in the BB from a bug).
Slashdot Mirror
Insufficient. If you hook Windows directly up to broadband to get WindowsUpdate running, you have a good chance of being infected before you are patched. Software firewalls don't block everything, so Step 6 is insufficient, unless you have a machine proxying, NATting firewall or a true firewall. Even then you put a vulnerable machine on your local network, which may have unpleasant surprises in store for you.
A better option is for step 8 becomes: get all windows updates and security fixes ON CD, because otherwise you expose your machine prior lockdown. Likewise, turn off unneeded services (you don't need to be sharing files and printers, why the heck would you leave the SMB server running?) prior to connecting to a network.
Yet, even with all that you end up with the problem of vulnerabilities that are not patched prior to the exploit being generally available. Yes, using alternate programs and avoiding untrustworthy websties sounds good, until you make a typo and end up at an untrustworthy site by accident. (Or shall we decree the typo a death penalty offense). I recently saw a typo site trying to exploit the Firefox 1.9.2 vulnerability to install adware (which didn't work since I was on Linux as I am right now, but they tried...)
In the end, perhaps having a virus scanner in memory to detect things that get through all your other work might be wise. Otherwise that high and mighty "almost no way you can get hit" will bite you back when the almost part comes true and you don't even know it happened. Remember: security is about defense in depth and a big ego provides little depth.
I personally don't care for anti-virus software (it is a little late in the cycle for my taste), but to avoid using it on the corporate networks I care for would be gross negligence on my part, opening me up to potential legal liability. Suddenly $22 a machine a year looks pretty good, even as I take all the other steps to avoid needing it in the first place.
Huh? You can perfectly well improve the front end as long as you don't distribute it while failing to distribute your changes. That was my reason for pointing out it was a code generator. I can improve the code generator, use the code that it writes and all within the bounds of the GPL.
The only thing I can't do is improve the code generator itself and then try to distribute the improved version without the source to those improvements.
I don't see that as being a blockade in any way to useability of this. I can do far *more* than I can with a commercial product (such improve the front end for my personal use).
As far as I can tell, this isn't a library, but a code generator so being under GPL makes little difference for daily use. Output from GPL software is *not* constrained by the GPL, only changes to the code generator *itself* would have to be given back to the community, not any project that used generated code.
Or has Microsoft etc all done such a good job of convincing people the GPL is evil that you think that using GCC or the GIMP means my code/image is somehow GPLed by magic?
These lines are the kicker (and send exactly the opposite message from the summary here on
Can anyone seriously say that they are really committed to victory in the courts if they have backpedaled that far on enforcing "their violated rights" down under?
Anyone remember the interfaces in The Diamond Age? The population didn't need to read or write because interfaces had become iconographic and voice/speech based.
I suspect that having access to computers will be beneficial only after some specific infrastructure is in place first. Dumbing down an interface doesn't seem to be a way to improving the chances of that infrastructure will improve to the point that such a device could actually be used.
A far more productive revolution in computing has come about via Internet cafes. A community can build a shared resource like that much easier and the communication between those who visit it is far more likely to spread skills than a bunch of remote controls that don't need any skillset to operate.
Just so you know, I live in Arizona and our Sheriff is renowned for believing that due process is for wimps and once people are in his "possession" that they have no rights to be treated as humans. He is one of the few in the United States that actually has had Amnesty International and other aid organizations investigate his "Tent City".
-- America's Toughest Sheriff: Joe Arpaio
However, what is fascinating here is that this was about the treatment of people being *arrested*, not *convicted*. Joe doesn't brook much difference between the two: he is a true "out west Sheriff" and believes that he *is* the law, not just its arm.
KPHO Item on Joe
From that article you can see a pretty balanced view of the guy... for all the things he does, he isn't really all that much more effective than anyone else. Surely not enough so that he shouldn't have to respect people's rights *before* they are convicted of anything.
Having installed wired and wireless networking on manufacturing floors I can tell you that before this dream of magic wireless connectivity comes true, these machines will need vastly better RF shielding. We had a bugger of a time getting wireless to work and even wired networks would act up if you were not careful where you placed the wires. (One company ran fiber optic to the floor machines because the interference issue couldn't be resolved satisfactorily: not a cheap way to go).
So how long will it take to get those machines updated? Well, one of my first jobs out of the U was making a tape punch work on a PC so they could edit programs and load them from paper tape. That was in 1990. I'm guessing that these will be a great concept for someone building a factory floor from scratch, but retrofitting is going to be a big flop.
You must have been trying to play Paranoia *seriously* with a GM who took it too seriously or something. Paranoia was about maiming, killing off or outcasting characters at a blinding rate. That's why you had clones: so you didn't have to keep writing up a new character. It delivers pain and suffering, amusement at the folly of resisting the computer and backstabbing opprotunities at every corner. Basically we used it to blow off steam after long lasting campaigns or for one evening sessions of mayhem. I pity anyone who tried to campaign in Paranoia classic. It would be like trying to campaign as the Christians at the Roman Coliseum.
The reason it was slo-mo is because he was issuing exactly the right blocks at exactly the right time: interrupting Chun-Li's kick is *not* an easy feat. She was my favorite character in fact because that hyper speed kick was death to all but those who were masters of the game (when not intrrupted she issues about 3-4 kicks per second on that special).
According to this survey 17% of desktops needed repairs on average. Is this inflated by crazed users throwing them against walls, or do we really have that bad of a track record in this industry? I have a lot of hardware in my house and at my clients businesses and I don't see a nearly 1 in 5 chance of needing a hardware repair. Fixing a broken OS install and removing malware (usually the cause of the former) appear to be the most popular support calls I get recently.
I think that there are inaccuracies on most of the statements made (not to the point that completely reverse the analysis, but the issues are more complex than they are being made) but point #3 is obviously the impetus behind Neil's questioning "Open Source Myths".
I have seen similar to this quite a bit: "I grew up in the 1980's assuming that I would one day be able to write some really cool software, then *SELL IT*, and make some real money for my trouble." I think that this is *not* a valid argument. While stating a personal opinion and emotional state quite clearly, one could say the same about the farmers who "expected to make a living on the farm" or factory workers who "expected to continue to make a living in the industry".
Efficiencies continue to increase in the world, displacing people from jobs, many times leaving them few good alternatives. Is this good? Surely it seems not to be for those displaced. Yet, few people today would want to be contrained by the living conditions of the early 1900's, or earlier. We live lives that the kings of old would have killed for, by standing on the broken backs of those displaced by efficiencies that were created by new technologies and methodologies. I myself would find it difficult to give up modern amenities while simultaneously understanding the concerns of outsourcing and open source. Hypocrite is one word for it, I guess. At the end of the day, I have decided that luxury trumps a living wage for my fellow man.
So how does this apply to OSS? Simply: we are outsourcing the development of potentially commercial work to *ourselves* and creating the infrastructure for software to be "worth less in dollars spent". If I build operating systems, web servers or databases, I'm pretty sure I would be feeling just like the farmers and factory workers of old: there is a pressure building that is not going to go away, which will sap the monetary reward for what I do.
Does this mean I am against OSS then? Surely not, for I realize that the end result of this change is software development is not the destruction of an industry, but the creation of a bedrock of new technologies and methodologies which will allow me to produce better and better solutions for my customers at lower and lower costs. I can't dream of writing the next "big word processor", but frankly that is an empty dream anyway with the established commercial vendors in place today. The only difference here with OSS is when a type of software reaches a certain threshold of maturity, commercial exploitation of that type of software becomes harder and harder as the OSS packages catch up.
The main difference with our industry is the *speed* at which the effects are felt: it took a generation to destroy the factory worker's job, it took several generations for the farms to be destroyed. We are seeing an industry created and destroyed in one lifetime. Myself, I'm glad I didn't get the opprotunity to get comfortable with the old model and had the chance to learn how to produce viable solutions for my customers using the new model. You see, for every dollar my clients don't spend on commercial operating systems, SQL servers, etc, there is a dollar available for me to apply honest work to solving the problems they are interested in having solved. Where OSS won't work, I'm more than willing to pay the commercial vendors for the parts and pieces I need: because in *those* cases they provided real value for my dollar.
Looks like SOE is taking this browbeating a little hard: anything /. linked to is gone. I always wonder why people bother to vent all over "official" forums when this seems to be the end result. It takes 5 seconds to issue a delete on a thread and silence any criticism. In the name of "good customer relations" (i.e., those who might stumble into the quagmire from the outside).
No, I don't think you are too cynical, I had the same impression. You don't pull a project from the developers to give them a head start on their next project, a project that *isn't* for your firm! These guys at Nihilistic are the only ones who know the code from top to bottom: pulling them can only damage the schedule and quality of the product. Knowing that Blizzard produces high quality games (to the point of cancelling those that don't meet standards) I can only conclude that Nihilistic was creating code on the order of the Matrix in terms of sheer bug ridden nightmareishness, and they want to pull it in house to try to salvage something.
Welcome to school: I got busted for using the fact that VAX (well, let's just date myself here) registers overlap depending on the bit length you use them at. The teacher said that "you can code this function in 13 assembly instructions" during class. Well, most everyone was using 20+ instructions. I had it down to 16, but was driven insane by not meeting the quoted number. Then I had a lightbulb go off. If I were to use adjacent registers but do the rotation of bits using double length registers, I could move my temporary and current accumulated around all at once. A bit later, I was down to 13 and declared victory.
When I came to class the next day (about 5 minutes late, I must admit) I heard "ah... there he is now" from the teacher. I asked the girl next to me what that was all about, and she told me he went off on how I was using non portable optimization techniques. When I got that assignment back, he docked me points for meeting the goal. I complaned that he said it could be done in 13, and yet his code was 18 instructions long. He denied ever saying such.
Bah. On the other hand, I would nearly never resort to such an optimization today, for all the reasons brought up in the article.
Actually, we took into consideration the balance between indexing costs during inserts and the read costs. We have indexed very little except primary keys in our database, which is exactly why we had the opprotunity to introduce a covering index for this operation when it was determined that this *particular* operation was going to be the most heavily read of the system.
If we had more inbound transactions, I would have broken this into a materialized view which would have been background updated on another server, but our inbound transaction count is actually fairly low compared to the amount of reads these tables get.
You are making a pretty wide assumption that I have no idea how to design a database: these tables are not denormalized: the reason we created needed to create a view and indexes was infact to overcome the many normalized tables that needed to be unified to produce the data required. On the other hand, if you are one of those who thinks you should build large systems *on* denormalized tables, may I refer you to www.dbdebunk.com.
One of the concepts touched upon is the idea that optimization is only needed after profiling. Having spent the last few years building a system that sees quite a bit of activity, I have to say that we have only had to optimize three times over the course of the project.
The first was to get a SQL query to run faster: a simple matter of creating a view and supporting indexes.
The second was also SQL related, but on a different level: the code was making many small queries to the same data structures. Simply pulling the relevant subset into a hash table and accessing it from there fixed that one.
The most recent one was more complex: it was similar to the second SQL problem (lots of high overhead small queries) but with a more complex structure. Built an object to cache the data in with a set of hashes and "emulated" the MoveNext, EOF() ADO style access the code expected.
We have also had minor performance issues with XML documents we throw around, may have to fix that in the future.
Point? None of this is "low level optimization": it is simply reviewing the performance data we collect on the production system to determine where we spend the most time and making high level structural changes. In the case of SQL vs a hash based cache, we got a 10 fold speed increase simply by not heading back to the DB so often.
Irony? There are plenty of other places where similar caches could be built, but you won't see me rushing out to do so. For the most part performance has held up in the face of thousands of users *without* resorting to even rudementry optimization. Modern hardware is scary fast for business applications.
Good grief man, you must have too much time on your hands to nickpick a quickly typed tirade. This is worthy of disdain:
so, my ppl went over and was like "no way" lol
My failure to proofread slashdot posts will remain a *feature*, and has nothing to do with my ability to communicate with my co-workers. Yes, you may take that as a value judgement as to where I spend my energy proofreading.
I'm not suggesting SQL 2000 is in the same leauge as Oracle, but the project was for a single server install. Not some mission critical uber-install where Oracle even made financial sense. But you seem to have missed the *real* point: the man was *unwilling* to consider work outside of Oracle to the point he spent a *year* unemployed.
Would you want to work with someone so dedicated to a skillset that they would deride your company during an *interview* and was so fanatical about it that he would prefer to burn his savings than be gainfully employed? In my opinion, he was a *coder*, which was my point. He couldn't see past his coding skill set to understand that I didn't need regional failover between sixteen servers, I needed someone who could understand third normal form, write SQL queries and learn our system enough to be a valuable team member.
Here here and amen! When looking for programmers, I don't care as much about your specific experience as your ability to think. Early on in hiring, I thought experience in a space was the critical element (after all, it was an *easy* assement to make). After several programmers who had to be given specs more detailed than the code, I realized I was wasting a lot of energy because I was trying to work with coders, not programmers. I now make a clear distinction between those who can follow a crystal clear spec, but can't think independently (coders) vs those who can follow a typical rapidly changing spec (programmers) and those who can create a spec to solve a problem (analyst). I have nearly zero use for coders - they cost more to feed specs then the output is worth.
Anyone who thinks programming is "wiring front ends to databases" is probably a coder. Yes, there is quite a bit of that kind of work in the business space, but a programmer will not wire your database to a GUI: they will come up with tools to do so more effectively. Similarly, anyone who thinks "skill X" is the be all and end all of programming is probably a coder. (I once interviewed a guy who was pretty good with Oracle. Commanded a six figure income. When he found out that the offered project used SQL server 2000, he mocked our company, to our face and to the niche community we work for. In a bit of "the best revenge is success", he solicited *us* for work after the dot com crash. Seems he was out of work for over a year due to his disdain for anything but his tiny niche skill, and our project was looking pretty good.
The pirates who wanted more bandwidth have landed in New York!
Our system uses e-mail to notify customers of status changes. For a while, AOL decided that we were spammers, althought that has just as mysteriously subsided. We have had intermittent problems across the board... in part because our messages meet a lot of the standard patterns for spam: includes links, unique identifiers (account numbers), etc. We have tweaked them over time to be less likely to be mistaken for spam, but nothing we do seems to make it perfect.
To get around these problems, we have basically had to implement a private communication system in our product so people see notifications when the log in. For frequent users, this works well enough they can turn of the e-mail notifiers, but for very occasional users, having to log in to see notifications takes a lot away from the ease of use.
Frankly, I don't see a great fix anytime soon: the spammers have taken to copying legitimate e-mail messages into "hidden" text, while the actual spam is delivered via CSS and Image tricks...the battle rages, probably for at least the next ten years (at which point I'm hoping that public key cryptography will allow people to prove they are actually who they say they are) which is why we created a backup communication channel.
This just goes to show that SUSE is relying on a full steam ahead adoption of any new version rather than a more carefully planned transition between versions. I still run 2.4 (conversion is set for a couple of months from now) and appreciate backported stable features. Providing the latest and greatest is a good thing I guess if you are a in this individually or as a hobby, but I'm not interested in upgrading until a product matures and I have regression tested everything. SUSE seems to not understand that, which would disqualify it for me as an enterprise vendor.
Ok... here is irony for you: I did yum update on my Kernel and a few other items, as well as my cygwin XServer, and my wish has been granted... everything works correctly. Considering that I upgrade weekly (and I *had* tested it during my tirade) this was a nice surprise.
Having a wife who is in academia and myself working for the last 17 years running a computer consultantry, I'm calling your bluff.
Yes, most professors code sucks. I know, because I have been called it to help repair it. Academia *don't* make a living architecting, designing and coding. They making a living thinking about such things (and then having graduate students code it). Now, I will admit that I have interviewed a lot of "grizzled veteran's" who are very narrow in focus. Programming COBOL and Fortran and old school C. If my project is in that area, I would hire them in a heartbeat. I have also interviewed a lot of 12+ year veteran's who know a broad range of tools, learn quickly and (not coincidently) are valueable members of my team today. Having spent a lot of time on the interview side, I will say point blank that your "there are a lot of guys out there" statement doesn't wash with my interviews. The split is roughly 50/50: focused vs jack of all trades. Additionally, you dismiss those focused programmers far to easily: I have found that with a few weeks of training, those focused programmers can gain the same level of focus on *your* project, and achieve mighty things.
On the flip side, I have interviewed a lot of graduate student with your world view: everyone older than me is washed out, I am gods gift to the world, and those poor BS students are sad sad programmers without the credentials I have. May I suggest, from my "grizzled, out of date perspective" that you grow up that last little bit? You wouldn't pass the personality part of my interview: while I believe technical knowledge can be learned, arrogance takes far too long to beat out of someone.
I have set up the following tools and had good luck for internal projects (assuming you want to use the LAMP model):
Mantis for the bug tracker. I use a downlevel, modified version (based on the 0.15.x version). Simple to use, which is the most important feature.
http://www.mantisbt.org/
PHPWiki for notes and design discussions. Very handy to be able to spell out the design of a module, get feedback and have history available (especially useful to prove who made the design change).
http://phpwiki.sourceforge.net/
Finally a good discussion board. We used PHPBB fine, except the patch of the week that was required for security for a while...
http://www.phpbb.com/
I was originally worried about intregration, but it turned out that hyperlinks were sufficent to reference back and forth (for example, to reference a discussion in the BB from a bug).