Open Source Meeting/2008-12-18
Jump to navigation
Jump to search
- [14:02] Rob Linden: I'll be posting the transcript later, so please keep that in mind as you tyipe
- [14:02] Rob Linden: type even
- [14:03] Rob Linden: agenda: https://wiki.secondlife.com/wiki/Open_Source_Meeting/Agenda
- [14:04] Rob Linden: issue #1: # Cryptographic signing of UDP packets (Robin Cornelius) Anything else to add?, has the SLDEV discussion been useful here?
- [14:04] Rob Linden: does his best John McLaughlin voice saying that
- [14:04] Gordon Wendt: It's a good concept but as soon from the sldev discussions it seems how to exactly do it best is not agreed on
- [14:04] Soft Linden: There has been some useful discussion there. The Linden who first pushed for this hasn't weighed in yet. We should give them a nudge toward the list to review what's there so far.
- [14:04] Morgaine Dinova: We need guitars ;-)
- [14:05] Latif Khalifa: I don't remember seeing discussion on sim performance? Simulator seems to be very bad at handling big numbers of agents as is
- [14:05] Soft Linden: The work for the signing part is already done, but not the salt distribution. And after the discussion they may well even decide on a different approach.
- [14:05] Latif Khalifa: without having to encrypt all outgoing udp datagrams
- [14:06] Rob Linden: yeah, a nudge may be appropriate
- [14:06] Soft Linden: Right. A lot of work went into evaluating different options for signing to find something fast.
- [14:06] Soft Linden: And I'm sure the signing was chosen over encryption as a speed concern as well, although the point about having hardware acceleration options with ipsec sure wants consideration for future hardware purchases.
- [14:07] Robin Cornelius: is there really much difference in overhead for signing vs encrypt?
- [14:07] Robin Cornelius: ipsec does not tunnel well, UDP is bad enough but most routers support it, ipsec can be hairy
- [14:07] Robin Cornelius: with NAT
- [14:07] Soft Linden: Dunno if anyone here can answer that authoritatively - I believe so
- [14:07] Robin Cornelius: although it does have nat-t extensions
- [14:07] Gordon Wendt: There's also a necessity issue, what is the goal and really what is gained by encrypting UDP packets, it seems that unless someone can hijack a session which I believe is already prevented by various measures there's not too much of a point
- [14:08] Robin Cornelius: prevent injection of packets
- [14:08] Soft Linden: Well, with UDP it's trivial to spoof the sender.
- [14:08] Soft Linden: Right.
- [14:09] Soft Linden: At present, someone with your IP might be able to make an obnoxious comment as you, or as someone pointed out on the list, could potentially resubmit a packet legitimately sent multiple times.
- [14:09] Morgaine Dinova: One more reason for migrating off UDP.
- [14:09] Rob Linden: signing+destination checking+sequence numbers prevents that problem
- [14:10] Soft Linden: We've got to settle Coke vs Pepsi and emacs vs vim at LL before we can touch UDP migration debates again.
- [14:10] Sheet Spotter: Is encryption required to prevent injection or is signing adequate?
- [14:10] Carjay McGinnis: lol
- [14:10] Soft Linden: signing along with a sequence number would be sufficient for injection
- [14:10] Q Linden: / I think soft said it best, so I'll avoid diving in. :)
- [14:10] Latif Khalifa: emacs vs vi is easy compared to that :P
- [14:10] Morgaine Dinova: Just go for tea, and edit with a magnetized pin. Then get rid of UDP ;-)
- [14:11] Gordon Wendt: Soft, signing can be done with practically no overhead right?
- [14:11] Soft Linden: In theory - I haven't seen any kind of benchmarks.
- [14:11] Soft Linden: But again, careful consideration went into evaluating and choosing which cryptographic hash to use.
- [14:12] Soft Linden: If we can get the Linden who owns this willing to step forward on list, they can answer a lot more there.
- [14:12] Sheet Spotter: CRC-32 is a (very) crude form of signing, with little overhead. (That is NOT a recommendation.) Yes, it can be low overhead.
- [14:13] Soft Linden: And helpful if we decide to implement UDP with Z-modem resume. Done.
- [14:13] Rob Linden: +1 soft...let's see if we can do some cajoling
- [14:13] Rob Linden: should we move on?
- [14:13] Carjay McGinnis: ah, Z-modem
- [14:13] Morgaine Dinova: Is there any precedent for such solutions from other UDP users?
- [14:14] Rob Linden: Morgaine: yeah, see Infinity's post
- [14:14] Morgaine Dinova: Will do
- [14:14] Rob Linden: next item: "If there is time, could we examine some of the issues affecting standalone viewer builds please? (All or nothing instead of selective lib inclusion, compiler mismatch, name-mangling, per-arch build directory problem via shares.) Morgaine Dinova 15:44, 18 December 2008 (UTC) "
- [14:15] Morgaine Dinova: Should I speak a bit about it?
- [14:15] Rob Linden: sure
- [14:15] Soft Linden: Go for it
- [14:15] Robin Cornelius: Well a quick one here, the llkdu package seems to be pulling a bad llkdu.dll for one
- [14:16] Soft Linden: llkdu shouldn't even get pulled for standalone. That's bad.
- [14:16] Morgaine Dinova: Well, first think is that Standalone or Prebuilt is an either/or choice for us, whereas in reality the issue requires a spectrum of solutions.
- [14:16] Robin Cornelius: i was building win32
- [14:16] Morgaine Dinova: When building standalone viewers, each host will have a different set of libraries and versions, not all appropriate, and so may need a different selection of prebuilt libs to another.,
- [14:17] Morgaine Dinova: A classic example is xmlrpc-epi
- [14:17] Khyota Wulluf: oh boy
- [14:17] Robin Cornelius: what the issue with that?
- [14:17] Morgaine Dinova: The vast majority of distros supply xmlrpc-c as standard, so at least the -epi is often needed as a prebuilt
- [14:17] Robin Cornelius: ah yea
- [14:17] Robin Cornelius: that is partially because -epi went stale
- [14:17] Morgaine Dinova: You can't have both installed in the same system
- [14:18] Robin Cornelius: um you an
- [14:18] Robin Cornelius: can
- [14:18] Robin Cornelius: debian do
- [14:18] Robin Cornelius: you keep the headers in subdirs of include
- [14:18] Morgaine Dinova: Well, you always can with some jiggery-pokery :-)
- [14:18] Rob Linden: more generally, adding features to the build system for standalone builds is something that Linden is supportive of, but isn't going to unilaterally develop
- [14:19] Morgaine Dinova: But not using the regular system installs, at least on some distros
- [14:19] Robin Cornelius: i agree it is an issue for some distros
- [14:19] Morgaine Dinova: The issue of prebuilt lib selection seems to be quite problematic.
- [14:19] Robin Cornelius: really those distros need a bug report filing as well though
- [14:19] Soft Linden: Can you think of other projects that have offered some kind of piecemeal solution?
- [14:20] Soft Linden: I'm not sure that all-or-nothing on libs is so unreasonable, so long as we're using a pretty typical set of libraries
- [14:20] Rob Linden: I can see the value in having hybrid standalone/prebuilt builds, and I don't think anyone here is going to say it's a bad feature to have
- [14:20] Rob Linden: waits just in case there's someone who thinks the idea doesn't have merit at all
- [14:21] Latif Khalifa: i know of projects that include common libs they use as a part of their source code
- [14:21] Morgaine Dinova: It's hard to know exactly how to tackle it, but the current method is flawed. For example, the viewer requires specific versions of some libs like openal.so, and the system may be running different ones, so it ends up not working.
- [14:21] Khyota Wulluf: doesnt think we need a prebulilt vorpbis for linux
- [14:21] Rob Linden: if we can assume that we all agree that it's an interesting feature, then the next thing is to figure out how make it happen
- [14:21] Robin Cornelius: as there is always a conflict risk jist taking individual libs what you really need is something like Gareth did which can pull all deps as source and build every required library (or any individual required ones)
- [14:22] Morgaine Dinova: I ended up with a build that had both .so.1 and .so.0 included for openal, wierdly.
- [14:22] Robin Cornelius: thats quite acceptable ;-)
- [14:22] Rob Linden: ok....so, remember, this is a system that Linden needs to use too, and we're pretty prebuilt biased
- [14:22] Morgaine Dinova: Aye
- [14:22] Rob Linden: is there anyone here that's goign to try to talk Linden Lab out of using prebuilts for our builds?
- [14:22] Morgaine Dinova: But I'm mentioning it because in the wiki pages you do say that you would like to make the build process more standalone-friendly.
- [14:23] Robin Cornelius: i've seen nasty conflicts just porting prebuild between debian and ubuntu, so you can end up with a dependency hell
- [14:23] Soft Linden: There could be a simple solution in adding a develop.py command that makes it skip certain named tags in install.xml, or even the ability to include a 2nd install.xml style file that overrides any elements that exist in both.
- [14:23] Rob Linden: Morgaine: yes, we would like to make it more friendly....I'm trying to narrow the conversation to that
- [14:23] Morgaine Dinova: Soft: yes
- [14:24] Rob Linden: so, Morgaine: sounds like you have a patch in mind then already?
- [14:24] Soft Linden: But again, that wouldn't likely come from inside the lab. I bet we'd take it as a contribution if someone needs it enough to make that work
- [14:24] Rob Linden: what's useful to do here is a coordination effort between interested parties
- [14:25] Morgaine Dinova: There are a couple of other issues worth mentioning: compiler compatibility with prebuilts if doing a standalone (I've found name mangling issues at link time), and also some clashes in the build directory.
- [14:25] Rob Linden: Morgaine: before we move on...
- [14:25] Morgaine Dinova: Rob: I haven't yet found a good solution, or I'd be offering one :-)
- [14:25] Rob Linden: ah...ok, that's what we should be discussing then
- [14:26] Soft Linden: Worth taking back to sldev though
- [14:26] Morgaine Dinova: Aimee suggested to me earlier that we could improve develop.py by adding the hostname or similar to the build directory name.
- [14:26] Rob Linden: sounds like Soft has a suggestion for how to tackle the problem, and Aimee too
- [14:26] Soft Linden: (refinement of selective library inclusion for sldev, not the rest of those issues)
- [14:27] Morgaine Dinova: The reason being that when building on an NFS server or share from multiple machines of the same arch, you get a clash -- those machines may use differrent prebuilts too
- [14:27] Rob Linden: Soft: I think there still may be some realtime coordination that would be helpful here
- [14:27] Rob Linden: are there people that are interested in working with Morgaine on a solution for this?
- [14:27] Aimee Trescothick: oops, was out the window there, sorry
- [14:27] Robin Cornelius: i'm up for helping
- [14:27] Morgaine Dinova: I'd be happy yo liaise with someone else doing standalones
- [14:27] Morgaine Dinova: to*
- [14:28] Rob Linden: perhaps there needs to be a feature request in JIRA, followed by an email to sldev pointing to the JIRA issue
- [14:28] Rob Linden: ...and then Morgaine, maybe you could lead the effort for getting the patch created
- [14:28] Robin Cornelius: think it may be a patch bundle ;-0
- [14:29] Rob Linden: heh....you make an extremely good point there Robin
- [14:29] Morgaine Dinova: Making a patch isn't the problem ... more a case of finding a good solution, which I don't really see clearly yet ;-)
- [14:30] Robin Cornelius: I think the parameters of what we need to do to solve this are not yet fully defined
- [14:30] Morgaine Dinova: Yes
- [14:30] Morgaine Dinova: But I'll work on it
- [14:30] Rob Linden: cool!
- [14:31] Rob Linden: any other realtime conversation needed here, or should we take it to the list?
- [14:31] Rob Linden: (and/or IRC)
- [14:31] Robin Cornelius: sounds good
- [14:31] Morgaine Dinova: No more input on it, just needs more work ;-)
- [14:32] Rob Linden: next item: "Any volunteer want to help collect UI issues with patches into a meta task? --Soft Linden 21:22, 18 December 2008 (UTC) "
- [14:32] Rob Linden: this one came up at in discussion among Lindens
- [14:33] Rob Linden: needs to pull up the issue that prompted that item
- [14:33] Carjay McGinnis: what is considered a UI issue?
- [14:33] Rob Linden: https://jira.secondlife.com/browse/VWR-11068
- [14:34] Gordon Wendt: That came up at Monday's bug Triage too rob
- [14:34] Morgaine Dinova: LOL, fun description :-)
- [14:35] Khyota Wulluf: uhh
- [14:35] Khyota Wulluf: is that a joke?
- [14:36] Soft Linden: Well, the inch-high window is a degenerate case, but it repros with less-nasty sizes
- [14:36] Gordon Wendt: Seems to be an edge case so that's not surprising that he found it while looking at something else
- [14:36] Rob Linden: my guess is that about half of these issues would be a logical bundle: https://jira.secondlife.com/secure/IssueNavigator.jspa?reset=true&&pid=10003&component=10033&status=1&status=3&status=4&customfield_10002=Patch+attached&sorter/field=customfield_10000&sorter/order=ASC&sorter/field=customfield_10020&sorter/order=DESC&sorter/field=updated&sorter/order=DESC
- [14:36] Khyota Wulluf: types it in manualy
- [14:37] Rob Linden: maybe a "menus" bundle of patches
- [14:37] Khyota Wulluf: jira has https btw?
- [14:37] Rob Linden: Khyota: yeah for logins
- [14:37] Rob Linden: there's no good way to make http vs https selective
- [14:37] Khyota Wulluf: mesve not noticed
- [14:38] Rob Linden: anyway
- [14:38] Rob Linden: skimming that list, a "pie menu changes" bundle also seems appropriate
- [14:39] Khyota Wulluf: me an aimee's VWR-11100 relevent?
- [14:39] Rob Linden: the more issues that can be bundled into logical groupings here, the quicker we can take patches in: https://jira.secondlife.com/browse/VWR-9010
- [14:40] Aimee Trescothick: that reminds me of something I meant to ask
- [14:40] Rob Linden: go for it Aimee
- [14:40] Aimee Trescothick: with the SpaceNav patch bundle, most of them are fix pending and in trunk ...
- [14:41] Aimee Trescothick: should new ones be going in a new patch bundle now, and what about the ones left over in there?
- [14:41] Aimee Trescothick: that either didn't make it in time, or need other stuff
- [14:42] Aimee Trescothick: general procedure really, at what point is the patch bundle closed to new submissions and what happens to the leftovers
- [14:42] Rob Linden: yeah, it'd probably be helpful to have a new bundle, or to remove the issues that made it into trunk (hmmm....thoughts?)
- [14:43] Rob Linden: I don't want to make undue busywork....what's the right tradeoff between easy and clear here?
- [14:43] Aimee Trescothick: hmm
- [14:43] Rob Linden: looks at the other Lindens here
- [14:44] Rob Linden: wonders if he caught them napping
- [14:44] Soft Linden: It's helpful having a new issue once the first gets buttoned up
- [14:44] Soft Linden: Ideally we match those meta issues to internal issues with all the same linkage
- [14:44] Soft Linden: The bigger those get, the harder it is to maintain.
- [14:45] Rob Linden: where "buttoned up" is merged into the trunk?
- [14:45] Soft Linden: Also, the Linden who owned one bundle may not be the one who takes the next. This helps separate ownership so you know who to ping about progress/problems
- [14:45] Soft Linden: Dunno - committed to a branch, at least.
- [14:45] Soft Linden: I don't think we want to consider a bundle still open just because QA is backlogged.
- [14:46] Rob Linden: this last time around, Tofu was able to keep rolling commits going on the existing bundle
- [14:46] Soft Linden: I'd leave it up to the Linden to say "I'm done with this set - look to this new JIRA for new issues" and ask them if it's time for that if they haven't made the call on their own.
- [14:46] Rob Linden: it seems like merge into trunk is the cleanest deliniation to me
- [14:46] Rob Linden: but Soft, you're right assuming that person weighs in
- [14:47] Soft Linden: I'll put it this way - if theres a big issue where everything's currently closed and has been for a while, you certainly can't do harm by making a new issue, and you're likely to help.
- [14:47] Rob Linden: so, how about a hybrid: create a new bundle whenever one of these two things happens: 1) Linden marks it as resolved 2) patches merged to trunk
- [14:47] Soft Linden: Yeah, maybe a trunk/ merge is the best point to use.
- [14:48] Soft Linden: Ah, yeah. That sounds reasonable.
- [14:48] Aimee Trescothick: right, ok
- [14:48] Rob Linden: sweet
- [14:48] Soft Linden: To me, marked as closed would be the big flag though. :) Two seconds after marking a meta resolved, that Linden probably fell into a new project
- [14:49] Q Linden: / sorry, I had to take a phone call
- [14:49] Rob Linden: Soft: it's whichever happens first
- [14:49] Soft Linden: Right
- [14:50] Rob Linden: my suspicion is that the Linden will often not get around to declaring victory
- [14:50] Rob Linden: :)
- [14:50] Aimee Trescothick: heh
- [14:50] Rob Linden: cool. anyone game for creating new bundles?
- [14:51] Rob Linden: here's the list we're looking to organize: https://jira.secondlife.com/secure/IssueNavigator.jspa?reset=true&&status=1&status=3&status=4&customfield_10002=Patch+attached&sorter/field=updated&sorter/order=DESC&sorter/field=customfield_10000&sorter/order=ASC&sorter/field=customfield_10020&sorter/order=DESC
- [14:52] Rob Linden: don't everyone jump at once :)
- [14:52] Aimee Trescothick: heh, should have asked a week ago, started a new job today :D
- [14:52] Rob Linden: maybe I should ask a more abstract question that doesn't involve people making a commitment....what's the best way to make this happen?
- [14:52] Adz Childs: waves to Gordon Wendt
- [14:53] Aimee Trescothick: If you seriously want to get your patch if find some related ones and bung them together? :D
- [14:53] Khyota Wulluf: that credit card processing one looks scarry
- [14:53] Aimee Trescothick: *if=in
- [14:53] Rob Linden: Aimee: congrats on the new job! (I hope that's in order)
- [14:54] Rob Linden: Aimee: true that
- [14:54] Gordon Wendt: Is there a bundle just for the stereoscopic related patches?
- [14:54] Aimee Trescothick: yes, tiz, I get paid to be in SL now :)
- [14:54] Rob Linden: nice
- [14:54] Khyota Wulluf: (trying to get a new job too)
- [14:54] Rob Linden: Gordon: I think that's just one big one
- [14:54] Rob Linden: ...and probably not a good candidate for bundling because the patch itself is pretty big
- [14:55] Rob Linden: it's more the little onesy-twosy patches we're lookign at batching together
- [14:55] Carjay McGinnis: congrats Aimee :)
- [14:55] Rob Linden: As Aimee pointed out, a lot of her patches got in because she bundled them
- [14:56] Aimee Trescothick: :)
- [14:56] Gordon Wendt: I'm sure that a couple of those please allow resizing of xxx window can be bundled together
- [14:56] Aimee Trescothick: I was the guinea pig for patch bundles lol
- [14:56] Gordon Wendt: there's always a few of those laying around
- [14:56] Gordon Wendt: and no I'm not commiting to anything :)
- [14:56] Rob Linden: Gordon, yup, that's a great one
- [14:57] Rob Linden: well, if we can break down the work of organizing this stuff into tiny incremental pieces that everyone can chip in on as a hobby, we'll make some really good progress
- [14:57] Robin Cornelius: there are a couple of building from source releated ones too
- [14:58] Gordon Wendt: OpenJPEG issues can be put together, I just see one right now but I'm sure there's more
- [14:58] Rob Linden: maybe if people can commit to brainstorming ideas here: https://jira.secondlife.com/browse/VWR-9010
- [14:58] Robin Cornelius: that one is probably dead
- [14:58] Robin Cornelius: *the openjpeg one
- [14:58] Rob Linden: alright, we're running out of time now
- [14:59] Rob Linden: anythign else we should cover?
- [14:59] Gordon Wendt: Robin, there is a serious problem of dead issues being left open some times 18 months after they're last update
- [14:59] Gordon Wendt: they plague my work on the bug triage agenda each week since they keep showing up in the automated listings
- [14:59] Robin Cornelius: Yea, that particular one Carjay and myself were discussing
- [14:59] Robin Cornelius: i'm prepared to say Qarl one that one
- [14:59] Robin Cornelius: *won
- [15:00] Carjay McGinnis: yeah
- [15:00] Robin Cornelius: I might try to bundle some of the build ones, as a few are mine and i think are few are dead/don't apply/ won't apply
- [15:00] Gordon Wendt: Rob, if I read VWR-9010 correctly you want essentially specialized meta issues for patch bundles, right?
- [15:00] Rob Linden: Gordon: yup
- [15:01] Gordon Wendt: Gotta love the dead ones from the dead source trees like pupeteering
- [15:01] Gordon Wendt: although I think a lot of those have been closed as dead by now
- [15:02] Rob Linden: yup...well, I think a bunch of us need to run now
- [15:02] Rob Linden: thanks everyone for coming!
- [15:02] Soft Linden: We're going to start using "under advisement" as resolution for things like puppetteering patches
- [15:02] Sheet Spotter: Thank you for this hour! Have a great one!
- [15:02] Soft Linden: They're still useful to someone who wants to monkey with that tree, but we're not likely to take patches in against dead code on our own.
- [15:02] Aimee Trescothick: thanks :)
- [15:02] Khyota Wulluf: what happened to that branck?
- [15:02] Gordon Wendt: Soft, the problem with that is that it's akward when anyone other than a Linden uses it even for something on discontinued patches
- [15:03] Khyota Wulluf: branch*
- [15:03] Carjay McGinnis: thanks
- [15:03] Q Linden: bye
- [15:03] Gordon Wendt: since only LL can really say it's under advisement
- [15:03] Soft Linden: Awkward?
- [15:03] Rob Linden: Gordon's got a point
- [15:03] Soft Linden: I didn't know that restriction was there
- [15:03] Soft Linden: Still, those aren't frequent, and you could request that resolution.
- [15:03] Gordon Wendt: Not to mention that we don't have to give certain residents more fuel for their "OMG PEOPLE ARE MISCLOSING ISSUES" fire
- [15:03] Rob Linden: it's not a restriction so much as awkward for non-Lindens...I can see that
- [15:04] Soft Linden: Still though. If a patch is going into reference-only land, it's probably better if only a Linden makes that resolution. Otherwise it's possible that someone puts it there without our seeing, and it never gets Linden-triaged.
- [15:04] Rob Linden: also true
- [15:05] Gordon Wendt: I wish there was a categorization meeting each week just to deal with these kinds of issueas
- [15:05] Gordon Wendt: *issues
- [15:05] Soft Linden: Dunno. That's kind of what the tail of most public triage meetings is good for.
- [15:06] Soft Linden: People bring up issues where they disagree with the resolution all the time.\
- [15:06] Robin Cornelius: oh BTW a quick announcment. i've got RT jira notify tracking on #opensl-jira on efnet now, saves a mail box full ;-)
- [15:06] Gordon Wendt: adds a new set of listings to the Monday triage just to argue categorizations with Soft
- [15:06] Rob Linden: oh wow....very cool
- [15:06] Soft Linden: ah, cool!
- [15:06] Khyota Wulluf: good idea!
- [15:06] Soft Linden: ha, all good - see ya there :)
- [15:07] Carjay McGinnis: hehe
- [15:07] Carjay McGinnis: it's starting to fill up