Monday, April 23, 2007

Win32 Perl + Subversion line break hell

News to me: when Perl writes to a file handle on Win32, it replaces LF with CRLF unless you explicitly call binmode on the file handle. In addition to that, Subversion's "native" setting for eol-style does the same.

To switch SVN over to LF only:
svn propset svn:eol-style LF <filename>

Tuesday, April 17, 2007

Free as in speech

I swear I am not a GNU zealot. I use plenty of non-free software, and I have no qualms about it. I do, however, understand and mostly agree with the philosophy behind free software. Practically speaking, I am willing to trade some of my freedom for convenience. I'm not whether that makes me a hypocrite, or whether I am just exercising a different, related freedom.

Edit: In case the link disappears at some point, here are my comments.

In response to:
Do you buy the idea that being "open" makes software more secure, or automatically makes it "better" or somehow morally superior to closed source software?"

I wrote:
The idea of being "open" or "free" (as in speech) is a license issue. It does not make the software anything. It can be good, bad, or indifferent. Whether software is secure or not is not related to whether it's free or not. However, there are inherent characteristics of open/free software that give the user the FREEDOM to be more secure than with closed source, whether or not he or she chooses to exercise that freedom. Non-free software robs you of that freedom. It forces you to make the choice to accept the vendor's security mistakes or not use the software at all. (To quickly address the obvious rebuttal, the freedom to make that choice is not a freedom any more than, say, the freedom to eat rotten meat or starve.)

As far as being morally superior, YES, free software is morally superior to closed software. Richard Stallman has developed and documented this argument well enough that it's not worth repeating here, but I highly recommend you read through and understand the information at

And in response to the following:
My feeling is that people should use whatever is best for them (however you define "best"). About morality...I think that if two parties willingly agree to licensing terms (whether proprietary, GPL, or anything else) then there is no moral issue. Maybe someone external to that situation would see it as immoral, but that's like some redneck getting offended by a gay couple because it goes against his belief system. Of course the hole in this argument is that proprietary software usually doesn't present a license until installation and most retailers won't accept opened software for return. Regardless, there are always going to be people who get offended by other people due to various belief systems. I could not care less if somebody else uses/writes proprietary, GPL, or other software; my only concern is what I use/write. Issuing a blanket statement like "proprietary software is immoral" is no better than saying that "homosexuality is immoral". For certain belief systems it may be true, but it may not be true for the only belief system that matters: mine. Murder is virtually the only thing seen as immoral by all civilizations. Everything else is up for debate.

I wrote:
Comparing the morality judgement against proprietary software to bigotry against homosexuals is a weak straw man argument. You clearly are not familiar with the reasoning behind the belief that proprietary software is evil/immoral, certainly not enough to decide whether you are for or against such an argument in a rational and objective manner. If you believe that people are entitled to freedom, then proprietary software is inherently immoral. You have the right to believe that people are NOT entitled to freedom, but I would argue THAT would be much more analagous to saying something like "homosexuality is immoral."

Thursday, April 5, 2007


"I gave up Perl for Ruby."
"That's like giving up herpes for rabies."
- Anonymous message board exchange

Undocumented builds and backwards incompatibility

So I spent a lot of yesterday trying to, without any documentation at all, build a Windows executable out of a Python program whose GUI is based on an older version of Qt/PyQt. Unfortunately PyQt 4 is apparently NOT backwards-compatible with PyQt 3, such that the existing scripts would not work with PyQt 4 as they were written. It was an absolute nightmare getting the older versions compiled, installed, and working, and it made me want to document some general thoughts.

My primary function has never been as a developer, but I've still always written code as part of my job responsibilities. People like me (and like the person who wrote the Python program, I imagine), don't generally have the same experience in formal software development processes as "Computer Programmers (TM)". This tends to cause problems.

The interesting thing is that the problems seem to come from dependencies, building, and things of that nature than with the code itself. I think most of the actual code I write, and a lot of the code of this sort that I've read, is more or less self-documenting. I'm talking mostly about utility programs, generally less than 1000 lines and often less than 250 lines.

Notes to self, and other interested parties:
  • Document your build process if it's anything more complicated than "cc file.c". (I will be forever in your gratitude if you leave me a Makefile.)
  • Use some sort of central code repository. Digging through backups of old PC's to recover code is no fun for anyone.
  • Related: don't just leave your code, if at all possible...leave the libraries, utilities, and other related items somewhere where I can find them. At worst, leave me links to go get them.
  • Create a README file! If you have to solve any problems or come across anything quirky, NOTE THEM IN THE README!
  • A function called "GetUsername" does not need a comment that reads "Gets the username."

  • Thomas Ptacek is writing a great series of arguments against DNSSEC over at the Matasano Chargen blog. That's one of my favorite blogs, by the way, and I highly suggest that anyone in information security make it a daily read.
  • I don't have anything to add about the ANI vulnerability (MS07-017), other than to wonder when we're going to stop seeing this kind of thing. Weren't we doing this with WMF at this time last year?
  • I have thoughts on Fortify's interesting JavaScript hijacking "Web 2.0" advisory, but I think I'll write a separate post 2.0 on that subject 2.0.
  • The Blogger "Compose" interface is terrible. What should I be using instead? Should I just use a text editor and then paste it in?