Older blog entries for deven (starting at number 14)

You want an example of a project I've contributed to? I've contributed to Mozilla a bit in terms of reporting some bugs and participating in discussions about a number of other bugs. I've also sat down with thousands of lines of Mozilla code, searching for an incremental reflow bug in the HTML tables -- I didn't get as far as finding the bug, due to the sheer complexity of the application and even that small area of it. I did spend many hours testing and debugging it anyhow.

I've contributed a lot of ideas about design and architecture in Bugzilla, but wasn't in a position to implement any of them. In fact, I offered to implement a new cache manager system (because the old one was horribly broken and linked to many bugs), but nobody seemed interested, and one of the core developers did it his way instead. (Had I tried to write it myself, that time would have been wasted.) I recently offered to work on code to implement asychronous DNS queries without relying on a system's resolver libraries; again, nobody seemed very interested. Just after Mozilla was released in 1998, I was interested in writing a TELNET client for it, but again nobody seemed interested.

Here's a list of the Mozilla bugs I've personally filed:

7617 (apprunner reformats during mouse click on or tabbing to link)
7621 ([PP] Tab key doesn't advance to next field in a form.)
24518 (Initial paste into URL field inserts Japanese or Chinese!)
63892 ([RFE] "View/Edit Live Page Source" mode.)
65508 (Download progress dialog ["Saving File" window] shouldn't be a transient window)
65521 ([linux] modal dialogs should only freeze parent window (not all windows))
65526 (middle mouse button should work on personal toolbar)
65614 (Scaled images with width or height by % endlessly redisplay)
70361 (SEGV in [@ JS_GetFunctionObject] on submission from Bugzilla)
70363 (Inconsistent Build ID on nightly build!)
70479 (Broken menus after applying theme.)
70498 (Should the middle mouse button be overloaded?)
70501 ([RFE] The middle mouse button should work more consistently.)

Here's a list of additional Mozilla bugs where I've participated in the discussion to some degree:

6085 (Middle-click on link should load the link in new window)
6119 (View page source tries to reload page)
7201 ([FIX]When printing pages w/frames, frames print on separate pages [print][frames])
22687 ([RFE] PGP Plugin)
28212 ({table-reflow} Clicking on URL dynamically resizes table cells)
29429 (Clicking in textbox or on a link moves content)
30917 (implement DNS caching and request cancelation)
39057 (File > Quit can be chosen by users intending to use File > Close)
39957 ('Save as...' not fetching from cache)
40867 (Need means to reuse/reload current page without refetching from server)
52798 (gif img in table with width=100% blinks rapidly (flashes, flickers) (can happen without tables) [layout])
55312 (Paste (using middle button) of clipboard contents that come from a remote window fails)
55583 (view-source should show original source (use cached source))
56346 (Need to cache *all* pages for session history purposes)
57724 ([meta] View-source munging pages)
60426 ([rfe] Allow users to choose between generated and source html in view-source)
63445 (tables incorrectly widened to 100% width)
67161 (Need `progress' type for windows)
67442 ('open link in new window' doesn't work all the time)
67574 (Can't open (some) menus after switching themes)
82151 (Right arrow key at end of a TEXTAREA goes to the beginning)

If the qualification for Apprentice is "contributed in some way to a free software project", does this qualify as enough of a contribution for at least that level?

I try to make time for Mozilla, because I consider it to be a tremendously important project. I've done what I can, but it's very hard to actually contribute new code to a project that's so extremely large and complex. If I could make it my full-time job to hack Mozilla, I would, but I can't afford to quit my job and spend all my time on it unpaid; I have a family to support. So I can only do it in my spare time, of which there isn't much.

With over a million lines of code, and a slow computer (Pentium 200 MMX), it's not trivial to track the CVS version and keep rebuilding it. It's even harder to figure out what code to contribute and how to do it, because the system is enormously complex and it's been a fast-moving target all along. I don't want to spend lots of time learning how to use one interface only to have it discarded because the system was rearchitected yet again. It's probably getting to the point where it should be more stable now, but it still takes time I haven't had to learn the API's.

I'd still like to write a TELNET client implementation in Mozilla (I've implemented the protocol on top of TCP before), but I wouldn't have a clue how to begin. I could use a "Mozilla mentor" for some guidance in getting started, but nobody seems available for that purpose, and I don't have time to go searching for one. I probably need to start hanging out in the #mozilla channel on their IRC server, but that takes time and energy in and of itself.

Maybe I should have ignored Mozilla and picked something smaller to work on; I made a deliberate choice to focus my available efforts on Mozilla whenever possible because of the importance of the project. Unfortunately, it's a very daunting project to work on when your time is very limited...

Given that every certification appears to dilute the others, I've removed all certifications I had given to others, except for geoffeg, who is personally known to me. Although people are encouraged to certify others liberally (especially as Apprentice), it doesn't seem to help, so I'll be minimalist for the moment.

Why is it that you can claim to be God, Satan or Jesus and get certified as a Master without an uproar, but being honest and forthright gets you reamed? This sort of animosity is supposed to help grow the free software community?

hacker, I never requested anyone to certify me as a Master, or as anything else for that matter. Yet ncm singled me out as an example of so-called "abuse" of the system, claiming that I "requested" Master certification. I did nothing of the sort!

I've never asked anyone to certify me -- I have complained that the certification system seems to be broken when I used to be certified and now I'm not, despite having more than a few listed certifications. That complaint was because I was worried that the system might be malfunctioning unnoticed -- I wasn't trolling for additional certifications. However, when more people certified me, I thanked them (and you) for it. But did I request those certifications? Never.

I have previously listed sixteen orthogonal concepts that people seem to want this single certification metric to convey, and most of these can be derived or inferred from Raph's description. Since it obviously can't squeeze sixteen dimensions into one, I chose (somewhat arbitrarily) to pick just one dimension (level of programming skill) to use for my certifications. I may not have the same background and experience as another given individual in terms of what code and tools I've worked with, but when it comes to innate programming ability, I'll go up against most people any day.

Give me all sixteen dimensions individually and I'll be glad to pick the best choice on each dimension. Maybe I should have done them all and averaged it, I don't know. I didn't think it would matter, because I didn't think anyone would care what I put for myself. If people really trusted the system to work correctly, nobody would have made an issue of it in the first place.

People talk about Advogato as if it has a "web of trust", but that is extremely misleading. PGP has a web of trust, but using that terminology here misleads people, because that's not what Advogato has. Instead, this truly is a computerized "good ol' boys" network, even if unintentionally. I believe raph has stated (though I can't remember where) that Advogato was arbitrarily focused on free software because he liked free software and wanted to support it, but that the true purpose of creating the site was as a testbed for his research, to see if the certification system would effectively weed out the spammers and trolls while allowing legitimate users to discuss free software without all the noise (from spammers and trolls).

While it's been pretty effective at that goal, it's not clear that it's been as good about letting legitimate participants in, especially recently. I suspect the chosen algorithm may not scale as well in practice was it was intended to, because the more people and more certifications there are, the more those certifications seem to be diluted. Raph states: "The trust metric used to evaluate the certificates is most robust when the certificate graph is dense." In practice, it seems to be excellent at keeping the "good ol' boys" in, and most others out. Since most of Raph's writings here seem to focus on effectiveness in keeping out the bad people, it's not clear whether he ever paid close attention to the flip side of the coin, letting in the good people.

I just downloaded a copy of the people page, and ran a few counts across it. The majority of the accounts are uncertified! Out of 4,760 total accounts, 3316 (69.7%) are uncertified, greyed out as "Observer". Only 322 (6.8%) are certified as "Apprentice". Another 798 (16.8%) are certified as "Journeyer". Finally, 324 (6.8%) are certified as "Master". More people are certified as Master than Apprentice! Last year, that page was mostly green with a little grey, today it's mostly grey with a little green.

Does this make sense? Are there really over 3,000 spammers and trolls here? The barbarians are at the gates? I find this very difficult to believe. It seems much more likely that the certification system is broken, since it's keeping out more than twice as many people as it's letting in. Maybe the implementation is flawless and the algorithm itself isn't scaling well. If the goal was primarily to keep out spammers and trolls (as it seems to be), but it's keeping out the majority of potential participants, isn't that cause for concern? Shouldn't this be investigated, especially if the algorithm isn't scaling as expected?

I complained about the certification system to try to draw attention to this; it doesn't seem to be behaving as intended. Of course, the "good ol' boys" who are solidly entrenched in the system are happy to say that it's working just fine, thank you. On the other hand, Raph says that "the metric is being pickier than usual, almost certainly too picky. Apologies to those who should be cert'ed but aren't."

Raph designed and implemented this certification system, and he isn't convinced it's working right. Isn't it ironic that I get vilified for daring to question it? If everyone removed their certifications from me, and I was left uncertified because of that, I would have been disappointed, but I wouldn't have complained that the system was broken. However, the certifications that used to be quite sufficient were no longer, and that seemed amiss, so (after giving it a month), I tried to draw some attention to it by complaining more vocally. I've been unfairly attacked in return, but at least Raph has noticed that something is amiss with the certifications. Hopefully he'll pay more attention to this issue now, if he can find the time...

hacker, it appears you removed the certification you gave me last week? Why?

Here I am, with sixteen certifications now, and again the system doesn't even consider me to be certified at Apprentice level. Come on! How many does it take?!?

Thanks, hacker. I do realize that more than one certification might often be necessary, but how much is enough? It seems like a single Apprentice certification from a Master should be sufficient to get certified as an Apprentice; I've seen one Journeyer certification from a Journeyer make the person in question qualify as a Journeyer. Those first 9 certifications seem like they should have been enough, but somehow they weren't.

Now I'm wondering if each additional certification somewhere else in the system that doesn't connect to you dilutes the value of the certifications that you did receive, allowing you to fall back below the threshold...

I want to thank the several people who added "Apprentice" certifications to me today; now the system finally says that I'm certified. I still think there is something amiss with the certification system.

Let me review just the first nine certifications:

• miniver certified me as a Journeyer, and he used to be certified as a Journeyer -- now he shows no certification at all, just like I did. He has ten listed certifications from people who are themselves certified; why is he uncertified now?
• nixnut certified me as a Journeyer, and he is currently certified at the Apprentice level.
• matt certified me as an Apprentice, and he is currently certified at the Apprentice level.
• ncm certified me as an Apprentice, and he is currently certified at the Master level.
• edw certified me as an Apprentice, and he is currently certified at the Apprentice level.
• mettw certified me as an Apprentice, and he is currently certified at the Journeyer level.
• cbbrowne certified me as an Apprentice, and he is currently certified at the Master level.
• jLoki certified me as an Apprentice, and he is currently certified at the Journeyer level.
• mobius certified me as an Apprentice, and he is currently certified at the Master level.
• khoerling certified me as a Journeyer, and he is currently certified at the Apprentice level.
• lerdsuwa certified me as an Apprentice, and he is currently certified at the Journeyer level.

Now, with certifications from 3 Masters, 2 Journeyers, 3 Apprentices and one other person, shouldn't I have already been considered an "Apprentice" at the least? With those 9 certifications, I wasn't, and I don't think I was with 11 either. Now I'm up to 14 certifications, and it says I'm certified now.

How many certifications does it take? edw has 4 certifications (not counting himself), and is currently certified at the Apprentice level. Why wasn't I considered certified at all with 8 certifications from other certified users?

Is there some kind of "anti-certification" going around, that miniver and I have been tagged with, or what? Why would I have previously been certified and suddenly become uncertified? This is very confusing...

What is wrong with the certification system?!?

It's been broken for over a month now, with no explanation. I've got NINE listed certifications, but the system won't let me post because I supposedly haven't been certified!

By the way, I finally switched over to Mozilla as my primary web browser in November, 2000. It still has problems, but it's usable enough that I've stuck with it. I'm still a bit disappointed with the longstanding bugs and frequent regressions, but I don't have a better alternative right now. (I'm not a KDE fan, but I wonder if I should try Konquerer anyhow? People keep raving about it, and it can supposedly use embedded Mozilla for HTML rendering...)

Well, I don't know what's going on, but the system isn't acknowledging any certification for me anymore despite the NINE certifications currently listed on my public page. :-(

I was going to reply to nmw's post in this article about LISP and interned strings, but I guess I'll have to "reply" here for now. He said "Try doing that in Python, or Perl, or Tcl. You just can't, [...]" Well, I wondered about that, so I thought about whether something of the sort could be done in Perl, my preferred HLL.

Here's what I came up with:

sub AUTOLOAD {
  my($sub, $space, $name) = $AUTOLOAD =~ /^.*:((?:(.*)_)?(.*))$/;
  $interned_value{$space}{$name} = int($interned_value{$space}{""}++)
    unless exists $interned_value{$space}{$name};
  eval "sub $sub { $interned_value{$space}{$name}; }";
  goto &$sub;
}

The idea is to reference undefined subroutines like &foo_bar in the program, and the AUTOLOAD routine would create a new subroutine returning an integer index to use for a scalar array. The final underscore (if any) in the name would determine the namespace; &foo_name and &bar_name could end up with the same value. (The idea is to avoid wasting entries in a scalar array; think of "foo" and "bar" as structure names.) Once defined, the subroutines would continue to return the same value, which is kind of like interned values in LISP.

I don't know if this is actually faster, though. The subroutine lookup may well be slower than a hash lookup would be. However, this could be VERY useful to conserve memory if many similar data structures are used; using scalar arrays with interned symbolic indexes would be more space efficient than using many hashes with string indexes. (Hopefully a later version of Perl may have a more natural and efficient way to do this sort of thing.)

This isn't a perfect solution, but it does show that Perl is more flexible than it may appear at first. Of course, since Perl is pretty damn fast to begin with, tricks like this usually aren't necessary to get decent performance. Even with its more natural interned symbols, I doubt LISP can approach Perl's performance in general...

Okay, I was a little rushed to catch my bus the other day, so I didn't bother to put a link. The Kuro5hin story, "Release often, sure. But early?" would actually be an interesting topic for discussion on Advogato. Since there's already a discussion underway on Kuro5hin, if anyone has good ideas for me, I urge to you reply to my posting that I copied into my previous diary entry...