Category Archives: Open Source

Open Source, Free Software, and similar

RMS in Sthlm

November 9, 2011 Daniel Stenberg 2 Comments

Claes and I started the foss-sthlm initiative a while ago, back in 2009. I’m sure I’ve mentioned that before. We’ve since then done a series of events where we’ve gathered foss hackers from the Stockholm region to speak about Free Software and Open Source for people interested in these issues. We’ve had 100+ persons attend to every event and I’ve considered them successful beyond our wildest expectations. Me and Claes originally expected to gather around 30 persons or so…

Interested?

So out of the blue I got a question from Giuseppe (who were talking to RMS at the time) if foss-sthlm/me would be interested in organizing an event in Stockholm with mr Stallman. It turned out mr Stallman was already considering coming to FSCONS in Gothenburg and when doing so he was looking around to see if he could do some more talks while in Sweden. Given this chance, I simply couldn’t turn it down!

We coordinated with our pals behind FSCONS (the lovely crew at FFKP) so that we would jointly fund the event. We would split the bill for getting mr Stallman here and onward again to his subsequent gig, and the cost for his travel between Stockholm and Gothenburg.

How many?

Ironically, we already before had talked about not getting one of these super celebs to foss-sthlm events simply because of their immense popularity and the problem to get facilities to host events with them. How many would come to an RMS talk? I guessed at least 300 since among our previous events the most popular one got around 150 visitors.

How to get a place?

Commercial rooms for at least 300 people are expensive and luckily we quite soon got in touch with friends at KTH in Sweden – The Royal Institute of Technology, and they graciously offered to sponsor a room for 500. Awesome, we were on our way!

Sponsors?

South Pole didn’t hesitate when I asked them (you rock, Jakob!), but immediately said they’d help us to sponsor the event. With them on board, we had all the financial stuff we needed covered and we could say “full steam ahead!” to everyone involved .

Fiddle like crazy

FSCONS had a fixed date for their conference already, but when would RMS come to Stockholm? After FSCONS or before? When would we be able to reserve the room and how would it all fit into RMS’s schedule of other things. Several times we thought we had nailed it when something changed and we had to redo it all again. It took a good amount of emails back and forth until we finally scheduled and decided that he’d be in Stockholm first and then go FSCONS.

Open for registrations!

We went public about RMS coming to Sweden coordinated with FSCONS so that none of us would take advantage of this on the others’ expense. On September 27th 13:22 we told everyone about it, and within less than eleven (11) hours all 500 seats in the room had been reserved!

Oops, full already

Wow. That was a bit overwhelming and not quite what I had expected. A bit tough, but well our room only fits 500 so…

Find a new place

Friendly people on the foss-sthlm list very soon mentioned a new, much larger, facility that perhaps could be possible to host Stallman’s talk. The huge Aula Magna room. I was a bit pessimistic about it, as I was just so happy already with having gotten a fine sponsorship for that first room.

New place, new sponsor

What are friends for? I can hardly describe it, but we have good friends in good places and wow, not many days passed until I got the excellent news that the Stockholm University‘s department for Computer and System’s Sciences would help us get the room and pay the bill for it. This massive room fits 1194 sitting visitors. (Thanks Beatrice, you’re awesome!)

More tickets

Amazingly enough, it was just a matter of time until we ran out of tickets again. Sure, this time there were tickets available for a longer time but well over a week before the RMS talk there were again no tickets available. The demand was still clearly very high. When the event was just a few days away, we sent out reminder emails and we got lots of ticket cancellations, perhaps 60-70 of them, and the tickets that were returned were immediately made available again on the ticket site and were soon signed up for again by other lucky souls.

When we closed the registration, there were just a few tickets still available. 1180 or so had been registered to listen to Richard M Stallman talk in Stockholm, a dull and grey November day 2011.

The speech

Richard is a charismatic person. He can speak to a huge audience for almost two hours, with no slides and no images and no script and still keep us all alert and interested. He mixes in dry humor and reflects back and recites episodes from previous speeches from time to time.

The topic was of course Free Software. About doing the right thing. About freedom and how you need to be prepared to sacrifice some things in order to gain and fight for freedom. For mr Stallman things are often black/white. It is either free and therefore right and fine, or it isn’t free and therefore morally wrong and a bad idea. He also spent quite a lot of time explaining why calling it GNU/Linux is the right thing and how mr Torvalds doesn’t care about the ethics and about doing the right thing for humanity.

I’ve been involved in Free Software (and in Open Source too, a term that RMS despises and encourages us all not to use) for many years but this was actually the first time I heard RMS talk live.

Thanks

This would not have been such a smooth ride with the efforts of Giuseppe, Claes and the eager help and assistance from all friends in #foss-sthlm. Thank you!

(The pictures in this blog entry are all CC-BY-SA licensed and are taken by Kjell Ericson)

cURL and libcurl

Apple’s modified CA cert handling and curl

November 5, 2011 Daniel Stenberg

I tweeted about me finding a change in Apple’s version of curl that I haven’t seen any public patch for. Apple otherwise hosts a whole slew of curl patches which they never discuss with us about but still make public and we can see what they did.

I was trying to help out a fellow curl user on IRC (we’re in #curl on freenode, come see us) and he was trying to understand some funny effects of running curl against a HTTPS site and he showed me the output from a “curl -v” log. The verbose log curiously was different than mine (same curl version built by myself on Linux). My conclusion was that something was different in the Apple version.

The users log said:

* About to connect() to host.example.com port 443 (#0)
*   Trying 1.2.3.4... connected
* Connected to host.example.com (1.2.3.4) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):

… while my command against the same site said:

* About to connect() to host.example.com port 443 (#0)
*   Trying 1.2.3.4... connected
* Connected to host.example.com (1.2.3.4) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):

(I’ve bolded the part my output showed that wasn’t in the mac version, the real host name and IP have been changed.)

It seems I was wrong however.

The output above is only shown if libcurl sets the CA cert path to OpenSSL and it seems the Mac version doesn’t. Somehow they get the CA certs loaded to libcurl differently.

So ok, maybe they didn’t modify curl but they certainly changed how curl uses CA certs and they did this by modifying OpenSSL and clearly their version of OpenSSL now defaults to use their CA cert bundle. The end result for me is still the same though: I have no idea how CA certs work with curl on Mac so it leaves me with the unfortunate situation where I can’t help fellow curl users when they have CA cert problems on a Mac.

It also leaves me very curious on what –cacert does exactly on the mac version of curl.

OpenSSL is patched. Apparently it now works so that if the “normal” x509 validation fails, and TrustEvaluationAgent (TEA) is enabled, it will attempt to use the TEA to validate the certificate. The apple source code to read through for this is x509_vfy_apple.c in their patched OpenSSL tree. It is also possible to skip the TEA verification thing in OpenSSL by setting an environment variable, so that we can still have curl on mac act “as default” with a command line like:

$ env OPENSSL_X509_TEA_DISABLE=1 curl https://www.example.com/

Finally: yes, curl is released under an MIT license. They’re perfectly allowed to do whichever of these actions they want. I know this, and I chose the MIT license fully aware that any company can take the code, modify it and never return any changes. I’m not arguing against anyone’s rights to do this with curl.

Thank you, friendly anonymous helper for helping me straighten out my findings!

c-ares, cURL and libcurl, Development, IT Politics, libssh2, Open Source

Three out of one hundred

October 31, 2011 Daniel Stenberg 1 Comment

If I’m not part of the solution, I’m part of the problem and I don’t want to be part of the problem. More specifically, I’m talking about female presence in tech and in particular in open source projects.

3 out of 100 I’ve been an open source and free software hacker, contributor and maintainer for almost 20 years. I’m the perfect stereo-type too: a white, hetero, 40+ years old male living in a suburb of a west European city. (I just lack a beard.) I’ve done more than 20,000 commits in public open source code repositories. In the projects I maintain, and have a leading role in, and for the sake of this argument I’ll limit the discussion to curl, libssh2, and c-ares, we’re certainly no better than the ordinary average male-dominated open source projects. We’re basically only men (boys?) talking to other men and virtually all the documentation, design and coding is done by male contributors (to a significant degree).

Sure, we have female contributors in all these projects, but for example in the curl case we have over 850 named contributors and while I’m certainly not sure who is a woman and who is not when I get contributions, there’s only like 10 names in the list that are typically western female names. Let’s say there are 20. or 30. Out of a total of 850 the proportions are devastating no matter what. It might be up to 3%. Three. THREE. I know women are under-represented in technology in general and in open source in particular, but I think 3% is even lower than the already low bad average open source number. (Although, some reports claim the number of female developers in foss is as low as just above 1%, geekfeminism says 1-5%).

Numbers

Three percent. (In a project that’s been alive and kicking for thirteen years…) At this level after this long time, there’s already a bad precedent and it of course doesn’t make it easier to change now. It is also three percent of the contributors when we consider all contributors alike. If we’d count the number of female persons in leading roles in these projects, the amount would be even less.

It could be worth noting that we don’t really have any recent reliable stats for “real world” female share either. Most sources that I find on the Internet and people have quoted in talks tend to repeat old numbers that were extracted using debatable means and questions. The comparisons I’ve seen repeated many times on female participation in FOSS vs commercial software, are very often based on stats that are really not comparable. If someone has reliable and somewhat fresh data, please point them out for me!

“Ghosh, R. A.; Glott, R.; Krieger, B.;

Robles, G. 2002. Free/Libre and Open Source Software: Survey and Study. Part

IV: Survey of Developers. Maastricht: International Institute of Infonomics

/Merit.

A design problem of “the system”

I would blame “the system”. I’m working in embedded systems professionally as a consultant and contract developer. I’ve worked as a professional developer for some 20 years. In my niche, there’s not even 10% female developers. A while ago I went through my past assignments in order to find the last female developer that I’ve worked with, in a project, physically located in the same office. The last time I met a fellow developer at work who was female was early 2007. I’ve worked in 17 (seventeen!) projects since then, without even once having had a single female developer colleague. I usually work in smaller projects with like 5-10 people. So one female in 18 projects makes it something like one out of 130 or so. I’m not saying this is a number that is anything to draw any conclusions from since it just me and my guesstimates. It does however hint that the problem is far beyond “just” FOSS. It is a tech problem. Engineering? Software? Embedded software? Software development? I don’t know, but I know it is present both in my professional life as well as in my volunteer open source work.

Geekfeminism says the share is 10-30% in the “tech industry”. My experience says the share gets smaller and smaller the closer to “the metal” and low level programming you get – but I don’t have any explanation for it.

Fixing the problems

What are we (I) doing wrong? Am I at fault? Is the the way I talk or the way we run these projects in some subtle – or obvious – ways not friendly enough or downright hostile to women? What can or should we change in these projects to make us less hostile? The sad reality is that I don’t think we have any such fatal flaws in our projects that create the obstacles. I don’t think many females ever show up near enough the projects to even get mistreated in the first place.

I have a son and I have a daughter – they’re both still young and unaware of this kind of differences and problems. I hope I will be able to motivate and push and raise them equally. I don’t want to live in a world where my daughter will have a hard time to get into tech just because she’s a girl.

Rockbox

Rockbox Steering again

October 23, 2011 Daniel Stenberg 2 Comments

I’m proud and happy to once again having been voted into the Rockbox Steering Board. Thanks for your trust and confidence in me, friends! I’m hereby starting my 4th season in this role, which also happens to be allÂ yearsÂ the RSB has existed.

The RSB has really only had to act once. I don’tÂ foreseeÂ any drastic change in this regard this year. The complete board consists of:

Alex Parker
BjÃ¶rn Stenberg
Daniel Stenberg
Frank Gevaerts
Jens Arnold

Rockbox

The gsoc 2011 tshirt

October 22, 2011 Daniel Stenberg

I served as Google Summer of Code admin this year again, doing as little as possible, for the Rockbox project.

As usual, us volunteers are given a tshirt for our efforts and this year’s version looks like shown below. My son Rex was very happy to do the modeling, even though I think the size is slightly too big for him…

cURL and libcurl, Network

libspdy

October 18, 2011 Daniel Stenberg 8 Comments

SPDY is a neat new protocol and possible contender to replace HTTP – at least in some areas and for some use cases. SPDY has been invented and developed mostly by Google engineers.

SPDY allows better usage of fewer TCP connections (since it sends multiple logical streams over a single physical TCP connection) and it helps clients overcome problems with TCP (like how a new connection starts slowly) while at the same time reducing latency and bandwidth requirements. Very similar to how channels are handled over an SSH connection.

Chrome of course already supports SPDY and Firefox has some early experimental support being worked on.

Of course there are also legitimate criticisms against SPDY as well, including subjects like how it makes caching proxies impossible (because everything goes over SSL), how it makes debugging a lot harder by using compressed headers, how it is impossible to extract just a single header from the stream due to its compression approach and how the compression state buffers make each individual stream use more memory than plain old HTTP (plain TCP) ones.

We can expect SPDY<=>HTTP gateways to appear so that nobody gets locked into either side of these protocols.

SPDY will provide faster transfers. libcurl is currently used for speed reasons in many cases. To me, it makes perfect sense to have libcurl use and try to use SPDY instead of HTTP exactly like how the browsers are starting to do it, so that the libcurl using applications will get their contents transferred faster.

My thinking is that we introduce some new magic option(s) that makes libcurl use SPDY, and for normal easy interface transfers it will remain to use a single connection for each new SPDY transfer, but if you use the multi interface and you enable pipelining you’ll instead make libcurl do multiple transfers over the same single SPDY connection (as long as you speak with the same server and port etc). From an application’s stand-point it shouldn’t make any difference, apart from being faster than otherwise. Just like we want it!

Implementation wise, I would like to use a reliable and efficient third-party library for the actual SPDY implementation. If there doesn’t exist any, we make one and run that one independently. I found libspdy, but I found some concerns about it (noÂ mailing list, looks like one-man project, not C89 compliant, no API docs etc). I mailed the libspdy author, I hoping we’d sort out my doubts and then I’d base my continued work on that library.

After some time Thomas Roth, primary libspdy author, responded and during our subsequent email exchange I’ve gotten a restored faith and belief in this library and its direction. Not only did he fix the C89 compliance pretty quickly, he is also promising rather big changes that are pending to get committed within a week or so.

Comforted by what I’ve learned from Thomas, I’ll wait for his upcoming changes and I’ll join the soon to be created mailing list for the libspdy project and I’ll contribute some ideas and efforts to help shape it into the fine SPDY library we all want. I can only encourage other fellow SPDY library interested persons to do the same!

Updated: Join the SPDY library development

Open Source

RMS to Stockholm – November 8th

September 27, 2011 Daniel Stenberg 1 Comment

On NovemberÂ 8th 2011, foss-sthlm has the honors of welcoming Richard M Stallman to Stockholm and we invite you all to come and listen to what he has to say. RMS, as he is commonly known, is of course the founding father of both GNU and FSF and he has servedÂ his role of non-compromising believer in and the torch-bearer of the Free Software movement ever since he started it.

Date: November 8
Time: 18:00
Where: Aula Magna at Stockholm University

To get to enjoy this talk, and to be able to perhaps ask a question of your own, you must register and book your seat. You do this by going to the foss-sthlm nov2011 web page and reading the instructions.

We have this required booking concept for this only to make sure that we don’t overbook the room. Please make sure that you “return” tickets that you won’t use. Please help us pull this event through in an excellent manner.

This event is made possible thanks to our sponsors South Pole AB and DSV. We arrange this in cooperation with the great FSCONS team.

Update: we switched to a much bigger place!

Development, Haxx, Open Source

Haxx, the second year

September 18, 2011 Daniel Stenberg

Last year I posted my report of what I and my fellows did at Haxx after the first year of true and real independence. As I probably mentioned before, we registered our company 1997 but it was just a side project for over a decade.

Now, when we’re slowly approaching two years it is time to look back and what we’ve done during the past twelve months and what we’re doing right now.

We have firmly established ourselves even more as expert developers within embedded systems. We’re over and over again being hired by the teams that themselves are hired by companies to provide services or products. During the last twelve months, we’ve written software and software designs for a huge medical equipment company, a small video equipment manufacturer, a major international telecom, a market-leading embedded systems provider and a global chip manufacturer.Â We’ve debugged simulation software, designed video streaming servers, done video subtitling magic, poked on Linux kernel code and we’ve done old-school 8051 and 16bit x86 assembly. I’ve also managed to do a Embedded Linux development (in user-space)Â training course – twice. All this, in just the past year!

Haxx was (and presented) at FSCONS in Gothenburg, we went to (and presented at) FOSDEM in Brussels and we went to the Rockbox devcon in London. We did lots of work within the foss-sthlm community.

Oh, and we’ve revamped our logo and graphical design.

Haxx consists of three full-time employed senior expert embedded systems consultants. We’ve all been in the industry for over twenty years: Daniel Stenberg, BjÃ¶rn Stenberg and Linus Nielsen Feltzing.

WeÂ continuouslyÂ work with partners in the area to reach out to new and existing customers. As we’re very small and rather spend our time on working in our actual assignments we appreciate the help with sales and marketing. If you’re in the Stockholm area and ever end up needing devoted and skilled embedded software hackers, call us!

I’m gonna do my very best to make sure we get another great year! I’ll report back and tell you how it went.