For the last couple of weeks, I've been fuzz testing some code I wrote. On its own, that sort of thing is mind-numbingly boring, so instead of just handling the problems I found the "simple way" (check for NULL before dereferencing, check if offsets make sense, etc) I decided to refactor where possible so the bugs just couldn't happen. This kept the fuzzing fun too.

Moving error handling upwards nearer to the cause of the errors in an existing code base is sometimes surprisingly tricky. Lots of reshuffling of structures, hiding data from header files and clever encapsulation tricks and pointer gymnastics.

When you're working in ten or twelve files at the same time, you realize how much like a stack the brain is and how good it is at caching information. You push the consumers of a structure on the stack and you roll it up as you change the structure. Sometimes you find yourself branching because you found a way to abstract something and when you get back, the stack is back pretty much as if it had never been gone.

I haven't been able to precisely calculate the depth of my brain stack yet, but it seems to be fairly accomodating. After a couple of hours of shuffling code around, even rough line numbers seem to be getting cached for fast retrieval too. Much fun.

Yet another research opportunity for 'students of the mind'.

For the last couple of weeks, I've been fuzz testing some code I wrote. On its own, that sort of thing is mind-numbingly boring, so instead of just handling the problems I found the "simple way" (check for NULL before dereferencing, check if offsets make sense, etc) I decided to refactor where possible so the bugs just couldn't happen. This kept the fuzzing fun too.

Moving error handling upwards nearer to the cause of the errors in an existing code base is sometimes surprisingly tricky. Lots of reshuffling of structures, hiding data from header files and clever encapsulation tricks and pointer gymnastics.

When you're working in ten or twelve files at the same time, you realize how much like a stack the brain is and how good it is at caching information. You push the consumers of a structure on the stack and you roll it up as you change the structure. Sometimes you find yourself branching because you found a way to abstract something and when you get back, the stack is back pretty much as if it had never been gone.

I haven't been able to precisely calculate the depth of my brain stack yet, but it seems to be fairly accomodating. After a couple of hours of shuffling code around, even rough line numbers seem to be getting cached for fast retrieval too. Much fun.

Yet another research opportunity for 'students of the mind'.

It is amazing how patches have a tendency to pile up on laptop disks. While MFC'ing a silly change this afternoon, I accidentally typed svn diff in $HOME/projects/freebsd/head/sys and the output was rather interesting.

In addition to random patches that occur to me while I'm sitting on the train, I have a good chunk of syscons changes that I really should put somewhere safely.

Laptops are dangerous. Not only do they burn your lap -- and other sensitive areas -- they allow you to do work which is very easy to forget about (and then lose).

Time to sort through this mess and send out some patches.

For the last couple of hours, I've been playing with Firefox 3 to make it behave. I have blogged at length about how "userfriendly" basically means looking pretty and not working. The good thing about Mozilla is that "userfriendly" is only its default state. With a bit of fiddling, you can actually make it work.

So, without further ado: "Philip, how do you make Firefox 3 work?"

First, install a couple of mandatory extensions:

• Tiny Menu reduces the space-wasting "menu bar" at the top of the screen into a single button.
• Littlefox halves the screen real-estate hogged by the browser giving webpages a bit more Lebensraum. It also obliterates the ghastly pastel default look.
• Adblock Plus I don't need to explain. Don't forget to whitelist those couple of advertising-run websites which are worth it -- like http://fxr.watson.org/ for instance.
• Download Statusbar turns the preposterous "download window" into a more sensible and less intrusive toolbar.
• FaviconizeTab squashes up the tabs you always leave open.
• oldbar: restores the behaviour of the address bar.

Install the nullflash plugin to stop Firefox whining about that "Flash" plugin you don't have.

When you've done that, move the back/forward/reload/stop/home buttons, the address bar and the search bar next to the "Menu" button and hide the navigation and bookmarks toolbars.

Halfway there.

Now get rid of the nonsense that's been piled on the address bar by wielding the medium hammer in userChrome.css:

/*
 * Remove nonsense from the address bar.
 */
#star-button { display: none !important; }
#go-button { display: none !important; }
#feed-button { display: none !important; }
#urlbar-search-splitter { display: none !important; }

Finally, use about:config to set browser.xul.error_pages.expert_bad_cert to true, so you can visit sites which use self-signed certificates a bit less painfully.

There you go!

Since there was a call for testers on the freebsd-ports@ mailing list about Mozilla Firefox 3, I decided to give it a go. I had to patch the Makefile not to pull in dbus-glib as an unconditional dependency. I don't believe in D-Bus and don't want it on my system. If I allow Firefox to link with it, it would be the only thing sitting on the message bus too, which feels a bit crazy.

So, Firefox 3. The Mozillians have been sniffing way too much of the userfriendly glue. I already blogged about the too much handholding and the way they've confused security and trust when I tested one of the early betas.

Since I last tested, a workaround has been added to reduce the userfriendliness and increase the usability of self-signed certificates: setting the browser.xul.error_pages.expert_bad_cert option to true roughly halves the number of hoops you have to jump through in order to get the certificate recognized. Great.

The idea of bookmarking also seems to have become even more entrenched in the browser since my last test. I have never really used bookmarks. I've recently started vaguely using del.icio.us but bookmarks really aren't my thing. I guess some people must be into the idea though.

Using tinymenu and littlefox and some creative interface reshuffling, it's still possible to hide most of the bookmark nonsense so that it doesn't get in the way. The only thing I haven't been able to get rid of yet, is the new "add bookmark" button that has been added to the address bar. I'm sure a way exists, I just need to find it.

Overall, despite the userfriendliness, Firefox 3 is an improvement. It feels a bit faster and it still renders the stuff I want it to render fine. It's still a webbrowser though. Nothing to get overly excited about. More than 90% of the stuff being delivered over HTTP is worthless and it's only getting worse. Firefox 3 with enough extensions and some creative tweaking to make it less userfriendly and more usable allows you to sift through the crap in relative comfort.

I will try to resist the urge to downgrade again. Maybe if I feel sufficiently bored, I'll cook up a patch to make LANG=C less usefriendly and more useful. Don't hold your breath.

Belgian farmers are unhappy. When Belgian farmers get unhappy, they want everyone else to be unhappy too. Using tractors and with a little help from friendly taxi drivers and truckers, they basically shut down Brussels for a day.

Charming people.

Their protest doesn't particularly bother me personally. I don't need to be anywhere near Brussels and I use a bike and public transport to get around.

In other words, if it weren't for one small detail, I would have probably completely ignored this whole nonsense in the newspapers and not wasted any time blogging about it.

What is the small detail, you ask?

The farmers are unhappy about high prices of fuel. They are unhappy about a number of other things too, but they are making a point of complaining about fuel prices.

So who came up with the bright idea of using these fuel-hungry machines to blockade the capital instead of ... well, farming?

This whole macho display of noisy pollutants will accomplish precisely nothing. Remember that we have a government composed entirely of short-sighted right-wing conservative incompetents who are way too busy practising linguistic racism and similar idiocy to spend any time at all on the economic welfare of the country they are supposedly governing.

At best, the politicians will find it's a bit noisy out while they're wasting time and money on fictitious non-issues. Close the windows and crank up the airco. "Where were we again? Oh yes, we were going to try to estrange one half of the population from the other half some more".

In other words, instead of burning expensive fuel to produce stuff which can be eaten and exported, our agricultural friends are basically pointlessly polluting the capital while shutting down much of the economic activity that takes place there.

Very clever.

Haven't those of us who run small companies all been there?

Late payments suck.

More and more websites seem to be showing that funny OpenId logo and more and more people I know appear to be quite lyrical about the stuff.

Still. I'm a skeptical bastard. I wonder if OpenID is not a solution looking for a problem, like so many "Web 2.0" technologies.

Using the same username and password everywhere would of course be unbelievably stupid. If one site is broken (or run by a sneaky and enterprising individual), your identity is effectively owned.

I am still using the good old paranoid method of dealing with the plethora of websites that want me to create "accounts" and would like me to create a username and a password to log in to them.

Ever since the beginning of time, I've been generating different passwords for the sites that want them, and storing them in a file on an encrypted volume. Over time, of course, that list has become rather long:

% grep http /cryptostick/keys/passwords.txt | wc -l
207

Many of the sites in that file, I've probably not visited in the last many years, some of them probably don't exist anymore. Not a problem, the amount of data I'm storing about them is probably on the same order of what I once told them about me: very little.

So back to OpenID: if I understand it correctly, it would replace this simple plain text file I keep on an encrypted volume with a whole infrastructure of XML-communicating "things", any of which could possibly break, any of which would be - like anything XML - hideously difficult to debug and, most importantly, like any "web technology", unbelievably volatile and subject to becoming obsolete at the drop of a hat.

I can think of any number of other things that can and will go wrong.

It's a "web technology". People rely on PHP and other security holes, and we all know what happens to infrastructure built on a foundation of wet tissues. After a couple of months, some bright spark comes up with "2.0", also built on wet tissues but now they're "layered". Or something. Try to follow the metaphor.

In any case: either your identity is completely and utterly up for grabs, or you've invested a lot of time (and possibly money) in a very complicated (though probably very pretty) infrastructure which is now completely obsolete.

At the same time, my trusty text file on its encrypted volume (with its backup on dead tree stored somewhere physically secure) celebrates its tenth birthday and still works as well as the day it started as an empty file.

I'll stick to "Web 0.9", thank you. I don't think I could handle the stressful life of "developing for the web". It's so much more relaxing in the kernel, where standards develop at glacial speeds. bliss.

I was looking for something this morning. The laws of the universe demand that when you're looking for something - anything! - you will find any number of things you didn't remember you ever had. If you're a geek, you'll have so much fun playing with these things that you're very likely to forget what it was you were looking for in the first place.

So I found a stack of floppies.

This made me realize that a significant number of people I see on the train in the morning wouldn't recognize these things. In many ways, the floppy is like the LP. Which is another thing they wouldn't recognize.

It's funny how quickly the USB stick has completely taken over the role of the venerable floppy in the Sneakernet. Not to mention how large the average file has become.

Floppies could store anything from a couple of thousand of bytes to nearly one and a half million bytes. Most of the files on my disk are larger than that now.

These days, you can put millions of floppy-equivalents on a single USB stick.

The USB stick fits in your pocket and will even be readable after you take it out of your pocket.

Scary...

I would love to see if any of these floppies are still readable, but I don't seem to have any machines powered on with a drive.

It's the "libintl.so version bumped, time to recompile just about everything" time of the year again. Yes, I know that if I were to use a binary-based package manglement system, I wouldn't need to recompile, but I'm not interested in that. I don't mind the recompiling per sé either. To me, the benefits of source-based package management far outweigh the disaster that I consider binary-based package manglement to be. Your opinion may well differ.

This rant is not about package management methods though. Please save your comments for another day. I promise there will be other things in this post for commenters to get upset about. :-)

When working with computers, I prefer to think in English. I know a number of more interesting languages than English, but when working with computers, English is just the path of least pain. I don't want software to speak any other language to me. I like having a (roughly) direct mapping between garbage spewed on stdout and stderr and calls to printf() and friends in the code. It makes debugging marginally less painful.

Basically: I don't want localization. I don't mind if other people want it, but I want nothing to do with it.

In particular, I don't want to be affected when the people who maintain gettext decide that it's time to bump the version of libintl.so. In fact, I would be a very happy man indeed if I didn't have libintl.so on my system at all.

Most ports I use understand and respect WITHOUT_NLS= and don't link with libintl.so and don't register a gettext dependency. Some ports (like devel/glib20) however, pull in a dependency on gettext unconditionally, and this is where the trouble starts.

The perceptive reader has by now realized that this is another episode in the interminable "autotools is evil" saga.

When autocrap finds libintl.so on the system, it will halucinate madly and decide that since I have this file sitting on my filesystem (in /usr/local/lib, no less!), I obviously want to have random things linked with it.

This presumptious behaviour is stupid and broken.

Ports that understand and respect WITHOUT_NLS= do this by adding flags to configure or patches to inhibit autocrap checks for libintl.so and hope that this continues to work from version to version. Port maintainers can't be expected to check this all the time.

Inevitably, after a certain amount of time, even if you have WITHOUT_NLS= set, there will be a number of things unexpectedly linked with libintl.so on the system. Since they have no dependency on gettext registered, they won't be caught by the portupgrade -rf gettext dance.

Unfortunately, autotools has become so pervasive and ingrained in the open source world, that there is no real solution to the problem. Even if you could somehow fix autocrap not to cause linking with random libraries it finds, people would continue to use old versions which haven't been fixed.

This is not the real reason it will never be fixed though.

The real reason the problem will never be fixed is that a very loud group of people believes that linking with random libraries just because they're there is userfriendly. The fact that many of these people can't tie their shoelaces without ungrammatically asking for help on Usenet doesn't really matter.

It's userfriendly. Clearly, we can't go around fixing bugs that need fixing when the buggy behaviour is userfriendly.

You can't argue with userfriendly.

Whatever happened to "Unix is just picky about its friends"?

I wonder if I'm the only person who has noticed that there is practically no whining or moaning about Subversion by the people who are actually using it.

There is a lot of drama out on the internetwebs about FreeBSD's migration to Subversion, but it's pretty much all from people who don't use FreeBSD let alone commit to src. (And I'm not talking about the comments on my blog - my readers are very mature and civilized, I'm very grateful and feeling lucky.)

Lots of people shouting that "Distributed Version Control Is So Much Better" and "Centralized Development Is So 20th Century, Distributed Is The Only Way". Meanwhile in the repository, all seems to be going quite well. Code is being checked in, code is being merged, the CVS exporter works and the infrastructure is slowly but certainly starting to fall into place.

People even have time for pointless bikeshed-painting.

There is certainly something to be said for distributed development. But there's an expression that goes don't change a winning team. The FreeBSD Project delivers a fully integrated operating environment and prides itself on its high-quality centralized revision control history. Subversion is working out great!

And people complain about my CAPTCHAs... Despite the CAPTCHAs, I'm still getting some comment spam. Strangely, it seems to come in "bursts" and the assholes always target the same entries to spam.

I wonder how they're getting past the CAPTCHAs.

Oh well... I've added a blacklist of words I don't expect to see in comments. If you run into the blacklist (unlikely), try a synonym. Be creative. :-P

Spam sucks.

Yay:

[660] (philip@carrot)~/projects/freebsd/head% svn info
Path: .
URL: svn+ssh://svn.freebsd.org/base/head
Repository Root: svn+ssh://svn.freebsd.org/base
Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Revision: 179458
Node Kind: directory
Schedule: normal
Last Changed Author: remko
Last Changed Rev: 179458
Last Changed Date: 2008-05-31 16:17:36 +0200 (Sat, 31 May 2008)

After months of working on a conversion script for 10-15 hours a day, EvilPete has now pulled the trigger on FreeBSD's (src) CVS. And there was much, much rejoicing.

It'll be a bit bumpy for a while, but I'm really happy that we've joined the 21st century of version control. :-)

Of course, CVS will be around for another couple of years so people using anoncvs or CVSUP to keep their FreeBSD systems in sync won't be left in the cold, but as developers, we can finally stop gritting our teeth when we have to merge something.

Now I need to learn about svnsync. I don't think Peter will be impressed if I hammer svn.freebsd.org for all the machines I keep trees around on. :-)

/me happy

I like Calvin:

He should try taking the train... sigh

The first part of Heathrow was surprisingly painless this morning. I had about an hour to catch my flight to Brussels, which is cutting it a bit short, but since there are a very large number of mostly-empty flights going to Brussels this usually works well. I did the usual dance of getting to the right terminal as fast as possible. It only took about 35 minutes from T3 to T1. Not quite a record but close.

My flight wasn't boarding until twenty minutes later, so I had tea with the Dutchies first and then ran off to my plane.

The plane sat in a quiet part of the airport for more than forty minutes before finally being allowed to take off. Of course, life in Brussels goes on in the mean time, so there was no gate and we got to go through the bus dance.

Luckily, I didn't have to wait for my bag very long.

Got home dead-tired and went to bed, waking up an hour ago. This is not a good way to deal with jetlag. Ugh...

Trains are on strike tomorrow. If the newspapers are to be trusted, the whole country will shut down, it will be doomsday and more of that. I calmly sent a text-message to a colleague who will kindly give me a ride to work (at an insane hour, but that's fine with me) -- thanks! I'm sure other train-bound people can find similar solutions to their transit-problem tomorrow.

17:00 EDT

All conferences come to an end eventually. I left the hacking lounge rather early last night to catch some sleep. I find East-bound jetlag more bearable that way. Not that it helps much, of course.

Breakfast at the local Second Cup again. I've not quite managed to train them to suggest a random muffin automatically, but the resistance to randomness is pretty much gone. Of course, I'll need to retrain them again next year...

Lunch followed rather quickly after breakfast. George (or "Geoff", as the Residence receipt calls him) knew of a tea-and-sandwich place on York which I should try to remember for next year. They were very happy to offer me a random tea too. Excellent!

Getting through security at YOW was not too troublesome, despite having Robert nearby. It appears the plane is filled with geeks. We're theoretically distributed all through the plane, but I have a feeling some small reorganizing will miraculously occur...

If I remember the callsign correctly, the plane is the same one that flew me here. No power plugs.

A text message this morning warned me that the trains in Belgium are on strike tomorrow. I wonder if I'm going to get to work... We'll have to see. I'm very consciously not thinking about the second leg of my trip or my layover at the zone of randomness and baggage-consumption on that little lsland off the coast of Europe...

22:43 EDT

The big hacking room was closed when we got here tonight, so the first of us got into the small one. We learned that it was possible to open a bottle of wine politely and without spillage with only a Leatherman at our disposal. From now on, of course, I'll never use a corkscrew again.

After some bouncing up and down stairs because we're still sharing the building with children, we're now in the big lounge again.

My turn to play access point. I briefly considered using 'h0h0magic' as ESSID, but of course Peter's already got that in his room nearby. Why am I not surprised? So ... everyone associate with Evil.

Of course, tcpdump is running.

10:09 EDT

Fascinating discussion on vimage at the end of the devsummit last night. A number of people seem to be rather hesitant to the prospect of renaming every function in the network stack. Surprising, that. :-) I'm very happy this work is being done though. And now is a very good time to check it in. And it gives us an opportunity to make an "XXXKSE What To Do? -- Oh No, Not Again" tshirt. :-)

Dinner at Haveli last night. I chatted with David of Coverity about static analysis and the "interesting" software environments I sometimes find myself in. Coverity will never be a silver bullet, but it finds bugs. And it helps engineers understand tangled constructions and bugs in tangled constructions.

On that note, I'm very happy that the smoked FreeBSD Coverity server is being restored to life. I have missed it over the last few months...

Brief stop at the liquor store on the way to the hacking lounge. The looks on the faces of the chaperones of the science fair were ... hostile. They also seem to have found some security smurf to keep an eye on us all night. I'm not sure what the story is on this, but it must be interesting.

Someone had the bright idea of bringing a bottle of cognac. The resulting snoring must have been impressive. I had the good fortune of sitting next to Tiff, which ensured my glass never being quite full. No headache this morning. Good. Very good.

Now listening to Adrian's talk about how stupid people who write networking applications are. I like conferences.

15:25 EDT

So the wireless at the devsummit is working today. Peter put sshd on port 443 on freefall and everyone was very happy. :-)

It looks like the syscons work is going to be a Dutch-speaking effort. The bof consisted of myself, Ed, Marcel and Remko. We are agreed that before we can ever hope to make things "generic", we need to clean up the existing mess. Ed's work on TTYs will definitely help there, and it turns out that Marcel has some code in Perforce too.

I've been working a bit on divorcing the framebuffer from the console. This is more complicated than it sounds, particularly because of the way the VESA bits tie in with this. With a bit of luck, we should have some work committed before 8.0.

Marcel rightly pointed out that unless we "Just Do It", we risk (continued) analysis paralysis. Muddling with consoles and input devices is naturally going to piss people off, but we'll just have to deal with the flak as it hits us.

David from Coverity wondered what it would take to get people to listen to his talk. Ice cream was suggested and now there's a whole bucket of the stuff waiting for us here. Yay! :-)

08:05 EDT

It's funny how the "hallway track" at a conference is often at least as interesting as the conference itself. I always find it interesting to catch up with what people are working on and what interesting places people are working. Few "normal people" seem to be aware of how much of their daily internet addictions (like DNS :-)) are handled by FreeBSD setups.

We got kicked out of the hacking lounge rather early last night because we're creepy old men. There is some sort of science fair being held in the same building and clearly, children with scientific tendencies should not be exposed to the dregs of society who sit around in hallways with laptops drinking (gasp) alcoholic beverages (if you look hard enough, you'll find some alcohol in them). What a strange continent.

Beer of a rather better nature just afterwards in George's room with some very funny people. The amusingly named beer linimon found in Montréal ("Belle Gueule") is something to remember. We exchanged a number of completely unpublishable stories on an unbelievably varied range of subjects. Even the subjects are unpublishable. Move along, nothing to see here. :-)

Breakfast in a bit and then off to the devsummit again for more hackery and geek things. Perhaps the internetwebs will be working today. Just in case, I've set up an evil proxy contraption which might come in handy. Why would a university - of all places - restrict "the internet" to "HTTP over a proxy"?

I have a feeling the local Second Cup will have their hands full with an enormous influx of geeks this morning.

21:14 EDT

Registration at the Royal Oak last night was fun again. It seems most people managed to fight their way through the Canadian border scrutiny again. As usual, a number of people got stuck in Chicago. ORD almost makes LHR looks good... Almost.

We left the Royal Oak rather earlyish for the hacking lounge. I think I got a number of people somewhat interested in my effort to "architect" syscons. It is going to hurt but it really needs doing. The best description I've come up with for the current state of affairs is "four-dimensional noodles on bad acid". The term layering violation does not even begin to describe it.

Got a bit of code-reading done and then headed upstairs at a fairly civilized hour. My roommates (plural, Tiff seems to have moved in -- cool) were in a somewhat confused state when I got there. It transpires that George was double booked in our room, and a number of other rooms before that and was a bit 'hostile' after the manyeth elevator ride. Confused accomodation receptionists are a required feature at geek conferences.

Started a bit grumpy this morning. I found that carrot at home had crashed. Funny how this sort of thing always happens when there's an ocean separating me from any reasonable debugging interface. A smiling face suggesting coffee and breakfast improved my mood considerably. Thanks, miss!

I appear to have come to terms with the local currency. The locals have not come to terms with my breakfast requirements, however. They are surprisingly resistant to giving me something "random and tasty". I asked for a muffin and the girl asked me which one, when I asked her to give me the one which would give her the most pleasure to part with, she looked a bit confused and suggested about four different kinds, when I then said "yes", she got even more confused. sigh.

The devsummit was off to a good start. Except for the fact that there is no wireless. This is also a conference constant, however, so it didn't bother me much. In fact, the lack of wireless probably boosted the productivity.

Met Ed Schouten who is working on rewriting the TTY layer. This ties in rather nicely with my ideas about syscons. I look forward to working with him some more on this. Tomorrow I am organizing a syscons bof. I hope to get this project off the ground at last.

Highlight of the devsummit was the "greenbsd bof". Poul-Henning and Diane disagreed a bit about how to measure power going through switch-mode power supplies. Everyone agrees that we should come up with ways to save power intelligently and that implementations in other operating systems are suboptimal. This will probably become more interesting over the next few months. I look forward to doing some more power-management work again. It's been a while.

Thai food at the hacking lounge. Yum yum. I need to try to find Peter to figure out where my ISC tshirt went and catch up with email. I'm also cooking up an if_bridge patch for Andrew to look over while we're on the same continent. Feeling productive.

15:44 EDT

Rather lazy day yesterday. I had a mostly caffeinated breakfast and attempted some shopping. Only my heart wasn't really in it (is it ever?) and I ended up not buying anything. In the afternoon, I went to take a look at the break-out rooms in the Fauteux Building Dan has arranged for the developer summit tomorrow.

While the rooms are very nice -- I would kill for rooms like this at FOSDEM -- they are 'theatre-style' with staged seating rather than 'conference-style' with movable furniture. I'm sure the type of rooms we're looking for exist at the University but we've just not been successful at making them understand our needs. From what I know about dealing with universities regarding rooms for conferences, this surprises me not at all. Perhaps a number of us will take a stroll around campus noting the rooms we like so we can try to get them next year.

Dinner with Bjoern and Tiff (whose name I misspell consistently) at The Royal Oak just down the road here. I had some excellent nachos and a chicken salad. It transpires that a beer I found 'unimpressive' (to put it charitably) last year, I rather liked this year. I would find it unlikely if this was indeed the same beer -- I remember some really foul stuff across my palate last year -- but if it was, I happily retract my statement from last year.