1. Admit to the nation that although there were some who thought at the time we should have gone into Iraq (including me), that events have proven them wrong, and that it was a mistake to put US forces in harm's way.
2. Issue a 90-day deadline to the Iraqi government to resolve the major political issues (distribution of oil revenue, states rights vs. federal, etc). If 90 days pass without resolution, then publish the deadline to the public at large and set a 6 month timeline for the majority of US combat forces to be out of the country. If they do resolve the political issues and seem to be on a path to taking over peacekeeping duties, then negotiate a reasonable timeline for Iraqi takeover of all day-to-day peacekeeping operations, not to exceed 12 months, and have the majority of US forces out within 18 months (although I might not publish the 18 months figure to the public to avoid emboldening anti-US factions).
3. Veto any federal spending increases or expansion of authority, even for popular causes such as K-12 education.
4. For all programs which the federal government shouldn't be involved in, such as K-12 education and welfare, work to gradually reduce federal spending to zero. Reduce taxes by the amount saved but make it clear that taxpayers should expect to see roughly analogous increases in state taxes to make up the difference.
5. Have the Justice department publish reasonable standards of what the US considers to be torture, and make it clear that personal criminal charges will be pressed against any officer of the United States government found to violate the standard. At the same time, grant immunity to all US officers who may have violated the torture standards under the previous administration (don't want to criminally prosecute folks for just doing their jobs). Preferably, after the initial document published by the Justice Department, Congress would take over control of the torture standards by legislation.
6. Make it clear to my cabinet and supporting staff that I will not tolerate violations of US law. Nobody will ever get special treatment or a presidential pardon for violating the law just because they work for me. And if I do, for example, have an aide who lies under oath to avoid implicating the vice president in a scandal and receives a sentence that I think is too harsh, the most I would do would be to work to get the sentencing guidelines reduced for that offense for all convicts, not just the errant aide.
7. Do everything in my power to reverse precedents set in recent presidential terms and diminish the power of the president. Take a page from George Washington and emphasize that I am merely a steward of the democracy.
8. Work to cut military troop levels by 35%, and military spending by 25%, so we have fewer but better trained and equipped soldiers. Apply the savings to a social security lockbox.
9. Never lie to the American public.
10. Never cover up or stonewall to protect officials who play partisan politics within the US government (such as when federal attourneys are dismissed), regardless of whether they're in my party or not.
I'm sure there's a lot more too, but those 10 seem like a good start.
Am I the only one who thinks that a "security researcher" whose site gets hacked and is about as credible as an accountant who fails an audit?
And for his sake I really hope that he knew about rainbow tables and just decided for some indecipherable reason not to mention that they are far more effective for password cracking than Google searches.
And who submitted this story to Slashdot with the sensational summary about "any password used by anybody, ever" being vulnerable to Google searches? That's an easy enough claim to completely debunk by taking MD5 hashes of several passwords and sampling which ones come back. Let's see:
92259762923b4e79d2073ecb03217462 (hash for 'july2007') - Nothing 6e933f3054f533c63dd59479ca9f4b6f (hash for 'hello_world') - Nothing 2c6c8ab6ba8b9c98a1939450eb4089ed (hash for 'abc123') - Google found this one as an md5 example 6a51f1fe97bdebece7652842a0e2351e (hash for 'pickles') - Nothing 5eaaf94141c371ce96675aa6445003c4 (hash for 'happy') - Nothing
So basically not even common words get picked up by Google, much less "any password used by anybody else, ever".
Microsoft bought Sybase SQL Server and released it as MSSQL 6. Since then, Microsoft has maintained the code independently of Sybase. So yes, it wasn't written by MS way back in the days. MS did what they always do and bought one of the underdogs, then marketed the snot out of it.
If you prefer MSSQL, then I'm assuming that you haven't developed any sophisticated transactions in a high-concurrency environment. It's painful to work around the limitations of the old system of hierarchal locks that MSSQL uses (as does DB2, and MySQL with anything except for InnoDB tables). It can be done, and the app can be coerced into working well if you base your design around MSSQL's limitations, but it requires careful planning. (This is somewhat outdated, since MSSQL did legitimately get much better in this regard with 2005)
From a development point of view though, once you've used any system which supports multi-versioning concurrency control PostGres, Oracle, MySQL with InnoDB, or even MSSQL 2005 using the new snapshot isolation features they bolted on, you'll never want to go back:)
I don't know about TurboTax, but we use Quasar Accounting (GPL) for a medium-complexity business, and it works very well. I like knowing that my data is sitting in a database I trust like Postgres rather than in QuickBooks backup files which we've had bad experiences with trying to move from version to version.
Their website seems to be offline this morning-- too bad.
The Mono framework is the Linux implementation of the.NET runtime. It has a working ASP.NET runtime (quite stable) and a VB.NET compiler (stable now, but only fairly recently).
The latest version of Ubuntu (6.10, aka Edgy Eft) does include Mono, but if you plan on doing ASP.NET development and not just hosting, then you'd probably want to download the latest version from the http://www.mono-project.com/ website, because compiler/dev support for VB.NET is pretty new and I don't believe that the tools bundled with Edgy will handle it gracefully. This may require compiling the Mono framework which can take some doing, so you probably would want to check and see if the Mono packaged with Edgy would suit your needs first, because installing that is point-and-click.
It takes gases (such as air) and separates them into hot streams and cold streams, and is already in commercial use. It requires pressure to operate, and dissipates enough energy in the process that it's certainly not free energy. It's less energy efficient than a conventional air conditioner.
I don't think anything that PREVENTS possible uses would ever really be palatable unless it had a magic sensor to detect the intent with which an action is performed, so I will always oppose DRM. I don't think I'm determined enough to maintain that position if all non-DRM'd avenues are closed, but as long as there are ethical ways to get non-encumbered content, I don't think that any kind of magic "less evil" DRM would ever get a dollar from my wallet.
On the other hand, I wouldn't be opposed to anything whose sole purpose is to trace infringing content. Some kind of perfect watermarking technology would be acceptable, because the assumption isn't that I'm a bad person that is going to do evil things with the content (as with DRM), instead the assumption is that I'm a good person who will use the content responsibly, but if I don't then I leave fingerprints around that the cops can use to find me.
Well, I had previously found a more specific FAQ about the client libraries back when I was helping research the licensing stuff. I can't find it now, but this excerpt from the commercial license page seems applicable (from http://www.mysql.com/company/legal/licensing/comme rcial-license.html).
"If you develop and distribute a commercial application and as part of utilizing your application, the end-user must download a copy of MySQL; for each derivative work, you (or, in some cases, your end-user) need a commercial license for the MySQL server and/or MySQL client libraries."
"If you include one or more of the MySQL drivers in your non-GPL application (so that your application can run with MySQL), you need a commercial license for the driver(s) in question. The MySQL drivers currently include an ODBC driver, a JDBC driver and the C language library."
We investigated this issue as well, because we have a commercial application which uses JDBC and requires a database. Our application wasn't designed for MySQL, but works with it as well as with several other databases. Most of our clients already had a commercial database installed, so this was not an issue for them, but some of our clients needed a database.
So we asked our legal folks what they thought about including documentation for our MySQL support. Their opinion was that because we had not designed our application for MySQL but had instead coded to the generic JDBC interface (and since MySQL wasn't even our primary target), then as long as we didn't ship MySQL or the GPL'd driver then there was no way we could be classified as a derivative work.
So we ship the application, and allow the user to specify their own JDBC driver. We do include directions on configuring it to use MySQL.
If you go to the MySQL site, they try to convince you that hiding behind the JDBC interface like this is infringing use for which you need a commercial license. But our lawyers decided that their argument was bunk, and that it would have probably been just fine to even distribute the MySQL driver alongside our application provided we advertise the GPL and include the driver source.
Now that PostgreSQL is a couple of versions into native Windows support this has all become a non-issue anyway. All new clients who need a database are being steered that way, partially because of the friendly licensing but mostly because our developers trust it more anyway.
The most common cause of these symptoms that I've seen is bad DNS, because gnome libs will try to resolve your hostname in DNS. It's the first thing I look at when gnome apps all become about uniformly slow to start but non-gnome apps are fine.
None of the iTunes account authentication stuff applies as long as you're not using iTunes, which you wouldn't be if you used these new tools. According to the article, these tools operate directly on music files, they don't interact with iTunes at all.
This is pretty much exactly the route that we take. A generic XML file, with per-database overrides if necessary, and keeping the schemas in separate files because they're different but don't change much.
In addition to Oracle and PostgreSQL, we also support SQL Server and IBM's UDB. Supporting Oracle and PG together is almost trivial, because underneath the hood they both use similar concurrency control methods. But don't be fooled into thinking that supporting other databases will be simple.
For us, the biggest hurdle with other databases is transactions; old-style database systems like SQL Server and DB2 use hierarchal escalating locks to manage concurrency, and if you use non-trivial transactions and have any degree of concurrency in your system, you'll geat the dreaded SQL Server error 1205 (or DB2's -911). If you read the MSDN for this one, it basically says that you need to rearchitect your data access layer to support their stupid locking system. I'm sure that SQL Server is a decent database if you design your application around its limitations to start with, but transitioning from Oracle/PG you'll feel some major pain here. SQL Server 2005 is supposed to have somewhat mitigated this, but it's still too new for us to really look into supporting it.
Also, you'll find a lot of other quirks. SQL Server doesn't support sequences, it doesn't support ON DELETE SET NULL, nor does it support ON DELETE CASCADE as well as other databases; in non-trivial schemas it will refuse to create the constraint. SQL Server's UNIQUE constraints are weird when it comes to NULL handling and don't match either the spec or the behavior of any other database I've seen. I still maintain that the locking behavior in UDB and pre-2005 SQL Server bad enough to be considered a design bug (to its credit, I believe DB2 predates MVCC so IBM at least have an excuse). You may notice that I like to slam on SQL Server (who actually PAYS for this crap??).
PG and Oracle have their quirks as well, but they're more in the details and less fundamental. Oracle can't tell the difference between an empty string and NULL, and PG . . . . well, PG is like Mary Poppins, practically perfect in every way:)
I know that zealots from both sides will indulge in the opportunity for some bashing and grandstanding, which is fun and I enjoy a good smack-down as much as the next Slashdotter, but I just wanted to inject a little reality check. This study doesn't mean anything about OS quality. Numbers always lie, and even if you're not trying to make them lie, they're sometimes useless anyway, as in this case.
Linux has a different user base than Windows and UNIX. So the fact that 20% of the responses to the survey show higher Windows uptime doesn't mean that for the same usage patterns Windows is higher quality. To show that, you'd need to compare only sites with very narrowly targeted usage patterns which differ (as much as possible) only by their choice of operating system. This study didn't even attempt that, so making any claim whatsoever about the relative quality of operating systems based on this data is fallacious.
Instead, this study CAN shed some insight on the type of people running different OS's, and their type of usage.
Since UNIX had the highest uptimes, you might conjecture that conservative people run UNIX. Or you might guess that since UNIX market share is currently eroding in favor of Linux and Windows servers, UNIX servers are more heavily weighted towards older, established systems that aren't in early development stages as much as the up-and-coming OS's.
Conversely, since Linux had the lowest uptime, you might guess that Linux has a higher percentage of fresh new applications running on it.
(Note that I'm not saying that there's conclusive evidence of these guesses here. I'm just saying that when considered together with other data, these are the kinds of conclusions you'd be able to draw from this sort of statistic).
I worked for a company that sold software to banks, and we had to satisfy the same requirements. We ended up negotiating an arrangement where a consultant from IBM who would show up on our premesis, check out a laptop with no network or removable storage support that had a copy of our source code on it, read source code all day, then check it back in and go home.
We thought it was pretty draconian, but the bank thought it was a great idea; bank IT staff by necessity live in a paranoid world, so I guess they didn't mind so much.
Well, this is what J2EE is supposed to accomplish with EJB. Of course in previous versions EJB implementations have suffered from terrible performance and terrible code complexity. Supposedly both have gotten better, but I haven't dared to look at them again yet.
Look, I realize that there have been a lot of negative posts knocking on ESR for this email. Try viewing this article at mod=5 and it's basically all criticism.
To those who lambast ESR, I assert that you have an underdeveloped sense of humor and/or knowledge of deep-geek culture. The response was darned funny, if I were the recruiter I would have gotten a good laugh from it and moved on.
Were he other than he is, ESR would lose his authentic appeal to the real engineers who agree with him. Look, we're not supposed to be charming and charismatic; or if we are, at least it isn't what defines us as hackers.
Hackers are, by and large, short-tempered when confronted with blatant stupidity. We can be vindictive and hold quasi-religious beliefs about the merits of our favorite software. That's what we are, and ESR is just being honest about it.
My $0.02.
In a perfect world I think you're right; the filtering, if any, should be done by the parents on the computer and not delegated to the ISP's.
But this isn't a perfect world. More often than not it is the kids who are the real power users on the computer. It's asking a lot from parents to know how to enable password-protected logins on Windows XP, how to configure unprivileged accounts for their kids that can still play all of their games, how to install blocking software, etc. And many homes share their network connection with some kind of cable/dsl router-- you'd need to maintain this on every computer in the house, and on your kids' friends' laptops when they bring them over.
It's just not practical to ask parents to jump through all of these hoops just to accomplish something that should be simple; make sure that their kids don't get exposed to something 'evil'.
Compare this to an ISP, which can install and configure a single software program that serves all of their opt-in customers. From the ISP's perspective, this isn't technically any more challenging than providing virus protection.
Whether it makes sense to require ISP's to offer this sort of service instead of letting the free market decide is another issue. I think that parents should vote with their pocket-books. But I certainly see the argument that ISP's are better equipped to handle this sort of thing.
I use vim and make for small C++ projects, but for larger projects I've found it useful to have a real IDE. Either Anjuta or KDevelop are good.
Most of my professional programming recently has been in Java. Eclipse is far and away the best free IDE, although I've heard unconfirmed rumors that recently NetBeans has started becoming usable. We use IntelliJ IDEA, which I highly recommend. We switched away from Eclipse because it supported the same sort of refactoring that Eclipse did, but it was faster, easier to control from the keyboard, and seemed more intuitive. And at $500/license it's pretty cheap compared to the (commercial) competition.
I agree with the comments others have posted about getting a well-designed build system set up first thing; it really will save you time. If you're using Java, then Ant is basically the de facto standard, and is well worth using. If you're running both Java and C++, it probably makes sense to use Ant for both, so you can have a single build system.
As far as version control goes, you really want something more flexible than CVS. I've used CVS in a professional setting, and while it has its advantages, its lack of changesets makes managing a large project difficult. It isn't so bad with C/C++ code, where it is common to have a few large source files, but with Java forcing you to make lots of small source files it makes version management a real hassle.
We're switching over to Subversion for version control. While you're looking at version control, take a look at Trac, which is an immensely useful issue management system that integrates directly with SVN.
There actually seems to be something valuable in this delayed password disclosure scheme, although I think it has been overhyped a bit.
This is a shared secret key authentication mechanism, but it is not just a boilerplate shared key scheme. The difference is that prior to the standard authentication step, the client can send a challenge to the server which the server can only correctly respond to if it knows the password, and the server's response can only be deciphered by a client who knows the password.
The advantage that this scheme has is that you can authenticate to a remote server using only your password, without having previously exchanged certificates in a mutual-authentication scheme, but still retain the MITM-resistant advantages of a mutal-authentication scheme.
So it could be easier to use but still roughly as secure (at least, if you have a sufficiently hard to guess password).
I agree with you however that I wouldn't use it for anything important until it's been properly vetted by the paranoid crypto community.
No offense to the MySQL developers, but MySQL isn't really pushing PostgreSQL internals development these days. Oracle is.
What do you think features such as tablespaces, point-in-time recovery, transaction savepoints and the like are aimed at? It's aimed at enterprise customers who would otherwise be considering Oracle/DB2 (or maybe SQL Server, although I hate to include it in the list because it's still just a very well-marketed toy).
Well, of course the obvious advice is to use SVN if possible. This will save you pain in many ways, the most important IMO being individual atomic changesets which track all files affected by one change, so you don't need to ask yourself, "Now what ELSE did the developer commit as part of this fix?" Yes there are ways around this in CVS. But they're not convenient nor are they guaranteed to always work.
That disclaimer out of the way, here are the basic common-sense rules we use for CVS:
1. Make sure you do your builds directly from CVS, not from any development machine. This means that you can guarantee that you have a record of the exact contents of a build and aren't getting any artifacts from a developer system.
2. On a related note, every time you release a version, tag the source with a non-branching tag for later tracking.
3. Whenever you release a product that you will need to maintain separately from your development line (e.g. you ship a product to a client, or release your product to the production web server, or whatever), then create a separate branching tag for it.
4. Periodically review the repository and chastize users who do not use descriptive commit messages or who aren't careful and commit files with only minor (think whitespace) changes.
5. If you are able to use Subversion, look into TRAC (http://www.edgewall.com/trac/) to see if it can help you. It's a godsend.
Slashdot Mirror
1. Admit to the nation that although there were some who thought at the time we should have gone into Iraq (including me), that events have proven them wrong, and that it was a mistake to put US forces in harm's way.
2. Issue a 90-day deadline to the Iraqi government to resolve the major political issues (distribution of oil revenue, states rights vs. federal, etc). If 90 days pass without resolution, then publish the deadline to the public at large and set a 6 month timeline for the majority of US combat forces to be out of the country. If they do resolve the political issues and seem to be on a path to taking over peacekeeping duties, then negotiate a reasonable timeline for Iraqi takeover of all day-to-day peacekeeping operations, not to exceed 12 months, and have the majority of US forces out within 18 months (although I might not publish the 18 months figure to the public to avoid emboldening anti-US factions).
3. Veto any federal spending increases or expansion of authority, even for popular causes such as K-12 education.
4. For all programs which the federal government shouldn't be involved in, such as K-12 education and welfare, work to gradually reduce federal spending to zero. Reduce taxes by the amount saved but make it clear that taxpayers should expect to see roughly analogous increases in state taxes to make up the difference.
5. Have the Justice department publish reasonable standards of what the US considers to be torture, and make it clear that personal criminal charges will be pressed against any officer of the United States government found to violate the standard. At the same time, grant immunity to all US officers who may have violated the torture standards under the previous administration (don't want to criminally prosecute folks for just doing their jobs). Preferably, after the initial document published by the Justice Department, Congress would take over control of the torture standards by legislation.
6. Make it clear to my cabinet and supporting staff that I will not tolerate violations of US law. Nobody will ever get special treatment or a presidential pardon for violating the law just because they work for me. And if I do, for example, have an aide who lies under oath to avoid implicating the vice president in a scandal and receives a sentence that I think is too harsh, the most I would do would be to work to get the sentencing guidelines reduced for that offense for all convicts, not just the errant aide.
7. Do everything in my power to reverse precedents set in recent presidential terms and diminish the power of the president. Take a page from George Washington and emphasize that I am merely a steward of the democracy.
8. Work to cut military troop levels by 35%, and military spending by 25%, so we have fewer but better trained and equipped soldiers. Apply the savings to a social security lockbox.
9. Never lie to the American public.
10. Never cover up or stonewall to protect officials who play partisan politics within the US government (such as when federal attourneys are dismissed), regardless of whether they're in my party or not.
I'm sure there's a lot more too, but those 10 seem like a good start.
Am I the only one who thinks that a "security researcher" whose site gets hacked and is about as credible as an accountant who fails an audit?
And for his sake I really hope that he knew about rainbow tables and just decided for some indecipherable reason not to mention that they are far more effective for password cracking than Google searches.
And who submitted this story to Slashdot with the sensational summary about "any password used by anybody, ever" being vulnerable to Google searches? That's an easy enough claim to completely debunk by taking MD5 hashes of several passwords and sampling which ones come back. Let's see:
92259762923b4e79d2073ecb03217462 (hash for 'july2007') - Nothing
6e933f3054f533c63dd59479ca9f4b6f (hash for 'hello_world') - Nothing
2c6c8ab6ba8b9c98a1939450eb4089ed (hash for 'abc123') - Google found this one as an md5 example
6a51f1fe97bdebece7652842a0e2351e (hash for 'pickles') - Nothing
5eaaf94141c371ce96675aa6445003c4 (hash for 'happy') - Nothing
So basically not even common words get picked up by Google, much less "any password used by anybody else, ever".
Microsoft bought Sybase SQL Server and released it as MSSQL 6. Since then, Microsoft has maintained the code independently of Sybase. So yes, it wasn't written by MS way back in the days. MS did what they always do and bought one of the underdogs, then marketed the snot out of it.
:)
If you prefer MSSQL, then I'm assuming that you haven't developed any sophisticated transactions in a high-concurrency environment. It's painful to work around the limitations of the old system of hierarchal locks that MSSQL uses (as does DB2, and MySQL with anything except for InnoDB tables). It can be done, and the app can be coerced into working well if you base your design around MSSQL's limitations, but it requires careful planning. (This is somewhat outdated, since MSSQL did legitimately get much better in this regard with 2005)
From a development point of view though, once you've used any system which supports multi-versioning concurrency control PostGres, Oracle, MySQL with InnoDB, or even MSSQL 2005 using the new snapshot isolation features they bolted on, you'll never want to go back
I don't know about TurboTax, but we use Quasar Accounting (GPL) for a medium-complexity business, and it works very well. I like knowing that my data is sitting in a database I trust like Postgres rather than in QuickBooks backup files which we've had bad experiences with trying to move from version to version.
Their website seems to be offline this morning-- too bad.
There are two possible end states: the researchers made progress or not.
But until you actually make an observation by clicking on the link and reading the article, the outcome will still be indeterminate.
The Mono framework is the Linux implementation of the .NET runtime. It has a working ASP.NET runtime (quite stable) and a VB.NET compiler (stable now, but only fairly recently).
The latest version of Ubuntu (6.10, aka Edgy Eft) does include Mono, but if you plan on doing ASP.NET development and not just hosting, then you'd probably want to download the latest version from the http://www.mono-project.com/ website, because compiler/dev support for VB.NET is pretty new and I don't believe that the tools bundled with Edgy will handle it gracefully. This may require compiling the Mono framework which can take some doing, so you probably would want to check and see if the Mono packaged with Edgy would suit your needs first, because installing that is point-and-click.
An implementation of Maxwell's Demon already exists, called the Hilsch Vortex Tube: http://en.wikipedia.org/wiki/Vortex_tube
It takes gases (such as air) and separates them into hot streams and cold streams, and is already in commercial use. It requires pressure to operate, and dissipates enough energy in the process that it's certainly not free energy. It's less energy efficient than a conventional air conditioner.
I don't think anything that PREVENTS possible uses would ever really be palatable unless it had a magic sensor to detect the intent with which an action is performed, so I will always oppose DRM. I don't think I'm determined enough to maintain that position if all non-DRM'd avenues are closed, but as long as there are ethical ways to get non-encumbered content, I don't think that any kind of magic "less evil" DRM would ever get a dollar from my wallet.
On the other hand, I wouldn't be opposed to anything whose sole purpose is to trace infringing content. Some kind of perfect watermarking technology would be acceptable, because the assumption isn't that I'm a bad person that is going to do evil things with the content (as with DRM), instead the assumption is that I'm a good person who will use the content responsibly, but if I don't then I leave fingerprints around that the cops can use to find me.
Well, I had previously found a more specific FAQ about the client libraries back when I was helping research the licensing stuff. I can't find it now, but this excerpt from the commercial license page seems applicable (from http://www.mysql.com/company/legal/licensing/comme rcial-license.html).
"If you develop and distribute a commercial application and as part of utilizing your application, the end-user must download a copy of MySQL; for each derivative work, you (or, in some cases, your end-user) need a commercial license for the MySQL server and/or MySQL client libraries."
"If you include one or more of the MySQL drivers in your non-GPL application (so that your application can run with MySQL), you need a commercial license for the driver(s) in question. The MySQL drivers currently include an ODBC driver, a JDBC driver and the C language library."
We investigated this issue as well, because we have a commercial application which uses JDBC and requires a database. Our application wasn't designed for MySQL, but works with it as well as with several other databases. Most of our clients already had a commercial database installed, so this was not an issue for them, but some of our clients needed a database.
So we asked our legal folks what they thought about including documentation for our MySQL support. Their opinion was that because we had not designed our application for MySQL but had instead coded to the generic JDBC interface (and since MySQL wasn't even our primary target), then as long as we didn't ship MySQL or the GPL'd driver then there was no way we could be classified as a derivative work.
So we ship the application, and allow the user to specify their own JDBC driver. We do include directions on configuring it to use MySQL.
If you go to the MySQL site, they try to convince you that hiding behind the JDBC interface like this is infringing use for which you need a commercial license. But our lawyers decided that their argument was bunk, and that it would have probably been just fine to even distribute the MySQL driver alongside our application provided we advertise the GPL and include the driver source.
Now that PostgreSQL is a couple of versions into native Windows support this has all become a non-issue anyway. All new clients who need a database are being steered that way, partially because of the friendly licensing but mostly because our developers trust it more anyway.
The most common cause of these symptoms that I've seen is bad DNS, because gnome libs will try to resolve your hostname in DNS. It's the first thing I look at when gnome apps all become about uniformly slow to start but non-gnome apps are fine.
None of the iTunes account authentication stuff applies as long as you're not using iTunes, which you wouldn't be if you used these new tools. According to the article, these tools operate directly on music files, they don't interact with iTunes at all.
This is pretty much exactly the route that we take. A generic XML file, with per-database overrides if necessary, and keeping the schemas in separate files because they're different but don't change much.
:)
In addition to Oracle and PostgreSQL, we also support SQL Server and IBM's UDB. Supporting Oracle and PG together is almost trivial, because underneath the hood they both use similar concurrency control methods. But don't be fooled into thinking that supporting other databases will be simple.
For us, the biggest hurdle with other databases is transactions; old-style database systems like SQL Server and DB2 use hierarchal escalating locks to manage concurrency, and if you use non-trivial transactions and have any degree of concurrency in your system, you'll geat the dreaded SQL Server error 1205 (or DB2's -911). If you read the MSDN for this one, it basically says that you need to rearchitect your data access layer to support their stupid locking system. I'm sure that SQL Server is a decent database if you design your application around its limitations to start with, but transitioning from Oracle/PG you'll feel some major pain here. SQL Server 2005 is supposed to have somewhat mitigated this, but it's still too new for us to really look into supporting it.
Also, you'll find a lot of other quirks. SQL Server doesn't support sequences, it doesn't support ON DELETE SET NULL, nor does it support ON DELETE CASCADE as well as other databases; in non-trivial schemas it will refuse to create the constraint. SQL Server's UNIQUE constraints are weird when it comes to NULL handling and don't match either the spec or the behavior of any other database I've seen. I still maintain that the locking behavior in UDB and pre-2005 SQL Server bad enough to be considered a design bug (to its credit, I believe DB2 predates MVCC so IBM at least have an excuse). You may notice that I like to slam on SQL Server (who actually PAYS for this crap??).
PG and Oracle have their quirks as well, but they're more in the details and less fundamental. Oracle can't tell the difference between an empty string and NULL, and PG . . . . well, PG is like Mary Poppins, practically perfect in every way
I know that zealots from both sides will indulge in the opportunity for some bashing and grandstanding, which is fun and I enjoy a good smack-down as much as the next Slashdotter, but I just wanted to inject a little reality check. This study doesn't mean anything about OS quality. Numbers always lie, and even if you're not trying to make them lie, they're sometimes useless anyway, as in this case.
Linux has a different user base than Windows and UNIX. So the fact that 20% of the responses to the survey show higher Windows uptime doesn't mean that for the same usage patterns Windows is higher quality. To show that, you'd need to compare only sites with very narrowly targeted usage patterns which differ (as much as possible) only by their choice of operating system. This study didn't even attempt that, so making any claim whatsoever about the relative quality of operating systems based on this data is fallacious.
Instead, this study CAN shed some insight on the type of people running different OS's, and their type of usage.
Since UNIX had the highest uptimes, you might conjecture that conservative people run UNIX. Or you might guess that since UNIX market share is currently eroding in favor of Linux and Windows servers, UNIX servers are more heavily weighted towards older, established systems that aren't in early development stages as much as the up-and-coming OS's.
Conversely, since Linux had the lowest uptime, you might guess that Linux has a higher percentage of fresh new applications running on it.
(Note that I'm not saying that there's conclusive evidence of these guesses here. I'm just saying that when considered together with other data, these are the kinds of conclusions you'd be able to draw from this sort of statistic).
Your math is wrong. 20% more downtime means 1.2 times as much downtime as the Windows box, not 20% of the year.
So if the Windows box is down for 10 hours per year, the Linux box is down for 12 according to the study.
I worked for a company that sold software to banks, and we had to satisfy the same requirements. We ended up negotiating an arrangement where a consultant from IBM who would show up on our premesis, check out a laptop with no network or removable storage support that had a copy of our source code on it, read source code all day, then check it back in and go home.
We thought it was pretty draconian, but the bank thought it was a great idea; bank IT staff by necessity live in a paranoid world, so I guess they didn't mind so much.
Nobody is EVER going to need more than 64K of RAM. Errr, I mean, processors.
Well, this is what J2EE is supposed to accomplish with EJB. Of course in previous versions EJB implementations have suffered from terrible performance and terrible code complexity. Supposedly both have gotten better, but I haven't dared to look at them again yet.
Look, I realize that there have been a lot of negative posts knocking on ESR for this email. Try viewing this article at mod=5 and it's basically all criticism. To those who lambast ESR, I assert that you have an underdeveloped sense of humor and/or knowledge of deep-geek culture. The response was darned funny, if I were the recruiter I would have gotten a good laugh from it and moved on. Were he other than he is, ESR would lose his authentic appeal to the real engineers who agree with him. Look, we're not supposed to be charming and charismatic; or if we are, at least it isn't what defines us as hackers. Hackers are, by and large, short-tempered when confronted with blatant stupidity. We can be vindictive and hold quasi-religious beliefs about the merits of our favorite software. That's what we are, and ESR is just being honest about it. My $0.02.
In a perfect world I think you're right; the filtering, if any, should be done by the parents on the computer and not delegated to the ISP's.
But this isn't a perfect world. More often than not it is the kids who are the real power users on the computer. It's asking a lot from parents to know how to enable password-protected logins on Windows XP, how to configure unprivileged accounts for their kids that can still play all of their games, how to install blocking software, etc. And many homes share their network connection with some kind of cable/dsl router-- you'd need to maintain this on every computer in the house, and on your kids' friends' laptops when they bring them over.
It's just not practical to ask parents to jump through all of these hoops just to accomplish something that should be simple; make sure that their kids don't get exposed to something 'evil'.
Compare this to an ISP, which can install and configure a single software program that serves all of their opt-in customers. From the ISP's perspective, this isn't technically any more challenging than providing virus protection.
Whether it makes sense to require ISP's to offer this sort of service instead of letting the free market decide is another issue. I think that parents should vote with their pocket-books. But I certainly see the argument that ISP's are better equipped to handle this sort of thing.
That's the name of the feature you're looking for.
I use vim and make for small C++ projects, but for larger projects I've found it useful to have a real IDE. Either Anjuta or KDevelop are good.
Most of my professional programming recently has been in Java. Eclipse is far and away the best free IDE, although I've heard unconfirmed rumors that recently NetBeans has started becoming usable. We use IntelliJ IDEA, which I highly recommend. We switched away from Eclipse because it supported the same sort of refactoring that Eclipse did, but it was faster, easier to control from the keyboard, and seemed more intuitive. And at $500/license it's pretty cheap compared to the (commercial) competition.
I agree with the comments others have posted about getting a well-designed build system set up first thing; it really will save you time. If you're using Java, then Ant is basically the de facto standard, and is well worth using. If you're running both Java and C++, it probably makes sense to use Ant for both, so you can have a single build system.
As far as version control goes, you really want something more flexible than CVS. I've used CVS in a professional setting, and while it has its advantages, its lack of changesets makes managing a large project difficult. It isn't so bad with C/C++ code, where it is common to have a few large source files, but with Java forcing you to make lots of small source files it makes version management a real hassle.
We're switching over to Subversion for version control. While you're looking at version control, take a look at Trac, which is an immensely useful issue management system that integrates directly with SVN.
There actually seems to be something valuable in this delayed password disclosure scheme, although I think it has been overhyped a bit.
This is a shared secret key authentication mechanism, but it is not just a boilerplate shared key scheme. The difference is that prior to the standard authentication step, the client can send a challenge to the server which the server can only correctly respond to if it knows the password, and the server's response can only be deciphered by a client who knows the password.
The advantage that this scheme has is that you can authenticate to a remote server using only your password, without having previously exchanged certificates in a mutual-authentication scheme, but still retain the MITM-resistant advantages of a mutal-authentication scheme.
So it could be easier to use but still roughly as secure (at least, if you have a sufficiently hard to guess password).
I agree with you however that I wouldn't use it for anything important until it's been properly vetted by the paranoid crypto community.
No offense to the MySQL developers, but MySQL isn't really pushing PostgreSQL internals development these days. Oracle is.
What do you think features such as tablespaces, point-in-time recovery, transaction savepoints and the like are aimed at? It's aimed at enterprise customers who would otherwise be considering Oracle/DB2 (or maybe SQL Server, although I hate to include it in the list because it's still just a very well-marketed toy).
Well, of course the obvious advice is to use SVN if possible. This will save you pain in many ways, the most important IMO being individual atomic changesets which track all files affected by one change, so you don't need to ask yourself, "Now what ELSE did the developer commit as part of this fix?" Yes there are ways around this in CVS. But they're not convenient nor are they guaranteed to always work.
That disclaimer out of the way, here are the basic common-sense rules we use for CVS:
1. Make sure you do your builds directly from CVS, not from any development machine. This means that you can guarantee that you have a record of the exact contents of a build and aren't getting any artifacts from a developer system.
2. On a related note, every time you release a version, tag the source with a non-branching tag for later tracking.
3. Whenever you release a product that you will need to maintain separately from your development line (e.g. you ship a product to a client, or release your product to the production web server, or whatever), then create a separate branching tag for it.
4. Periodically review the repository and chastize users who do not use descriptive commit messages or who aren't careful and commit files with only minor (think whitespace) changes.
5. If you are able to use Subversion, look into TRAC (http://www.edgewall.com/trac/) to see if it can help you. It's a godsend.