惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Spread Privacy
Spread Privacy
V
Visual Studio Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
Apple Machine Learning Research
Apple Machine Learning Research
MyScale Blog
MyScale Blog
M
MIT News - Artificial intelligence
WordPress大学
WordPress大学
Recent Announcements
Recent Announcements
V
V2EX
The GitHub Blog
The GitHub Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Jina AI
Jina AI
小众软件
小众软件
aimingoo的专栏
aimingoo的专栏
V
Vulnerabilities – Threatpost
C
Check Point Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
AI
AI
宝玉的分享
宝玉的分享
P
Proofpoint News Feed
量子位
Attack and Defense Labs
Attack and Defense Labs
H
Hackread – Cybersecurity News, Data Breaches, AI and More
P
Privacy International News Feed
Google DeepMind News
Google DeepMind News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
CERT Recently Published Vulnerability Notes
腾讯CDC
Latest news
Latest news
Google DeepMind News
Google DeepMind News
The Register - Security
The Register - Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
G
GRAHAM CLULEY
Blog — PlanetScale
Blog — PlanetScale
博客园_首页
美团技术团队
The Cloudflare Blog
T
Tenable Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
J
Java Code Geeks
SecWiki News
SecWiki News
Webroot Blog
Webroot Blog
N
News | PayPal Newsroom
博客园 - 叶小钗
博客园 - Franky

David Baron's Weblog

Software engineering, responsibility, and ownership Software engineering, responsibility, and ownership David Baron's weblog: Security and Inequality Running animations on the compositor thread David Baron's weblog: Tying ecosystems through browsers David Baron's weblog: Payments on the Web Thoughts on migrating to a secure Web David Baron's weblog: The need for government David Baron's weblog: Priority of constituencies How browser developers should seek feedback from Web developers A possible approach to shorter release cycles David Baron's weblog: Fifteen years Why debug builds (and assertions) are important Ten years of the Mozilla Foundation Open licensing at the W3C Why adding compositing and blending to CSS is harder than it looks How you can help with removing -moz- prefixes Moving bug history out of the primary display of a bug report Beware of locale-specific behavior in the C library Eating dogfood and shipping software Specification style and the future of the Web The bug system I wish I had CSS border-image changes and unprefixing Improving font size readability on Firefox for Android David Baron's weblog: CSS Animations, part 2 Hue-preserving color inversion with SVG filters Changes to handling of @-moz-keyframes David Baron's weblog: window.matchMedia() David Baron's weblog: CSS Animations What does a blur radius mean? Crash analysis in the future David Baron's weblog: calc() David Baron's weblog: colorDepth David Baron's weblog: Hidden complexity in specifications The most important field in a bug report: the summary WOFF font format submitted to W3C David Baron's weblog: :-moz-any() selector grouping setTimeout with a shorter delay Faster repainting in SVG foreignObject David Baron's weblog: Distributed Extensibility David Baron's weblog: Broadening crash analysis Correlating crashes with binary extensions or plugins David Baron's weblog: ex-HTML Downloadable font formats for the Web Web Accessibility as a Political Movement David Baron's weblog: CSS priorities David Baron's weblog: Bug priorities David Baron's weblog: Semi-vacation Some new CSS features in Firefox 3 David Baron's weblog: New selectors David Baron's weblog: The age of bugs Seeking a good Linux distribution David Baron's weblog: Teaching to the test David Baron's weblog: March 2008 David Baron's weblog: January 2008 David Baron's weblog: October 2007 David Baron's weblog: September 2007 David Baron's weblog: August 2007 David Baron's weblog: June 2007 David Baron's weblog: April 2007 David Baron's weblog: March 2007 David Baron's weblog: January 2007 David Baron's weblog: September 2006 David Baron's weblog: August 2006 David Baron's weblog: July 2006 David Baron's weblog: May 2006 David Baron's weblog: February 2006 David Baron's weblog: January 2006 David Baron's weblog: December 2005 David Baron's weblog: October 2005 David Baron's weblog: September 2005 David Baron's weblog: June 2005 David Baron's weblog: May 2005 David Baron's weblog: April 2005 David Baron's weblog: March 2005 David Baron's weblog: February 2005 David Baron's weblog: October 2004 David Baron's weblog: September 2004 David Baron's weblog: August 2004 David Baron's weblog: June 2004 David Baron's weblog: May 2004 David Baron's weblog: April 2004 David Baron's weblog: March 2004 David Baron's weblog: February 2004 David Baron's weblog: January 2004 David Baron's weblog: November 2003 David Baron's weblog: October 2003 David Baron's weblog: September 2003 David Baron's weblog: August 2003 David Baron's weblog: July 2003 David Baron's weblog: June 2003 David Baron's weblog: May 2003 David Baron's weblog: April 2003 David Baron's weblog: March 2003 David Baron's weblog: February 2003 David Baron's weblog: January 2003 David Baron's weblog: December 2002 David Baron's weblog: November 2002 David Baron's weblog: September 2002
David Baron's weblog: February 2008
David Baron · 2008-02-28 · via David Baron's Weblog

The costs of monoculture (13:15 -0800)

The original purpose of tinderbox was a simple one. It was to ensure that when a developer updated to the very latest code in Mozilla's code repository, that code would compile without errors. This makes people more likely to stay up to date, leads to more testing of the latest code, and leads to more testing of the interaction of new changes being written with the latest code. It saves time wasted dealing with code that doesn't compile. And it saves us from losing contributors who give up on building Mozilla because it doesn't compile on their machine.

To do this, build machines, on various platforms, in various configurations, pull and build the code, and report whether they succeed, so that we know what's broken. For tinderbox to perform its purpose successfully, these build machines should reflect the diversity both of how developers (and potential developers) build and of what we ship. They need to build across the platforms used, across the compilers used, across different versions of both platforms and compilers, and across the options used (for example, the debugging options we want developers to use and the release options that we ship to users). Since we want developers building across these configurations to be able to pull new code without fear of compilation errors, this diversity is a good thing.

Since tinderbox was created, we've started using it for more tests than just ensuring that the code compiles correctly. We use these builds to measure speed and memory use and to test correctness in many ways. Since we want Mozilla to function correctly and perform well across a variety of systems, this diversity is also a good thing.

(The diversity of tinderbox can be painful sometimes: the more diverse the machines we test on, the more often we catch unexpected problems. But it's almost always better to catch these problems sooner rather than later. And we can fix much of the pain with tools like the try server that allow running of the various tests in some or all different environments, and potentially in ways that allow the results of the tests to be analyzed further, like performance profiles and detailed memory tool output. It can also be painful because many of the tinderbox machines are slow, and getting unexpected results over a period of multiple hours rather than a fraction of an hour consumes time spent waiting for results and waiting to confirm that problems thought to be fixed actually have been. Eight years ago I never would have imagined that today we'd still be dealing with multi-hour tinderbox machine cycles.)

Compiling the binary releases that Mozilla ships to users is an entirely different story. Changing which compiler is used to compile a release, which operating system version it is compiled on, or which build options we use can change which users those builds function correctly for. So when we build releases, we need to test the environment that we use to make the builds and ensure that we don't accidentally change that environment. To help with this, over the past few years, we've become much better about documenting how we build the environments we use to compile our releases, and in many cases building standard virtual machine images built according to that documentation that can be reused. This consistency is a good thing.

But lately I've been worried by what appears to be a trend of applying this consistency to the places we want diversity. Sure, this does make maintaining these build machines easier. But at Mozilla we should recognize the costs of this consistency as well (losing the benefits of the machine diversity that I described above). After all, we often hear how requiring every computer in a company run Windows XP with IE7 reduces the maintenance burden and makes writing Intranet sites easier since they only have to be written for one browser. (And we often reply both describing the specific advantages of Firefox and the general benefits of competition.) A monoculture of build machines has costs (as I described above), just like the monocultures of operating systems and Web browsers that we are accustomed to fighting. We could trap ourselves into overly-specific build requirements and become unable to attract new developers or take advantage of new compilers. We could end up optimizing our performance for operating systems that are no longer widely used. We could even trap ourselves into overly-specific runtime requirements that hurt our ability to support users on the wide variety of systems that use Mozilla. These changes aren't likely to happen in sudden steps, but they could happen gradually and hurt us in the long term. We should consider these costs carefully.