libcurl built with yassl

yassl is a (in comparison) small SSL/TLS library that libcurl can be built to use instead of using one of the other SSL/TLS libraries libcurl supports (OpenSSL, GnuTLS, NSS and QSSL). However, yassl differs somewhat from the others in the way that it provides an OpenSSL-emulating API layer so that in libcurl we pretty much use exactly the same code for OpenSSL as we do for yassl.libcurl

yassl claimed this libcurl support for several years ago and indeed libcurl builds fine with it and you can even do some basic SSL operations with it, but the emulation is just not good enough to let the curl test suite go through so lots of stuff breaks when libcurl is built with yassl.

I did this same test 15 months ago and it had roughly the same problems then.

As far as I know, the other three main libraries are much more stable (the QSSL/QsoSSL library is only available on the AS/400 platform and thus I don’t personally know much about how it performs) and thus they remain the libraries I recommend users to select from if they want something that’s proven working.

Excuse my french

I’m not sure if I should laugh or cry but out of no particular reason that I understand, my WordPress installation has started to speak French to me! At least all controls/popup-texts in the text editor are no longer in English! I don’t know any french, but luckily I know most of these things already without actually having to read the labels. Like this “insert link” example:

Insert link in french

(Update: I guess I could mention that this is a plain Debian Unstable installation, and most of the thing is still in English. It is just parts of the UI that went French.)

CA cert bundle or not

Since the dawn of time (at least it feels that long) we’ve included a copy of a ca cert bundle in the curl releases. That ca cert bundle originates from Netscape 4.72 and no cert has been added to it since the year 2000(!)

Instead, we’ve offered things like an easy downloadable version from our web site, and documented that this is what you often need to do.

Anyway, we were recently triggered by a bug report and are discussing updating the bundle in the curl tarballs – we’ll just need to sort out the license situation first but we’re slowly progressing there and I think we’re pretty fine with things as they are right now.

However, the question is perhaps better put the other way: why should we bother to include a ca cert bundle in the first place? Most users will already have one in their system (since basically all SSL-based applications want one) and those that don’t can very easily get an updated one using our online server or a recent perl script added to the curl source tree.

I hope I don’t have to tell you that I value all input I can get on this issue!

Rockbox International Devcon 2008

Rockbox devcon logo

(I dug up the old “devcon 2006” logo and I like it so much I thought I could use it again!)

I’d like to suggest that we set a date and place for the Rockbox International Devcon 2008 soon so that we all can start planning for it properly.

Personally, I would claim that having it near an international flight hub is a good idea (why Stockholm Sweden is ruled out this time), and since the dollar is dirt cheap now it is probably a good idea for both US-citizens and non-US citizens to have it in the US.

Within the US, I would suggest that the east coast and New York is among the best choices due to it being a frequent and often cheap destination from several places in Europe.

But of course, this requires that we have a volunteering person or preferably more than one person in that region who can hunt a suitable place and do some basic arranging for this kind of event. Any takers?

And if not New York, is there any other friends near an international flight hub that think they could work as “host” for devcon2008?

I would also suggest that we pick a date in the latter half of June. Around the weekends 21-22 or 28-29.

What do you think?

Please take answers/responses to the Rockbox forums.

Make Them Pick Us

Given that there are an endless series of open source and free software projects around. What makes companies and projects likely to chose to depend and use one of the existing ones rather than to write it themselves or possibly buy a closed-source solution instead? I’ll try to answer a few of the things that might matter, and deal with how curl and libcurl relates to them.

Proven Track Record

The project needs to have been around for a while, so that external people can see that the development continues and that there is a continued interest in the project from developers and users. That bug reports are acknowledged and fixed, that it has been scrutinized for the most obvious security problems etc. The curl project started almost ten years ago, have done more than one hundred releases and there is now more developer activity in the project than ever before.

Certified Goodness

With companies and associations that “certify” others, you can get others’ views on the quality of the projects.

The company named OpenLogic offers “certification” of open source software for companies to feel safer. I must admit I like seeing they’ve certified curl and libcurl. You can get their sales-pitch style description of their certification process here.

Of course I also like to see curl going to rung 2 on the scan.coverity.com list as it would mean a second (independent from the first) source would also claim that there’s a reasonable level of quality in the product.

If they did it so can we

With a vast list of existing companies and products that already are using the project, newcomers can see that this and that company and project already depend on this, and that fact alone makes the project even more likely to be a solid and trustworthy choice.

Being the answer when the question comes

Being known is important. When someone asks for help and guidance about what possible solutions there are to a particular problem, you want a large portion of your target audience to know about your project and to say “oh for doing X you could try project Y”. I want people to think libcurl when asked a question about doing internet-related transfers, like HTTP or FTP.

This is of course a matter of marketing and getting known to lots of people is a hard thing for an open source project with nothing but volunteers with no particular company backing.

Being a fine project

Of course the prerequisite to all points above is that the project is well maintained, the source is written in a nice manner and that there’s an open and prosperous community…

Distros Going Their Own Way

Lemme take the opportunity to express my serious dislike about a particular habit in the open source world, frequently seen performed by various distros (and by distro I then mean in the wider sense, not limited to only Linux distros):

They fix problems by patching code in projects they ship/offer, but they don’t discuss the problem upstream and they don’t ship their patch upstream. In fact, in one particular case in a project near to me (make a guess!) I’ve even tried to contact the patch author(s) over the years but they’ve never responded so even though I know of their patch, I can’t get anyone to explain to me why they think they need it…

So hello hey you packagers working on distros! When you get a bug report that clearly is a problem with the particular tool/project and that isn’t really a problem with your particular distro’s way of doing things, please please please forward it upstream or at least involve the actual project team behind the tool in the discussions around the bug and possible solutions. And if you don’t do that, the very least you should do is to make sure the patches you do and apply are forwarded upstream to the project team.

How else are we gonna be able to improve the project if you absorb the bug reports and you keep fixes hidden? That’s not a very open source’ish attitude, methinks.

Recent example that triggered this post.

File Based Music Players Going Extinct?

Ok, I have a range of various hardware players that run Rockbox that can play all the music I have in my stored collection. But when I’m in front of my Linux box I prefer using the computer to play the music,my 4 rockbox targets not only because then I can select from all my music (that don’t fit on most of my players) and I have quick and easy access to changing the volume or skipping to the next song etc.

Here’s the thing: I use xmms for this (and I want to mention explictly that I don’t mean xmms2). I know this will make most of you reading this go what? and then suggest a billion other players. I know xmms is pretty much abandoned developer-wise and it doesn’t do gapless playback and has all sort of other drawbacks (including the silly winamp-mimicing GUI). I’ve seen that it’s even been discussed to get dumped from the debian packages (although people similar-minded to me spoke up and prevented this).

xmms screenshotI want a simple player with a GUI that can play songs from a mere directory. I want to point out a root dir and it could play all songs in there recursively. I’ve tried several different players over time, but I always go back to this simple xmms one simply for the reason that all the new and fancy players seem to be so focused on getting the music into a database and then arranging and viewing it all based on their tags and what not. I really really don’t want no database or anything, I just want my player to play everything in the dir I ask it to. And I want it to be available in a debian package preferably.

Any recommendations?

Conference in my living room

a kids drawing easel thing by IKEAToday (uh make that yesterday since we’re now past midnight here…) around lunch I drove my two kids over to my parents in law and got back to my house to host four friends (associated with a company that shall remain nameless in this blog – at least for now) coming over to discuss some work stuff.

It was great fun sitting in my living room chatting for a few hours, having a cup of coffee and instead of using a fancy company white board I brought my kids’ drawing easel (oh we love IKEA). The picture is the actual model we used, called “MÃ…LA”.

And we did indeed manage to get some good decisions done and some proper architectural stuff set. Admittedly, my kids’ drawing pens were a bit thin and not as thick and “powerful” as the ordinary office white board pends tend to be.

Rockbox Downloads Jan 2008

It’s time again for a check and analysis of the download trends of the build.rockbox.org web site, with comparisons with how things were at my previous count from October 2007.

Rockbox!

During this month, 112034 downloads were counted, which is almost a 10% increase since october’s 102127 – and as you’ll see below almost the entire increase was basically due to a boosted interest in the Sansa E200. There’s been no new port offered for download during this time, there are still 26 packages. The downloads were distributed as follows (the position changes are within () and the previous period’s download counts are within []):

  1. (+1) sansae200 27325 [18788]
  2. (-1) ipodvideo 21453 [20721]
  3. (+1) ipodvideo64mb 13904 [12780]
  4. (-1) ipodnano 13419 [13228]
  5. (+7) sansac200 3490 [2841]
  6. (-) gigabeatf 3410 [3522]
  7. (+1) ipodcolor 3316 [3287]
  8. (-3) h300 3306 [3614]
  9. (+2) ipod4gray 3249 [2896]
  10. (-1) ipodmini2g 3087 [3083]
  11. (-4) iaudiox5 2933 [3340]
  12. (-2) h120 2521 [2924]
  13. (+1) ipod3g 1993 [1624]
  14. (-1) ipodmini1g 1713 [1647]
  15. (+1) h10_5gb 1458 [1524]
  16. (-1) h10 1413 [1624]
  17. (-) ipod1g2g 1246 [1384]
  18. (-) player 730 [834]
  19. (-) recorder 558 [692]
  20. (-) iaudiom5 380 [422]
  21. (+1) h100 328 [345]
  22. (-1) recorder8mb 292 [354]
  23. (+1) fmrecorder 189 [222]
  24. (-1) recorderv2 175 [222]
  25. (-) ondiofm 96 [113]
  26. (-) ondiosp 50 [96]

Of course, if we count the two different ipod video builds combined, it alone is 35357 downloads (31.6%)! Apart from the E200 climb, I think the only significant change in the table above is the other SanDisk player in the selection, the Sansa C200 series which climed 7 positions due to its 23% download increase.

The top-5 downloads are all portalplayer based, and here’s a more complete look at how the builds are split up on main architectures (october’s shares within parentheses):

  1. portalplayer 97066 downloads 86.6% (83.6%)
  2. coldfire 9468 downloads 8.45% (10.4%)
  3. samsung 3410 downloads 3.0% (3.4%)
  4. sh1 2533 downloads 1.9% (2.5%)

The harddrive based builds are still more popular, but the flash ones are gaining:

  1. HDD models 67654 downloads 60.4% (65.7%)
  2. flash models 44380 downloads 39.6% (34.5%)

The top-8 downloads are for targets featuring color LCDs, and thy certainly are popular when checking download spread on target LCD types:

  1. Color 92494 downloads (82.6%)
  2. Greyscale 17450 downloads (15.6%)
  3. Monocrome 1360 downloads (1.2%)
  4. Charcell 730 downloads (0.7%)

Like last time, this doesn’t include any custom builds, builds from download.rockbox.org nor release builds from www.rockbox.org. Take all this as indications, not absolute facts.