Older blog entries for matt (starting at number 11)

Just posted a heavily revised version of my "abused trust" article, which I think addresses my thoughts below. Crossing my fingers for as good a reception to my points as I've had in recent diaries. Thanks, everyone, for your support.

I love working with the window open during a thundershower. It's great. Everyone should have an openable window next to their workstations. Of course I could also go outside and get wet... that's always fun.

Gave in to curiosity and installed Tomcat on gamera, even though I was going to make it a work-only project. I figure, though, since work gave me a reprieve from the otherwise tedious pushing of the inventory data into our Oracle apps system through a terminal session -- we were going to do that tonight -- that I can do some semi-work-related stuff at home. (Yes, ladies and gentlemen, Oracle did not see fit to make interfaces for physical inventory, so we spent many $$$ a few years ago to have an interface written so a Perl script could talk directly to the human interface.) But now one of our DCs isn't going to do their third (cleanup of discrepancies between first and second) count today, so we won't be entering anything till Monday at the earliest.

Anyway, back to Tomcat. I'm pretty impressed with what I've seen so far. Obviously, Java developers are already really into the whole servlet and JSP thing. I haven't done any serious Java since I wrote half of a DNS resolver library in JDK 1.0.2 years ago, but the whole thing just screams well-engineered to me, especially when contrasted to last month's exponentially mounting frustration with Zope. I think what I like most is that it tries to do as little as possible and allows you to build your own framework (or use others') on top of it. Right now all I've managed to do some basic header/footer stuff, and automatically-generated breadcrumbs... but more is coming.

I'm noticing several people using the word "diarist". It's one of those things where I wonder if people started using it because I did, because it was one of those words I thought might be a real word but had to look it up. (It is a real word, for those of you who are wondering.) Then again, the rest of the world might have just been using it and I only noticed subconsciously, kind of like when you get a new car and for the first time in your life, you notice the other people driving the same model.

Humm. It's 8:05 AM over here, so I suppose I can't say nobody else is up in my time zone anymore. When my pager went off at 6:45, I don't think anyone was. :-) Work is doing inventory this weekend, and when I started this job I inherited the Perl-based RF barcoding system that our DCs and factories use; it gets used very heavily this weekend, and our DC liaison thought this morning in the shower that she hadn't asked me if our new-style UCC shipping labels would work for inventory scans. Thankfully, I'd tested it last week.)

I finally got a usable source tree! Note to self: NEVER use cvs-over-ssh unless committing changes to a tree. pserver is a much more reliable method for large updates (and not too slouchy, either).

Everyone who wrote in and/or left supportive messages in their diaries -- thanks. But I'm not posting it, and I'm glad I didn't, and here's why.

I noticed a few folk seemed to be offended by my suggestion that they might not qualify for the rank to which they'd risen. At the risk of re-offending, I'd say some of you don't. The guidelines are clear -- this is about contributing to free software, not about being in IT for many decades. While those decades of experience may help you to contribute, it doesn't mean that you are more than an apprentice at contributing.

My problem, though, was that even after editing my sentences several times, I still had it wrong, or at least it appears so from the interpretations. Contributions to free software are not necessarily measured in terms of code, although it's hard to take someone seriously who hasn't contributed code. :-) It's about being involved. Being involved doesn't mean playing around with a particular free software project, it means helping it to be better, whether through code, advocacy, assisting with infrastructure, whatever. I guess it's really hard to quantify, and because of that, I don't feel I can do it justice with my words. I only know that when I look at some ratings, I feel they're wrong; and when I look at others, I know they're right.

Bottom line: I fear that having posted my article outside the still-public but less exposed confines of my diary would have offended far more, and not accomplished anything for the goal of free/open/whatever software. When I thought about it, I discovered someone being labeled purple or blue doesn't really hurt me or the community. If I need to find a real free software journeyer or master, I know where to find them, regardless of the color of their cert.

Or maybe I'm just a gutless wonder. You decide. :-)

I wrote this article up, but at the last minute decided not to post it. Maybe I'm just afraid, but I wonder if it's too flame-prone to put on the front page. If you think otherwise, mail me at matt@zigg.com and tell me otherwise, and I'll consider posting it.

Meta: Abused trust?

Lots of recent diary entries (disclosure: including one of mine) are highlighting the feeling that our web of trust is growing in a disturbing direction: away from its original intent to allow folks to certify fellow free software developers, and instead turning into a hyperlinked old boys network.

NOTE: There are those of you who may think this article is very unfriendly, maybe trolling, or perhaps even elitist. Consider this a free pass -- you don't have to read it. Then again, you might want to, and voice your opinion in opposition. I welcome that.

Without going back and highlighting any particular diarists' entries, I think there's a feeling that there's both overcertification going on and certification where there really shouldn't be any. Folks are getting marked up because they know someone else, while their pages mention no involvement whatsoever in contributions to free software projects. I want to believe that these folks just haven't put their contributions up, maybe out of forgetfulness, maybe out of self-deprecation. Unfortunately, there are several who state they're working entirely in proprietary circles; they may use free software tools, but that doesn't make them a free software contributor. Perhaps an apprentice, in some cases, but I'd say they would at least have to have a desire to contribute first. I don't feel anyone who doesn't at least work on one coherent free software project (contributing code or at least infrastructure) should be more than an apprentice, ever.

I'm an apprentice. I don't deserve to be anything more at this time, no matter how brilliant someone may think a piece of code I've written is (and I sure as heck can't think of any code I've written that even approaches brilliant right now). I've contributed bugfixes to various projects and I do some work with the OpenBSD ports tree, but I'm still learning.

This sort of thing makes we wonder about the web of trust concept in general. When passing around of trust happens liberally, and apparently without much thought, the web breaks. A common security axiom is "a secure system is only as good as its weakest link", and that applies to the web of trust in security circles as well. I submit that it also applies here.

When I first started writing this, I thought perhaps it might generate some useful discussion, but maybe I'm too rooted in Slashdot and Usenet flamefests to believe that. Again, if folks think I should post it, let me know; but I'll just leave it here instead.

Damn! The latest Mozilla nightly build is FAST! Much better than what I'm used to from Moz.

(For the curious: build 2000072708. I guess it's a day old) :-)

Ho hum. Watching my crufty old SPARCstation 20 (at work) crawl along doing an Oracle 8i install; we plan on moving to 8i here at work late this year or early next. The machine itself is really quite a sight, especially since in lieu of new hardware, I scrounged up three external 2GB drives and concatenated them into a 6GB volume. I am geeked about one thing -- with Oracle iAS (which we'll also be deploying; getting sick of the italics yet?), just about everything is dependent on Java in some way, and the idea of finally getting a chancel to figure out servlets and JSP at my job instead of yet another project at home is cool. I'd played with Tomcat some, and thought it might be cool to pick up sometime (especially considering my frustration with Zope's bugginess and shortcomings). Of course, it looks really good on a resume too :-)

While I'm talking about Jakarta, I should mention that they have some really cool stuff there that Java's been missing for some time. Daniel Savarese, formerly of ORO, Inc. has donated ORO's software to Jakarta. ORO's regex package is pretty much the de facto standard for regular expressions in Java, especially considering they're Perl 5 compatible. I hope more software donations like this come up, and especially under more friendly licenses like Apache's; Java stuff as of late has been (IMO) very well-engineered and useful, and contributions like this make it more so. Now maybe we'll see Java moved away from that icky SCSL and into an Apache-style license... :-)

Committed a few ports changes last night; got maintainer approval for kaffe to FAKE it and clean it up, and also grabbed ownership of the previously unowned enscript port, cleaning it up in the process. I think I'll stick to easier ports like these for awhile until I'm more comfortable, and to minimize the permanent etching of my mistakes into the OpenBSD source tree.

nymia: I'm not sure if you'll ever see this, and I really, really wish there was some way for people to see whose diaries are linking to theirs (sometime I'll have to look at the code and contribute that feature, I suppose), but glad you were impressed, and you seem to be on the right track.

Huh. I must have missed a few days somewhere in there. Guess this puts me on par with most of the other diaries. :-)

Something is really starting to bother me about Advogato -- not the site but the people -- and that is that people are just certifying people because they like them, even if they've never even dreamed of contributing to open source/free software/whatever you call it now. I'm an apprentice and rightfully so, because my contributions are meager and I'm still learning. I would label a nontrivial project leader or someone really close a master, and solid contributors journeyers; but that's not what's happening. Maybe these people who are getting kicked up really are big-time contributors behind the scenes, and they just don't post it on their pages. Humm. Makes me lose a little faith in the "web of trust" system; not a good thing for a PGP freak.

I got tired of waiting for half of my testing group and just committed the nessus port, since I'd been all over it probably too many times and most of the original reporters said it was fixed. Hopefully there isn't some other thing wrong with it that I'm missing. I decided that for my next trick, I'd pick up the last few unfaked ports and fake them. (Faking is a really cool addition to the ports process that lets us do a false install and manufacture a binary package, then installing just the binary package into the base system, and on a lot of ports it works without any tweaks at all, thanks to the tireless work of Marc Espie.) The first one I caught -- kaffe -- seems to not need anything special to fake. It does need a little cleaning up though to bring it up to modern standards. Had to go to sleep before finishing up though... damn sleep anyway... :-)

Had a rude awakening re CVSup... first of all, the server I pull from is at least a few days behind. Also, no CVS directories are created, so I still have to check out from a CVS server before working on committable stuff. (I should have known that last part, sigh.)

Jury duty was ridiculously uninteresting. Sat and watched E! for the morning (I hate that channel), then we got dismissed at 11:30 because only the murder trial needed jurors. Went to work after a quick Chinese lunch. My disconnectedness that had its onset Sunday afternoon started to get worse and finally I had the most pervasive headache I've ever had (thankfully, not the most painful). For awhile I could hardly walk. I opted to go home at 3:00 (which drew some more looks -- I'd already waltzed in at 12:30 and came in wearing jeans and a polo, which is hardly dress code) and could barely focus on anything by time I walked in the door. I couldn't lie down, so I put my "new" Creative Labs 3D Blaster Banshee, which had just arrived, into my Windoze box, lemmankinan. (Nice 2D quality, but I'm a bit worried about the weird-looking artifacts in GLQuake. Grabbing Quake II now to see if it's a GLQuake prob, but you'd think with the latest Creative drivers, which seem to be based on the 3dfx reference drivers, I wouldn't have something like that. Humm. If you have ideas mail me.) Anyway, eventually, it all passed. I feel much better now.

Had more problems with CVS. The other server I tried seemed to have the same timeout problems and also introduced a new "protocol error" into the mix that I don't comprehend, the mailing list archives have no idea about, and I don't feel like asking around. So I gave up and went to CVSup for the OpenBSD tree. It seems to be chugging along quite well right now. Hopefully it's as robust on OpenBSD as I remember it from FreeBSD.

Humm. Been summoned to report to jury duty tomorrow, and I just got back from the in-laws'. Oh, and my CVS checkout died several more times. I tried to switch to a different anoncvs server but it complained about a protocol error; I assumed that it had some cruft left over in a CVS directory but I couldn't find it; so I'm blowing what I've got away and trying again from that different server.

Other than that, nothing terribly interesting right now. Stay tuned...

Good morning, world. Yesterday I threatened to cannibalize all my systems, and I spent last evening doing it. Now I'm on an actually fairly snappy P166 with 80MB and running my hard drive in DMA mode. Life is good (or as good as it can get without a new computer budget) :-) Of course, running OpenBSD instead of a bloated Windows install or an even more bloated Red Hat install helps immensely.

Strangest thing happened during the hardware switchover, though. I booted megaweapon with a P100 (swapped the processor with the newly-christened gamera), came up to my production OpenBSD install, and the modem wasn't working. My modem's a Zoom internal hard-jumpered to the serial port I use. It was discovered OK by the kernel, but seemed to be ignoring ppp's commands. So I powered it down, reseated the thing, and then the computer wouldn't boot. Hmm. Powered it down again, went to reseat it again, and got a mild (~24V) shock. About this time I started to break down and cry, and my wife tried to pacify me by saying she'd let me buy a new modem. :-) Well, I pulled the modem out, and booted fine, then put it back in, and it miraculously started working again. Probably overheard us talking about replacing it, and didn't want to sleep in a box next to my Gravis UltraSound. I don't know why, the UltraSound was the coolest sound card in existence, before support for it all but dried up.

What else have I accomplished? Not much, though now I feel like I have the infrastructure to do more. I'm pulling OpenBSD current sources from one of the anoncvs servers (last night's pull got aborted in the middle of the night, sigh) and am hoping to start it a-building before I go with my wife to visit her family for the weekend. Migrated a bunch of files off megaweapon to gamera. Still more to go there.

Oh! Got my first success report for the nessus port. Needless to say, everything looks a little brighter now. I think I'll stick with easier ports in the future. :-)

EPILOGUE: When editing diaries, extra <p> tags get inserted. Hmm. We should use WikiWikiMarkupLanguage; then I don't have to bother with entities either. :-) Anyway, I'm at the in-laws now, with an ssh session open in the other window (over there <==) and compiling a few ports while I wait for the source tree to finish being CVS'd on down. One thing I miss about FreeBSD was using CVSup to pull down sources -- it was much faster than anoncvs. We do have CVSup servers, but last time I tried to use them I ran into some trouble... I believe it had something to do with being written in Modula-3 and OpenBSD not having a Modula-3 system, so we had to run the binary in emulation. Don't recall exactly. Maybe, in the interests of speeding everything up a bit, I'll try again. Someday.

2 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!