I have had this problem in several different projects with different teams.
I generally think of it as the "code hostage" or "cherry-picking" problem. You have the work of 15 issues reviewed and merged and loaded up and running on a test environment. For 14 of those issues, a "user" ( or whatever you call the non-developer issue-owner in this case ) checks in and says it is good. Time is passing and the 15th person is a no-show. It's worse than if they said it still wasn't fixed -- then you would immediately go to work reverting that code change and re-testing everything -- but instead everything is held up in limbo.
One way to address the majority of these issues, is to set up a separate testing environment or server per ticket, and put the pull request or branch on it, before it is merged to the main branch. Force users to test BEFORE it gets on the path that will end up in a deployment. This means that slow moving people won't block others.
This might seem expensive, but with APIs to cloud hosting and/or container technology, it can be automated, and is a lot cheaper than it would have been a few years ago.
You can still end up with a problem on the now integrated code, and still have to cherry-pick / revert some commits, and since the result has not yet been tested all together, you still have to re-test. However this happens much less often, because it is only happening in the cases where interaction between different work is causing the problem.
From the article now that I took the time to read it:
According to a series of tweets from the Surge twitter account, the NRA sent a legal complaint to Cloudflare, which then forwarded it to Digitalocean. Surge responded âoewithin 22 minutes.â Digitalocean asked Surge to provide counterclaim documents. Some minutes later, Digitalocean shut down Surge.sh. According to Surge, 38,000 sites became unavailable.
That at least seems more plausible. I wonder if Surge will spread their services accross several hosting providers after this incident.
Exactly, all politics and humor and whatever aside, how did one notice bring down an entire hosting system ? And if they had 38,000 websites, surely they had received notices before, and why didn't it bring Surge down then ?
It seems there's more to the technical side of this story.
It is PET, the same plastic as a 2L soda bottle, and the adhesive is silicone based. I have found it impossible to tear, easy to cut, and it has much better adhesive strength than kapton tape.
Keep your text config files in git, and use gitlab or something similar to be able to browse and comment on, and link to from wiki documentation, all the changes.
Amazon doesn't normally do that -- they just rent the (virtual) servers, the dashboard and other software including the OS would have been installed by the customer, at most they might reboot or shutdown and restart a machine . . . but they provide a self-serve API to do that, so probably not even that.
Unless the access involved the attackers getting the AWS account credentials, I don't think there's much Amazon could do.
We, the open source and freedom-loving community, may need an organized task force to keep track of these programmers, track their incomes, and store their communications -- just for future reference in case something comes up and a mole is suspected, not an actual search as the Constitution defines it, of course. Similar to the Apache Foundation and other Foundations for Open Source causes, but tasked with keeping our communications secure, and breaking the other side's communications where feasiable. We'll have to keep the existence of the Association secret as much as possible of course, and thus also hide it's budget in small items spread accross the other Foundations. They'll archive all the repos and mailing lists and IRC channels and any other communication medium, but advances in technology make the storage on that scale cheaper. We might have to rent a large building out somewhere that has cheap land and few pesky curious tresspassers, Utah or something. We'll just refer to it as No Such Association for now. A small and expedient measure given the threats of our times.
The main appleal of LaTeX is precisely that you aren't supposed to continuously re-render it, you are supposed to write things. Then you twiddle how it looks a bit at the end.
Optimizing web pages for speed of rendering the output seems reasonable, but I'm not sure that should be a big consideration in a document format.
Will they make it so that if you arrive on a web page via a google search, the operator of that web page cannot see the search terms that lead you there ? I think that would be an improvement.
As a practical matter, we cannot allow spying to be considered a reason to go to war, because by it's nature it is hard to prove and easy to fake; it would basically be giving states the right to start a war whenever they want. At times in history we've tried that, such when most of the states of Europe were basically the persons of kings, and it didn't work out so we came up with rules.
This issue is a distraction, as is Private Manning's sexual identification. It just doesn't matter. It is actually the job of the NSA to spy on those communications, and as institutional, political communications they don't have the same moral scanticy and protection as private, individual humans' communications. Prior to Terror being the primary justification, the NSA used to justify some of their actions by saying that they discovered when large foreign contracts had been decided by bribe, and saved American companies the cost of bidding on them; that is also exactly what they are supposed to be doing.
The fact that the NSA got caught, or perhaps even worse yet chose to leak this activity to distract from the fact they got caught in their other activities, is more evidence the agency is out of control and needs to be brought to heel.
In my opinion, the NSA was basically killed by giving it an unlimited budget. Under such circumstances an organization tends to seek out the most expensive, least innovative, least risky things to do and firehose money into them. Take your favorite causes -- defense and law and order if you are right wing, education and health care if you left wing, or your perfered church if you are religious -- and the quickest way to thoroughly destroy that cause is to give it's institutions an unquestioning loyalty and unlimited budget.
In spite of the fact that I think some things the NSA does are good, and perhaps necessary in the long term, I think the best action currently would be to close the whole agency for a number of years. We'd run some risks in doing so, but leaving them on their current path is also running some risks. You can't wave the bogey man of an Islamic Caliphate or whatever and then pooh-pooh the bogey man of a internal Cheka or Stasi. I think if we cut the place down cold, and let the giant glass buildings and huge datacenters collect dust and mold for about 4 to 6 years, we'd be in a better position to restart something smaller and more disciplined around 2020. I think you need to close it for that long, so that all the careerists in there know they have to switch careers and get into other areas. You might end up hiring a large chunk of them back, of course, but half a decade in a different industry shakes up the bureaucratic allegences and gives people a different point of view.
If you want to get the free slashvertisement of a/. story, you need to use the platform to do something that slashbots would like to talk about, like maybe explore a walled-off section under the stairway of some historical building, or something.
Also, your store sends people to inertialabs.com which then in turn sends people over to robotmarketplace.com. Have it take people directly where they need to go.
I don't think they are bullshit, as a user of the latest firefox that ships with Ubuntu I see this all the time:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 23974 rgr 20 0 2656m 1.8g 40m S 55 23.3 164:03.18 firefox
It's a great laptop with 8 GB of RAM, 4 cores, etc. Still, I often restart firefox just to get work done.
The state of the browser world is pretty shabby right now. Basically, the browser is replacing the desktop window manager as a key piece of software - between webmail (gmail), web-based time tracking (harvest), keeping notes in an internal wiki, etc, much of my work is done in a browser. The state of that browser world is basically like the desktop world about 1995: the easiest solutions to use are filled with other people's programs running on my resources to their ends (usually advertising), the most private and ethical solutions lack the capability to do many things (in 1995 it was run specific programs, now it is use specific websites).
I don't see much hope from the web development and browser communities. When you talk to anyone in those communities and ask an open ended question such as "what's the biggest problem we're facing" or "what most excites you about the industry today" the response is usually about web standards, java script, and bastardizing page description into a bad programming language, making websites less ugly on mobile devices.
That your computer does what you want it to, instead of merely generating heat, or even worse yet computing flashy ads you don't want to see and collecting information for your enemies, isn't on their radar except as a knee-jerk platitude or afterthought. "Oh yeah, and privacy. We only write websites that don't track you if you put your name on a list."
I think it is in one of Artur Bergman's coffee-laced-with-hate fueled rants he points out that the browser / javascript infrastructure that is being built up is the largest attempt at distributed computing ever, and it is being built by people who have educations and backgrounds in graphic design and advertising, and learned programming along the way. All the issues of distributed computing such as latency and consistency are still there of course. I think it is not necessarily bad that the people building this don't have a formal background - those with a formal background haven't done so well sometimes - but it is bad that they all culturally come from advertising. They think in terms of slogans even when they think about ethical problems - "Don't be evil" - and their standards for what is acceptable ethical behavior are low.
So it is not a surprise that the browser they produce barely runs on the kinds of computers the top few percent of the world can afford, and that it collects information for the top 0.01 percent.
Perhaps if much of the world starts using tiny computers based on the new cheap system-on-a-chip ARM stuff, like the Raspberry PI and Beagleboard Bone and etc, there will be a brief opening where there is no good browser available for those machines and a new one could make headway. But I think we'd end up back in the same place on that platform for the same reasons unless we do something differently.
I think the best inhibitors of histronics are the long and subtle posts on the value of contemplation of underlying forces acting in society. Post away, ignore the peanut gallery.
DrupalCon can be expensive. If you can get there cheaply and perhaps share an AirBnB with someone or otherwise cut costs, it might be worth it.
However, you definitely need to continue freelancing or contracting so that you build a portfolio that you can point to.
In terms of self promotion, I would advise that one of the biggest bang-for-your-buck methods would be to present at Drupal Camps that you can attend cheaply. Make a 45 min presentation out of one of your projects as a "case study", those types of presentations are popular.
Eventually you will get a job offer if you keep that up.
In the longer term, you cannot neglect your education. This doesn't mean going back to school or taking formal classes necessarily, but you have to realize that you will have to be improving yourself for the rest of your career - either learning new technologies before your customers need them, deepening your theoretical background, learning a foreign language, something. Try to attend to that in a disciplined way.
The degree does not do much to help employers evaluate people; a potential employer may apply it as a filter, but for development jobs and other creative work, it is not a good filter. The ones that are actually using it to refuse interviews are managed by lazy, unimaginative types and you don't want to work there. It is more likely that the requirement of a degree is posted as a formalism, perhaps the company doesn't want to suggest publically that they have low standards in hiring, and that an appropriately qualified candidate will get an interview.
The fact that you have taught people who finished a degree late, and they thought it was worth it, is not really evidence. The reason why they were still persuing the degree is that they thought it would be worth it in the end; perhaps they attached more importance to the emotional aspects of degree as a societie's validation of themselves, and this might also lead them into the more bureaucratic and entrenched parts of the industry, which also attach importance to degrees.
Learning that concrete technologies are meaningless but the large ideas behind them are, will happen in the workforce, much faster than the 4 years of a degree.
Finally, you trot out the old "it doesn't mean anything but you need it for advancement" nonsense. That just isn't true. It may have been true when GE, GM, and IBM were large portions of the workforce and had their corporate ladders in place, but few organizations trust their own internal promotions anymore - they prefer the validation, not of a degree, but validation that another company hired you for a similar position already. You advance two ways: a growing company grows underneath you, or you leave for a higher position somewhere else, perhaps returning later. The growing company method is mostly luck, and lateral switching depends mostly on the job you are leaving, not on the degree you do or don't have.
Education is not a waste, you will have to do that your whole career. But educational insititutions are a waste, and don't have as much education in them as you would think.
I don't think the Federal Government is a good example of limiting secrets to save money.
Declassification is under funded, and mainly a fig leaf.
Classifying documents as secret is cheap, and has many bureaucratic benefits - making people and projects look import, shielding failures from review, etc. Thus the default is to classify everything.
I think this applies to other large institutions with secrecy programs as well, such as large corporations.
You say "To progress the site I need to set up version control, continuous integration, and staging" . . . in the near future, I think you will be able to buy all that with a few clicks in the cloud environment. A good example that is available right now is the Pantheon evironment, although it is targeted at only Drupal: https://getpantheon.com/platform
I know the founders of Pantheon and have worked with one of them. The demos they have been giving, and the experiments I did with it using the Beta trail codes they gave out, were very impressive. I would start any large multi-developer, scaling project on Pantheon right now.
Eventually there will be similar offerings for all platforms. You probably should not wait for that, however. I would avoid basing the project on Microsoft products if I were you, and I would set up servers on the Rackspace Cloud, keep the code in a private github, and set up a single real hardware server at the house or office that has enough a development environment on it be to fall back and have that machine also keep backups of everything.
I have fled Southwestern Bell several times, only to have them buy the company I went to (including leaving to go to AT&T only to have them buy that and masquerade under that name).
I may have to do it again. Maybe I can move my number to a VoIP provider such as Vitelity in order to keep it, and then just go without a cell phone for a while. Americans spend a lot more on communications than other first world nations, and not having a phone bill for a while would fatten my wallet.
Slashdot Mirror
I think I met him once at one of my first linuxfests.
I have had this problem in several different projects with different teams.
I generally think of it as the "code hostage" or "cherry-picking" problem. You have the work of 15 issues reviewed and merged and loaded up and running on a test environment. For 14 of those issues, a "user" ( or whatever you call the non-developer issue-owner in this case ) checks in and says it is good. Time is passing and the 15th person is a no-show. It's worse than if they said it still wasn't fixed -- then you would immediately go to work reverting that code change and re-testing everything -- but instead everything is held up in limbo.
One way to address the majority of these issues, is to set up a separate testing environment or server per ticket, and put the pull request or branch on it, before it is merged to the main branch. Force users to test BEFORE it gets on the path that will end up in a deployment. This means that slow moving people won't block others.
This might seem expensive, but with APIs to cloud hosting and/or container technology, it can be automated, and is a lot cheaper than it would have been a few years ago.
You can still end up with a problem on the now integrated code, and still have to cherry-pick / revert some commits, and since the result has not yet been tested all together, you still have to re-test. However this happens much less often, because it is only happening in the cases where interaction between different work is causing the problem.
That at least seems more plausible. I wonder if Surge will spread their services accross several hosting providers after this incident.
Exactly, all politics and humor and whatever aside, how did one notice bring down an entire hosting system ? And if they had 38,000 websites, surely they had received notices before, and why didn't it bring Surge down then ?
It seems there's more to the technical side of this story.
Instead of vinyl tape with silicone adhesive, try this:
http://www.uline.com/BL_6420/G...
It is PET, the same plastic as a 2L soda bottle, and the adhesive is silicone based. I have found it impossible to tear, easy to cut, and it has much better adhesive strength than kapton tape.
If you are interested in the power consumption of the Pi, you should probably check out this: http://www.midwesternmac.com/b...
I did a brief trademark search, and only found this:
http://tmsearch.uspto.gov/bin/...
Which seems to be a coworking space: http://www.themakersspace.com/...
I'd stick to calling it "maker" space, singular, and go for it. Make sure there is no way someone might confuse your efforts with theirs.
"local landfill for recycling"
Recyled as . . . an artifical hill ?
Keep your text config files in git, and use gitlab or something similar to be able to browse and comment on, and link to from wiki documentation, all the changes.
Amazon doesn't normally do that -- they just rent the (virtual) servers, the dashboard and other software including the OS would have been installed by the customer, at most they might reboot or shutdown and restart a machine . . . but they provide a self-serve API to do that, so probably not even that.
Unless the access involved the attackers getting the AWS account credentials, I don't think there's much Amazon could do.
We, the open source and freedom-loving community, may need an organized task force to keep track of these programmers, track their incomes, and store their communications -- just for future reference in case something comes up and a mole is suspected, not an actual search as the Constitution defines it, of course. Similar to the Apache Foundation and other Foundations for Open Source causes, but tasked with keeping our communications secure, and breaking the other side's communications where feasiable. We'll have to keep the existence of the Association secret as much as possible of course, and thus also hide it's budget in small items spread accross the other Foundations. They'll archive all the repos and mailing lists and IRC channels and any other communication medium, but advances in technology make the storage on that scale cheaper. We might have to rent a large building out somewhere that has cheap land and few pesky curious tresspassers, Utah or something. We'll just refer to it as No Such Association for now. A small and expedient measure given the threats of our times.
This is similar to vole:
http://vole.cc/
https://github.com/vole/vole
https://www.writelatex.com/ and https://www.sharelatex.com/ and several desktop latex editors seems to work OK despite your logic.
The main appleal of LaTeX is precisely that you aren't supposed to continuously re-render it, you are supposed to write things. Then you twiddle how it looks a bit at the end.
Optimizing web pages for speed of rendering the output seems reasonable, but I'm not sure that should be a big consideration in a document format.
Or that could be done with a plugin . . . it would also deprive google of the data of what links were clicked in searches.
Will they make it so that if you arrive on a web page via a google search, the operator of that web page cannot see the search terms that lead you there ? I think that would be an improvement.
According to the UN Charter itself, spying would not be an act of war, definitely not a reason to start one. See:
https://en.wikipedia.org/wiki/Chapter_VII_of_the_United_Nations_Charter
https://en.wikipedia.org/wiki/Casus_belli
As a practical matter, we cannot allow spying to be considered a reason to go to war, because by it's nature it is hard to prove and easy to fake; it would basically be giving states the right to start a war whenever they want. At times in history we've tried that, such when most of the states of Europe were basically the persons of kings, and it didn't work out so we came up with rules.
This issue is a distraction, as is Private Manning's sexual identification. It just doesn't matter. It is actually the job of the NSA to spy on those communications, and as institutional, political communications they don't have the same moral scanticy and protection as private, individual humans' communications. Prior to Terror being the primary justification, the NSA used to justify some of their actions by saying that they discovered when large foreign contracts had been decided by bribe, and saved American companies the cost of bidding on them; that is also exactly what they are supposed to be doing.
The fact that the NSA got caught, or perhaps even worse yet chose to leak this activity to distract from the fact they got caught in their other activities, is more evidence the agency is out of control and needs to be brought to heel.
In my opinion, the NSA was basically killed by giving it an unlimited budget. Under such circumstances an organization tends to seek out the most expensive, least innovative, least risky things to do and firehose money into them. Take your favorite causes -- defense and law and order if you are right wing, education and health care if you left wing, or your perfered church if you are religious -- and the quickest way to thoroughly destroy that cause is to give it's institutions an unquestioning loyalty and unlimited budget.
In spite of the fact that I think some things the NSA does are good, and perhaps necessary in the long term, I think the best action currently would be to close the whole agency for a number of years. We'd run some risks in doing so, but leaving them on their current path is also running some risks. You can't wave the bogey man of an Islamic Caliphate or whatever and then pooh-pooh the bogey man of a internal Cheka or Stasi. I think if we cut the place down cold, and let the giant glass buildings and huge datacenters collect dust and mold for about 4 to 6 years, we'd be in a better position to restart something smaller and more disciplined around 2020. I think you need to close it for that long, so that all the careerists in there know they have to switch careers and get into other areas. You might end up hiring a large chunk of them back, of course, but half a decade in a different industry shakes up the bureaucratic allegences and gives people a different point of view.
I like your site and your portfolio and products.
If you want to get the free slashvertisement of a /. story, you need to use the platform to do something that slashbots would like to talk about, like maybe explore a walled-off section under the stairway of some historical building, or something.
Also, your store sends people to inertialabs.com which then in turn sends people over to robotmarketplace.com. Have it take people directly where they need to go.
https://en.wikipedia.org/wiki/Earth_Abides
Post-apocalyptic, but it's a very interesting take on it.
I don't think they are bullshit, as a user of the latest firefox that ships with Ubuntu I see this all the time:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
23974 rgr 20 0 2656m 1.8g 40m S 55 23.3 164:03.18 firefox
It's a great laptop with 8 GB of RAM, 4 cores, etc. Still, I often restart firefox just to get work done.
The state of the browser world is pretty shabby right now. Basically, the browser is replacing the desktop window manager as a key piece of software - between webmail (gmail), web-based time tracking (harvest), keeping notes in an internal wiki, etc, much of my work is done in a browser. The state of that browser world is basically like the desktop world about 1995: the easiest solutions to use are filled with other people's programs running on my resources to their ends (usually advertising), the most private and ethical solutions lack the capability to do many things (in 1995 it was run specific programs, now it is use specific websites).
I don't see much hope from the web development and browser communities. When you talk to anyone in those communities and ask an open ended question such as "what's the biggest problem we're facing" or "what most excites you about the industry today" the response is usually about web standards, java script, and bastardizing page description into a bad programming language, making websites less ugly on mobile devices.
That your computer does what you want it to, instead of merely generating heat, or even worse yet computing flashy ads you don't want to see and collecting information for your enemies, isn't on their radar except as a knee-jerk platitude or afterthought. "Oh yeah, and privacy. We only write websites that don't track you if you put your name on a list."
I think it is in one of Artur Bergman's coffee-laced-with-hate fueled rants he points out that the browser / javascript infrastructure that is being built up is the largest attempt at distributed computing ever, and it is being built by people who have educations and backgrounds in graphic design and advertising, and learned programming along the way. All the issues of distributed computing such as latency and consistency are still there of course. I think it is not necessarily bad that the people building this don't have a formal background - those with a formal background haven't done so well sometimes - but it is bad that they all culturally come from advertising. They think in terms of slogans even when they think about ethical problems - "Don't be evil" - and their standards for what is acceptable ethical behavior are low.
So it is not a surprise that the browser they produce barely runs on the kinds of computers the top few percent of the world can afford, and that it collects information for the top 0.01 percent.
Perhaps if much of the world starts using tiny computers based on the new cheap system-on-a-chip ARM stuff, like the Raspberry PI and Beagleboard Bone and etc, there will be a brief opening where there is no good browser available for those machines and a new one could make headway. But I think we'd end up back in the same place on that platform for the same reasons unless we do something differently.
I think the best inhibitors of histronics are the long and subtle posts on the value of contemplation of underlying forces acting in society. Post away, ignore the peanut gallery.
DrupalCon can be expensive. If you can get there cheaply and perhaps share an AirBnB with someone or otherwise cut costs, it might be worth it.
However, you definitely need to continue freelancing or contracting so that you build a portfolio that you can point to.
In terms of self promotion, I would advise that one of the biggest bang-for-your-buck methods would be to present at Drupal Camps that you can attend cheaply. Make a 45 min presentation out of one of your projects as a "case study", those types of presentations are popular.
Eventually you will get a job offer if you keep that up.
In the longer term, you cannot neglect your education. This doesn't mean going back to school or taking formal classes necessarily, but you have to realize that you will have to be improving yourself for the rest of your career - either learning new technologies before your customers need them, deepening your theoretical background, learning a foreign language, something. Try to attend to that in a disciplined way.
The degree does not do much to help employers evaluate people; a potential employer may apply it as a filter, but for development jobs and other creative work, it is not a good filter. The ones that are actually using it to refuse interviews are managed by lazy, unimaginative types and you don't want to work there. It is more likely that the requirement of a degree is posted as a formalism, perhaps the company doesn't want to suggest publically that they have low standards in hiring, and that an appropriately qualified candidate will get an interview.
The fact that you have taught people who finished a degree late, and they thought it was worth it, is not really evidence. The reason why they were still persuing the degree is that they thought it would be worth it in the end; perhaps they attached more importance to the emotional aspects of degree as a societie's validation of themselves, and this might also lead them into the more bureaucratic and entrenched parts of the industry, which also attach importance to degrees.
Learning that concrete technologies are meaningless but the large ideas behind them are, will happen in the workforce, much faster than the 4 years of a degree.
Finally, you trot out the old "it doesn't mean anything but you need it for advancement" nonsense. That just isn't true. It may have been true when GE, GM, and IBM were large portions of the workforce and had their corporate ladders in place, but few organizations trust their own internal promotions anymore - they prefer the validation, not of a degree, but validation that another company hired you for a similar position already. You advance two ways: a growing company grows underneath you, or you leave for a higher position somewhere else, perhaps returning later. The growing company method is mostly luck, and lateral switching depends mostly on the job you are leaving, not on the degree you do or don't have.
Education is not a waste, you will have to do that your whole career. But educational insititutions are a waste, and don't have as much education in them as you would think.
I don't think the Federal Government is a good example of limiting secrets to save money.
Declassification is under funded, and mainly a fig leaf.
Classifying documents as secret is cheap, and has many bureaucratic benefits - making people and projects look import, shielding failures from review, etc. Thus the default is to classify everything.
I think this applies to other large institutions with secrecy programs as well, such as large corporations.
You say "To progress the site I need to set up version control, continuous integration, and staging" . . . in the near future, I think you will be able to buy all that with a few clicks in the cloud environment. A good example that is available right now is the Pantheon evironment, although it is targeted at only Drupal: https://getpantheon.com/platform
I know the founders of Pantheon and have worked with one of them. The demos they have been giving, and the experiments I did with it using the Beta trail codes they gave out, were very impressive. I would start any large multi-developer, scaling project on Pantheon right now.
Eventually there will be similar offerings for all platforms. You probably should not wait for that, however. I would avoid basing the project on Microsoft products if I were you, and I would set up servers on the Rackspace Cloud, keep the code in a private github, and set up a single real hardware server at the house or office that has enough a development environment on it be to fall back and have that machine also keep backups of everything.
I have fled Southwestern Bell several times, only to have them buy the company I went to (including leaving to go to AT&T only to have them buy that and masquerade under that name).
I may have to do it again. Maybe I can move my number to a VoIP provider such as Vitelity in order to keep it, and then just go without a cell phone for a while. Americans spend a lot more on communications than other first world nations, and not having a phone bill for a while would fatten my wallet.