Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re^2: Throw your money at tye! (open?)

by tye (Sage)
on Mar 14, 2003 at 06:20 UTC ( #242965=note: print w/replies, xml ) Need Help??

in reply to Re: Throw your money at tye!
in thread Throw your money at tye!

Yes, the PM source is not public because (in large part) we haven't done a full security audit so obscurity1 has great value for now. But it is available to lots of Everything developers. They are free to take any bits that they want and I sometimes point out bits that I think they should take. We also get bits from them (especially from jaybonci) and are thankful for them.

If the node cache gets rewritten, that would certainly be an important thing to try to get wedged into standard Everything so I think that would happen and I would help to make it happen. (And we haven't changed the node cache so I think it would also be very easy to do.)

I personally haven't merged anything into Everything so far. In part because I think PerlMonks and Everything are going in different directions on some things. Some have expressed interest in merging them, but I honestly don't see that as practical based on attempts and discussions I've seen so far. I'm certainly not opposed to it, in principle.

As for contributing, others have addressed that. I'm not overly comfortable with my joke coming to life, but I'm not fighting because I honestly appreciate the generosity expressed and I think it could end up giving the site (and probably other Everything sites) a whole lot more room in the resources department and benefit me as well (I'd enjoy the work; I wouldn't be buying toys or such, I'd be "buying" time from others).

Certainly, if you don't feel completely comfortable about the idea, then I very much don't want you contributing (if "the fund" actually happens).

                - tye

1Yes, I understand about "security through obscurity". Let me quote myself from about a year ago in a non-public forum:

I was hoping to post a reply to the latest call for free-for-all access to the PM source. [ but didn't find the time ]


security by obscurity is no security at all.
I understand the point of that old saw, but it isn't actually true. A great deal of security is obscurity. If I were designing a new system, then I'd certainly open the design to public review rather than keep the design secret. That is quite a bit different than having a live system that has had several security problems found (and fixed) in the last few months.

Opening up free access to the source could certainly increase the rate at which any remaining security problems are found. However, there wouldn't be a team looking specifically for security problems so the ones found would most likely be by people doing the looking for "bad" reasons and so we might not even get the security problems fixed if they are exploited subtley enough.

[*Mumble*] couldn't have guessed how to munge things without access to the source. I'll take a layer of obscurity until such time as a good security review of the site has been completed.

The other problem is wasted time. If we start getting patches from random [people] who think they are helping but don't have a solid clue, then we just make the resource problem worse. I've personally lobbied and gotten two gods added specifically to help get the good patches that you guys have already provided but us deadbeats haven't applied. One had "real life" get in the way for several months and the other switched to working on site documentation so there are still probably half-a-dozen patches that should be applied but haven't been. [ I think things have improved since then ]

So I think the best plan for "getting help" is to continue to add people who meet the requirements of 1) trust and 2) competence to pmdev if they show an interest in contributing. [....]

If random people want to tackle what I consider the #1 problem, the node cache, then they can download 0.8 as I don't think there are any PM-specific changes to that part of the code.

That is a little out of context, not exactly on topic, and perhaps worded a little more bluntly than I would normally do in a public node, but I'd wanted to state basically that in public so I'm glad for this opportunity.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://242965]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2020-11-27 09:07 GMT
Find Nodes?
    Voting Booth?

    No recent polls found