[philiptellis] /bb|[^b]{2}/
Never stop Grokking


Thursday, May 05, 2011

The story of George — ayttm's most prolific non-developing contributor

An Introduction

In late April 2008, we received an email[1] on the ayttm-users mailing list. It was from George, which wasn't a name I'd ever seen on the list before, and it was about something called Puppy Linux[2], a distribution I'd never heard of before. He started out with a description of the distro, stating that he was a user, and had picked up ayttm[3] based on the suggestion of the creator of Puppy Linux on their chatroom.

As part of his introduction, he included this paragraph:
I am very new to all this. Although I was a programmer years ago, I was away from computers for about 20 years. I have been on the internet for about 14 months - with no previous internet experience. I got Puppy Linux up and running less than 6 months ago - no previous linux / unix experience. I've been using chat rooms about two months - again with no previous experience. I only use irc.FreeNode.net and I access almost exclusively the Puppy Linux chat rooms.

I need to give you this background so that you will know that there is a very good chance that I will think the program needs work when the truth is that the user's inexperience is the real problem.
He proceeded to explain how he uses IRC, first with xchat[4], and then with ayttm. He went into great detail, starting from how he launched the program to how he got to his final intended task, how much time it took him to cover each task, the problems he saw along the way, the kind of internet connection he was using, and finally some suggestions and opinions. For each of them he explained how it would help him and others like him, and how important it was to him relative to the other problems he saw.

He closed telling us that he was really happy with ayttm, inspite of the problems he faced, and if we could fix the problems he listed, it could become a core part of the Puppy Linux distribution.
... I am amazed at the level of functionality you have put into a small package. Please keep up the good work.

I hope you find something of use in all this,

George
In all, his email worked out to 5 printed pages.

I thanked him for his report. It was easily the best problem report we'd ever received on ayttm. All past reports read something like, "Foo doesn't work for me", and were typically no longer than 3 lines, and included no description of the environment under which it was run.

George's message included a lot of detail of the problem itself, but it was composed in a very friendly, almost self-deprecating tone, suggesting that it's quite possible that all the problems he sees are really PEBKACs[5]. He never once sounded condescending, or as if he was doing us a service by writing up this report, and he threw just enough flattery to make us feel good, but not too much that we felt he was trying to play us. Most importantly, he'd by far put more effort into writing the report than any other bug reporter had.

He didn't pester us further to find out whether we were going to implement what he asked, or when it was going to be done, but he stayed in touch on the fringe, playing ayttm representative on the puppy linux forums.

In the meanwhile, Barry, the author of Puppy Linux sent us a few patches.

I should mention here, that since ayttm implemented the Yahoo! Messenger protocol, and I was (and still am) employed at Yahoo!, I couldn't contribute any code to the project (I'd worked on ayttm from the start before joining Yahoo!), however, as all the problems George reported related to IRC, an open protocol that predated Yahoo! by a long time, it was deemed okay for me to support this part of the effort with design comments, code reviews and some amount of requirements analysis. This meant that Siddhesh, the only developer at the time, could spend all his time hacking.

Siddhesh spent some time rewriting all of IRC support, and passed on an alpha to George and Barry to test. About a week later, George got back to us with a complete log of his IRC session running ayttm in debug mode. It was now early June.

Rejection

We also started chatting on IRC around that time, and he said he wanted to do more than just file bug reports and send in debug logs. He used to be a programmer, and though the language was different, the logic's more or less the same.

I told him which source file he could look at to find the feature that bugged him the most, and he sent in his first patch a little while later. It looked like this:
- /* get list of channels */
-       ret = sendall(ila->fd, "LIST\n", strlen("LIST\n"));
- 
+ /* get list of channels  commented out GWB per PST 7Jun2008
+  *    ret = sendall(ila->fd, "LIST\n", strlen("LIST\n"));
+  * 
+  * and following line added
+  */
+    irc_finish_login(ila);
Not a big deal you might think. It actually cuts out a feature in fact. But what it really does, is allow someone to use ayttm for IRC without timing out. So, sure, he used spaces instead of tabs for indentation, but that was fine. The most important thing is that he was now so invested in this, and he'd got his foot in the door, he didn't want to stop.

His patch was not accepted, and Siddhesh explained why (it broke the room list dialog), but Siddhesh also had an alternate fix for the problem that he asked George to test.

Come back

Many new developers get turned off at this point. It takes a lot of effort to create your first patch, and a lot of self-confidence to group of people that you know only by their mystical handles and semi revere for doing things that you can't. Getting a rejection at that point can set you back on both counts. Not George. We chatted some more, and he set to work on the next thing that bugged him. This is what he posted to the list:
... I have made some changes to offline_queue_mgmt.c. The diff file is attached.

Bluesmoon says that with my changes he always gets auto logged in. My own results are more random, although I sometimes get autolog. I suspect Ayttm? recognizes bluesmoon by his keyboard touch and remembers him fondly ( he is a former Ayttm? developer ), and treats him better than me.
Again, there's that bit of humour in there that suggests he's having fun doing this. Happy developers write good code. His patch got in.

Now in mid-June, he sent an update[6] on the status of his tests, this time addressed at Siddhesh:
Siddhesh,

As you know, I have been downloading the latest source and testing it almost as quickly as you commit. I have been testing your tagged branch libirc-mod. I thought I'd take a minute to document the current Ayttm? status....

The name

Apart from his first email to us, George always put a question mark at the end of Ayttm. He now suggested that we add the question mark permanently as part of the name as an allusion to what it stands for ("Are you talking to me?"). Neither Siddhesh, nor I thought it was a good idea because as it turns out, many fonts use the ? character when they don't have a glyph to display for a particular character (others use a box), and we didn't want to confuse users with this. Another rejection of George's ideas, but he realised that while we were turning down his ideas, we weren't turning him down.

One thing that a lot of individuals forget about when communicating over email, IM or IRC, is that the person with the idea is not the same as the idea. This holds for both, the individual with the idea, and the individuals reacting to it. I've seen too many cases where either the person proposing an idea was attacked because the idea wasn't liked, or the person proposing the idea took a rebuttal of their idea too personally and thought that everyone hated them. George didn't have these notions, and his attitude in email made it impossible for us to feel any animosity towards him.

The Pup

In July, George posted this message[7] to the list:
This was just posted on the Puppy Linux lead developer's blog.

Ayttm will be builtin in the next alpha release of Puppy Linux.

Feels like a big win to me - I don't know why - I didn't write it.
Indeed, George was way more pleased than we were. I'd guess it had to do with seeing two projects that he cared deeply about getting so closely coupled. Almost like watching two of your close friends getting hitched. The ayttm dev team still knew very little about Puppy Linux (I was a RHEL & Ubuntu user, and Siddhesh worked at RedHat). George, on the other hand, made it happen.

George turned into our liaison on the Puppy Linux forums. He'd collect bug reports from Puppy Linux users, verify them and then pass them on to the ayttm bug tracker on sourceforge. We chatted quite a bit over the next few months about new features he wanted to add and bugs he wanted fixed, what he thought of the changes. At one point I suggested that he speak about his experiences with ayttm at a conference[8] in India. Siddhesh and some of the other developers were doing talks of their own. He considered it, but decided against it because of his age.

It was only then that I found out how old he was. I won't reveal that here since it was in a private conversation, but I have a fair way to go before I get there, and I hope I'm as enthusiastic as he is when I do.

I haven't heard from George in a while, but I've also stopped monitoring the ayttm bug tracker, so perhaps he's active there.

I should also mention as an afterthought, that even though I've referred to George as "he" throughout this post, I don't actually know if I was speaking with a man or a woman. It never came up, it was never important, and knowing it wouldn't have changed anything. I assumed he was a man because George is most commonly a man's name. Back in India, the only time I'd ever heard of George as a girl's name was in Enid Blyton's Famous Five[9]. And in that, I learnt another lesson from George.

When it comes to hacking on opensource software, none of age, gender, race, country of origin, or how you look matters. All that matters is a pleasant attitude to your fellow developers, a willingness to keep at it and learn as you go, the drive to not give up when things don't go your way, and the ability to tell the difference between an idea and the one who has it.

Thanks George. To answer your first email, yes I did find much of use in this.

References

  1. George's first email to ayttm-users. Yes, we use sourceforge. It's not pretty, but it's all we had at the time.
  2. Puppy Linux, a small, fast and easy to use linux distro
  3. Ayttm - Are you talking to me? A universal instant messenger for unix
  4. xchat an IRC chat client for X.
  5. PEBKAC in the Jargon File.
  6. George's update on June 19, 2008.
  7. Ayttm on Puppy Linux. In July, George announced that ayttm had become part of Puppy.
  8. FOSS.IN - India's largest community run conference on free and opensource software.
  9. Enid Blyton, The Famous Five. 1942-1963.

Monday, May 02, 2011

Twitter, SSL and #poopin

Watching the twitter feed about #jsconf shows a lot of people tweeting about #poopin. Turns out that someone's been stealing twitter cookies using a firesheep like tool and tweeting on their behalf. The tweets aren't malicious in nature, and are geared more at educating the user about the need to use SSL or some kind of encrypted tunnel when tweeting over untrusted wireless connections.

Here's the problem. Even people who do know the risks, and take the trouble to use twitter over SSL will get caught because of certain bugs with twitter's handling of their SSL pages.

If you visit https://mobile.twitter.com/, this is what you'd get: (shown in a browser so I could hilight the URL bar)

Click Sign in and this is what you get:

Sign in, and this is what you get:

Notice that the post sign-in URL is no longer https, but is now http.

At various points of time, trying this through my mobile phone, I get redirected from an https site to an http site when I do some of the following:
  • Replying to a tweet
  • Replying to a direct message (seems to be fixed)
  • Retweeting (with/without? JavaScript)

If you search through the page source on https://mobile.twitter.com/ for the string "http://", you'll find a few instances in comments, but then these interesting ones in a JSON object:
"twitterApiBase":"http://api.twitter.com"
"apiBase":"http://api.local.twitter.com:9000"
"twitterBase":"http://twitter.com"
"mobileBase":"http://mobile.twitter.com"
I haven't examined the code in detail to see how these are used, but it seems to suggest that at least some calls are going out over http, and since they're all on the twitter.com domain, your twitter cookies get sent along.

Now this is only the twitter mobile website. Mobile clients could be another matter, and the desktop site could also have problems. I haven't tested. Personally, I try to either use a VPN, or only tweet using SMS, but I have been caught by something like this before (at FOSS.IN/2010) which is when I started to study the problem.

Also, it doesn't matter if you've configured twitter to always use HTTPS. It still has this problem.

...===...