John D. Mitchell's Blog

Deployment Archives

JaveOne 2007, Community One

Sun is, as everybody knows, struggling to get mindshare around their products. This is especially true as they try to get uptake as they open source more of their stuff -- such as Solaris.

Hiring Ian Murdock of Debian fame is a pretty good idea to me. One of the biggest hurdles to (Open) Solaris uptake is the fact that so many things in dealing with Solaris are so annoyingly odd to all the folks who are used to the relatively consistent GNU userland experience and the usable package managers on Linux and *BSD distributions.

Another item that came through over and over again throughout the day was that one of, if not the key reason to use Solaris is DTrace. DTrace is an efficient execution tracing framework and if you haven't used it, you're missing out. Story after story from a wide variety of developers, sys admins, QA folks, etc. touted how using DTrace allowed them to get insight into the actual running of their systems and how big a difference that can make. While it's an open question of whether/when this will make it to Linux, DTrace is already in the next version of OS X and will be in the *BSDs sooner rather than later.

I must say that I was surpised how little I saw emphasizing the coolness of ZFS. It's a modern filesystem designed for the current disk storage and usage reality rather than how things were 20 years ago. Coupling ZFS with Sun's Thumper box is, IMHO, a compelling reason to actually buy Sun hardware. There's no really good filesystems in the open source world if you actually care about your data and want good performance and manageability. ReiserFS is pretty much orphaned and while the ext family are okay for desktop and non-critical servers, they just don't cut it when the data really matters.

Of course, for Java developers, the question is pretty much moot as to whether it's any advantage to go with Linux or Open Solaris. Java runs well on both. It was quite funny to hear some pushback to Greg Luck's (of ehcache) comment that OS doesn't really matter -- just a good JRE implementation. That's just playing out the old Java mantra of "write once, run anywhere" in the real world. Of course, operating system choice does matter to a point -- Greg's own company is an example of moving from ASP.net to Java because of scalability / performance reasons and days vs. months and years of uptime.

For me, I've used all of them for so long that it's mostly just a question of using what works for any given need. I'm hoping that the continued opening up of Solaris will help spur improvements in the Linux world and that many of the things that we love about the OSS operating systems will help improve Solaris so that moving around from one to the other is even easier.

Piss Poor Web Security Approaches

Pete Freitag writes up 20 ways to Secure your Apache Configuration. Now, all 20 tips are useful to help make Apache less insecure but they certainly don't make an Apache installation actually "secure."

First off, note clearly how many things you have to go out of your way to turn off. That is, look at all of the extraneous, insecure junk that is installed and configured as part of a default Apache setup up. That's a big violation of the security dictum that we should be secure by default and have to explicitly take action to add in extra, insecure things. An example of why this is so important is that if you actually go through all of this tightening and then upgrade that server and forget to go back through and do all of the tightening again... Oops, not only will your system be insecure again but you'll probably be under the false assumption that your system is secure when it isn't. I've seen this happen way too many times to my clients and friends.

Second, if one really cares about security, why on earth would anyone consider Apache at all? There are many much better http server solutions out there for anyone needing serious security such as publicfile. Publicfile takes an arguably extreme approach and is fundamentally incapable of the vast majority of web server security problems. Therefore, other web servers such as the venerable, static-speed demon thttpd, the new, feature-rich kid on the block, LightTPD, or even the commercial king-of-the-hill Zeus Web Server can be a much better blend of increased security and increased performance.

Of course, if you're doing Java-based web server applications, Jetty and Resin are great solutions but they also tend to err by having way too much enabled by the default configurations.

Sun nukes SISSL

Sun's "Chief Open Source Officer", Simon Phipps, just announced that Sun is retiring the Sun Industry Standard Source License. He's putting Sun's money where it's mouth is and actually getting rid of the license to help reduce the ridiculously rampant proliferation of "open source" software licenses.

Fer shizzle!

If you're interested in why license proliferation is so lame, read Larry Rosen's short paper, License Proliferation.

GCC turns 4.0

The GNU folks have released version 4.0 of the venerable GCC compiler with built-in support for the C, C++, Objective-C, Ada, Fortran, and Java programming languages.

The biggest general change is the completely new intermediate language representation based on tree SSA. SSA (Static, Single Assignment) is a modern approach to the intermediate representation of the parsed programs which allows for a much more sane and aggressive approach to optimization.

On the Java front, the GCJ sub-project has made major improvements including better support of AWT and Swing and a lot more of the other Java libraries such as java.util.regex. If you didn't know, GCC can generate native (machine-specific) binaries directly from Java code.

Check out the ChangeLog for more details.

Anatomy of Insanity

CNet reports that Microsoft is offering $5 (yes, 5) for data loss due to it's new AntiSpyware software that's in beta testing. Gee, thanks. That will buy me a cup of coffee so I can calm down after you destroy my data. Yeah, sure.

This is another case of how Microsoft (and so many other organizations) just doesn't understand (or care) how enormous an impact their buggy software has on users. This goes part in parcel with the wonderful example in my old blog entry Anatomy of Insanity? Of course, they will claim that this offer is somehow helpful to the customers but, I must say, it's just plain insulting. Why not try something revolutionary like actually writing high-quality software?

IBM's open lettter to Sun: Open-Source Java

In response to Sun's Simon Phipps' rant about Eric Raymond's open letter to Sun to open-source Java, IBM Vice President Rod Smith has called for Sun to open-source Java in a letter to Sun Vice President Rob Gingell. Smith offers IBM's support to create an independent organization to control Java.

Sun's Phipps rants on Raymond's open-source rant

In an article in the UK's PC Pro magazine, Sun fires back over Open Source Java accusations, Simon Phipps, Sun's Chief Technology Evangelist and java.net blogger, rails about Eric Raymond's recent open letter to Sun, Let Java Go.

Seems pretty clear that both sides make some points and miss their marks. I don't have the time right now into a blow by blow analysis but I will say that I'm personally sick and tired of Open-Source fanatics saying that everything should be open sourced. It's Sun's property and they can do whatever they want to do with it (whether we like it or not). On the other side, I'm equally sick and tired of Sun saying that they do NOT have any extra level of control over the rest of the JCP powers -- that's patently false -- check out my earlier blog on that particular subject, Open, Independent JCP?.

Apple Flashers

Luckily for us, Steve Jobs debuted the iPod mini in his MacWorld 2004 conference keynote. It's tiny and very slick. Even better, the control felt pretty nice. Alas, in all too typical Apple style, the $249 price tag is just plain silly -- they should have hit the $199 price point.

Apple does get the Best Revisionist Video Award for reshowing their seminal 1984 TV commercial with an iPod digitally inserted onto the body of the running woman. Alas, I must say that the giveway of a poster of the ad was a big let down.

Long-term, there are two other announcements that I think are much more important. First off, Jobs also debuted the new G5-based Xserve and Xserve RAID servers. It seems that Apple is finally starting to actually put in the serious enterprise-class features like EEC memory and "dual" everything. I'm going to have to actually consider them now.

The biggest announcement is the new iLife '04 application with the non-i name... GarageBand. GarageBand is basically a music making program. Now, I'm no music software geek but the demo with Jon Mayer was very impressive -- especially supported guitar instruments. Create a garage band without the garage or the band (or any talent :-)! Mayer said that if he had this when he was 13, he would have never left his room.

Microsoft Clarifies Intentions to Retire JVM-Based Products

Earlier this week, I blogged about Microsoft phasing out products which depend on Java. Well, the agile marketing arm of Microsoft has flexed its muscles again with... Microsoft Clarifies Intentions to Retire JVM-Based Products.

Basically, all they have done is pushed the drop dead date back one measely week and are more precise about which products are getting whacked. Yawn.

This work is licensed under a Creative Commons License.