Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re: Throw your money at tye!

by Anonymous Monk
on Mar 13, 2003 at 22:42 UTC ( #242874=note: print w/replies, xml ) Need Help??

in reply to Throw your money at tye!

Hi. I'm sure tye has done some excellent work and I swear I don't mean this as a troll but the Perlmonks additions to the everything engine are not publically available, correct? The only reason I can think of for this is that Perlmonks is relying on the obscurity as part of their security.

So this begs a few questions:

  • Why would I contribute money to encourage a website to trust in obscurity? and
  • Why would I contribute money for proprietary changes that would only be given to this website, not made freely available. Sub-question: why wouldn't I just contribute to the everything engine?

Once again, I don't mean it as a troll. I just couldn't possibly find the justification to contribute based on those points, especially when there are many actual open-source projects that could use the help, and thousands could benefit from the code written, rather than just one website.

Just my thoughts on the subject.

Replies are listed 'Best First'.
Re^2: Throw your money at tye! (open?)
by tye (Sage) on Mar 14, 2003 at 06:20 UTC

    Yes, the PM source is not public because (in large part) we haven't done a full security audit so obscurity1 has great value for now. But it is available to lots of Everything developers. They are free to take any bits that they want and I sometimes point out bits that I think they should take. We also get bits from them (especially from jaybonci) and are thankful for them.

    If the node cache gets rewritten, that would certainly be an important thing to try to get wedged into standard Everything so I think that would happen and I would help to make it happen. (And we haven't changed the node cache so I think it would also be very easy to do.)

    I personally haven't merged anything into Everything so far. In part because I think PerlMonks and Everything are going in different directions on some things. Some have expressed interest in merging them, but I honestly don't see that as practical based on attempts and discussions I've seen so far. I'm certainly not opposed to it, in principle.

    As for contributing, others have addressed that. I'm not overly comfortable with my joke coming to life, but I'm not fighting because I honestly appreciate the generosity expressed and I think it could end up giving the site (and probably other Everything sites) a whole lot more room in the resources department and benefit me as well (I'd enjoy the work; I wouldn't be buying toys or such, I'd be "buying" time from others).

    Certainly, if you don't feel completely comfortable about the idea, then I very much don't want you contributing (if "the fund" actually happens).

                    - tye

    1Yes, I understand about "security through obscurity". Let me quote myself from about a year ago in a non-public forum:

    I was hoping to post a reply to the latest call for free-for-all access to the PM source. [ but didn't find the time ]


    security by obscurity is no security at all.
    I understand the point of that old saw, but it isn't actually true. A great deal of security is obscurity. If I were designing a new system, then I'd certainly open the design to public review rather than keep the design secret. That is quite a bit different than having a live system that has had several security problems found (and fixed) in the last few months.

    Opening up free access to the source could certainly increase the rate at which any remaining security problems are found. However, there wouldn't be a team looking specifically for security problems so the ones found would most likely be by people doing the looking for "bad" reasons and so we might not even get the security problems fixed if they are exploited subtley enough.

    [*Mumble*] couldn't have guessed how to munge things without access to the source. I'll take a layer of obscurity until such time as a good security review of the site has been completed.

    The other problem is wasted time. If we start getting patches from random [people] who think they are helping but don't have a solid clue, then we just make the resource problem worse. I've personally lobbied and gotten two gods added specifically to help get the good patches that you guys have already provided but us deadbeats haven't applied. One had "real life" get in the way for several months and the other switched to working on site documentation so there are still probably half-a-dozen patches that should be applied but haven't been. [ I think things have improved since then ]

    So I think the best plan for "getting help" is to continue to add people who meet the requirements of 1) trust and 2) competence to pmdev if they show an interest in contributing. [....]

    If random people want to tackle what I consider the #1 problem, the node cache, then they can download 0.8 as I don't think there are any PM-specific changes to that part of the code.

    That is a little out of context, not exactly on topic, and perhaps worded a little more bluntly than I would normally do in a public node, but I'd wanted to state basically that in public so I'm glad for this opportunity.
Re: Re: Throw your money at tye!
by perrin (Chancellor) on Mar 14, 2003 at 04:02 UTC
    The Perlmonks code is not hidden. I have access to it, and all I did was ask politely. However, it is not sitting on a shelf all tied up with a big red bow either. It lives in the Perlmonks database, so fetching it is something of a task and I don't believe it has been automated. Right now you have to visit all the different node types and download the source.

    In short, any apparent hiding of the Perlmonks code is due to the work it would take to make it conveniently available, not to any attempts at making it proprietary.

      any apparent hiding of the Perlmonks code is due to the work it would take to make it conveniently available, not to any attempts at making it proprietary.

      There are so many things wrong with that I don't know where to start, so I won't. I'll just merrily on my way and wish this site's management the best.

        I don't particularly like the situation either, but there is a huge difference in intent between "proprietary" and "inconvenient."
Re^2: Throw your money at tye!
by Coruscate (Sexton) on Mar 14, 2003 at 05:56 UTC

    Perhaps if you were here as a non-anonymous user, you could politely ask to be a member of the group known as pmdev. For one, they have access to nearly (I believe it is not _everything_, but quite close enough) all of the code that makes up PerlMonks. And as a big bonus (okay I lie: it's the point of the group in the first place), pmdevils get to submit what we call 'patches'. Essentially, pmdev members get to make modifications to the PerlMonks code, upon approval by one of the great powers known as the gods :) (this covers your "why wouldn't I just contribute to the everything engine" question).

    As I understand it, more active members of pmdev would be greatly appreciated. There is much work to be done, and the more people willing to help out, the better. But your chances of entering the pmdev group are probably pretty low unless you let it be known who you are and why you want to join the group and what contributions you could make.

    If the above content is missing any vital points or you feel that any of the information is misleading, incorrect or irrelevant, please feel free to downvote the post. At the same time, please reply to this node or /msg me to inform me as to what is wrong with the post, so that I may update the node to the best of my ability.

Re: Re: Throw your money at tye!
by ihb (Deacon) on Mar 14, 2003 at 02:01 UTC
    Why would I contribute money for proprietary changes that would only be given to this website, not made freely available.

    My best guess would be that you would contribute money because whilst they only will benefit this website, you'd get it back from the help you receive here.

    Sub-question: why wouldn't I just contribute to the everything engine?

    Because the everything engine doesn't magically answer your Perl questions, whereas perlmonks seems to do just that.

Re: Re: Throw your money at tye!
by Jaap (Curate) on Mar 13, 2003 at 23:35 UTC
    Even if parts of the perlmonks code are not publically available that doesn't mean it is for security reasons.

    Perhaps someone can answer the question why these parts aren't available so we don't have to guess/assume.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://242874]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (8)
As of 2018-05-22 16:04 GMT
Find Nodes?
    Voting Booth?