Category Archives: Open Source

Open Source, Free Software, and similar

curl by sony

I got the latest Linux Journal issue (#170, June 2008) the other day and while reading through it I fell over the article about a guy who found a GPL license agreement among the papers for his brand new Sony TV.

… and there he also mentioned that they use curl! Fun! Apparently in their “Bravia Internet Video Link” product. Whatever that is… “Stream, browse and watch internet video and much more on your compatible BRAVIA® HDTV with the BRAVIA® Internet Video Link. It’s like extra channels for your new HDTV.

Coverity’s open source bug report

The great guys at scan.coverity.com published their Open Source Report 2008 in which they detail findings about source code they’ve monitored and how quality and bug density etc have changed over time since they started scanning over 250 popular open source projects. curl is one of the projects included.

Some highlights from the report:

  • curl is mentioned as one of the (few) projects that fixed all defects identified by coverity
  • from their start, the average defect frequency has gone down from one defect per 3333 lines of code to one defect per 4000 lines
  • they find no support to backup the old belief that there’s a correlation between function length and bug count
  • the average function length is 66 lines

And the top-5 most frequently detected defects are:

  1. NULL Pointer Dereference 28%
  2. Resource Leak 26%
  3. Unintentional Ignored Expressions 10%
  4. Use Before Test (NULL) 8%
  5. Buffer Overrun (statically allocated) 6%

For all details and more fun reading, see the full Open Source Report 2008 (1MB pdf)

libev vs libevent

Only a few years ago (autumn 2005) I was awarded a grant by iis.se (“The Internet Infrastructure Foundation” in Sweden) and in my subsequent work on the code for that project, I used libevent and implemented a high performance API for libcurl when dealing with very many simultaneous transfers.

Recently when I’ve read about people using the curl_multi_socket() API, I’ve seen mentions of the libev library and today when I’ve finally read up on the subject I fell over their very interesting performance comparison document comparing libev with libevent, including charts and all. Perhaps not a surprise when coming from one of the main the libev authors, but it seems libev does perform from some to significantly better than libevent depending on the circumstances.

When I get some time over I think I’ll try to port some of the example source codes over to use libev and see how it plays for me.

Update: I like how libev.com is used by Long Island Beverage Systems Inc… 🙂

The curl and the PHP

We have a sort of symbiosis between the curl project and the PHP project, at least we in the curl project get a lot of people learning about curl the first time when they hack PHP. This happens to the extent that to a lot of people, curl is but the name of a PHP extension.

So while we can thank the PHP project for referring us a bunch of users that might not otherwise have found us, there is also quite some “friction” or perhaps better called “disagreements” between our projects and how we (don’t) interact.PHP logo

name

CURL vs libcurl vs cURL. We only ever use the funny casing cURL when referring to the cURL project. The cURL project produces curl and libcurl. curl is a command line tool and libcurl is a file transfer library.

The PHP team provides and distributes an extension they call CURL which is a libcurl binding for PHP. This naming causes a great deal of confusion to PHP users who go to the curl site only to find that it isn’t at all devoted to (just) the PHP extension but instead there’s mostly a lot of other curl stuff there!

I’ve discussed this naming issue with the PHP team on several occasions but they don’t agree with me that this causes confusion, and even if it would cause confusion they seem to be of the opinion that it doesn’t matter since the PHP users should find all their info about CURL and related matters on the PHP site and thus it doesn’t matter what the curl site shows or not. (Or something similar to that, I really don’t mean to put words into their mouths so you better ask them about this to get their real and unaltered view – see my link to an old conversation for some info.)

I tend to call it PHP/CURL just to make sure it is clear that we’re talking about the binding. This of course also confuse users since that’s not what it is called in the PHP documentation…

irony

PHP themselves recognize the problem of related projects borrowing the name, so they forbid derivate projects to include “PHP” in their names. Clearly stated in paragraph 4 of their license.

versions

The binary build of PHP for windows have libcurl built in statically with the curl extension code, so people can’t easily replace the libcurl version used by PHP. And in general, Windows people using open source are much less likely to ever build anything on their own in my experience.

PHP 5.2.6 was released on May 1st 2008 still has libcurl 7.16.0 built into the Windows version. That libcurl version was released in October 2006 and right now we have released eight (8) releases after that one. All of them including many bug fixes. This is more than slightly annoying.

support

This isn’t anyone’s fault but… there really aren’t many PHP people who are involved or care about the libcurl binding so those who have PHP/CURL problems tend to ask questions on the curl-and-php mailing list and in the #curl IRC channel but there aren’t any PHP insiders around in those areas to answer PHP questions…

development

Is it just my imagination or isn’t there a lot of PHP users that have asked for the same features in the PHP libcurl binding for a long time by now, but really very few actually step forward and make a difference? So these features remain unfixed and not added. This is even “just” a binding, nothing of the really hard work is done in the binding itself… It might just be me and my head, but the ratio for doers/plain users in the PHP world seems to be exceptionally low in comparison to many other open source areas I see. Of course this is tainted by me only really seing the PHP/CURL side of the PHP world.

future

I have no reason to expect anything to change, nor do I know how I can make anything of this change on my own so I assume things will just continue working exactly like this in the future as well…

Blaming Debian packaging

I happened to read the blog post called Open-Source Security Idiots which really is having a go at the poor Debian maintainer of OpenSSL for causing the recent much debated OpenSSL security problem in Debian and Debian-based distros.

While I think the author Steven J. Vaughan-Nichols is mostly correct about his criticism, I think he’s being far too specific and trying to pinpoint Debian and claiming that to be a single specific bad distro (and his additional confused complaint on Firefox vs Iceweasel just made the article lose focus).

As someone who’s involved in a bunch of projects that are being packed by a range of Linux distros, I can’t but to disagree. This habit of changing packages without passing the changes upstream is wide-spread and not limited to changes done by maintainers since it also includes mere bug reports. It is something that just about every distro is doing to at least some extent. It varies from package to package and over time, but given an overview I honestly can’t say that there’s a single specific distro that is worse than the others. It is a disease that follows the distros and we must all help out to exterminate it.

Of course, the upstream projects also need to be aware of this and help pushing packagers of their software to behave.

Rockbox downloads April 2008

I counted the Rockbox downloads from build.rockbox.org during April 2008, and while the results weren’t very different from the past results, I thought I’d still show them. This month, 99874 downloads were counted and we had 30 different packages downloaded. Back in January, we still only had 26 versions. The top-5 are identical to the last list.

The most popular newcomer since my last count is the Olympus Mrobe 100 which has more than twice the number of downloads compared to the second newcomer iAudio m3.

The list shows model and number of downloads. The newcomers since the last count are shown bold.

  1. sansae200 22038
  2. ipodvideo 18289
  3. ipodvideo64mb 12392
  4. ipodnano 12261
  5. sansac200 4176
  6. h300 3071
  7. ipodcolor 2932
  8. ipodmini2g 2875
  9. gigabeatf 2848
  10. ipod4gray 2651
  11. h120 2506
  12. iaudiox5 2498
  13. ipod3g 1717
  14. ipodmini1g 1496
  15. ipod1g2g 1411
  16. h10 1361
  17. h10_5gb 1268
  18. mrobe100 1116
  19. player 564
  20. iaudiom3 528
  21. recorder 500
  22. iaudiom5 284
  23. h100 275
  24. recorder8mb 233
  25. recorderv2 157
  26. cowond2 138
  27. fmrecorder 116
  28. ondiofm 108
  29. ondiosp 58
  30. mrobe500 7

ipwhere on sourceforge

I finally got around to add my ipwhere project to sourceforge and I’ve just imported the source code into the SVN repo, so now it’ll be a bit easier to cooperate on this project.

ipwhere is a tool that looks up and presents the country and city of a specified IP adress. It has the entire lookup table built-in so the result is instant. Of course the downside is that it needs to be updated every now and then to prevent the data from growing too old and irrelevant! It uses the geomapping info from hostip.info.

It is the 18th project on sourceforge that I’m a member of, and the 16th I admin.

libcurl send/recv functions

libcurl’s two newly added functions curl_easy_send() and curl_easy_recv() add a new way of working with data in libcurl. These two are just sending and receiving whatever on a connection previously setup with curl_easy_perform() with the CONNECT_ONLY option set.

I haven’t yet made the web site display the man pages for these functions, as the patch for them was just committed minutes ago. Update: the man pages is now added and this post has the links.

Get a feel for how it can work by reading the sendrecv.c example source.