Summer time is here in Sweden.
Those of you who keep up with projects I’m involved in, or if you simple read my blog or follow me on twitter, might notice a slight decrease in activity during July or so when I’m going to have vacation and most probably not be at home during a few weeks.
There are only two open source libraries for SSH that I am aware of. At least that are at the fundamental layer, written in C.
I researched the SSH library market years ago when I stuck with libssh2 as the one I thought was most promising, and since then I and others have taken it much further. The lib that I didn’t go with at that time, confusingly enough named libssh, recently came out with a new release.
Since there is now clearly two active open source SSH libraries it feels like we should help our users and potential newcomers by explaining how our projects and libraries differ. As a little teaser: one of the libraries turned out more than twice as fast as the other in my test…
While I admit to not having actually used libssh for real, I’ve read the docs and I’ve tried it a little bit. My take at a comparison is now online at:
http://www.libssh2.org/libssh2-vs-libssh.html
I will highly appreciate your feedback and additional things that differ between the two! The list isn’t really much to boast about as it currently looks!
I’m fascinated by this Swedish organization who call themselves Open Source Sweden (“Leverantörer av Öppen Programvara i Sverige” in Swedish which means “Suppliers of Open Source Software”)
They claim to be some kind of business organization for companies that work with and within open source in Sweden, and they want to promote open source and help companies work with open source etc. All pretty fine ideas methinks.
So, let’s hypothetically say I am employed and associated with several companies and I basically work exclusively with Open Source software on my job and I work in many open source projects. Why would I make my companies join this organization? Their web page(s) give very few answers to that, and yet they have many members and some of them quite well known in our community.
For this very non-compelling reason to join, they charge ~600USD/year for membership if your company has less than 6 employees “with open source capacity” up to 3100USD/year if you happen to have more than 25 open source capable persons.
The only thing I’ve ever seen from this gang is that they get the honors to speak up on open source subjects in the media and they did issue a press release almost a year ago…
Their site lists 31 member companies (and a bunch of them are clearly in the >25 section). That’s a lot of membership fees every year.
So if anyone reads this. Why would I talk my companies into becoming a member? What can possibly be worth all that money?
The other day I read this blog post by Stormy Peters, talking about getting people to sponsor or support Open Source projects and she continued to describe the Gnome approach and a bunch of projects that accept donations etc etc.
It made me (not too surprising) think about the situation for our little project cURL. We’re independent of any umbrella organization (GNU, ASF, etc) and we don’t have any vendor or company backing that pays for daily development or maintenance. We don’t have any legal entity or formal organization behind the project. We’re all just a bunch of people on some mailing lists.
We do have occasional companies and vendors who step up and pay individual developers to add features or provide various kinds of support, but they’re all basically single-shot occurrences and nothing that’s done on an ongoing basis.
Or products are used in all Linux distros, by hundreds of companies and so on. We’re a fairly active team, continuously working on bug fixes, tweaks and adding new features.
What can we do to make us more attractive for more support or active sponsoring by some vendor(s)?
Would joining an “umbrella” organization or forming a legal entity make it any more likely to happen?
Isn’t it so, that if the project is mature and good enough already, there’s actually very very little incentive for any company to take it under their wings and rather the market economy makes it a lot more profitable to simply use it as it is and if – at worst – in the end something really hits the fan, you can pay someone at that crisis point to fix up the immediate problem. And then continue like before.
And to be honest, I think we are proving to everyone that it works this way by continuing to deliver rock solid quality software. For no price. Completely open source. Year after year. Darnit, it’s just too fun to stop!
As two years before this, FSCONS is again looking for nominees for The Nordic Free Software Award 2009.
If you know any fine persons or projects you think are fitting and are from “the Nordic countries“, head over to that web page and submit!
And btw, this year’s FSCONS is set for November 13-15 although their site is still pitch black. I hope to be able to go there this year. Perhaps even do a talk about something!
Update: the word ‘persoject’ is not a mistake, even though it looks weird and wasn’t explained in this post. It was just a word I made up last year when I blogged about this award, and I re-used it now without thinking much about it… I won’t do it again. I promise! 😉
So Redhat created and made this very interesting Open Source Activity Map available. It rates 75 countries’ open sourceness based on “Government, Industry, and Community” and how good the countries are at open source. Sort of. The numbers are based on research done by Georgia Institute of Technology.
What does it give?
I’m a Swede who lives in Sweden and I can see that we’re not generally that much into open source, but we’re also a very small population compared to lots of other countries. But no, I cannot see how Finland or Norway are any further than we. What also puzzles me is how they even rate China before Sweden. The numbers that are provided don’t appear to take population into account, or even participation level in open source projects.
Of course I realize I have but one view and my view is deeply skewed by the projects I work in and by the people I meet and I have never even tried to compare different countries’ governments against each other in regards of open source so I figure I can’t make a good comment on these results. What is weird is that there’s simply almost no participants in open source projects from China (and several other Asian countries) and I’ve always thought that’s primarily due to language barriers. Is this map then suggesting that those missing people make up for it in projects within their own language regions?
Or isn’t it so that this map is more a map of comparing legislations and governments against each other, and no so much what actual people from these countries do in various projects? I would otherwise assume that us people in the western world have a small benefit from being close to the English language. Not to mention how those speaking native English can easily jump into most projects without thinking twice about language problems.
I think however that this is a very good idea. It brings issues to the open. What makes a country good for open source? What’s needed to make my country better?
I’m an old school C programmers guy and I stay true to some of the older and commonly used rules present in many open source and similar projects. Since I sometimes rant about this to people, I thought I’d amuse my surrounding by stating them here for public use/ridicule. Of course heavily inspired by the great and superior The Ten Commandments for C Programmers. My commandments are not necessarily in any prio order.
Only in very rare situations should code be allowed to be wider than 80 columns. I want my two or three windows next to each other horizontally and still see the code fine. Not to mention the occasional loading up in an editor in a 80 columns terminal and that is should be possibly print nicely (for reviews etc). Wide code is also harder to read I think, quite similarly to how very wide texts in web pages etc aren’t kind to your eyes either.
To be able to keep the code easily readable by human eyes so that you quickly get an overview and understand things, you simply need to keep the function and variable names fairly short. Not to mention that the code gets harder to keep within 80 columns if you use ridiculously long names.
Yes, this is something we know everyone says and few live up to. In statistical analyzes of my own C code I usually reach around 25-27% comments and I’m usually happy with that amount. Comments should explain what is otherwise not obvious in the code.
I’m not a fan of overloaded operators or snazzy macros that do fancy stuff without it being noticeable in the code. It should be clear when reading the code what it does. That’s also one of the reasons you don’t catch me doing a lot of C++ work…
Compiler warnings may be significant and in some cases they are not. Either way, it is our duty to silence them at all times. Firstly because it is often simpler to fix the code to not warn than to figure out if the warning is indeed right or not, but perhaps primarily because it makes it harder to see new warnings appearing if the old ones have been left there.
You may first believe that your code will live on forever on this single platform with this single compiler, but soon and very soon you will learn otherwise. Then you will cheer this rule as it makes you consider unaligned memory accesses, assuming byte-order of binary data or the size of your ‘long’ variable type.
I see a lot of “copy and paste” programming in my daily life and I’ve learned that sooner or later such practices lead to sorrow. If you paste the same code on multiple places it not only makes it repetitive and boring to update it when an API or something changes, more seriously it increases the risk that you address bugs only on one out of many places or that the fix differ etc. It also makes the code larger and thus harder to follow and understand.
A really nasty habit to be seen in some source codes is when people use typedefs to define their own types that is simply a pointer to something. Like with ‘typedef struct whatever * whatever_t’. While I’m in general against excessive typedefing, I’m fine with them in many cases but not when used to hide pointers to look like “ordinary” types. It makes code harder to follow.
Code that relies on zero and non-zero can get away without this, but as soon as you start relying on more numbers in the code you must start using #defines or possibly enums to make them appear with names in the code. Using names is more clever than hardcoded numbers since you can avoid having to explain the number in a comment, and of course it’ll be easier to change the actual number in the code at a later point without it being a painful search-and-replace operation.
Back in 2003 I wrote up support for the HTTP NTLM authentication method for libcurl. Happy with my achievement, I later that year donated a GPL licensed version of my code to the Wget project (which also was my first contact with the signed paper stuff with the GNU/FSF to waive my copyright claims and instead hand them over). What was perhaps not so amusing with this code was when both curl and Wget 2005 were discovered to have the same security flaw due to my mistakes in this code shared by both projects!
Just recently, the neon project seems to be interested in taking on the version I adjusted somewhat for them, so possibly the third HTTP code is soon using this. Yeah I posted it on their mailing list back then so it has been sitting there in the archives maturing for some 6 years by now…
I also happened to fall over the SSH Tunnel Creator tool, which I’ve never used myself, that apparently snatched my neon donation (quite according to what the license allowed of course) and used it in their tool to do NTLM!
It’s actually not until recent years I discovered libntlm, and while I don’t know how good it was back in the days when I wrote my first NTLM stuff I generally think using existing libs is the better idea…
I’m a last.fm fan. I love its ability to not only stream music without needing a dedicated client installed (yes a flash application I think suits a purpose) and I think it’s ability to provide music I might also like is amazingly nice. I’m a “random it all” kind of guy when I listen to my local music collection in most situations as well. It is not specifly well suited for listening on exact the songs you want, as if you select a specific song it won’t even play the full-length version of it.
Lately there’s been a lot of buzz in Swedish tech media about spotify, which is a similar idea (at the moment still an on invitation-only thing in Sweden). They stream music, but only to a proprietary Windows or Mac client and currently they offer free listening with ads (embedded in the audio and visible in the client) or 99 SEK (== 9 Euros == 11 USD) per month. The client is highly focused on specific songs or artists and it has nothing in the way of “random artitists I generally like and similar ones”. I’m not too thrilled.
Spotify offers its service in several places, and I hear in the UK it’s not even invitation-only (which of course is useful for the more forward-thinking hacking kind of guys who thus use a UK based proxy to reach them). There’s however no sign of a Linux client. We’re forced to run their windows client with Wine.
I’ve gotten the impression that Pandora is a similar concept to play with if you happen to be based in the US. I’m in Sweden and Pandora just shows me a “We are deeply, deeply sorry to say that due to licensing constraints, we can no longer allow access to Pandora for listeners located outside of the U.S.”
The other day despotify.se showed up. A bunch of clever hackers reverse engineered the Spotify protocol and stream and offer a full unofficial open sourced ncurses/libvorbis/pulse-audio/gstreamer/expat/zlib/openssl-based player! Reading the code shows that these guys certainly had to crack some hard nuts, but the activity in their IRC channel seems fierce and the code is rather clean so I expect it to turn out to eventually become a fine player if Spotify just doesn’t decide to play hard ball with them. Unfortunately, despotify hasn’t yet been able to produce a single sound for me since it has just died on assert()s on basically any attempts I’ve tried. The interface is also a bit… strange and not the easiest to figure out. (It should be noted that the despotify client still requires you who have an actual spotify account.)
It’ll be interesting to see how Spotify, or perhaps the big media companies owning all the music rights, will act on this initiative. This client does open up abilities for new fancy features. How about ripping the stream? How about re-distributing the stream like as a proxy? And of course it being open, it does open up for adding features I want to add.
Update: just hours after I posted this, Spotify closed access to their service using the despotify client as long as you’re not a “premium” (paying) user…
I fell over a (warning: Swedish!) article on the Swedish idg.se site describing the nominees for the yearly award “Guldmusen” (“the golden mouse”). One of them is this year the highly deserving Adam Dunkel, originator of among other things the very cool lwip (light weight IP) open source project.
However, in both articles on IDG that’s not how lwip is described. It is instead claimed to be “an unofficial world standard”.
“world standard” huh? Yes I admit that makes it sound quite a few notches better than “well-used and appreciated open source project”.
But lwip is an TCP/IP stack. A very small one. How can that be a standard, even if you call it an unofficial one?
idg.se continues to be rediculed by me and my friends and the reasons are silly things like this. Let’s hope they continue to amuse us for a long time to come! 🙂