I could imagine that a flat-fee per month could serve them and theirs customers well.

A market works best if all sides have the same access to knowledge. Prior to the Internet there was no big market for "i have a room which is dont use" because exchanging information was too expensive.

However, it was not at all unusual on the countryside to just put up a sign if you had a room to rent. I remember bicycle trips where we just stopped at some farm and asked and got a room there.

What is new is that you can plan this.

But the books which shaped my view on computing were
-The dragon book
-Algorithms (Sedgewick)
-An Introduction to Database Systems, (C. J. Date)
-Finite fields and their applications (Lidl, Niederreiter)
-Design Patterns
-The art of computing (Partially)

The best system i found are plain text files for the really important things, in a year/month/day directory structure. Store it locally on a usb stick and use an arbitray sync tool or version mangement to sync between your devices.

Searching these is easy.

Better nuke the reservoir form orbit, the only way to be sure.

I am lucky I grew up in the 80s I guess.

I dont the f**k care. If 4 developers who are probably not assigned on full time to this task taake only a week to give it a good start, then for sure a company could have taken the effort in the many years in which this library is in use.

I can assure you that predicting market scenarios is mor complicated that you make it sound.

For sure they can get the DoF right in 3D movies, why not?

Funny. I never suggested that i would use Java for this purpose, i just pointed out that i assume that the same level of coding tools exists for C (as you stated yourself).

Regarding the VM JIT vs. statically compiled Code + and big amount of interpreters: Yes, for high-security code i definitly prefer stattically compiled code. OTOH i point out that *most* of the JVM vulnerabilities were actually not in the low layer compilation but in the somehow weird assumption that security can be managed inside the same adress space by high-level language features (which implicitely assumes that libraries of arbitrry complexity with JNI code inside are all written perfect).

I cant talk for C, but in Java the tools which warn you about potentially dangerous constructs are great (e.g. Sonar). You can easily identify many *suspicous* contructs and change them to something more safe. 250 commits per week with 4 devs on a moderatly sized project do not see much to me, much at the "quality" and not the "quantity" side.

What annoys me is that - with all due respect - the companies which embed openssl in their products could have done a review of the code for quality. To me it seems that it's a fundamental library.

Yes, and if you buy consulting work based on a flat amount of money for a project assigning the right people to the right task is something the consulting company does for you. Because if they do this then will earn more money.

If i find a bug which is critical to my employer while being plaid by my employer, the first and only thing which is do is assess the impact to my emplyer, and identify the most important measures for the employers business.

IMHO they acted correctly: protect your own systems, and then the systems with the biggest impact.

I am working as a consultant.

My good advice to every customer is: dont buy consultant work as time and material. Buying as time and material puts the wrong incentives to everybody:

-Your own people will feel that they still can just use them as normal workers and keep all decisions (and thus responsibility) to themself

-The consultants dont care, since just doing what your own people tell them without thinking is what gets their monthly timesheets signed. If something goes wrong they can even sell more hours, not less

-The consulting company does not care (and rigthly so since that was not what you asked for) and will send you inexperiences junior consultants wherever possible.

-Coding quality has to be reviewd by your own people (or just accepted as it is)

-Your own people are usually vastly inferior at project management in comparison to the average senior consultant - in a non T&M contract the usual situation is that you get the things done in time or you will loose money.

Wow they just managed to create uncanny deep holes to fall into.