8. Continuous build tools
There are two ways for programmers to look at new tools like Jenkins, Hudson, and other "continuous integration" servers, which put all code through a continuous stream of endless tests: The lone cowboy coders shriek with horror at the way that they're shackled to a machine that rides herd over them. The more collaboratively minded among us like the way continuous build tools help us work together for the betterment of the whole.
When a continuous integration server sends you a scolding email about the problems with the code you checked in 10 seconds ago, it doesn't want to ruin your feeling of accomplishment. It's just trying to keep us all moving toward the same goal.
Tools like Hudson or Jenkins aren't new because there have been a number of slick proprietary continuous integration tools for some time. Rational Team Concert, Team City, and Team Foundation Server are just a few of the proprietary tools that are pushing the idea of a team. But the emergence of open source solutions encourages the kind of experimentation and innovation that comes when programmers are given the chance to make their tools better.
There are at least 400 publicly circulated plug-ins for Jenkins and an uncountable number of hacks floating around companies. Many of them integrate with different source code repositories like Git or arrange to build the final code using another language like Python. When the build is finished, a number of plug-ins compete to announce the results with MP3s, Jabber events, or dozens of other signals. Backups, deployment, cloud management, and many uncharacterized plug-ins are ready.
This work is quickly being turned into a service. Cloudbees, for instance, offers a soup-to-nuts cloud of machines that bundles Jenkins with a code repository that feeds directly into a cloud that runs the code. While some cloud companies are just offering raw machines with stripped-down Linux distros, Cloudbees lets you check in your code as it handles everything else in the stack. --Peter Wayner
7. Trust on a chip
Experts have long recognized that in order to assure security at the highest application levels, all the layers -- including the physical construction of the computing device -- need to be verified.
The Trusted Platform Module (TPM) from the Trusted Computing Group (TCG) was the first popularly adopted hardware chip to assure trusted hardware and boot sequences. It was used by many leading companies, including Apple and Microsoft, and it forms the backbone of Microsoft's BitLocker Drive Encryption technology and forthcoming Windows 8 UEFI Secure Boot architecture.
This year, Intel combined the TPM chip and a hardware hypervisor layer to protect boot sequences, memory, and other components. Any software vendor can take advantage of it. McAfee, now an Intel subsidiary, announced its first integration of the new technology with its DeepSafe technology. Expect other vendors and OSes to follow.
The TCG, meanwhile, hasn't been resting on its laurels. Its original TPM chip's latest specification has morphed into providing a hardware-based Next Generation Authentication Token. Essentially, you'll be able to carry your smartcard certificate on the TPM chip, along with other digital certificates. Your device is all you'll ever need, with no need to bring additional cards, dongles, or key fobs.
Hardware trust solutions aren't perfectly secure, as the Princeton memory freeze and electron microscope attacks showed, but they beat software-only protection solutions. The hardware protection schemes will only get better. Soon enough, every computer device you can use will have a hardware/software protection solution running. --Roger A. Grimes