Category Archives: Open Source

Open Source, Free Software, and similar

cURL and libcurl

curl on scan.coverity.com

On scan.coverity.com, the nice guys at Coverity run scans on open source projects to check for flaws in their source code. Their list currently includes 265 projects, and curl is one of them. I have only good words to say about their scanning, as they found no less than 27 flaws in curl 7.16.1 and only one of them was a false positive. All the others were valid and true flaws that we could fix. I don’t think anyone was any serious security risk, but still. 26 bugs detected in one go.

On January 8th 2008, Coverity announced their “rung 2” for eleven projects that had zero flaws left in rung 1 and the rung 2 projects get an upgraded analysis. curl was also at zero flaws left, but it isn’t clear to me what else we could to do to reach rung 2 or even how we can get them to do a follow-up scan on a newer release since 7.16.1 is quite old by now and with all the changes in the code over time there’s always the risk new nasty bugs have crept in… So we’re at rung 1 still with no recent release scanned.

Rockbox

The Agony of Release

2 Comments

In the Rockbox project we haven’t had an official release in several years. We have >400K lines of code, some 60 committers. Some 300 patch contributors. At least 10,000 users, but probably up to 10-20 times that number.

We produce binary downloads after every single commit. We provide daily builds with a 30 day backlog. We provide a UI-based installer that can install the latest package for you.

So, we have a fair setup that provides releases in a fine way to everone interested. What we don’t have is a stable offer. Nobody can get a recent “stable” release (with a set of known bugs) or similar. We only have this endless series of “beta”-releases. We don’t have any particular push for doing a “real” release and among the developers there aren’t that many who think making releases is any fun, so we’re not really striving towards that.

The last time we tried to put together a release (to be called “3.0”) we decided to have a feature freeze period in which we’d only commit bug fixes and not do any new features. This lead to that most people simply stopped committing and developed their new stuff on the side, waiting for the freeze to go over. Only a few people did any actual bugfixing while we had some pretty serious flaws still in the code, so even with extended freezes we just couldn’t get the bug count down to a satisfiable level… we ended up just dumping the idea of a release 3.0 at that time, and it left some scars in the community that has so far prevented us from returning to this topic.

Rockbox

This said, today we’re more than 18 months further down the road, Rockbox runs on many more platforms, lots of code has changed and been improved since the previous 3.0 effort. Maybe it is time to once again make a release-attempt?

I think there are a few preconditions we need for this to succeed, including:

  • We need a single release manager person who single-handedly can decide when the release is finished. This person would also have the final say on the outstanding-issues list etc. We can’t manage to get consensus among this large amount of people for this black-and-white style of questions.
  • We need to accept that fact that some bugs just have to be in the release and we can live with them – after all most of these sorts of bugs have been with us for a very long time already and all of us have managed to live and use Rockbox fine for years in spite of their presence.
  • We need to accept and realize that most of “us” – the devs, the closest team of followers, will not use the release anyway as the day after the release we will provide a new set of spanking fresh binaries to download and use… We don’t do the release for us. We do the release to the huge audience out there who look for “stable” and “known to work” stuff.
  • Less people need to worry and have strong opinions about exactly what goes into the release or not. If we just get one release out, there will follow more further on that will get the stuff that is left out in this!

I am officially not volunteering to be a release manager! 😉

Rockbox

Sansa View Info

So we know a bit more about the Sansa View’s internals now!Sansa View

It is based on a PP-derivate, possibly called PP61x0 something.

It has a “disk” (NAND flash) layout quite similar to the Sansa E200 in that it has a “hidden” second partition in which the bootloader, firmware image and more are stored – in just about the same format as the Sansa E200 has its images. See my separate Sansa View page for more details.

And announced on CES going on right now, and also now mentioned on their official site, it is also available in a 32GB version.

cURL and libcurl, Linux

libcurl and libwww today

There’s talk in the Debian camp about dropping libwww as it is over 5 years since its last release and over a year since the last CVS commit in that project. It is also abandoned by the W3C these days. It seems there are just about two remaining packages depending on it, Amaya and wmweather+.libcurl

Amaya seems to at least discuss moving over to libcurl. I don’t know about wmweather+, but looking at their code, I actually think switching to libcurl will improve their code… not really related, but still about curl, one post on the Amaya list mentioned this weird list of user-agents you should block from your site, as it claims they are “spam bots” and it explicitly mentions curl in there…

Darcs is however currently adding support for libwww since it apparently does pipelining better, where as libcurl still has some flaws in its support for that.

Mail, Open Source

Shootout cancelled for now

Yeah, I wasn’t thinking clearly when I started this test at this time, as I then had mail servers taken down and replaced and what not, and all that extra bouncing-around of mails no doubt will affect what ends up or not in my (spamassassin) end so I’ll just stop the test right now and once everything is settled again I may restart it. If the mood and energy for it returns!

Mail, Open Source

The spamassassin gmail shootout

I’ve seen and heard so many people saying good things about gmail’s spam filter, and yet the few times I’ve redirected some of my (fairly large) mail feed through gmail I’ve not been that impressed. So, Igmail logo decided I’d fire off a test. I forward a good deal of my mail through both my local spamassassin-protected mailbox and to my gmail account and I do some detailed notes about what happens. It’ll be fun.

cURL and libcurl, Technology

Recent and Current Hardware Problems

1 Comment

During the last week or so, we’ve experienced major problems on some of the main servers at work, and I happen to host a bunch of services on them. Thus, I not only get problems to access my regular mail, but also the primary curl web site gets shaky!

Unfortunately, this is holiday season so most people that can fix these issues aren’t around so waiting for a reboot of the boxes can take a long time. Fortunately, we already have work in progress that is meant to replace the two main servers with two new ones on January second 2008, so things should at least settle after that operation.

cURLSo, remember that you can always find a suitable curl web mirror at curlm.haxx.se that has most of the contents you’ll need. Some stuff is only provided on the main site, but all downloads, docs and more are distributed on mirrors.

cURL and libcurl

Aiming for 7.18.0 in January 2008

cURLThis info was also posted to the curl-library list today.

I previously thought of releasing 7.18.0 in December but since there are still outstanding topics in the list and since there’s no pressure due to any serious bug fixes or anything, I decided we can just as wait until January. I want January 13th to be the feature freeze day after which no new features will be committed until the release, which hopefully then could be done by January 28th or so.

The live updated TODO-RELEASE document will change over time, but it currently contains these items:

Is there anything we’ve forgotten we should include in the next release? To get a feel for how the next release will look like, check out the RELEASE-NOTES in progress, or try out a daily snapshot!