Open Source Meeting/2008-10-09

From Second Life Wiki
Jump to: navigation, search
  • [14:00] Mm Alder: Got a crowd here, eh? :-)
  • [14:01] Q Linden: OS stands for open source, not On the Spot
  • [14:02] Rob Linden: pings #opensl
  • [14:02] Aimee Trescothick: huloo
  • [14:03] Rob Linden: howdy
  • [14:03] Rob Linden: Agenda: http://wiki.secondlife.com/wiki/Open_Source_Meeting/Agenda
  • [14:03] Carjay McGinnis: greetings
  • [14:04] Rob Linden: Hi Carjay
  • [14:04] Rob Linden: well, why don't we get started.
  • [14:04] Rob Linden: # An update from WorkingOnIt Linden about [VWR-3943
  • [14:05] Mm Alder: I noticed you were looking into it. Any progress?
  • [14:06] Rob Linden: this might be a good topci for next week. the dev working on this is out today, but he did express interest in talking about it some more
  • [14:06] Soft Linden: He does have the comment: "it looks like it's not gonna make it into the 1.22 viewer. For now, tentatively slotted for 1.23.
  • However, smartheap will likely be disabled in 1.22, and we will be focusing on eliminating difficult to reproduce heap corruption crashes during the 1.22 RC iterations."
  • [14:06] Rob Linden: the "it" here is tcmalloc incorporation
  • [14:06] Carjay McGinnis: right, we were talking about it a while ago here
  • [14:06] Soft Linden: Right
  • [14:07] Carjay McGinnis: remember the discussion but didn't hear anything else about it
  • [14:07] Q Linden: so in other words, there's been a strike team on it for a while, but it's taking a bit to get it into release
  • [14:07] Soft Linden: Yeah. The discussion was ~Spring of this year
  • [14:07] Carjay McGinnis: spring? oh
  • [14:07] Rob Linden: a lot of the work was in investigating tcmalloc, from what I understad
  • [14:08] Rob Linden: understand
  • [14:08] Rob Linden: needs to replace this keyboard
  • [14:08] Mm Alder: OK, next week is fine. But it brings up a meta issue: Can Linden work better with OS developers to fix bugs?
  • [14:08] Soft Linden: I think that VS2005 was what spurred this forward. A lot of libraries need to be rebuilt to work with this, and that update process has been streamlined a lot with cmake and vs2005
  • [14:09] Mm Alder: Like adding comments to JIRA?
  • [14:09] Soft Linden: Fair point. This should have been flagged in some way so it would have come up in one of our two triages to see if updates were needed
  • [14:10] Soft Linden: If it were titled with the tcmalloc work externally, it would have been a candidate for a source issue. Hmm
  • [14:10] Mm Alder: When a bug is considered important enough to have a strike force, why not solicit the help of OS developers?
  • [14:11] Rob Linden: let's see if we can schedule him into the meeting next week, and you can heckle him directly for not commenting in JIRA....how's that? :)
  • [14:11] Q Linden: Usually because it's sufficiently widespread that it's hard for us to take external patches
  • [14:11] Mm Alder: Widespread?
  • [14:11] Q Linden: meaning it touches a lot of code in a lot of files
  • [14:11] Rob Linden: Soft, maybe we should publish that branch?
  • [14:11] Soft Linden: I'll ask Brad in a comment
  • [14:12] Rob Linden: cool. branch is branches/tcmalloc-eval-6
  • [14:12] Mm Alder: A widespread bug?
  • [14:12] Carjay McGinnis: "a patch that would touch half of the viewer"
  • [14:12] Rob Linden: yeah, what Carjay said
  • [14:13] Soft Linden: Pinging Brad first. I'd want to know it didn't have any surprise closed surprises checked into the work branch or stuff.
  • [14:13] Mm Alder: I mean before someone decided to rewrite the code, they must have localized the bug.
  • [14:14] Q Linden: "the bug", in this case, is a rewrite of the way we do memory allocation. Tha'ts not small.
  • [14:14] Rob Linden: Soft: yeah, understood. just giving you the info since I went through the trouble of bringing it up. also, so that if that branch or similarly named branch shows up, folks know what it is
  • [14:14] Soft Linden: Ah, makes sense. Thanks :)
  • [14:15] Mm Alder: I guess I'll wait till next week to understand more.
  • [14:15] Rob Linden: Mm: smartheap was/is a general source of many small niggly problems, from what I understand, not a specific bug per se.
  • [14:15] Soft Linden: Hey hey fuzz
  • [14:15] Squirrel Wood: ^^
  • [14:16] Rob Linden: ok...next up
  • [14:16] Rob Linden: "Exploit fix disclosure, private parties/NDA and associated issues "
  • [14:16] Rob Linden: (unsigned item from Teravus Ousley)
  • [14:17] Soft Linden: So, for this - I outlined the proedure we'd roughed out in discussing this on sldev. I'll see if I can dig up a link on that... meantime, were there specific concerns/questions?
  • [14:17] Mm Alder: "private parties" sounds like fun. :-)
  • [14:17] Soft Linden: https://lists.secondlife.com/pipermail/sldev/2008-October/012000.html
  • [14:18] Carjay McGinnis: I got the impression you didn't have a final outline on the procedure yet, just some draft notes
  • [14:18] Carjay McGinnis: how long until it turns into something concrete?
  • [14:18] Soft Linden: Right. I asked for any feedback on that - didn't really get anything except one plea for us to release as early as possible
  • [14:18] Rob Linden: yeah, we've got some work to do o that front
  • [14:19] Rob Linden: Soft: maybe we should drop that in pjira and import it
  • [14:20] Soft Linden: Sure, could do that. It's only captured in the open source meeting notes right now. JIRA and it can be assigned - who should own it?
  • [14:20] Rob Linden: assign it to me
  • [14:20] Soft Linden: cool
  • [14:20] Rob Linden: I'll figure out who to punt it to ;-)
  • [14:21] Rob Linden: (just kidding, I should stay on top of this)
  • [14:21] Carjay McGinnis: hehe
  • [14:22] Soft Linden: Overall, there's still a lot of discussion going on regarding how to improve security incidents overall. We've had very few issues like this, or last November's quicktime vulnerability. This one was handled better than the Quicktime one. Hopefully the next is just so awesome that you pray for more security issues just to see the Swiss watch precision of the process.
  • [14:22] Rob Linden: lol
  • [14:22] Carjay McGinnis: hehe
  • [14:22] Aimee Trescothick: should we submit patches to make security holes so you can test it? :P
  • [14:23] Soft Linden: Please don't :)
  • [14:23] Aimee Trescothick:  :D
  • [14:23] Rob Linden: somehow suspects that Swiss watch precision is .... a stretch goal
  • [14:23] Carjay McGinnis: anyway it sounds like LL started to look close at the UDP messages
  • [14:23] Mm Alder: Sundial precision?
  • [14:23] Soft Linden: Right. And there's a change in the works to add cryptographic signing.
  • [14:24] Squirrel Wood: good
  • [14:24] Rob Linden: we don't think there are any more vulnerabilities in the viewer, so all of this is moot
  • [14:24] Rob Linden: (that was a joke, too)
  • [14:24] Carjay McGinnis: *perks ears*
  • [14:24] Carjay McGinnis: hehe
  • [14:25] Rob Linden: is there any advise on this process anyone here has to offer?
  • [14:25] Soft Linden: Still the issue where if you don't use the gesture in front of Philip, Windows somehow uninstalls the viewer.
  • [14:25] Soft Linden: There was / bow in there, but the gesture system yoinked it mid-line :/
  • [14:25] Rob Linden: in particular, if there's some open source project with a well-documented process that we should emulate, please forward the documentation
  • [14:26] Carjay McGinnis: not sure, think it's not easy to compare since your server code is closed
  • [14:27] Rob Linden: I think the process for the viewer can be the same as other open source projects
  • [14:27] Rob Linden: (at least, the more cautious of the open source projects)
  • [14:27] Soft Linden: In this context, we're only talking about viewer vulnerabilities. Server vulnerabilities would be reported with the SEC- component, or to security@lindenlab.com
  • [14:28] Rob Linden: even viewer vulnerabilities should be reported that way
  • [14:28] Carjay McGinnis: so you mean I should not post that proof of concept code to sldev?
  • [14:28] Rob Linden: it's just that we might have an early access process for trusted parties to help develop fixes
  • [14:29] Rob Linden: Carjay: not so much
  • [14:29] Carjay McGinnis: alright :)
  • [14:29] Rob Linden: well, anything else on that topic?
  • [14:30] Rob Linden: okee doke. that's the end of the posted agenda, I think
  • [14:31] Q Linden: party in hippotropolis, yee hah!
  • [14:31] Soft Linden:  :>
  • [14:31] Carjay McGinnis: hehe
  • [14:32] Rob Linden: anything that anyone wants to cover?
  • [14:32] Liana Linden: Nope.
  • [14:32] Squirrel Wood: meat & icecream?
  • [14:32] Aimee Trescothick: with open sauce?
  • [14:32] Liana Linden: bacon and chocolate?
  • [14:32] Q Linden: wants to duck and cover
  • [14:32] Soft Linden: And not even in that order.
  • [14:32] Squirrel Wood: ^^
  • [14:33] Soft Linden: I hope we've stopped the transcript recorder by now.
  • [14:33] Soft Linden: 'tis getting silly.
  • [14:33] Carjay McGinnis: yikes
  • [14:33] Squirrel Wood: heh
  • [14:33] Rob Linden: anything in this list that we should look at now? http://jira.secondlife.com/secure/IssueNavigator.jspa?mode=hide&requestId=11240
  • [14:33] Aimee Trescothick: why else do you think people read the transcripts? :D
  • [14:33] Rob Linden: sees one that should have "patch attached" set and doesn't
  • [14:34] Rob Linden: http://jira.secondlife.com/browse/VWR-9400
  • [14:34] Rob Linden: just set it
  • [14:34] Squirrel Wood: VWR-1719 Need for a better mechanism to add new UI translation ?
  • [14:34] Rob Linden: VWR-1719.....we're working on that, actually
  • [14:34] Squirrel Wood: yay!
  • [14:34] Carjay McGinnis: hm, I always forget
  • [14:35] Soft Linden: Going to import 9400
  • [14:35] Aimee Trescothick: any snews on VWR-9255?
  • [14:36] Carjay McGinnis: ok, fixed for VWR-9620 :)
  • [14:36] Aimee Trescothick: talked a few newbie open sourcerers around that one now
  • [14:37] Rob Linden: VWR-9255 is assigned to Poppy (I think because he volunteered)
  • [14:37] Soft Linden: Unfortunately, it looks like we're all still on 3.0 internally, so this hasn't been popping up/getting attention
  • [14:37] Aimee Trescothick: yup, the code has a comment with his name on saying "will it blend" :D
  • [14:38] Squirrel Wood: Let's try and blend it then ^^
  • [14:38] Rob Linden: he's on vacation until middle of next week, so I can't bug him
  • [14:38] Soft Linden: We're not supposed to put our own names in comments. So you don't get to either. :)
  • [14:38] Aimee Trescothick: ok np
  • [14:39] Soft Linden: Or are you saying existing code has it, not the patch?
  • [14:39] Aimee Trescothick: existing cmake code
  • [14:39] Soft Linden: D:
  • [14:39] Rob Linden: heh
  • [14:40] Soft Linden: I guess if his name's on a build script, he only gets killed part-way. So you should only feel a little guilty for bringing that up.
  • [14:40] Aimee Trescothick:  :D
  • [14:40] Soft Linden: If this were spoken instead of text, there would have been a cue that this was somewhat humorous... oh there we go :)
  • [14:40] Carjay McGinnis: hehe
  • [14:40] Aimee Trescothick: *tumbleweed* wooosh
  • [14:41] Rob Linden: we won't kill him....we'll just fire him
  • [14:41] Soft Linden: (And then re-hire him so he can fix it)
  • [14:41] Rob Linden: silly soft
  • [14:41] Soft Linden: Any other specific requests? Run down the list?
  • [14:41] Aimee Trescothick: now I know why he brings a popgun to meetings
  • [14:41] Rob Linden: let's run down the list of issues with no last triage date on them
  • [14:42] Rob Linden: for those of you who don't have that column configured, it starts at VWR-9400
  • [14:43] Rob Linden: http://jira.secondlife.com/browse/VWR-9400
  • [14:43] Soft Linden: So, 9400 I just imported
  • [14:43] Carjay McGinnis: oh, you can add that column?
  • [14:43] Soft Linden: Can just get updated
  • [14:43] Soft Linden: Carjay - you have to add it locally. The visible columns is a per-account configuration.
  • [14:43] Rob Linden: which I just bumped triage date on
  • [14:43] Rob Linden: next
  • [14:43] Soft Linden: Not saved with the filter.
  • [14:43] Carjay McGinnis: ah, ok
  • [14:43] Rob Linden: http://jira.secondlife.com/browse/VWR-9479
  • [14:43] Carjay McGinnis: it's good that the JIRA has smilies now
  • [14:44] Aimee Trescothick: \o/
  • [14:44] Soft Linden: I want to add the question to this - is this just for standalone builds?
  • [14:44] Soft Linden: does.
  • [14:45] Rob Linden: is there more clarification needed in the issue, or is this one we should import?
  • [14:45] Soft Linden: I asked for that bit of clarification and added myself as a watcher.
  • [14:46] Soft Linden: The submitter does acknowledge that they're doing stand-alone builds. If this is a stand-alone only issue, I'm not even sure we do proper bundling on other bits anyway.
  • [14:46] Rob Linden: cool. next up: http://jira.secondlife.com/browse/VWR-9475
  • [14:46] Soft Linden: If it's happening for all Linux builds, we need to find what's different in the public build - different person would look into it.
  • [14:47] Soft Linden: Same person, also stand-alone. I'll put the same question to it
  • [14:47] Rob Linden: cool
  • [14:47] Rob Linden: http://jira.secondlife.com/browse/VWR-9477
  • [14:47] Rob Linden: also same?
  • [14:47] Carjay McGinnis: yes, Khyota was quite busy
  • [14:48] Soft Linden: Nope, not for this one.
  • [14:48] Soft Linden: This one's valid - we've still got just a tiny vestigial amount of stuff in the library bundles that we should migrate to automated downloading.
  • [14:48] Carjay McGinnis: oh, ok
  • [14:48] Rob Linden: oh, righto
  • [14:48] Soft Linden: I'll import this - figure out who owns library packaging right now
  • [14:48] Rob Linden: k
  • [14:48] Rob Linden: it might relate to LLP-102
  • [14:49] Rob Linden: (in our internal tracker)
  • [14:49] Soft Linden: Sure, I'll link that
  • [14:49] Rob Linden: http://jira.secondlife.com/browse/VWR-9417
  • [14:49] Soft Linden: Between this, and moving art to automated download, we'll nuke the whole multi-stage untarring process. It'll be dreamy.
  • [14:49] Soft Linden: (last issue, not -9417)
  • [14:50] Rob Linden: it's the Khyota Wulluf show :)
  • [14:50] Rob Linden: hmm.....is that by design?
  • [14:50] Soft Linden: Pretty sure 9417 is a dupe of something Tofu just did - checking
  • [14:51] Rob Linden: warning being treated as errors, that is
  • [14:51] Soft Linden: I think we want to keep that. The real fix is closing off that redundant typedef.
  • [14:51] Soft Linden: And nope - tofu nailed a different typedef. The related one for this one was assigned to me in the last meeting.
  • [14:51] Rob Linden: which is already filed as VWR-9507
  • [14:51] Soft Linden: So that will make this a non-issue again.
  • [14:52] Rob Linden: so, we should treat this as "patch attached", maybe change the title, and import?
  • [14:53] Soft Linden: No. The related issue is already imported. This one, we won't fix, because we want that error.
  • [14:53] Soft Linden: Even if it's pedantic, it's so easy to fix that we should leave it an error to discourage leaving untreated warnings in the source. Masks other errors.
  • [14:53] Squirrel Wood: nay ^^
  • [14:53] Squirrel Wood: eep.
  • [14:53] Rob Linden: k....got it
  • [14:54] Squirrel Wood: curses bad text input focus :p
  • [14:54] Soft Linden: Let's do this: Let's triage this one, then next cycle we can ask if it's still a problem.
  • [14:54] Soft Linden: Khyota may see different warnings than we do, if K is building stand alone Linux. I don't think any Lindens are.
  • [14:54] Soft Linden: Then won't fix if it's not an issue, or ask for a log of the warnings if it still is.
  • [14:55] Carjay McGinnis: it's only gcc 4.3 that seems so pedantic
  • [14:55] Rob Linden: I think the issue is : "Extraneous typedef in audioengine.h:88"
  • [14:55] Soft Linden: <3 pedantry where compilers are concerned.
  • [14:55] Carjay McGinnis: well, I turn on -Werror whenever I can
  • [14:55] Soft Linden: Right, and that one will be fixed. Then K can tell us if that's the only one left.
  • [14:56] Soft Linden: Or I can just close it when I do the related issue that has audioengine.h and is imported, and see if K reopens :)
  • [14:56] Carjay McGinnis: I meet him on IRC quite often so I can tell him
  • [14:56] Carjay McGinnis: but I think it's the only one left for now
  • [14:56] Rob Linden: ok
  • [14:57] Soft Linden: Coolness
  • [14:57] Rob Linden: http://jira.secondlife.com/browse/VWR-4820
  • [14:58] Rob Linden: oops....wrong one
  • [14:58] Rob Linden: http://jira.secondlife.com/browse/VWR-9620
  • [14:58] Carjay McGinnis: I forgot to add the patch bit there, too
  • [14:58] Carjay McGinnis: that's why it shows up now
  • [14:58] Soft Linden: I can take that. That's literally 30 seconds
  • [14:59] Carjay McGinnis: hehe
  • [14:59] Soft Linden: imports
  • [14:59] Rob Linden: well, we're about out of time
  • [14:59] Soft Linden: Some of these - I try to steal if we'd spend longer triaging internally than just doin' em.
  • [14:59] Rob Linden: yup
  • [14:59] Rob Linden: cool
  • [15:00] Carjay McGinnis: yeah
  • [15:00] Rob Linden: ok....well, thanks everyone!
  • [15:00] Squirrel Wood: have a good day ^^
  • [15:00] Aimee Trescothick:  :) ty
  • [15:00] Carjay McGinnis: thanks you all, too
  • [15:00] Rob Linden: see you all next week!
  • [15:00] Soft Linden: Thanks for coming!
  • [15:00] Aimee Trescothick: waves