Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

Yes, the PM source is not public because (in large part) we haven't done a full security audit so obscurity1 has great value for now. But it is available to lots of Everything developers. They are free to take any bits that they want and I sometimes point out bits that I think they should take. We also get bits from them (especially from jaybonci) and are thankful for them.

If the node cache gets rewritten, that would certainly be an important thing to try to get wedged into standard Everything so I think that would happen and I would help to make it happen. (And we haven't changed the node cache so I think it would also be very easy to do.)

I personally haven't merged anything into Everything so far. In part because I think PerlMonks and Everything are going in different directions on some things. Some have expressed interest in merging them, but I honestly don't see that as practical based on attempts and discussions I've seen so far. I'm certainly not opposed to it, in principle.

As for contributing, others have addressed that. I'm not overly comfortable with my joke coming to life, but I'm not fighting because I honestly appreciate the generosity expressed and I think it could end up giving the site (and probably other Everything sites) a whole lot more room in the resources department and benefit me as well (I'd enjoy the work; I wouldn't be buying toys or such, I'd be "buying" time from others).

Certainly, if you don't feel completely comfortable about the idea, then I very much don't want you contributing (if "the fund" actually happens).

                - tye

1Yes, I understand about "security through obscurity". Let me quote myself from about a year ago in a non-public forum:

I was hoping to post a reply to the latest call for free-for-all access to the PM source. [ but didn't find the time ]


security by obscurity is no security at all.
I understand the point of that old saw, but it isn't actually true. A great deal of security is obscurity. If I were designing a new system, then I'd certainly open the design to public review rather than keep the design secret. That is quite a bit different than having a live system that has had several security problems found (and fixed) in the last few months.

Opening up free access to the source could certainly increase the rate at which any remaining security problems are found. However, there wouldn't be a team looking specifically for security problems so the ones found would most likely be by people doing the looking for "bad" reasons and so we might not even get the security problems fixed if they are exploited subtley enough.

[*Mumble*] couldn't have guessed how to munge things without access to the source. I'll take a layer of obscurity until such time as a good security review of the site has been completed.

The other problem is wasted time. If we start getting patches from random [people] who think they are helping but don't have a solid clue, then we just make the resource problem worse. I've personally lobbied and gotten two gods added specifically to help get the good patches that you guys have already provided but us deadbeats haven't applied. One had "real life" get in the way for several months and the other switched to working on site documentation so there are still probably half-a-dozen patches that should be applied but haven't been. [ I think things have improved since then ]

So I think the best plan for "getting help" is to continue to add people who meet the requirements of 1) trust and 2) competence to pmdev if they show an interest in contributing. [....]

If random people want to tackle what I consider the #1 problem, the node cache, then they can download 0.8 as I don't think there are any PM-specific changes to that part of the code.

That is a little out of context, not exactly on topic, and perhaps worded a little more bluntly than I would normally do in a public node, but I'd wanted to state basically that in public so I'm glad for this opportunity.

In reply to Re^2: Throw your money at tye! (open?) by tye
in thread Throw your money at tye! by Aristotle

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others examining the Monastery: (10)
    As of 2018-06-18 10:13 GMT
    Find Nodes?
      Voting Booth?
      Should cpanminus be part of the standard Perl release?

      Results (109 votes). Check out past polls.