Outsourcing Responsibility

What do you do when your debugger fails you?

 

Dear KV,

I’ve been assigned to help with a new project and have been looking over the admittedly skimpy documentation the team has placed on the internal wiki. I spent a day or so staring at what seemed to be a long list of open-source projects that they intend to integrate into the system they have been building, but I couldn’t find where their original work was described. I asked one of the project team members where I might find that documentation and was told that there really isn’t much that they need to document, because all the features they need are available in various projects on github.

I really don’t get why people do not understand that outsourcing work also means outsourcing responsibility, and that in a software project, responsibility and accountability are paramount.

Feeling a Sense of Responsibility

Outsourcing Responsibility

George V. Neville-Neil

 

Quality Software Costs Money – Heartbleed Was Free

How to generate funding for FOSS

POUL-HENNING KAMP

The world runs on free and open-source software, FOSS for short, and to some degree it has predictably infiltrated just about any software-based product anywhere in the world.

What’s not to like about FOSS? Ready-to-run source code, ready to download, no license payments—just take it and run. There may be some fine print in the license to comply with but nothing too onerous or burdensome.

Quality Software Costs Money – Heartbleed Was Free

 

Forked Over

 

Shortchanged by open source

Dear KV,

 

How can one make reasonable packages based on open-source software when most open-source projects simply advise you to take the latest bits on GitHub or SourceForge? We could fork the code, as GitHub encourages us to do, and then make our own releases, but that puts the release-engineering work that we would expect from the project onto us.

 

Forked Over

Forked Over

George V. Neville-Neil

 

Please Put OpenSSL Out of Its Misery

OpenSSL must die, for it will never get any better.

POUL-HENNING KAMP

The OpenSSL software package is around 300,000 lines of code, which means there are probably around 299 bugs still there, now that the Heartbleed bug — which allowed pretty much anybody to retrieve internal state to which they should normally not have access — has been fixed.

That’s really all you need to know, but you also know that won’t stop me, right?

Please Put OpenSSL Out of Its Misery

 

The Logic of Logging

And the illogic of PDF

 

GEORGE NEVILLE-NEIL

 

Dear KV,

I work in a pretty open environment, and by open I mean that many people have the ability to become the root user on our servers so that they can fix things as they break. When the company started, there were only a few of us to do all the work, and people with different responsibilities had to jump in to help if a server died or a process got away from us. That was several years ago, but there are still many people who have rootly powers, some because of legacy and some because they are deemed too important to restrict. The problem is that one of these legacy users insists on doing almost everything as root and, in fact, uses the sudo command only to execute sudo su -. Every time I need to debug a system this person has worked on, I wind up on a two- to four-hour log-spelunking tour because he also does not take notes on what he has done, and when he’s finished he simply reports, “It’s fixed.” I think you will agree this is maddening behavior.

Routed by Root

 

http://queue.acm.org/detail.cfm?id=2588887

 

This is the Foo Field

The meaning of bits and avoiding upgrade bog downs

GEORGE NEVILLE-NEIL

Dear KV,

When will someone write documentation that tells you what the bits mean rather than what they set? I’ve been working to integrate a library into our system, and every time I try to figure out what it wants from my code, all it tells me is what a part of it is: “This is the foo field.” The problem is that it doesn’t tell me what happens when I set foo. It’s as if I’m supposed to know that already.

Confoosed

This is the Foo Field

 

The Bikeshed: Center Wheel for Success

“Not invented here” syndrome is not unique to the IT world.

POUL-HENNING KAMP

When I first read the claim that HealthCare.gov, the Web site initiated by the Affordable Care Act, had cost $500 million to create,4I didn’t believe the number. There is no way to make a Web site cost that much. But the actual number seems not to be an order-of-magnitude lower, and as I understand the reports, the Web site doesn’t have much to show for the high cost in term of performance, features, or quality in general. This is hardly a unique experience in the IT world. In fact, it seems more the rule than the exception.

Center Wheel for Success

 

Bugs and Bragging Rights

It’s not always size that matters.

GEORGE NEVILLE-NEIL

Dear KV,

I’ve been dealing with a large program written in Java that seems to spend most of its time asking me to restart it because it has run out of memory. I’m not sure if this is an issue in the JVM (Java Virtual Machine) I’m using or in the program itself, but during these frequent restarts, I keep wondering why this program is so incredibly bloated. I would have thought Java’s garbage collector would prevent programs from running out of memory, especially when my desktop has quite a lot of it. It seems that eight gigabytes just isn’t enough to handle a modern IDE anymore.

Lack of RAM

Bugs and Bragging Rights

 

A Lesson in Resource Management

Waste not memory, want not memory—unless it doesn’t matter

GEORGE NEVILLE-NEIL

Dear KV,

I’ve been reworking a device driver for a high-end, high-performance networking card and I have a resource allocation problem. The devices I’m working with have several network ports, but these are not always in use; in fact, many of our customers use only one of the four available ports. It would greatly simplify the logic in my driver if I could allocate the resources for all the ports—no matter how many there are—when the device driver is first loaded into the system, instead of dealing with allocation whenever an administrator brings up an interface. I should point out that this device has a good deal of complexity and the resource allocation isn’t as simple as a quick malloc of memory and pointer jiggling—a lot of moving parts are inside this thing.

http://queue.acm.org/detail.cfm?id=2523428

 

More Encryption Is Not the Solution

Cryptography as privacy works only if both ends work at it in good faith

POUL-HENNING KAMP

The recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula, “More encryption is the solution.” This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.

More Encryption Is Not the Solution