Ehcache Java library’s UpdateChecker == spyware

I just took a peek at recent Grails development, and noticed they added code to disable a “phone home” feature in Ehcache. Strange, I thought, why would this be necessary?

Apparently Ehcache includes an automatic update check that is also effectively a phone home. Terracotta software conveniently collects some extra information (such as your IP address) when Ehcache phones home. The information they collect is benign. But, seriously? A library phoning home, by default?

Who decided it would be a good idea to add this feature to a popular Java library? It’s a transparent attempt at gathering usage statistics.  As a participant in a professional FLOSS project, I can fully identify with the need for knowing who is using your software. But automatically, secretly phoning home is not the way to do it!

Terracotta, will you turn this feature off by default in the next Ehcache release?

I see this issue has come up in forums:

Other tidbits:

Sun, help!

The Subversion repository I use at work is hosted by Performance is generally on the slow side, but lately, the server is frequently going down. The most recent outage was more than 24 hours. Since Subversion is a centralized version control system, server uptime is critical. Without access to the server, we can’t view logs, commit, merge, or update.

Why is performance so bad? Why does the server keep failing? Sun and CollabNet have been responsive (thank you Sonya and Eric!) but mainly all we hear is “we’re working on it”.

The outages are costing us. If service doesn’t improve, we need to move to another provider. SourceForge sounds hopeful, especially since we can directly migrate over our Subversion repository and, eventually, switch to a dVCS like Mercurial.