Smalltalk Tidbits, Industry Rants

Dan Kaley writes an obituary for Smalltalk - based on the release of VAST NC. Fascinating. Does he know that IBM released that over a year ago? Does he realize that VisualWorks has been available for NC download since 1997? Heck, if you think no serious work is going into Smalltalk, just grab VWNC 3.0 from the VW Wiki, then download the latest from the Cincom site. Now, after taking a look, explain to me how Smalltalk is dead. Yeesh. Next time, do a google search and follow some of the links instead of just reposting some of the tinfoil hat theories from the slashdot crowd. Hat tip to Steve Hunter for pointing this silliness out to me.

As I write this, the blog is offline - as is the entire Cincom corporate site. Word is that the MSBlaster virus got loose at corporate and is wreaking havoc. So no website today. In the meantime, I'll be doing some offline posting. Ahh, the joys of a Windows based network infrastructure....

Wired News has a story about Dean presidential campaign sending out a spam message. The interesting thing about this is that the campaign - via their use of a blog and meetups has gotten a reputation as being very tech savvy. Well, this shows how easy it is to trip from one side of the respect baar to the other via a simple mistake:

Matthew Gross, head of Internet communications for Dean for America, confirmed that the organization had indeed authorized sending the message, but he noted that it was only intended to reach subscribers who had specifically asked to receive campaign information. Instead, it ended up reaching many recipients who had never even visited the Dean website.

"We had contracted with two vendors for our mailings, under the assurance that they would only use opt-in lists," said Gross. "When we found out that the messages were mailed to people not on our lists, we discontinued our relationship with the vendors."

Simple mistake, and one I bet a lot of companies make as well. It's potentially costly, because spam really irritates a lot of people. Not something a campaign - political, or corporate (marketing) wants or needs to make.

Via Scoble I found this link to one of the Longhorn developer's blogs. This worries me:

Second, Windows is too hard to use. I actually think all computers are probably too hard to use, but I never worked product support for any other ones. Just doing simple things is hard because there is too much noise. Because Windows is a multipurpose operating system (as opposed to something like the XBox or your VCR) there are hundreds of options and checkboxes etc. Happily, in our work on Longhorn I know that we are working hard to make this easier - but this experience really brought this home.

Why does that worry me? Because everytime someone tells me that they are going to make the OS easier to use, I think of various easy to use applications I'm familiar with - like the video editing atrocity that my wife has been trying to work with. That software tries to 'help' you by managing its own files and managing its own file names - and by not exposing you to the file system. Maybe Longhorn won't do any of that, but every time I hear someone tell me how easy they are going to make things, I wonder just how stupid the end result will be...

I've felt like this about customer service - during my ReplayTV extravaganza, for instance. This is one of the things that makes me wonder about the whole outsourcing trend - the people you get on the phone have virtually no power. Realistically, the phone support people in-house never had tons of power either, but there were two things they had going for them:

• They worked directly for the vendor in question, so they had some stake in the vendor's success. Meaning, the liklihood that they actually cared was higher
• There was at least some chance that they actually knew some of the developers/engineers/whatever. Or managers in those groups. In other words, they could use personal contacts to gain some soft power

Now look at what the remote phone support people have. No tie to the company. No personal relationships to leverage. No real power - either soft or hard - instead, just an inflexible set of rules to follow. IMHO, this is one of the reasons that tech support is bad, and getting worse. There are real cost savings in outsourcing this stuff - but the soft costs incurred by having a powerless remote staff that doesn't care are potentially huge.

Looks like our IT group got on top of the worm problem, and the CST sites are back up. I'm wondering if this came into corporate via a remote user through VPN; the remote people aren't necessarily up to date on port blocks and patches, and VPN opens an interesting vulnerability. I haven't examined VPN software in any depth, but I have to believe that the VPN server can block ports...

Tim Bray notes that a lot of things seem to be inaccessible today. I have been having the same problem, but thought it was my ISP. Maybe not....

Computer Business Review has a story about SCO suing end users of Linux:

SCO Group Inc is preparing to take a Linux user to court to speed up the legal process in its claim Unix code has been illegally copied into Linux, and also encourage Linux users to take out a license for its intellectual property.

The company has signed one large customer up to its Intellectual Property License for Linux, but faces opposition from many more who believe SCO must prove its claims in a court of law before they will hand over the $700 per CPU for the license.

Speaking at SCO's Forum event in Las Vegas, president and CEO Darl McBride said SCO preparing to speed-up the legal process and convince the skeptics. "We are prepared to have this heard on a quicker basis in a customer environment if that's what it takes to quicken it up," he said.

This should roil the waters and make people even happier with SCO. The story so far:

• SCO sued IBM
• IBM sued SCO back
• The validity of the GPL may well get tested in court
• The whole field of throw patent violations at Open Source is awaiting validation

And we can all thank SCO for this big pile of fun. Swell

Eric Burke reports some issues with Windows update - an update keeps showing as available. While we haven't seen that problem here, my wife's system (XP Home) has had some real issues with update. At some point last year, update broke her dhcp client. After each reboot, the machine was blissfully unaware of the net - running the network wizard always worked. Tiring of this, we set it up as a static IP, and that worked fine for months. When yet another worm/security issue came up, we used update again to patch - and the damn update mechanism did the following:

• Told us the machine needed to be rebooted
• Helpfully reset networking (w/o telling us!) to dhcp
• Returned us to the no network on boot state

So we reset networking to static, rebooted, and got a clean connection. We are now very wary of Windows Update - there's really no good reason for the property setting changes it did.

Is Outlook Express dead or undead? Looks like hot potato politics inside of Microsoft - will anyone actually be sad to see this nasty little virus attractor die?

If you doubt that the forces of entropy are on the upswing out there, have a look at this Wired article:

The recent deluge of worms and viruses, including Tuesday's bombardment by the latest variant of the Sobig virus, may be a result of last week's Blaster worm tweaking adolescent egos, according to security experts. The same experts also slammed Microsoft and end users for the parts each played in the latest dramas.

Blaster's "success" probably encouraged other malicious coders to devote the weekend to working on their own evil little creations, said Chris Belthoff, senior security analyst antivirus firm Sophos

That explains why the network experience is starting to suck for an awful lot of us - it probably explains the numerous small outages I'm seeing with my cable service. I had a tech out yesterday, and he found that my signal strength was just fine - and had no good explanation for why I'm getting periodic disconnections. Whatever the problem is, it's further up the lines - possibly Comcast's network getting hit with the email being sent by all the worms out there... who knows.

Related to all this is an interesting editorial in ComputerWorld this week, where their editor quotes a university's IT coordinator

Among the many IT professionals watching this wormy nightmare unfold was Carl Ness, distributed information systems coordinator at Clarke College in Dubuque, Iowa. He e-mailed me with a straightforward but difficult question: Why?

"Why aren't people, especially at the chief executive level, asking: 'Why are we still using this stuff?' " Ness wanted to know. "If these problems were at this level for any other operating system, executives would have demanded that it be ripped out and replaced."

A longtime Novell and Unix user, Ness has 33 servers in production at the 1,200-student college, and only half a dozen of those run Windows. Yet he finds it maddening that disruptions like the Blaster worm are becoming business as usual. "We should not accept the phrase, 'Well, it's Microsoft, we just have to put up with it,' " Ness said, contending that IT pros need to push their managers harder to consider alternatives to Microsoft. Where is the tipping point for your company? How much more business disruption can you sustain?

Very good questions. If a home appliance worked this badly, would you buy that brand again? What about a car? So why are we so complacent about Windows? Heck, if the open source Linux seems scary, take Infoworld's advice and take a serious look at the new Macs - Unix based, rock solid - and easy to use and administer. IMHO, it's time for users to take IT to task for this crap.

The slammer worm whacks a nuke plant:

The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned.

The breach did not post a safety hazard. The troubled plant had been offline since February 2002, when workers discovered a 6 x 5in hole in the plant's reactor head. Moreover, the monitoring system, called a Safety Parameter Display System, had a redundant analog backup that was unaffected by the worm. But at least one expert says the case illustrates a growing cybersecurity problem in the nuclear power industry, where interconnection between plant and corporate networks is becoming more common, and is permitted by federal safety regulations.

I sincerely hope that someone got canned over that...

With blaster and sobig raging, this is the last thing we need:

Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could completely overshadow last week's events. On 23 July Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to Microsoft, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page.

So we could be in for another exciting round of duck and patch. You know what? I'm seeing a lot of hype about the wonders of Longhorn and the criticality of the PDC from Scoble - here's some unsolicited feedback:

As recently as 2 months ago, I never would have considered a Mac, and Linux as a full desktop replacement just seemed too painful. Now I'm pretty well convinced. I'll be in the market for a new PC soon, and I will be looking very seriously at the Mac platform. Why? Because it's built on top of a stable OS, and the incidence of utter stupidity in application integration at the expense of security (recall that NT 4 pushed much of the graphics code into ring zero of the OS to enable better game performance, for instance) at Apple. I don't care how many new features you put into Longhorn, or how much cooler you think your database is. The bottom line is, your platform sucks. It's insecure, and simply unacceptable in terms of business risk. I wish I could get our IT group to see that; 2-3 infected (Blaster) systems yesterday knocked Cincom's websites off the air for hours. That's a huge cost, and it's being incurred because of sloppy, stupid crap in Redmond.

You've lost my trust; it's going to be a long hard road for you to get it back. And it's not just me - ComputerWorld's editorial page is starting to question MS as a realistic default choice.

You might recall this post from a few weeks ago where I made the point that - late in the season especially - the Yankees get more serious, and harder to beat, while the Red Sox tend to engage in full choke mode. While the Curse of the Bambino may not be real the Sox players sure play as if it is. Here are a couple of stories that illustrate what I'm talking about:

• Yanks win, Sox reel (NY Times)
• Sox fret about number 2 starter

The Yankees have opened up a 6 1/2 game lead (7 in the loss column). The Boston sports writers are starting to fret, and the Sox have stopped hitting. It must be the pennant stretch :)

Ted Leung ponders buying a new iBook, and asks himself this about MS software: So why am I waffling? I must be crazy. We all must be. Yeah, pretty much what I was thinking when I wrote this.

Michael Lucas-Smith (co-author, with Dave Murphy of TypeLess) - now has a blog powered by Cincom Smalltalk. Subscribe to his feed here

Chris Brumme talks about security and MS code. Most of the article is pretty good, and very honest - as with discipline in a clasroom, it's hard to tighten up after a long period of laxness. Still, this bit tweaked me:

Unfortunately, this stuff is still way too difficult. It's a simple fact that only a small percentage of developers can write thread-safe free-threaded code. And they can only do it part of the time. The state of the art for writing 100% secure code requires that same sort of super-human attention to detail. And a hacker only needs to find a single exploitable vulnerability.

I do think that managed code can avoid many of the security pitfalls waiting in unmanaged code. Buffer overruns are far less likely. Our strong-name binding can guarantee that you call who you think you are calling. Verifiable type safety and automatic lifetime management eliminate a large number of vulnerabilities that can often be used to mount security attacks. Consideration of the entire managed stack makes simple luring attacks less likely. Automatic flow of stack evidence prevents simple asynchronous luring attacks from succeeding. And so on.

Yes, threaded code is hard. But, it would have been a lot easier had MS gotten a clue years ago and stopped using C and C++. We are going to be suffering from vulnerabilities for years because of that

The last two days I've been off on a rant about Windows security. Well, it's not all peaches and cream over in Unix-ville either - check out the Sans/FBI list of top vulnerabilities. I got hit by a linux worm two years ago, and I've had to patch ssh is anticipation of a problem. On the other hand, my linux box hasn't lost track of the network randomly like my box did last night and my wife's box used to (until we switched her from dhcp to a static ip). In any event, you can't be all complacent just by not running Windows....

Ted Leung has some interesting language notes - Java and a bunch of other things - this morning. Have a look

Spotted in Loosely Coupled weblog - Sterling Ball went from being a Microsoft backer to an MS free shoop - because of the heavy hand of the BSA. There's a great summary at the end of this article, with some thoughts to ponder by all software vendors:

But as Moore points out, one day the tornado stops and you end up on Main Street. The transition from undisputed 100-pound gorilla to brand-conscious, user-friendly market leader is a tricky one, and not every business gets it right. Main Street is there for Microsoft and the rest of the traditional software industry to lose, and one of the key vulnerabilities is the mistrust customers feel around software licensing and upgrade policies. If other vendors can add attractive branding and bundling to the open-source licensing model of Linux and related products, they'll be well placed to exploit that vulnerability. Already, Microsoft and the BSA have lost a key battle for customer hearts and minds on Main Street in San Luis Obispo

Go read the whole article

The Register explains why my email is arriving so late (last night, I got much of email after 8 pm) - the Sobig.F virus, already bigger than klez, love bug, etc. MS could do us a favor and pull Outlook when they pull Outlook Express....

The Register shows us that the XML buzz has gone to absurd extremes - now they are ttalking about XML machines - you know, as in Von Neumann machines. Pass the popcorn; silly season has definitely arrived....

Thomas Gagne has some interesting observations about the differences in exception handling in Smalltalk and Java:

I was recently reading about Exceptions in Java and discovered they aren't resumable. You can't pick-up from where an exception was thrown. I began wondering how this might be possible in Java, but it would require a change to Java's syntax--or the language. Why?

Java doesn't support code blocks as objects. New functionality can't be introduced to blocks of code without changing the language itself. try/catch/finally is implemented as part of the language and not as a feature of an object.

Also, because Java as statically typed it would be nearly impossible to resume with a new value anyway since the "throw" command would have to be able to return a value--but since throw is a command it doesn't return values--and even if it did it would have to return the amorphous "object" which would then require down casting to be made useful. Even then it may be impossible to resume processing with an alternative primitive value.

So Java programs have to run while{}s outside their try{}catch{}s to correct something--which makes the granularity of what can be retried fairly large. Meaning, if there are side effects inside try{} they will either need to be reexecutable without additional (bad) effects or whatever they did will require undoing (or inoculation) inside the catch{}.

In Smalltalk, however, interesting features can be added to blocks and exceptions because they're objects, and object's behavior can be extended without subclassing and is possible in the first place because they aren't "final" nor closed in the base library.

Smalltalk is even neater now than it was a few weeks ago.

Sobig is still growing, and some analysts think the worst could be early next week - as vacationers come back to the office. Oh, happy day...

Scoble gets some pushback from management:

Why the change? I'll be honest, I've gotten a bit of heck from people inside Microsoft and upon talking with my friends and co-workers about it, I've decided that my new policy will be not to link or talk about stuff unless Microsoft has officially released something

I've been wondering for awhile whether Scoble (or some other corporate blogger, like me) would get tripped by something like this.

Sean McGrath links to a great article discussing typing - static, ddynamic, manifest, etc. He makes some good points about the costs of manifest typing, and how TDD is much, much cheaper in a dynamic language.

Have a look at the comments as well - there are some choice comments from people who clearly have never seen a dynamic language - one commenter states that many tool driven refactorings are impossible without manifest typing! Guess he's unaware that the refactoring broweser was invented in Smalltalk

Via Sean McGrath - a link from the Joel on Software forum on the static/dynamic thing

You might have seen aa few ups and downs for the blog (and other services here). I was trying tto debug a posting problem that cropped up mysteriously - making this server capable of handling multiple blogs had a lot of small issues the price I paid for relying on a singleton when I started writing the server.

Since sometime last night, my network connection has been rotting on me. What do I mean by that? Well, after 2 hours or so, most pings are failing, websites are inaccessible, ftp is unusable... So I go power cycle the cable modem, and all is well. I had a comcast tech out a few days ago - my modem is fine, and the signal strength into the house is just fine - so the problem is further out. I just called them, and got a message that they are aware of problems in my area. So my question is, is this related to Sobig? Are my ISP's systems being overloaded, or is it something else?

Wired News has discovered XP:

The Mountain Dew-fueled all-nighter is history. Today's supercoders work 40 hours a week. And two to a computer. It's called extreme programming - and it's revolutionizing the software world.

do they issue cool superhero outfits now? There's also aa fascinating analyst quote further down in the story:

The software development process is profoundly screwed up. According to the Standish Group, which conducts an annual industry-wide survey, 15 percent of all information technology projects get canceled outright, costing the sector $38 billion each year, and companies spend $17 billion annually on cost overruns. Those products that are finally released contain just 52 percent of the features customers asked for. Throughout the industry, projects are chronically late - only 18 percent hit deadline - and consistently, maddeningly flawed. Estimates of the number of bugs contained in shipped products run from one defect in every 1,000 lines of code to one in every 100. According to Watts Humphrey in his book A Discipline for Software Engineering, IBM at one time spent $250 million repairing and reinstalling fixes to 13,000 customer-reported flaws. That comes to a stunning $19,000 per defect.

So here's a question. Most of these projects are using the popular, statically typed languages. Allegedly, static typing catches a lot of errors that a dynamic language would pass through. If that's the case, then why are all these errors getting into software?? The emperor has no clothes, and all of his acolytes are standing naked with him....

Phillip Brittan compares Java and .NET, and puts his finger on Java's problem:

Java takes a language-specific approach to solving problems, .NET takes a platform-specific one

He has some suggestions, and says he'll offer some more - however, opening the JVM to other languages is going to go nowhere until Sun unfreezes the JVM. So long as the JVM sucks as a platform for dynamic languages - which are gaining buzz - the JVM will be seen as a monoculture for one language. Meanwhile, .NET - and Rotor, the cross platform cousin - will adapt and grow to better support dynamic development.

Jon has an interesting post that delves into blogs and for pay content (MSDDN in this case). Have a look at this Scoble response to a complaint about content not showing up on MSDN:

Publishing is too hard for many Microsoft employees. Blogging makes it easy. Would Chris even bother if he needed to figure out who was responsible for publishing stuff like his over at MSDN? Would Chris bother if he needed to have three meetings just to get his stuff approved to post up? I wouldn't. I'm not gonna publish on microsoft.com or msdn.com unless I have to. The process is just too daunting...Think that most of Microsoft's 55,000 employees know how to get something through the publishing system at MSDN? I don't think so. Blogs take up the slack.

To which Pete Cole responded:

Errr, as a stupid sap paying $1000s for MSDN subscription I would rather that a company the size of Microsoft SORTED ITSELF OUT - please explain to me why I should even have to answer the question of which I would rather he do? If the MSDN people are a pain in the butt, then management should sort them out.

The trouble for me is that the API surface I write against is documented neither on MSDN nor the Web - I spent my life in a haystack of needles looking for the right one to put the thread through.

That's interesting. It's really just an extension of what's been going on in the world of newspapers and publishing - why buy the New York Times, for instance, when you can read it here free? That's now expanded out - developers are asking why they should pay for content, when they get better answers from blogs. It's hardly limited to blogs. A question recently arose at Cincom related to support - people regularly ask questions on comp.lang.smalltalk, on the vwnc mailing list, and on the Smalltalk IRC - and if the right people are looking, they get answers fast. Does that take away from support?

I think the answer to both is no. Yes, you can get good answers from non-traditional support channels, or good information from blogs. However, it's catch-as-catch can. You may get an answer when you need it, you may not. Paid support is a guarantee that someone will pay a attention to your problem right now. Of course, if support doesn't respond quickly, then the why am I paying? question will gain ground - in the more connected world we live in now, paid support needs to hop to it or be seen as obsolete - which will impact revenues. On the publishing side, it means that the paid content had better have something compelling that the free content doesn't have. If it doesn't, watch people stop paying...

Netgear inadvertantly hoses the University of Wisconsin with a massive DOS attack - not through a willful attack, but through bad programming. Now UW gets to suffer for years....

I've seen a few questions go by recently about threads in VW - so I thought it might be useful to publicize the existing information. Have a look at this page for information on controlling the thread pool. In your image, look at class ProcessorScheduler - in particular, look at these methods:

• primGetThreadLevels - returns an array with the current values for various thread settings - see the method comment for details
• primSetThreadLimit: limit lowTide: lowTide - Set the OE's thread limit and low tide. A less-than-zero value is ignored, allowing each level to be set independently. Note that these values must be at least 1 since there is one thread devoted to Smalltalk

Those two methods will tell you what's going on, and how to control how your external API threads are managed. There's a wealth of information available on that page and in the method comments - go take a look!

Just noticed the change this morning. Thanks Google!

I posted on the ongoing Yankee surge and Red Sox swoon a few days ago - now I find this in the Boston Globe:

Meanwhile, Kevin Kernan's game story on last night in the New York Post leads with this: "It has come down to this. The Yankees and the Curse of the Bambino have gotten so deep into the New England mindset that at Quincy Market they are selling Babe Ruth "Reverse The Curse" dolls at a lovely little shop called The Christmas Dove. Fans here can't even celebrate holidays without thinking of the Yankees and the Curse of the Bambino."

I love reading Boston sports pages at this time of year :)

I was asking whether my crappy network connectivity over the last few days was Sobig related - apparently, it was. See this comment on the item. If the VPN blockage thing is true, Cincom's IT folks are not going to be happy about it....

Michael Lucas-Smith says that with:Style is getting closer to release. Very much looking forward to it.

Ted Leung notices that more and more interest in dynamic languages is cropping up. If it gets through to the large IT shops, maybe the horrible project failure rates will decline.

Ted Leung links to some interesting comments on the amount of 'line noise' in various programming languages. Doing a Smalltalk comparison took a small bit of effort:

• We don't look at code in file-out notation, so the eextraneous bangs would pump up the noise
• We don't look at the code in VW's XML format either, which would also be noisy.
• The noise program classifies any non-alphanumeric, non-whitespace character as noise. First, that's a very rough measure. Second, in Smalltalk, a lot of those are methods, so classifying them as noise is unfair.

In looking at the example, I grabbed 25 or so lines of Smalltalk from a few methods, and created a small noise filter - #($# $^ $! $( $) $[ $] $: $; $.) are 'noise' in the sense of the comparison here. Running over a small bit of Smalltalk code, I came up with 35. Now, the question is, is the colon really noise in Smalltalk - since it conveys semantic information? I don't know. to some extent, the measure is poorly done for all these languages, but there's the value I came up with.

Dewayne Mikkelson hits it dead on with this observation:

Yesterday's posting hit a nerve. (Seems at least three people agree with me!) What might we be able to accomplish on our projects if we put our attention on learning to increase the relatedness of people on our projects rather than studying for the PMI certification exam? Does anyone really think that doing better work breakdown structures will make our projects successful? No one. That's what I thought. How about learning to repair trust between two important team members? Now that would make a difference. Not the role of a project manager, you say? Then who's role is it?

yeah, that caught my eye. As product manager, I've attempted (more than once) to cool down out of control conversations between team members. It becomes more difficult when

• You love a good argument (one of my faults, I guess)
• All the parties involved are remote from one another - leaving email, phone, and IM as the only cooling mechanisms.

Ted Leung points to some research on the impact of messaging interrupts during the day. As expected, phone calls are a big one - the recovery time from one is 15 minutes (time from getting the call to returning to the task at hand). However, email is more intrusive than you think. The recovery time there is 64 seconds - and you'll see a lot more email interrupts. At one point I had my mail arranged so that the poll was once an hour - maybe I should go back to something longer than the default (which is 5 minutes in Eudora)...

I decided to have a look at Comcast's policy on VPN's this morning (Comcast is my ISP). So I'm reading the page:

Do you allow/support Virtual Private Networks (VPN)?

Comcast allows customers to utilize VPN software in accordance with our Acceptable Use Policy and other terms of service; however, we do not provide technical support for them. To get support, please contact your software company's system administrator.

Ok, that sounds reasonable. Off to the Acceptable Use Policy document. Here I find this:

Prohibited uses include, but are not limited to, using the Service, Customer Equipment, or the Comcast Equipment to:

.....

resell the Service or otherwise make available to anyone outside the Premises the ability to use the Service (i.e. wi-fi, or other methods of networking), in whole or in part, directly or indirectly, or on a bundled or unbundled basis. The Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider or for any business enterprise or purpose, or as an end-point on a non-Comcast local area network or wide area network;

As I read that last clause, using VPN makes my system and end-poinit on a non-Comcast WAN - which is prohibited. So I can 'use VPN within the limits of the AUP' - meaning, I have the degenerate case, where I can't use it. Now to be fair, Comcast doesn't seem to care - I've had numerous techs tell me that they won't come after people using vpn unless they are chewing bandwidth in other ways (running servers, etc) that cause a problem. Still, the stated policy is at odds with the friendly sounding answer. I guess my question is, has anyone at Comcast read this page's question and compared it to the actual policy? Or is clarity optional now?

Two Towers goes on sale on DVD and VHS. So how many of us will buy this (the theatrical release) and the extended release in November? Likely it will be the same set of people who (like me) show up for the midnight openings of the LoTR movies...

Tim Bray has a roundup of good email alternatives. If you've had enough of Outlook, get thee over there now.

Tim Bray wonders if IT is a good career possibility anymore. Scoble ponders teaching his kid Chinese. Meanwhile, they (and most of the other bloggers, for that matter) are missing the trendlines completely. Business 2.0 has a very interesting article on this topic in the September issue (which is not online yet, so no direct links. The short answer - get ready for a sellers market in the IT realm again, and soon.

Ok, your immediate reaction is that I'm nuts. People have been getting laid off in droves, and offshore outsourcing has been all over the news of late. So where am I coming from? Simple - demographics. The demographic trends indicate a coming shortage, starting sometime in the next two years. And based on the numbers, it could easily be a bigger crunch than 1998-2000. What's driving this? The baby boom generation is starting to retire, and that cohort is bigger than the ones following it - by a lot. Just look around any IT shop, and what do you see? An awful lot of people within a few years of retirement

What's that you say? That the stock market tumble and loss of 401k value will keep them at work? The trend towards early retirement has been solid for 40 years now, through downturns a lot more severe than the recent one. Even the Social Security Administration - which would love later retirement as a way of being able to show better long term numbers - can't find evidence of people staying at work.

Ok, what about growth rates, automation, and immigration then? Automation hasn't slowed employment in the tech sector in the past - it's just shifted it. Immigration - legal or otherwise - isn't big enough to cover the lossage. And even if we assume average growth rates, the demographics show a crunch. What about all that outsourcing? Well, the most aggressive analysts predict something like 3.5 million jobs leaving to other shores over the next 15 years. India has something like 150,000 tech workers - which is barely 2% of the size of the US tech force. In other words, even if costs stay low there (which they won't), it's a small impact.

The doom and gloom outlook in this sector is overstated, and overstated badly. The demographics pretty much ensure a turn-around - and more quickly than you think. Go to a newstand and grab the Business 2.0 mag for September, and have a look at the charts.

If you tried registering for and downloading Cincom Smalltalk over the weekend, you likely had a nasty experience - a badly applied patch made it such that new users couldn't properly register or download. No one was really paying a lot of attention over the weekend, which is our fault. My apologies to all who had problems - if you register now, it should all work fine.

The Register quotes FSF counsel Eben Morgan, who says that there is no danger of the GPL being overturned as a result of the SCO and IBM suits. Eben has far more faith in the courts than I do - I wouldn't guess anything about what will or won't result when a court looks at the GPL. The Register does make a good point about overseas results - regardless of what US courts do with the GPL, any number of things could happen overseas. As far as I'm concerned, it's all unknowable...

Jon's Radio discusses dynamic languages and rapid development. He relates the rapidity of early (and ongoing) Perl based server scripting, and notices that the client side is still mainly static. Well, here's one developer doing RSS from a dynamic language (Smalltalk). Jump right in; the water's fine!

I am getting positively buried in Sobig virus emails. Most are coming through my Cincom email address, with the viral attachment stripped by the Cincom mail system. However, that's still inundating me in the messages. Is this happening all over today?

With the help of a style sheet from Michael Lucas-Smith, and some instructions from Anthony Lander, I've redone the BottomFeeder home page. Thanks guys!

ESUG 2003 in Bled, Slovenia has started, and there are some early reports of goings on on the ESUG Wiki:

• Puncturing the Balloon. Re-inventing and Selling Smalltalk in the 21st Century - Joseph Pelrine (MetaProg)
• Talks in the Academic Track

Fast Company has some interesting advice for those who want to encourage and create new ideas - don't always hang with the same crowd. Interesting article - here's the summary points:

• Cut the cord to the familiar faces around the water cooler.
• Mix it up.
• Take a class with strangers, seek out ideas from people you don't ordinarily talk to, do anything to get out and mingle more with folks from other professions.
• Broaden your social horizons.

In other words, if you want new ideas, meet new people...

PCWorld.com reports that the DOS attack on SCO was carried out by a senior member of the linux community. Ok, that's bright. Could this moron have thought of a better way to make potential corporate adopters of linux think less of open source and the open source community? Here's an enlightening set of comments:

In an interview last week, SCO chief executive officer Darl McBride complained of being picketed, targeted with crank telephone calls at 2 a.m., and even challenged to a fistfight by an SCO detractor.

"Terrorists do things designed to intimidate people, and we see a lot of that going on all the time--people trying to attack us or people that we're associated with," he said at the time. "If you look at a DoS attack, that's a form of cyberterrorism," he said. "When you're shutting people's Web sites down, you are impacting commerce. That's against the law."

Raymond and fellow open source advocate Bruce Perens condemned the attack, saying that the open source community would be better off compiling evidence against SCO's claims, rather than attacking SCO directly. "I think it's important that we hold the moral high ground here," said Perens. "We are the good guys. We are the ones who are having false claims made about us."

It's really, really hard for me to work up any sympatthy for McBride - but the sort of harrassment he's getting is beyond the pale - and it doesn't help. Rather, it makes him - and by extension his argument - seem more reasonable. If you engage in this sort of idiocy, realize that you are offering aid and comfort to SCO...

Ted Leung covers a lot of interesting ground on dynamic systems in this post, but this paragraph on the benefits of GC really jumped out at me:

In the early 90's when I argued with people about Lisp like languages, I was always getting pushback on the syntax, and on garbage collection. Today, I no longer have to argue with people about garbage collection. Java and C# have made it acceptable. But people misunderstand its importance in constructing modular systems. Most people like garbage collection because it eliminates memory smashes. This is true and definitely a big benefit. But the bigger benefit of having garbage collection in the language is that subsystem designers no longer have to worry about which subsystem owns the memory. This makes it much easier to break things apart and reuse them. When you have to manage memory by hand, your subsystem has two "protocols" jammed into a single mode of expression (the API). You have the application level protocol for the subsystem, and you have the memory management protocol for the system, so that subsystem users know how to interact with objects that came from the system. We don't have to deal with that any more and that decouples subsystems a lot. So we killed two birds with one stone, but we only saw the carcass of the smaller bird.

I just love the way he put that.

I don't need to lok any further than my inbox to tell me that Sobig.F is still spreading like a fire in a dry forest. I'm getting a steady drip - 3-10 virus mails - on every download of mail. Most of them are coming into my Cincom account, and have the attachment stripped by the corporate mail system - but I'm still dealing with the detritus down here. The interesting thing now is some of the forged 'from' addresses - I've received mail allegedly from marketing feedback points at CNN and Fox news now. For someone interested in doing the research, there's an interesting "Six degrees of separation" paper in all this...

Mitch Kapor receives a fascinating email - a request from the PR firm of a 'well known Silicon Valley' firm VP to publish a comment on his blog. This is interesting on two levels:

• interesting that a blog would be considered a PR point by a PR firm
• interesting that someone would find it necessary to ask permission to commen

I posted on an earlier post by Jon here - and today he follows up with an interesting explanation of why static typing advocates distrust dynamic languages - a lot of it is based on extrapolation from Perl:

In this discussion, Perl is a red herring in more ways than one. First, there's the ongoing confusion between two axes of typing -- strong versus weak, and dynamic versus static. For example, both Perl and Python are dynamic, in the sense that you need not declare a type when first assigning to a variable. But while Perl's typing is weak -- you can just assign a date to a variable that holds a number or a string -- Python's is strong. Once a variable has a value, Python cares very deeply about what its type says that thing can or can't do. Bruce Eckel's assertion to the contrary raised hackles in the Python community. Dynamic typing and strong typing are orthogonal.

But there's another sense in which Perl is a red herring here. Perl isn't interactive in the manner of Python -- or, for that matter, VB6 as compared to VB.NET. Those who have resisted adopting VB.NET have sometimes been characterized as knuckle-scraping Neanderthals who must be dragged kicking and screaming into the modern OOP era, or else left behind. But while the .NET Framework has much to offer, I think the VB6 crowd are right to demand a more interactive way to use it. As programming increasingly relies on external services and alien environments, it becomes as much a game of exploration and discovery as of design and specification. I think dynamic languages and interactive programming environments help make us better explorers and discoverers, and I think that's only going to matter more as time goes on.

This is a good observation, and I think he's on to something - a lot of people assume that static = strong, and dynamic = weak. No matter how many times we point out how wrong that is, a lot of people just don't get it. In a way, it's almost reassuring that Python developers are getting the same misconceptions thrown at them that we've endured for years - because everywhere you see 'Python' above, you can slap in 'Smalltalk'.

Linux Today points out - via a Washington Post story - that the OS has been shipping, by default, in insecure mode. This is old news, but it's still relevant - we will be paying for this mistake for years to come

Look at all the Yahoo feeds.