The Software Industry

Thankfully it only applies to Oracle OpenJDK, which is essentially Standard Edition. I'd be surprised if any large companies continue to use it, at my last place I had a migration task to move all JDK installations from SE to the Adoptium OpenJDK versions. Took me all of about a day and probably saved the company a lot of money since the company was international and had a lot of employees. I suppose the only companies interested would be those specifically wanting the Oracle support, but is it worth the cost? I don't think so. Some other platforms do similar things where they charge different models based on the size of your business, either by the number of employees or the average annual revenue.

[ MQ | Tor.NET | Mimick ]

I like some of their songs, they became quite popular due to The Umbrella Academy featuring this song at the end of one of their episodes. That music video is really fun to watch though, have watched it a few times :)

[ MQ | Tor.NET | Mimick ]

I think part of it is lingering feelings from way, way back when when every browser had their own implementations of certain features which meant that building any sort of platform that was going to work cross-browser was a major headache. I remember adopting MooTools because it offered cross-browser AJAX support, then obviously jQuery when it came along with it's own solutions. These days most JS functions are normalised (ie. the fetch API) but there's a lot of salt in the wounds that can't be cleaned so easily.

[ MQ | Tor.NET | Mimick ]

> I never argued there wasn't. In fact the only reason I didn't bring it up is because it's a painfully obvious point that I felt didn't need to be reiterated. Also, water is wet. If you're going to discuss the costs and implications of using dependency libraries, you do also need to discuss the opposing side of costs and implications of building your own. Just because it's obvious doesn't make it any less a credible argument, companies are not going to be okay with their development teams spending weeks or months building software packages which already exist out of the box. Just because "there's a risk" when using a third-party library doesn't offset the enormous costs involved with rolling your own. Heck, even if you did roll your own version, there's a strong chance you'd be introducing your own bugs and security issues. Libraries and frameworks which do provide infrastructure (ie. for web, Django, Spring, ASP.NET, Laravel) get regularly tested and probed for CVEs, which isn't something you'd have for a home-grown library. > I wish that was true. God, how I wish that was true. Every company I've worked with has done this, and companies my friends work for do this. In all the open-source projects I've used, they have code review processes in place which analyse whether changing dependency versions might cause problems. Unit and integration tests are there to test these sorts of things too. I'm not saying everyone does this, it's down to the individual teams and people. It sounds more like you've had personal experience with a couple of bad actors, and are projecting this onto the wider development community. Just because people are publishing packages out doesn't mean you have to use them. There are a lot of silly solutions to non-existent problems, and a lot of libraries which duplicate things already. But this just leans into the original problem: why are people re-inventing the wheel when there are libraries out there that do the job anyway? It's because some people have this mindset of "I know that library does what I want, but I think I can do it better/I don't like how they did it so I'll make my own", or they feel like they have something to prove and need to build it from scratch. > If you don't think about what you are writing, you are not writing software, you are free association babbling. And there-in lies what I believe is the underyling tone of this thread. This comes off as saying "If you don't write the software yourself then you're not a real software de

> Because there's a cost associated in terms of relying on other people's code. Sure there is, but there's also a significant (and real world) cost to relying on building your own code-base and tools to accomplish these things. I joined my current company last year and was tasked with building them a sales CRM system from scratch. No existing IT department, no existing software, no infrastructure. Once we'd solidified the base requirements and it came time to getting started, I chose the frameworks I was going to use, got them setup and within 4 hours had a running HTTP server with full OAuth security and barebones frontend. Now if I had come into the business and said "okay well it'll be best if we roll our own HTTP server, our own frontend framework, etc. etc." it would have been months before I could even get started on the application itself, and the business would be down many months of my salary with nothing to show for it. And, could I even reliably build an entire framework which has all of the security and features of the library I was using? Probably, but to fully replicate what I needed would have taken much more than months. Of course I recognise that there's time, effort, money and compromise involved in using dependencies, but that's what companies and development teams do. They weigh options and discuss the pros and cons before they choose what to use. As a tech lead in a previous role I was constantly being asked which libraries we should use for what, that's just part of the role. > It doesn't matter how people get them. What matters is how and when they use them. See above. Does it matter so much? If ol' Joe Bloggs is working on a personal project and he decides he wants to use an existing library to cut down his development from days into hours, I find it hard to understand what's so terrible about that. If a company's development team collectively agree to build their new greenfield project using X library with Y and Z dependencies so that they can have it completed within 6 weeks rather than 6 months, is that so horrible? I mean, ultimately, you can choose not to use any dependencies at all, and completely build your own libraries and keep everything internal. Absolutely nothing is stopping you, and I do see you build your own libraries and share them on CP, which is fantastic! I myself have built a few libraries too and shared them, just for kicks. But the reality is, the development ecosystem has moved on from just building their own tools and managing the code

> If it's a given then why do so many people do it, in so many projects? It seems the norm rather than the exception. I'm guessing for convenience? If a library exists out there that accomplishes exactly one of the things that you need your solution to do, why would you not use it? If I wanted to build a quick tool that processed some CSV file and dumped the data in a database, I'd probably leverage the two dependencies I am familiar with which will expedite this process, cutting my development time down from hours to, likely, less than an hour. And you're probably thinking "well this is my point, people just jump straight to using dependencies and that's why we're in this mess", and absolutely, you're right. But again, people also don't want to be re-inventing the wheel and wasting hours or days building a new library that does exactly what another library does. > Why would I? This isn't about NIH syndrome. If it was, I would have mentioned it. Then what is your argument here? I get you're saying that reliance on dependencies can make projects messy, and that maybe we're overly dependent on them, but what's the alternative? Does everyone go back to writing their own libraries and storing them in version control? It's like an anarchist saying "the government is terrible and we should abolish them!" Okay, if I agree that the government is terrible, what is the alternative? > Oh you're making a point about dependency package managers? Because I'm not. My point is about people. Well package managers are where people get their dependencies, unless they're downloading the sources and building them themselves. People have unified repositories for downloading the libraries they need, rather than ye olde days when you'd manually download DLLs, or checkout code and build from source, and store in version control. People choose to use these package managers because they can Google "c# asp.net validation nuget" and be presented with packages which provide validators for ASP.NET modal objects. > [Then goes on to explain that it's exactly what I said it was] Except it isn't exactly what you said. Oracle never developed anything, it's an Apache tool which is used by businesses and freelancers for storing and caching dependencies on a node within an infrastructure to reduce network-load in both build pipelines and on internal networks. The fact that it provides additional security by preventing malicious version overwrites, and retains dependency versions even when removed from the source distribution channel

Of course you shouldn't be using dependencies for simple code, that should be a given. But I build a lot of microservice APIs, and each one has different requirements. Of course I'm going to use dependencies for those, including HTTP servers, security etc. You could argue "well if you're using HTTP servers so much, why not just make your own and re-use it for all your projects?" and you're right, I could have done. But why re-invent the wheel by building a brand new library to do exactly what someone else has done for me. The point I'm arguing is simply that before we had reliable dependency package managers, the industry was constantly rolling their own versions of things (even downloading other libraries and then making changes/amendments to meet their own requirements). If you hopped between jobs, you'd be learning an all new framework from the ground up, and each one had their own pros and cons. Nowadays, there's industry standards in adopted tools, so finding a new job is just matching up what skills you have. It sounds to me like your argument is focused on solo development, or for hobbyism. I've worked for several companies as a developer, ranging from small (2-3 team) to medium/large (30+ team, but department of 300+), and can tell you that in each role we used Maven and used a lot of dependencies. Why? Because we were building software that demanded tools that would have made no sense building from scratch when the solutions already existed out there. Try promoting "dependencies are baaaad" when you have to build an inbound rest API that provides credit card processing in real-time with transactional database queries, transaction ingress validation and an external API call to validate the card transaction claims, all while keeping processing speeds to a minimum. > This is actually hilarious to me. It reads like "It's not an issue. You see, it became such an issue that Oracle caches dependencies to prevent it" You're clearly commenting on something you know little about. Nexus is a product created by Apache for anyone (but mostly commercial) to use as a proxy-cache for dependencies, as well as a private distribution channel for internally built and deployed libraries and packages. The fact that is provides security in caching dependencies and preventing malicious overwrites is just a handy part of the tool, and I'd wager most companies working with Maven are using this tool or similar. You can find similar tools for any package manager.

[

What are the options then? You either: * Build your own libraries from scratch and maintain them yourself, potentially taking weeks or months of work * Manage your own dependencies with version control by manually downloading whatever you need and having them copied into your projects * Use dependency managers like NuGet, Maven, Gradle, npm etc You make it sounds like there is no winning solution. I'd much rather make use of a dependency repository and know I can almost click + collect a solution to whatever problem I have, than spend a long time Googling for an answer and then trial and error'ing until I find a working version. And the issue of people pulling libraries is a non-starter if you're using an appropriate dependency proxy. In Java we have Nexus, which acts as an intermediary which downloads and caches dependencies, so even if they're pulled from the internet (or someone maliciously overrides an existing version) we have constant access to what we need. I'd be more than happy to hear alternatives to dependency/package managers!

[ MQ | Tor.NET | Mimick ]

People complain about dependency hell, but they forget the alternative being that you would have to write everything yourself from scratch. I'm sure for some people this is fine ("HTTP server? I'll do it myself!") but for a large majority of people this isn't going to cut it. I use Java and Maven to manage my dependencies. If I choose to upgrade my dependencies because it's overdue, does it cause me headaches? Absolutely! I might have to spend an hour or two carefully adjusting versions until everyone is happy. But the trade-off is that I haven't had to build entire frameworks from scratch, and would I even want to do that if I could? Absolutely not.

[ MQ | Tor.NET | Mimick ]

I don't mind the intelligent suggestions that the IDE makes based on the context, it's always had that feature and it's saved me a lot of time. This new "AI" feature is a little more.. aggressive with it's suggestions, basically filling in the whole line with a popup above it saying "press TAB to accept this suggestion". I don't need it writing my lines for me!

[ MQ | Tor.NET | Mimick ]

I just updated my IntelliJ IDEA version to the latest this morning and I got a prompt to "enable full line code completion" that use AI to predict what you're going to write out and suggests it. That's after they already automatically added and badgered me to use their new "AI" tool. I don't know if I'll ever need AI to help me code. I really don't need some stupid tool constantly guessing what I need to type out. Please just let me disable and remove such nonsense!

[ MQ | Tor.NET | Mimick ]

Why not download ILSpy[^] and nosey at the produced IL code? Just compile your application in release mode and take a look at the produced IL to see whether it's been optimised. I would hazard a guess that it probably doesn't optimise something like that, but I could be wrong!

[ MQ | Tor.NET | Mimick ]

Ah okay, so you are a troll.

[ MQ | Tor.NET | Mimick ]

Unless you're running some super-custom, blown-up liquid cooling loop with a 7000 series and an overclocked 4090, I think a 1000W PSU should be more than enough to handle most systems. Have you tried plumbing your components into [https://uk.pcpartpicker.com/\](https://uk.pcpartpicker.com/) to see whether it flags anything? If there was a power draw issue I'd expect it'd flag it. Also a lot of modern motherboards usually have an LED indicator somewhere which displays a code indicating the hardware issue? Otherwise, back to ol' reliable of removing stuff until it works!

[ MQ | Tor.NET | Mimick ]

I'm just used to using Win + Shft + S now to take screenshots, I don't think I've used the print screen button in years :laugh:

[ MQ | Tor.NET | Mimick ]

In my role we used to take on technical debt before the fact. We work with Java webservices and the majority of our infrastructure used to be Apache Tomcat / Spring / JSP-based deployments. As we started taking on greenfield projects we were pushing to move to newer technologies like Spring Boot, Thymeleaf, even Angular/React. Unfortunately because our team's experience was mostly in the "older" tech, we spent a while developing new applications using that stack. It was only when a few us put our foot down and said "enough is enough" did we manage to start developing software using the new technologies which has, admittedly, made life entirely easier (deploying a containerized Spring Boot application vs. maintaining and deploying to a Tomcat instance on some random server somewhere). Unfortunately the damage is done though for the earlier applications, and since we still have to develop and maintain those we're finding the development estimates for those to be much higher than our more recent applications. That's a technical debt we knew was coming, and now we have to live with. (And I'm sure a few years down the line the technology we think is cutting-edge will become redundant and we'll be the old farts still clinging onto it bringing in technical debt for future generations!)

[ MQ | Tor.NET | Mimick ]

My wife once told me the chefs at a place she used to work at would stick out their tongues while slicing. If you wet your tongue and stick it out apparently the vapours cling to that instead of your eyes. It's not perfect but I've been doing it for years and it seems to work quite well :laugh: though it does make the underside of your tongue taste like onions for a while.

[ MQ | Tor.NET | Mimick ]

When I first set my Ubuntu server up I used Samba[^]. That allowed me to drag and drop files in Windows explorer and have them show up in Ubuntu, I wonder if you could do the same and mount two Linux drives in Windows and drag and drop between them?

[ MQ | Tor.NET | Mimick ]

How is having to provide an email restricting freedom? Or am I missing some vague point here?

[ MQ | Tor.NET | Mimick ]

Haha, that's my go-to starting word, served me well so far!

[ MQ | Tor.NET | Mimick ]