1. 3

    Interesting, this is something I’ve thought about as my Selenium automation against an every-changing codebase mixed with regular browser updates requires constant upkeep. I enjoyed the examples of software rot and the classification system.

    This appears to be at a much lower level than my Selenium / browser / webapp example and a pitch for their apparently proprietary Rosetta Stone style polyglot language or system called ProgBase. Their discussion of technical challenges looks like a list of functional programming language features and an argument for a simple language. I couldn’t find language examples, only output examples, but I only took a cursory look.

    Have there been other evaluations or systematic classifications of software rot along these lines? Other attempts at evergreen code? I can think of some generalizations, from successful open source’s continually evolving code-bases (Linux kernel maintaining drivers in-tree instead of a stable kernel API) to Microsoft’s heroic efforts to support certain versions of software as Windows is updated. At the language level you have Go’s emphasis on compatibility, C’s relative stability as a language, languages like Nim that cross-compile to various languages, JVM, ParrotVM, GraalVM, and the like. History gives us financial and government institutions maintaining long-lived COBOL and other codebases, we also have the libraries in FORTRAN like BLAS and LAPACK that are available as libraries.

    1. 4

      Microsoft’s perceived lack of clarity in the roadmap (.NET Standard, .NET Core, .NET Framework, etc) and history of killing off or deprecating frameworks (Silverlight, Winforms, should I use WPF or UWP?) are a couple more reasons why startups don’t turn to .NET. Add what others have mentioned, the closed source and history of high cost, the lack of ecosystem, and the long history of being actively against open source and copyleft licenses, and Microsoft just doesn’t look like a startup choice. Microsoft was also relatively late as a cloud computing choice. Maybe something will emerge from their Bizspark program and their open source efforts to change their perceived position.

      I didn’t include PHP because there were a lot of startups that had nothing but PHP and Apache Server. That’s partly why I looked at 100 startups and ended up with 23. Startups with just PHP are probably e-commerce websites or non-software at all.

      I wonder if this is reasonable to exclude PHP? I could see the point of excluding it because there’s a Wordpress blog hanging off the domain or if, as the author states, an e-commerce startup kicked things off with Magento or the like. On the other hand, is PHP just being excluded because, well, PHP?

      1. 3

        I read it as the author saying that they couldn’t distinguish between shops using PHP for a webshop/CMS and doing new software development with it, so it was excluded from the analysis.

      1. 2

        His latest research, set to be published on May 17

        So… was it published?

        1. 4

          https://blog.eclypsium.com/2018/05/17/system-management-mode-speculative-execution-attacks/

          Spectre can be applied to System Management Mode. Intel believes existing mitigation works to prevent these attacks.