Older blog entries for deven (starting at number 21)

11 Jul 2001 (updated 11 Jul 2001 at 23:33 UTC) »
ishamael: I'm pretty sure Raph has said that Advogato was created specifically for his research, and that the free-software side of it was more of a free benefit than the impetus for creating the site. However, I'd agree that most of the users of this site are more interested in free software than Raph's research.

I wouldn't have withdrawn my other certifications, but it's clear that each one dilutes the effectiveness of the others, and my vote obviously is nearly worthless already. If focusing it all on the one person that I know personally might help him get certified, it seems logical. I'm a third-class citizen here; I obviously don't have enough voting power that I can afford to spread it around...

I wouldn't have so many posts regarding certification if (1) I hadn't needed to respond to so many attacks against me and (2) the certification system wasn't excluding the majority of accounts from using most of the system. Theory-wise, it's interesting to discuss the certification system and whether it can be improved. In practice, I don't want to be discussing who certified who as what; I've only used that as examples of how the system seems not to be working well.

I'd rather be talking about free software. In that vein, you asked about alternatives to Bugzilla -- have you looked into the Debian bug-tracking system? I've heard it's a bit of a bear to install, but from the user perspective it works nicely, and it integrates smoothly with email for the user... (This might be the bear part to setup, though.)

P.S. Since the recent diary entries page only seems to show the last entry from a person, note that I posted a number of other responses already today...

dmerrill and Phoon: I did now post some of the contributions I've made, regarding Mozilla and MMURTL. I'm still looking for a good name to release my conferencing system under, which I think qualifies as a "useful project". Nevertheless, I'm still not asking anyone to certify me; it's up to each individual's judgement. But I'm documenting a few things because everyone seems to want justification just to be given the ability to post here! (I can understand wanting justification for Journeyer or Master, but for Apprentice? Isn't that supposed to be easily obtainable by anyone but a spammer or troll?)
Telsa, that conferencing system is the project I've been planning on releasing as open source for quite a while now. (I'm thinking probably under the QPL at the start.) Know what's holding me up? The name!

It's currently named Phoenix, but I've wanted to pick a different name for a long time -- I'd like something that has an available domain name to match, which really narrows the choices down! While browsing through some available DNS names, "gangplank.org" caught my eye. It's kind of arbitrary and meaningless, yet memorable and not a made-up word. Figuring that it would be useful for something, I went ahead and registered the domain.

I'm still debating whether I should rename Phoenix to Gangplank or keep searching for a new name. What do you think? (Anyone! Bueller? Bueller?) Any other name ideas? (Please, only names where a *.org, *.net or *.com name is available to be registered!)

Yes, I could release it under the current name, but it seems cleaner to rename it before releasing it, so I'd rather do that. As soon as I make a final decision on the name, I'll probably release the code shortly thereafter. Who knows? Maybe the certification police will even consider it worthy of "Journeyer" certification! ;-)

ncm: Gee, thanks. Hope you're enjoying your little power games. I never understood why you had certified me in the first place, since you were the one who originally singled me out as "abusing" the system...

Isn't it nice to know that you're a first-class citizen and your single vote can swing the balance? Meanwhile, sixteen second-class citizens can certify me, but their votes aren't worth as much as yours. Dandy little caste system we've got here, isn't it?

deekayen, why should I be slammed? What did I do that was so horrible, besides draw attention to the fact that the certification system isn't working as well as it used to?
Malx, you're right -- the recent diary entries page is completely vulnerable to spamming. And with the majority of accounts uncertified, is it a surprise so much of the conversation has drifted here?

And no, I don't think you should be "Observer" with all your certifications. That's what I've been saying; the system seems to be broken -- in effect, not necessarily failing to implement the algorithm. Maybe it's the algorithm that's the problem, or (more likely) the tuning of weights and seeds. (Can it be made self-correcting?)

11 Jul 2001 (updated 11 Jul 2001 at 22:40 UTC) »

From an advocacy perspective, I've made another contribution to free software which hasn't been realized yet, but I believe it will be. I contacted the author of the MMURTL operating system, who used it in his book, Developing Your Own 32-Bit Operating System. I tried to convince him that releasing his OS as open source would be good for the community and for sales of his book, which he is self-publishing now that SAMS has discontinued the title.

After a few weeks of lobbying between myself and another person (who prefers public domain to open source), the author said we had convinced him. He has publicly stated that he intends to release the code into the public domain once he has sold 30,000 copies of the book. He's sold about half that many so far. (I think he'd get to 30,000 faster if he releases the code now, but he picked that number as a fair return on the 5 years of his life invested into writing the operating system and the book.)

So, the code hasn't been released yet, but he wasn't even considering it until I suggested the idea, at which point he became very thoughtful about it. Later, someone else talked him into not only releasing the code, but into the public domain! Either way, it seems likely that he will release the code at some point, and he might never have made that decision if it weren't for my advocacy.

Stuff like this is hard to quantify, but I still believe that it contributes to the free software community. I've done this sort of one-on-one free-software/open-source advocacy for almost 14 years now. I don't do public speaking like Eric Raymond, but I think every little bit helps...

11 Jul 2001 (updated 11 Jul 2001 at 22:23 UTC) »

You want an example of a project I've contributed to? I've contributed to Mozilla a bit in terms of reporting some bugs and participating in discussions about a number of other bugs. I've also sat down with thousands of lines of Mozilla code, searching for an incremental reflow bug in the HTML tables -- I didn't get as far as finding the bug, due to the sheer complexity of the application and even that small area of it. I did spend many hours testing and debugging it anyhow.

I've contributed a lot of ideas about design and architecture in Bugzilla, but wasn't in a position to implement any of them. In fact, I offered to implement a new cache manager system (because the old one was horribly broken and linked to many bugs), but nobody seemed interested, and one of the core developers did it his way instead. (Had I tried to write it myself, that time would have been wasted.) I recently offered to work on code to implement asychronous DNS queries without relying on a system's resolver libraries; again, nobody seemed very interested. Just after Mozilla was released in 1998, I was interested in writing a TELNET client for it, but again nobody seemed interested.

Here's a list of the Mozilla bugs I've personally filed:

7617 (apprunner reformats during mouse click on or tabbing to link)
7621 ([PP] Tab key doesn't advance to next field in a form.)
24518 (Initial paste into URL field inserts Japanese or Chinese!)
63892 ([RFE] "View/Edit Live Page Source" mode.)
65508 (Download progress dialog ["Saving File" window] shouldn't be a transient window)
65521 ([linux] modal dialogs should only freeze parent window (not all windows))
65526 (middle mouse button should work on personal toolbar)
65614 (Scaled images with width or height by % endlessly redisplay)
70361 (SEGV in [@ JS_GetFunctionObject] on submission from Bugzilla)
70363 (Inconsistent Build ID on nightly build!)
70479 (Broken menus after applying theme.)
70498 (Should the middle mouse button be overloaded?)
70501 ([RFE] The middle mouse button should work more consistently.)

Here's a list of additional Mozilla bugs where I've participated in the discussion to some degree:

6085 (Middle-click on link should load the link in new window)
6119 (View page source tries to reload page)
7201 ([FIX]When printing pages w/frames, frames print on separate pages [print][frames])
22687 ([RFE] PGP Plugin)
28212 ({table-reflow} Clicking on URL dynamically resizes table cells)
29429 (Clicking in textbox or on a link moves content)
30917 (implement DNS caching and request cancelation)
39057 (File > Quit can be chosen by users intending to use File > Close)
39957 ('Save as...' not fetching from cache)
40867 (Need means to reuse/reload current page without refetching from server)
52798 (gif img in table with width=100% blinks rapidly (flashes, flickers) (can happen without tables) [layout])
55312 (Paste (using middle button) of clipboard contents that come from a remote window fails)
55583 (view-source should show original source (use cached source))
56346 (Need to cache *all* pages for session history purposes)
57724 ([meta] View-source munging pages)
60426 ([rfe] Allow users to choose between generated and source html in view-source)
63445 (tables incorrectly widened to 100% width)
67161 (Need `progress' type for windows)
67442 ('open link in new window' doesn't work all the time)
67574 (Can't open (some) menus after switching themes)
82151 (Right arrow key at end of a TEXTAREA goes to the beginning)

If the qualification for Apprentice is "contributed in some way to a free software project", does this qualify as enough of a contribution for at least that level?

I try to make time for Mozilla, because I consider it to be a tremendously important project. I've done what I can, but it's very hard to actually contribute new code to a project that's so extremely large and complex. If I could make it my full-time job to hack Mozilla, I would, but I can't afford to quit my job and spend all my time on it unpaid; I have a family to support. So I can only do it in my spare time, of which there isn't much.

With over a million lines of code, and a slow computer (Pentium 200 MMX), it's not trivial to track the CVS version and keep rebuilding it. It's even harder to figure out what code to contribute and how to do it, because the system is enormously complex and it's been a fast-moving target all along. I don't want to spend lots of time learning how to use one interface only to have it discarded because the system was rearchitected yet again. It's probably getting to the point where it should be more stable now, but it still takes time I haven't had to learn the API's.

I'd still like to write a TELNET client implementation in Mozilla (I've implemented the protocol on top of TCP before), but I wouldn't have a clue how to begin. I could use a "Mozilla mentor" for some guidance in getting started, but nobody seems available for that purpose, and I don't have time to go searching for one. I probably need to start hanging out in the #mozilla channel on their IRC server, but that takes time and energy in and of itself.

Maybe I should have ignored Mozilla and picked something smaller to work on; I made a deliberate choice to focus my available efforts on Mozilla whenever possible because of the importance of the project. Unfortunately, it's a very daunting project to work on when your time is very limited...

Given that every certification appears to dilute the others, I've removed all certifications I had given to others, except for geoffeg, who is personally known to me. Although people are encouraged to certify others liberally (especially as Apprentice), it doesn't seem to help, so I'll be minimalist for the moment.

Why is it that you can claim to be God, Satan or Jesus and get certified as a Master without an uproar, but being honest and forthright gets you reamed? This sort of animosity is supposed to help grow the free software community?

hacker, I never requested anyone to certify me as a Master, or as anything else for that matter. Yet ncm singled me out as an example of so-called "abuse" of the system, claiming that I "requested" Master certification. I did nothing of the sort!

I've never asked anyone to certify me -- I have complained that the certification system seems to be broken when I used to be certified and now I'm not, despite having more than a few listed certifications. That complaint was because I was worried that the system might be malfunctioning unnoticed -- I wasn't trolling for additional certifications. However, when more people certified me, I thanked them (and you) for it. But did I request those certifications? Never.

I have previously listed sixteen orthogonal concepts that people seem to want this single certification metric to convey, and most of these can be derived or inferred from Raph's description. Since it obviously can't squeeze sixteen dimensions into one, I chose (somewhat arbitrarily) to pick just one dimension (level of programming skill) to use for my certifications. I may not have the same background and experience as another given individual in terms of what code and tools I've worked with, but when it comes to innate programming ability, I'll go up against most people any day.

Give me all sixteen dimensions individually and I'll be glad to pick the best choice on each dimension. Maybe I should have done them all and averaged it, I don't know. I didn't think it would matter, because I didn't think anyone would care what I put for myself. If people really trusted the system to work correctly, nobody would have made an issue of it in the first place.

People talk about Advogato as if it has a "web of trust", but that is extremely misleading. PGP has a web of trust, but using that terminology here misleads people, because that's not what Advogato has. Instead, this truly is a computerized "good ol' boys" network, even if unintentionally. I believe raph has stated (though I can't remember where) that Advogato was arbitrarily focused on free software because he liked free software and wanted to support it, but that the true purpose of creating the site was as a testbed for his research, to see if the certification system would effectively weed out the spammers and trolls while allowing legitimate users to discuss free software without all the noise (from spammers and trolls).

While it's been pretty effective at that goal, it's not clear that it's been as good about letting legitimate participants in, especially recently. I suspect the chosen algorithm may not scale as well in practice was it was intended to, because the more people and more certifications there are, the more those certifications seem to be diluted. Raph states: "The trust metric used to evaluate the certificates is most robust when the certificate graph is dense." In practice, it seems to be excellent at keeping the "good ol' boys" in, and most others out. Since most of Raph's writings here seem to focus on effectiveness in keeping out the bad people, it's not clear whether he ever paid close attention to the flip side of the coin, letting in the good people.

I just downloaded a copy of the people page, and ran a few counts across it. The majority of the accounts are uncertified! Out of 4,760 total accounts, 3316 (69.7%) are uncertified, greyed out as "Observer". Only 322 (6.8%) are certified as "Apprentice". Another 798 (16.8%) are certified as "Journeyer". Finally, 324 (6.8%) are certified as "Master". More people are certified as Master than Apprentice! Last year, that page was mostly green with a little grey, today it's mostly grey with a little green.

Does this make sense? Are there really over 3,000 spammers and trolls here? The barbarians are at the gates? I find this very difficult to believe. It seems much more likely that the certification system is broken, since it's keeping out more than twice as many people as it's letting in. Maybe the implementation is flawless and the algorithm itself isn't scaling well. If the goal was primarily to keep out spammers and trolls (as it seems to be), but it's keeping out the majority of potential participants, isn't that cause for concern? Shouldn't this be investigated, especially if the algorithm isn't scaling as expected?

I complained about the certification system to try to draw attention to this; it doesn't seem to be behaving as intended. Of course, the "good ol' boys" who are solidly entrenched in the system are happy to say that it's working just fine, thank you. On the other hand, Raph says that "the metric is being pickier than usual, almost certainly too picky. Apologies to those who should be cert'ed but aren't."

Raph designed and implemented this certification system, and he isn't convinced it's working right. Isn't it ironic that I get vilified for daring to question it? If everyone removed their certifications from me, and I was left uncertified because of that, I would have been disappointed, but I wouldn't have complained that the system was broken. However, the certifications that used to be quite sufficient were no longer, and that seemed amiss, so (after giving it a month), I tried to draw some attention to it by complaining more vocally. I've been unfairly attacked in return, but at least Raph has noticed that something is amiss with the certifications. Hopefully he'll pay more attention to this issue now, if he can find the time...

12 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!