My reasons for an eventual resurrection of Gitarella

You might or might not remember of gitarella, on old project of mine to write a replacement for gitweb. Some of the reasons why I started the project (like gitweb URLs being not so friendly and other things) are probably no more relevant since gitweb improved a lot. Gitarella on the other hand I didn’t work on for such a long time that now is almost certainly not working, since it’s using deprecated git commands and so on.

For a while I thought to just give up on Gitarella in favour of cgit, that is written in C and so it has to be much faster, but I didn’t look into much more because gitweb at the time was suiting my need well enough. Since lately I’ve been working on quite a lot of different projects with some simple patches or series of patches, many of which are available on git repositories which I can just republish with my patches applied as a branch, my git repositories started looking tremendously heavy for the simple gitweb.

One thing that really I can’t understand is how is it possible for gitweb not to generate any kind of cache for the pages. This is quite a mistake in my opinion; while admittedly it’s impossible to properly cache the index page, for instance, and that requires a lot of queries, the commit description pages, the patch pages and so on can easily be cached up, as they cannot really be changed (you can use the SHA1 id as index for those pages).

If I remember correctly what I was told a longish time ago, cgit does cache pages on disk, which would make it an ideal candidate, if it wasn’t that it doesn’t execute git commands at all but rather links in libgit.a; feel free to check your dev-util/git install, there is no libgit.a, that is not an officially-supported way to interface to GIT. As you can guess, I don’t like it.

So I guess I might resume my work on Gitarella, especially considering now lighttpd supports scgi, it makes it quite interesting.

Some interesting possible side-effects of AGPL-3

If you don’t know the AGPL-3, it’s the GNU Affero General Public License version 3 . The interesting difference between this license and the more common GPL-3 is that makes the user able to receive the sources of the software used to provide them with a networked service.

Now this is a quite interesting license, because it fills a “loophole” of the GPL: if you provide a service over Internet that makes use of a software released under the GPL, you’re not asked to provide the source for it, even if you modify it, as long as you’re not distributing the software itself.

This “loophole”, as it might be seen by some, was already being considered years ago on the NoX-Wizard project, an Ultima OnLine server emulator that, in addition to the standard GPL-2 license, added an extra restriction of making available the source code of an eventual modified copy that was used as a public server.

I’m sure for many people this is a restriction in freedom, instead of an improvement, as they are no more free to take advantage of Free Software without giving back anything as long as they are keeping the modified version on their own systems.

On the other hand, I think it’s an important edge the one that AGPL provides to users and developers. Beside allowing the code to be available to every user of the service, it also has some interesting side-effects that I’d like to put a bit of light upon.

The first is that it makes it much more important for the people modifying the application to get in touch with upstream to make their changes included in the original repository: it makes sense to be able to just point to the upstream repository rather than having to deal with a different repository per service.

Related to this, it makes it possible for the various upstreams to see what the users are modifying of their code, and make the needed changes in the original codebase so that they can improve the software for all its users.

But even more interesting, AGPL-3 allows a much more powerful approach to services’ security. With the source code available, any security expert can look at the code, and see if there are obvious vulnerabilities. The most basic example is SQL injections or XSS vulnerabilities that might be introduced in an otherwise completely safe codebase by someone touching the code to integrate it in a different setup, or to extend its functionalities.

Of course this last note is not entirely positive, as it also means that any person with a decent knowledge of the language used can find those vulnerabilities too, and it might be a security risk if that person does have malicious intents.

This would give a compltely new meaning and an intersting spin to “beta” release of services, and would introduce, for web services, a peer-review that might actually make web security much tighter; as it is now, it’s vastly a security-through-obscurity approach.

On the other hand, I sincerely doubt that any “big” of the web services would see to start releasing their code as AGPL-3. The reason for this is quite obvious: a lot of services are there, offered “for free”, but have privacy statements that clearly show their primary intent is to harvest information about you; you might not mind, as it might actually help you somehow (like Amazon’s reccomendations) but if you actually knew the extent to which they arrive to gather your information, it might actually discourage you from using their service.

At any rate, I think I finally made up my mind, and once I’ll be back working on my Free Software projects, I’ll finally relicense Gitarella as I was thinking of doing last year. I already licensed my rbot plugins under that license and it seems to be working fine.

Unieject moves to GIT

It’s not like I love GIT unconditionally, I think Mike has quite a point about it. But it makes it way easier to handle repositories than Mercurial. So I am using it for almost all the projects I maintain alone.

Unieject up to now was still using Subversion on SourceForge.net; the problem was that git-svn didn’t grasp a rename that I made during the early life of the project when I imported the local Subversion repository to Berlios.

Today, after I couldn’t commit to Sourceforge because my password expired (is this something new?) I tried git-svn again and… it worked! It imported the repository correctly. After a bit of fiddling to replace the tags branches with actual tags, I was able to get my new repository online on the server.

I’ve now disabled SourceForge’s SVN for Unieject, the code can be found at https://www.flameeyes.eu/p/unieject.

I’m now debating with myself about either resuming to work on gitarella, or abandon it for cgit… the problem is that I’d have to prepare an ebuild for cgit at least, and I never tried to understand how to make an ebuild for a webapp. If somebody from the webapp team can give me some of his time to either teach me how to make an ebuild for cgit, or directly creating one, I’d be quite happy :)

Entertaining the idea of Affero GPL

Not sure if you heard, but Free Software Foundation finalised the text of the new Affero GPL version 3.

It seems a decent idea, an interesting idea, and now that it’s no more GPL-incompatible (at least for GPLv3), it seems even more so.

Why am I thinking about this? Well, I wanted to restart working on gitarella in the next future and then I wondered: what if I relicense it under Affero GPL? Beside the CSS styles that I can mostly replace now, as I rewrote most of the HTML anyway, the Ruby code is all mine, and relicensing is not an issue.

The advantage by changing the license to AGPL3 is that if someone wants to fix or change some behaviour in a production Gitarella server, also has to make available the modification. My suggestion would then be to just put a cloned repository of Gitarella itself available on the page, so that it could be fetched right out of that.

I don’t really think this is too much hassle, and it would probably avoid closed-source derivatives put in production. I certainly don’t like modified code put online without sending patches to authors or at least making them available to users (like I did for my typo 4.0 patches).

Just a few little updates

I hate Summer and the heat; I’m still waiting the new PSUs to replace the old ones, and in the mean time I’m cooking myself.

I’ve prepared a new patch for OpenJDK to allow using -z defs on every platform, this way I can test more safely the future patches.

I have improved my elf parser to parse the .dynamic section, allowing me to get the sonames and the needed libraries for an ELF file; this is the base for the design of a new tool, that checks an elf file for really needed dependency, to be able to get the needed packages without needing to have the package built with --as-needed (the script will check the undefined symbols in the elf file and then check which of the dependencies stated in the NEEDED entries are actually needed); and to be a bit safer, it will also check if the ELF file uses symbols that might indicate runtime dependencies not otherwise identified (dlopen(), exec*(), system()), and give out a warning in case.

Also, I’ve resumed a bit of work on Gitarella and replaced the Log4r usage with Ruby’s Logger class, cutting down a dependency. I think I’ll do a similar thing with popt on Unieject, especially after what Emanuele told me about the way popt is distributed from upstream at the moment; I’ll probably work on a new release of Unieject with that and finally support for Mac OS X (thanks to Matt Messier who’s helping with xine-lib on OS X, I now have a pointer on how to implement eject with OS X).

Oh and one thing leading to another, I rejoined Gentoo today.

Temporary downtime

So today I had a temporary downtime on Farragut, I hope nobody noticed (well, I’m sure at least a friend of mine noticed).

The reason of the downtime is that I’ve bought two Seagate drives for Enterprise yesterday (Barracuda 7200.10) to solve the problem with the missing spare drives I got, and then moved the old Samsung ones to Farragut (with a PCI Promise controller I had taking dust here around).

Later on tonight I’ll be partitioning those drives, adding a mirrored /var where to store the pgsql database, and the typo code, and the website and basically everything I need to maintain a stable copy of.

Also, I’m probably going to resume my work on Gitarella.. I’m in that particular mood that makes me need to work on something else for a while, and as ruby is something that relax me, and working on ruby web applications might help me for one of my job projects, that is a natural selection.

And of course I’ll have to use most of my time for my paid jobs, as I really need the money now, especially consider that not-totally-planned expense for the disks, and the totally unplanned one for the Sun box.

At least I can have some fun, that is basically the only reason I can work on Gentoo all day long without burning out :)

Again gitarella

So, last night I couldn’t sleep, and I then decided to continue with what I do when I cannot sleep: code. I think this would be one of the last times that I have time to do this tho, but I’d wait the official results to say that.

Now gitarella loads fine repositories in which there are merges (commits with more than one parent), as ruby-hunspell came to be, plus I’ve added the tag display à-la GitWeb, and added an option to rename the title of Gitarella pages.

Other than that, I’ve cleaned up and improved it a bit more, but it’s not ready for a new release yet of course. I hope to implement commitdiff soon and that would be a good start, for once.

On a totally unrelated note, Marius published his two Gentoo/FreeBSD wallpapers (the ones I named a few posts ago) on KDE-Look: Floating and Dark Skies . Marius, I love those wallpapers :)

So soon you’ll be seeing some screenshots of Gentoo/FreeBSD used as a desktop, with Marius wallpapers on the background ;)

Okay now that’s official and I can say it. seems like I’ll be on the new council, which means that my free time is going dooooown the sink.. I hope that at least the two amarok problems (tunepimp and mtp) can be cleared up…

FSF/UNESCO Free Software Directory… debacle or simply unmaintained?

Today I was looking to the referrers, to see which sites links to mine. I’ve seen once again the entry for Gitarella in the Free Software directory by FSF/UNESCO (is the UNESCO partnership new? I didn’t remember it from some time ago).

Now, if you go looking at the page, you see it in a strange category, in my opinion (Web Authoring?), plus you can see by yourself that something isn’t right.

The URL of the site is correct (and that’s because I sent them an update to tell them of using that URL), but the one to the tarball points actually to the Gitarella browsing Gitarella itself, not the download page; the Source Information link points to nothing, Gitarella is not hosted by SourceForge.net.

Same for the Documentation link, it points to a good deal of nothing, just because they suppose most of the projects are on SourceForge. My contact instead is listed without full name, although I try to use “Diego Pettenò” to refer of myself almost everywhere, when there’s not a requirement for a nick (like in forums, irc and so on), so that I’m easily recognisable.

Now, you’d say, why do you blog about this instead of writing to them to improve the situation? Well, I did write to them, but it seems they didn’t update everything at all :/ Just added a couple more links, updated the version number, and forgot about the broken links and so on.

FSF, you should probably try to cleanup the entries you have there… another example is unieject entry that refers to CVS at SourceForge for source management, too bad I moved from BerliOs to SourceForge when the subversion service was already working, thus I always used Subversion there…

Sigh. Better use FreshMeat, it contains also non-Free software, it’s not sponsored by UNESCO, but as you can report your own projects, it’s usually better updated (although I admit I forgot to update stuff from time to time).

Today is day of releases

As I’ve stated on my site.

First of all, I’ve released gitarella 0.003, after fixing a load of bugs and display issues that now should make gitarella way more solid when compared with the previous versions. I wanted to do this release because I’ll be probably working on SCGI support in the next days. SCGI seems to be an interesting technique, although the Simple part is really not related to its implementation (you actually need to implement more stuff on web-app side); it’s more interesting for the ability of restarting a single webapp without taking the whole webserver down while updating stuff.

Also, I finally released the hunspell rbot plugin that I already blogged about. Grab it while it’s new ;) Please take in mind that it requires ruby-hunspell, that in turn requires the Gentoo-patched hunspell (for now, the patch is merged upstream, or at least it should be at this point), and that it clashes with rbot’s own spell.rb plugin, that should then be deleted or disabled for this to work.

I don’t count on this to be useful to anyone, but it would be good if there was someone interested in it :)

Oh, I’ve also updated typo once again, now that the development seems to be actually going somewhere :) The theme for the admin interface is entirely changed… somehow, I preferred the old one. I hope the default theme will remain available still, as I don’t want to change it with another different default, but I’m not good enough to create my own theme.

And for who’s wondering: to let typo us system’s rails, you just need to remove vendor/rails and remove the definition from vendor/’s svn:externals property. At that point, typo won’t find its own copy of rails and will use system’s one.

Emacs and screen, screen and emacs

So, as now the autoconf mess is heading for the solution, I’ve now switched to another problem, reported to me by genstef, with openmotif.

Now, I don’t want to mess up with openmotif on this box, and also I try not to build too much stuff these days because of the heat, so I’m working on pitr.

Unfortunately, I cannot run emacs on screen to be able to have 256-colors themes (at 8 colors, emacs looks so bad…). So I’m doing it the other way around, running screen inside emacs’s terminal emulator. This looks so strange to me, but it works fine.

Okay, so now I get openmotif pass the crucial part (using eautoreconf rather than the tools by hand) but it fails to build (probably unrelated change). Sigh.

Oh for other news, I’ve released a 0.002 version of gitarella today after adding a few more views and fixing a few bugs, now it should be a bit more usable. Please also note the favicon you can see on gitarella’s installations, derived from the original GIT logo, isn’t it cute? :)

Okay I should employ my time in more useful stuff, I know….