Ten years

That’s how long, to the day, I have been a FreeBSD committer.
Ten years seems like a long time when you write it down on paper, or say it out loud, or try to imagine who and where you will be in ten years’ time; but when I think back on my time as a FreeBSD committer, it’s hard to believe it’s really been that long.

The strangest part is seeing younger (or rather, more recently anointed) committers defer to me. I’m not the old tenured professor! I’m not the sage on the mountain! Look at phk, he’s the old fart, not me! I’m still a rookie! I practically haven’t done anything for the project! I mean, apart from libfetch, and pseudofs, and the PAM stack, and OpenSSH, and the Tinderbox, and stints as Bugmeister and Security Officer, and…

This is where my train of thoughts derails, when I realize how much I’ve actually done (although I don’t even come close to people like phk, jhb, or rwatson), and oh shit, it’s actually been ten years!

Update: when I told my wife about this, her immediate reaction was “and they say men can’t commit to anything…”


[The context for this piece is slightly dated, but I was hospitalized shortly after I started writing this, and apparently hospitals don’t provide their patients with wireless (or even wired) Internet connections. Go figure.]

I would like to comment on the following excerpt from a Firebird developer’s reaction to the Coverity press release mentioned in an earlier post:

I’m concerned that some code may trigger false positives, like some places (destination buffers) that don’t seem to check bounds, but this is because their source of data is already of guaranteed limited length. Someone that goes looking blindly for strcpy would panic at first glance.

Continue reading “Assumptions” »

Coverity scans of OpenPAM

The following is a copy of a letter I sent to Coverity today.

I am the author and maintainer of OpenPAM, which was recently promoted to Rung 2 in Coverity’s Open Source scan.

OpenPAM was included in your scans in April 2006, at my request, after a NetBSD developer had contacted me and suggested that the NetBSD scans had revealed numerous bugs in OpenPAM. I later learned that this was in fact not true. On the other hand, NetBSD’s CVS history for OpenPAM shows a number changes prompted by lint(1) warnings, most of which were (from my recollection) either false positives or a result of NetBSD’s own modifications.

However, I was not aware that Coverity was still tracking OpenPAM, as the last time I tried to log in using the URL, user name and password I had been provided, the site seemed to have been taken down. Besides, OpenPAM has been dormant for a couple of years, until the release of OpenPAM Hydrangea last December.

While it is flattering to see my project mentioned in the computer press as a “major Open Source project” and—effectively—one of the eleven least buggy, it would have been nice to have been notified directly by Coverity instead of finding out from a press release.

That being said, I am immensely grateful for the service Coverity provides to the Open Source community in general, and to FreeBSD and OpenPAM in particular.


A brief report from the 2007 eZ Conference & Awards

I’ll go right ahead and start with the conclusion: from my perspective, the conference was both a huge success and a very pleasant experience.

It was a huge success because my presentation (slides in PDF format) was well attended and well received (partly thanks to VG‘s Jo Christian Oterhals, who during his Friday morning keynote not only promoted Varnish as an essential component of their “extended LAMP stack” but also encouraged his audience to attend my presentation. There were so many questions from the audience that my 45-minute slot stretched into a 75-minute marathon, after which I was besieged in the hall and at the lunch buffet by attendees who wanted additional details and advice on how to deploy Varnish. After a quick lunch, I went straight into an hour-long meeting with eZ Systems developers and admins to discuss integration issues between eZ Publish and Varnish. Happily, rather than take offense at my pointing out cacheability-reducing flaws in eZ Publish during my presentation, they took it as an opportunity to learn something and improve their product. This attitude (and their amazing community-building efforts) is probably part of why their product is so successful.

It was also a pleasure, for a number of reasons. It was of course a great opportunity to connect with interesting people, such as Telenor R&I senior researcher Hilde Lovett or Mozilla Foundation Ombudslizard Zak Greant, both of whom I hope to meet again. It was also a pleasure to meet such helpful and professional eZ staff members as Shezmeen Hudani and Kendra Penrose, who took very good care of me from the moment I reached the conference venue on Thursday morning until the moment I left on Friday evening. I know it’s their job, but it’s still very nice to have every little technical wrinkle ironed out within minutes and feel entirely confident that everything will work perfectly when I step up to the podium. If only every event I attend took as good care of their speakers! Continue reading “A brief report from the 2007 eZ Conference & Awards” »

Revision confusion

This blog post by Códice Software (developers of Plastic SCM) discusses a recent talk by Linus Torvalds (no introduction needed) where he (in his usual style) lambasts all version control systems that are not Git, with particular attention to Subversion (for having the temerity to use “CVS done right” as a slogan).

The author of the post criticizes Linus for tooting his own (or Git’s) horn, then promptly upstages him by displaying his ignorance of every version control system that is not Plastic SCM (except perhaps SourceSafe) and lambasting them all.

You have to wonder about the qualifications of a developer who sells a product named “Plastic SCM” which isn’t a software configuration manager at all. As far as I can tell from reading their marketing materials and watching their screencasts, it’s a plain version control system (or revision control system, if you prefer) with no configuration management features whatsoever

Back to the drawing board, Pablo!