Planet CDOT

September 20, 2014


Fadi Tawfig

Brushing Up On My Javascript

Up until now I had only ever used Javascript for simple scripts to add basic dynamic elements to webpages. Although this was perhaps the original intent of the language, Javascript has grown to serve a much wider variety of purposes and is now more relevant than ever as the web is becoming an increasingly flexible and powerful platform for applications.

Using Javascript was previously the source of quite a bit of frustration for me. I found it finicky and cumbersome to accomplish anything with it. The reason for this was that I had never taken the time to sit down and properly learn the language. I was trying to use Javascript the same way I would Java or similar object-oriented languages and then get frustrated when it behaved differently from my expectations. This was a big mistake.

Upon learning that I would be using Javascript to some significant extent this semester, I figured it was about time I actually learn how to use it correctly. I did some searching for recommended Javascript learning resources. One name I saw come up a few times was Douglas Crockford, a man widely known for his proficiency with the language.

I was pointed to a book by Crockford called Javascript: The Good Parts, as well as a series of video lectures available for free here. I picked up a copy of his book and have been watching the lectures and both have so far been massively helpful.

Probably the most important thing anyone new to the language should know is even though Javascript is referred to as an object-oriented language, the way it implements oo is significantly different from other languages with which you might be familiar. First off, just about everything in Javascript is an object. This includes arrays, regular expressions, even functions. Another important distinction from traditional oo languages is the nature of objects themselves. Javascript doesn’t have classes. Objects in Javascript can be created on the fly using object literal notation. E.g:

//Create an object called student with the properties name and id
//and give those properties a value. 
var student= {
	"name": "Fadi", 
	"id": 20
};
 
//These properties can now be accessed as such:
console.log(student.id);
console.log(student["name"]); 
//Both of these methods of access are entirely interchangeable.

Although this seems a bit strange at first, as I got used to it it became a very intuitive way of creating objects.

This is only the tip of the iceberg when it comes to what sets Javascript apart from other languages. Things such as prototype-based inheritance, function objects, and a lack of  block scope should also be considered when using Javascript and using these features effectively can help you get the most out of the language. I highly recommend anyone who’s interested in (or confused by) Javascript to check  out the book/videos I linked above.

- Fadi


by ftawfig at September 20, 2014 09:16 PM

September 19, 2014


Ryan Dang

First Bug fix for Mobile Appmaker

So after looking around the codes and the list of existing issue for Mobile Appmaker, I decided to pick a simple issue to start with. I believe that it’s better to start with small and easy bugs and then slowly work your way up to more complicated bugs. Starting with small bugs will help you slowly and steadily learn about the system.

So the first bug I picked was UI-Update tabBar. 

My task is to update the current 3 tab icons to the one that they provided. At firsst I thought this is going to be an easy task, but when I started working on it, I noticed that the current system use .svg image for all the icon. What they provided me is just one single .svg file of how the tabBar should look like. I have to get Inkscape, an .svg image editor to extract the 3 icons and then export each icon to a separate .svg file. I also needed to learn how to include .svg file in html page. I had some trouble with the configuration and the images didn’t show up where they supposed to. The big icon in the middle also need to be manually adjusted to fit the specs. It took me a while to get it right.

I finally got everything done after like 8 hours working on this issue. I did a review on the code to make sure I follow their coding style and submitted a pull request to fix the bug on Mobile Appmaker repo. The pull request is merged and the UI-Update tabBar issue is closed :). my first contribution to the project is a success!


by byebyebyezzz at September 19, 2014 07:27 PM


Linpei Fan

SPO600: Lab2

Brief description: 
Wrote a simple c program to display “Hello World!”, and  compiled it using command “gcc –g –O0 – fno-builtin”. Then using command “objdump” with options –f, -d, -s, --source to display the information of the output file.
And then do the following changes to see the changes and difference in the results.

5) Move the printf() call to a separate function named output(), and call that function from main().

Original output file: a.out
Output file after change: hello_all5.out

Before change:
When run the command: 

It only has main section for the source code:

After change
When run the command: 
It shows following:



6) Remove -O0 and add -O3 to the gcc options. Note and explain the difference in the compiled code.
-O3 is to optimize more for code size and execution time. It reduces the execution time, but increase the memory usage and compile time.

Output file before change: hello_all5.out
Output file after change: hello_all6.out

I use “time” command to check the execution time of above files, and get following result.


hello_all6.out is complied with the option –O3. It supposes to have less execution time. However, it takes much longer in real time than the previous one. Well, it does take less time in sys time.

I also compared the sizes of the output files with –O0 and –O3. The hello_all5.out, which is compiled with –O0, has smaller size than hell0_all6.out, being compiled with –O3. Apparently, compiling file with option –O3 does not reduce the file size. Instead, it increases the file size.


Following sreenshots are the result by running “objdump –source” command for both of the files.

Comparing the two results, I found:
1       --- The sequences of <main> section and <output> section in both results are different. For the output file hello_all5.out, being compiled with –O0 option, <main> section appears after <frame-dummy> section. And <output> section is after <main> section. By contrast, for the output file hello_all6.out, being compiled with –O3 option, <main> section appears right after the line “ Disassembly of section .text”. And <output> section still appears after <frame-dummy> section.

2   ---The contents of <main> section and <output> section are different for both results. For the output file hello_all6.out, the contents of both <main> section and <output> section are shorter than those in the result of hello_all5.out. It has 6 actions in <main> section of hello_all5.out and 9 actions in <output> section of hello_all5.out. By contrast, there are only 3 actions in <main> section of hello_all6.out and 4 actions in <output> section of hello_all6.out.










When I ran “objdump –s” for both files, I found more differences.
Contents of section .debug_line and contents of section .debug_str are shorter than the result of hello_all6.out. Moreover, the result generate by hello_all6.out has one more section – contents of section .debug_ranges.
Contents of section. debug_str generated by hello_all5.out

It is good to know that using different compiling options, the compiler compiles the program in different ways. Each option serves the different purposes. Accordingly, the assembler contents of each object files are different as well.

Using “objdump” command, it is good to see the assembler contents of the object file. It’s a good start to learn the assembly language. However, I still don’t fully understand what the assembler contents stand for. With learning more assembly language, I think it won’t be a problem for me anymore.

by Lily Fan (noreply@blogger.com) at September 19, 2014 02:54 PM

September 18, 2014


Edwin Lum

Contributing to an open-source community.

Of the courses I am taking this semester at Seneca College, one of them stands out in particular. SPO600 (Software Portability and Optimization) is a very special course that involves real projects being worked on in the industry. It focuses itself upon open-sourced projects and as such, we are tasked with investigating how the contribution process works for two different communities.

Three.js

The first project I decided to take a look at is called three.js. Which in the author’s words strives “to create a lightweight 3D library with a very low level of complexity — in other words, for dummies.”.

What this means is the ability for more people to create 3D web content without an extensive understanding of the math and back-end stuff that happens in order to get it working. The beauty of this is that three.js also requires no additional plugins on most browsers that support HTML5. (most alternatives do)

Three.js uses GitHub for most of it’s issue tracking as well as bug reporting. There is also a wiki page that talks about how to contribute to three.js. I feel like they tried to make it as simple and centralized as possible so that more individuals can help and contribute. Of course there are still coding style/guidelines that details how the code should be formatted, but this is almost required in order to not have a headache when reading code that could have so many people writing.

Three.js adopts the MIT license.

 Openstack

For the other project to investigate; I chose Openstack: Open Source Cloud Computing Software.

While Openstack also uses Github, they have a much more extensive process overall. They have summarized this in 7 steps : that include having to join their mailing list, join their IRC channel, learning how to work with the “Gerrit” review system, and signing a Contributor License Agreement.

Conclusion

In comparison, Openstack seems to require a lot more steps just to get started. As with all processes, there are pros and cons to each. In my opinion, three.js takes a much more agile approach, by eliminating many restrictions and keeping things simple and centralized. There are also lots of people commenting, helping and mentoring new contributors right on Github. Openstack takes a much more robust approach, requires more reading and understanding before submission, utilizing a different review system entirely, and enforcing the code styling quite strictly. They also have their fair share of resources in helping new contributors as ween in their IRC channel and mailing lists.


by pyourk at September 18, 2014 07:50 PM

September 17, 2014


Ryan Dang

Mobile Appmaker, first bug found!

Mobile Appmaker, an app that makes apps!

As a web developer, I am always fascinated about new technologies that can provide users with new experiences from interacting with web browsers. I figure this will be an awesome project for me to get involved in.

My first ever experience in trying to run the app on my local machine is this error: Arguments to path.join must be strings. First I thought it must be something in my set up is no configured correctly. I started searching for the reason that might causes this error. I tried update my node.js version to the latest, update gulp version to match the one the project use, change from Window 8 operating system to Window 7 operating system. I tried everything I could’ve think of and the error still there. After 3 hours of trying to fix the issue without any results, I decided to post the issue Arguments to path.join must be strings on Mobile Appmaker repository. I got a reply shortly after asking me for more information about my set up configuration. The issue is then marked as critical bug. Apparently there is problems in webmaker-download-locales that causes the app to be incompatible on Window operating system. The bug is fixed one day after the issue is filed. I was able to run and explore the app locally :).

The next blog post will be my first bug fix for Mobile Appmaker. Stay tune.


by byebyebyezzz at September 17, 2014 03:18 PM

September 16, 2014


Dylan Segna

Using Firefox Mobile with Cordova

Is it possible to package Firefox mobile, known as Fennec, with a PhoneGap application?
After looking closely at Android-specific source code for both Fennec and PhoneGap’s underlying system, Cordova, these are the things that I have found that may help answer this question.

Cordova runs using the CordovaActivity class in Android :

https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/CordovaActivity.java

This contains the CordovaWebView which displays the HTML-based PhoneGap application using the native web-view capabilities.
CordovaActivity helps create the bridge between the HTML and JavaScript of the PhoneGap application, and the native Android code by handling input and receiving/relaying Android messages to the HTML application.

It is in this class that the substitute for Fennec would have to take place, along with any specific implementations of functions found in the CordovaWebView class:

https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/CordovaWebView.java

Similarly, Fennec is initialized through native Android code by the GeckoApp class :

http://hg.mozilla.org/mozilla-central/file/3b7921328fc1/mobile/android/base/GeckoApp.java

This class creates the Fennec application and has the ability to load URLs in Fennec.

My hope is that by consolidating the functionality of both of these classes, the end result will allow Cordova to use Fennec as its web client, rather than the native web client.


by Dylan Segna at September 16, 2014 07:35 PM


James Laverty

(Cr)eating Chromium; an introduction.

Hey everyone!

Today I've decided to take a peak at the open source project Chromium from www.chromium.org.

Essentially Chromium is Chrome before it gets built, packaged, and distributed by Google. It is an open source web browser for those of us that don't trust Google enough to want to use their prepackaged build and want to be part of the building process.

Chromium can be used on:

  • Windows
  • OS X
  • Linux
  • Chrome OS
  • Android 
  • iOS
It's actually a lot lighter than chrome on resources which I like a lot. I've only used it a little bit so far, but I'm excited at the prospect. 

More to come soon!

Cheers, 

James Laverty

by James L (noreply@blogger.com) at September 16, 2014 04:04 PM


David Humphrey

CDOT Planet Blog Feed Cleanup

In recent days our CDOT Blog Planet has begun having issues. Chris was able to determine that we have many feed URLs that are no longer active. Today I wrote and ran a script to check all of the feeds in the list, and removed any that were not found, returned errors, etc. If your blog was accidentally caught up in the sweep, my apologies. Please add it back manually.

by David Humphrey at September 16, 2014 02:16 PM


Catherine Leung

More Data Structures Animations

After refactoring my data structure animation code at the start of the year, it has become significantly easier to add more animations.  So far I have added:

  • merge sort
  • singly linked lists
  • queues (both array and linked list implementations)
  • stacks (both array and linked list implementations)

I have also fixed many bugs in my basic animation objects and spent some time to style the animations.

The other big feature I added was the ability to put in controls and interactive elements.  The animations are written in Processing.js.  The interactive elements are standard HTML elements.  To accomplish this I used the method suggested on the Processing.js site.  That is I built a number of javascript functions that then made function calls to my processing.js object.  This method is fairly easy to do.  In your canvas tag for your sketch you need to add an id.

<canvas id="dsanim" data-processing-sources="..."></canvas>

You will then want to add the following bindJavaScript() function (note the use of the id from the canvas tag to get access to the appropriate sketch):

// javascript reference to our sketch
var pjs = undefined;
var bound = false;
// bind JS to the p5 sketch for two way communication
function bindJavaScript() {
  if(Processing) { pjs = Processing.getInstanceById("dsanim"); }
  if (pjs !== undefined && pjs.bindJavaScript !== undefined) {
    pjs.bindJavaScript(this);
    bound = true; }
  if(!bound) setTimeout(bindJavaScript, 250);
}
bindJavaScript();

You can then  call any function from your sketch by accessing it through the pjs object.

For example, in my linked lists sketches I have a function called insert() that will perform the animation of adding a node to the front of the linked list.  I did not want an interactive element to be able to disrupt the animation part way through as it can cause errors.  Thus, I also added a function called midStep() that returns true, if it is in the middle of an animation routine (for insertion for example).  Both midStep() and insert() are processing.js functions.  With the above bindJavaScript() function, the pjs variable is associated with the sketch and thus, I can call these from a JavaScript function:

function insert(){
  if(!pjs.midStep()){
    var v = document.getElementById('val').value;
    if(v != ""){
      pjs.insert(v);
    }
  }
}

All I need to do is then associate this function with an interactive element and it will trigger the appropriate function call in my processing.js sketch.

You can check out the sketches here.  I plan to add more over the course of the next year as I’m teaching Data Structures and Animations this year.

http://cathyatseneca.github.io/DSAnim/index.html

Please file an issue if you spot a bug.  I tried to get as much out as I can.  In particular I tend to not test on windows at all, so if you are looking at it on a window’s machine and its not working please let me know.

Also, I know that I had initially chosen some colours that were not at all visible on some monitors.  if it looks like part of the animation is missing something, please let me know.  Thanks in advance.


by Cathy at September 16, 2014 06:53 AM

September 15, 2014


Kieran Sedgwick

[SPO600] Contributing to open-source projects

In a stroke of luck, I managed to get into a class taught by Chris Tyler this semester. He’s a member of the Fedora Project Board and the author of at least two books that I’m aware of. Sufficed to say, I’m excited to be in his class.

Our first lab involved investigating how contributor standards and procedures differ between projects which, as it happens, is something I’ve already explored to some degree with Mozilla’s CDOT team. I’ll be comparing that experience to the contributor policy of the Weechat project, an extensible, terminal-based, cross-platform IRC client.

I’ll be examining five things for each project:

  1. License type
  2. Assignment of work & bug tracking
  3. Code standards
  4. Code tracking
  5. Review process

Webmaker

Webmaker is a social initiative by the Mozilla Foundation that aims to increase web literacy by providing free tools and resources to the average person. The Webmaker project’s software tools operate under the Mozilla Public license, whose most important implications are:

  1. Freedom to modify and distribute source code and compiled code
  2. Freedom to sell the code, while retaining the original license

Work on Webmaker is tracked with Bugzilla, an open-source issue tracker and collaboration tool. Pieces of work (i.e. “fix this crash” or “implement this feature”) are represented as bugs, an analogue to an issue. Initially, contributors are assigned by a senior member of the Webmaker team to a bug that suites someone new to the project. As time goes on, they may be given the authority to self-assign bugs.

Webmaker’s code standard were loosely defined during my time on the project. The general rule was stick to the style of the file you’re editing, or match the overall style of the project as closely as possible in new files. Since then, the project has matured and the focus on a uniform style seems to have become more important.

For tracking their codebase, the Webmaker team exclusively uses Github. Because of its iterative release cycle, code is merged directly into the master repository after the review process is completed. The review process itself consists of open a pull request against the master repository, and getting at least one other senior developer to evaluate the code. Often, a third developer will be called on to test the changes, and this process can repeat many times before a patch is authorized to land.

The Webmaker public dev mailing list is free to join.

Weechat

Weechat is a terminal-based extensible IRC client, and was released under the GNU General Public License, version 3. The license’s main implications are:

  1. Freedom to modify and use the software, so long as modifications are tracked with dates.
  2. Freedom to use this software in other software projects, but only if those projects are then licensed under GNU GPL v3.
  3. Inability to sublicense software under this license.

Weechat uses Github’s issue tracking system to track, define and assign work on the project. Each “issue” represents a single unit of work to be completed, and contributors are asked to file Github pull requests for each issue they take on. They are also very specific about commit message format and content. For example, they specify that commit messages may only contain English words.

Likewise, they’re very specific about their coding standards. Some examples include:’

  • Requiring “nick_count” as a variable name, vs “nc”
  • Requiring block comment syntax (/* */) versus single line (//)
  • 4 space indenting, never with tabs.

Like the Webmaker project, Weechat tracks its codebase using Github. Patches are filed against the master repository, and reviewed by senior devs on the team before merging the code in.

The Weechat dev mailing list is also free to join.

Conclusion

The two projects I examined had many similarities in their contributor processes, and it appears to be centered around Github.


by ksedgwick at September 15, 2014 06:40 PM


Yoav Gurevich

Transcript of Open-Source Case Study Presentation

Here is a slightly summarized transcript of my presentation earlier today centered around my open-source case study - Atom.io:

BACKGROUND

A hackable text editor for the 21st Century”
Created and maintained by GitHub and its communities
MIT-Licensed

FEATURES AND USAGE

Core is built with web technologies, making Atom extremely customizable
Primarily made for and used by web developers, but supports a variety of languages
Is currently found to be slow in some cases, including text search in the editor and string manipulation

THE COMMUNITY

GitHub made and GitHub-based
Currently over 100 contributors in the main repository and over 45,000 downloadable packages
Atom’s twitter pagepresently has over 35,000 followers
A few ways to contribute to atom.io are:
Creating a new packageand adding it to the already vast library of modifications to the editor
Directly contribute to the source code by heading to the main repository’s webpage on GitHub.
Conventions and practicesused by this community to add or modify code is well documented on the atom.io webpages 

THE LICENSE

An end user has the right to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, with the following stipulations:
The MIT copyright notice needs to be shown on all of or substantial parts of the codebase
The owner of the codebase is not liable for any hardware or software malfunction that occurs either directly or indirectly as a result of using this product



by Yoav Gurevich (noreply@blogger.com) at September 15, 2014 04:14 PM


Omid Djahanpour

Researching Open Source Communities

This blog post will cover a task that I was assigned in my SPO600 class.

Briefly describing the task, I am required to do research on open source communities to understand how the community works with regards to implementing changes to existing open source software and to pick two open source software packages that have different licenses.

After doing my research, I have come to the conclusion that the two packages I will be discussing about will be OpenSSH and Mosh.

OpenSSH

What is OpenSSH?

OpenSSH as describe from their website:

is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

In other words, OpenSSH is a secure shell targeting technical users and provides them with a more secure remote environment.

Finding Your Way Around the Community

OpenSSH has it’s own mailing list where anyone can discuss anything related to the development of OpenSSH. This list can be found here. There is also a gateway that can be used to access all of the OpenSSH lists.

There are also other lists that exist outside of the OpenSSH domain, such as this one hosted on BugZilla.

The Community – At a Glance

I did an advanced search from the BugZilla mailing list for OpenSSH and found this bug report with regards to sftp exiting on a bad tab completion as stated on the bug report page.

There wasn’t much commitment to this report, other than a way of reproducing the error. However, this brought the issue to the attention of the OpenSSH development team, and they committed a patch which will be included in the version 6.7 release of OpenSSH.

Licensing

OpenSSH is licensed under BSD 3-Clause.

Mosh

What is Mosh?

Mosh as described from their website:

Remote terminal application that allows roaming, supportsintermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

Mosh is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

Mosh is free software, available for GNU/Linux, FreeBSD, Solaris, Mac OS X, and Android.

Why Mosh?

I specifically checked out Mosh for this assignment as I stumbled across a post on Reddit which introduced me to it. When I checked out their website and saw all the features it provides it really grew onto me to use it one day.

One of the features of Mosh that really attracted me was how it handles network lag as well as the way it keeps you connected while roaming and during dropped connections.

The Source and Community

Mosh has its source code hosted on GitHub where anyone can view or download.

As I have no personal experience with using GitHub, I can’t say much about it, however, I really like how the UI is layed out. It makes things clean and easy to read.

I cannot understand most of the things that are being worked on by the community involved with Mosh over GitHub, however I started with this pull request, which was later closed and referenced by this.

The Mosh community on GitHub come off as friendly and willing to help. It doesn’t seem difficult at all to push patches through to this community.

Licensing

Mosh is licensed under GPLv3+.


by Omid Djahanpour at September 15, 2014 04:32 AM


Habib Zahoori

AngularJS

The topic I picked for my Case study is “AngularJs”. Since I heard a lot about it, and when I saw it among the Case Study projects, I wanted to b to pick this topic, because I wanted to learn more about it.

As we can see, the topic has a JS suffix with it, which is self explanatory that it is a JavaScript Library. It is an Open Source JavaScript framework, which is supported by community as well as Google. As per some websites like “w3schools.com” AngularJS extends the HTML attributes, which means that using this library we can add more attributes to the HTML tags .It is very good for SPAs (Single Paged Applications) and it is easy to use aswell.

For Example using the code below, after including the library to our page, is a live repeater of our text, and it keeps showing it live while we are writing in the text box.

“<div ng-app=””> <p>Name: <input type=”text” ng-model=”name” value=”John”></p>

<p ng-bind=”name”></p></div>”

I am still researching on this topic and I am sure it will be an interesting presentation both for me and my other colleagues in OSD600.


by HZahoori at September 15, 2014 04:04 AM


Yoav Gurevich

Setting Up Development Environment on Windows

As a vehement and outspoken anti-Apple preacher for all things hardware and software related, I have been time and time again mocked or warned about the disadvantages of the development environment limitations of a windows-based machine. The main complaints and tribulations that I needed to address (for myself included) were - 

* Find a way to circumvent having to deal with windows command prompt/line syntax in favor of more familiar and comfortable unix console syntax
* Find a good package manager that can compete with the likes of brew or apt-get

The first conundrum was rather easily solved with the installation and activation of Git (with the process being virtually identical to any other platform) and using the the git shell instead of the windows command prompt. The git shell accepts all unix-like commands so you can feel right at home "cd"-ing and "ls"-ing around your file system. I have yet to try more complex bash scripts or commands, but for my current necessities this works like a charm.

Coincidentally, GitHub also helped me procure the next solution with the desire to install and use their code editor, Atom (which I will be presenting about tomorrow). The suggested method of download and installation for Windows 8 is to use a package manager called Chocolatey. This is now turning out to be a marvel of a package manager that also helped me install Node.js, Grunt, and Bower - all paramount to the Mozilla projects that I will be focusing on this semester.

Stay tuned for next week's updates.

by Yoav Gurevich (noreply@blogger.com) at September 15, 2014 01:07 AM


Andrew Li

A Quick Glance at Polymer

For our open source case study project, I will be exploring the future of the web - “a new kind of library taking advantage of web components” called Polymer.

Polymer is a pioneering library that makes it faster and easier than ever before to build beautiful applications on the web.

Polymer’s main goal is to make it “easier and faster” to develop applications for any device. That means in addition to web applications in desktop browsers you could use Polymer to build mobile applications in mobile browsers as first-class citizens.

Web Components is a set of specs which let web developers leverage their HTML, CSS and JavaScript knowledge to build widgets that can be reused easily and reliably.

Currently browsers do not support Web Components since specifications are still being carved out. This is where Polymer fills in the gap, it brings the future of “Web Compontents” to allow developers to use it today. Thus, Polymer is a polyfill that provides “web component” support.

Using Polymer, developers can create Web Components for sharing and building applications faster.

In the next post, I will dive into what Polymer’s all about including how it is licensed and where to go to get invovled.

September 15, 2014 12:00 AM

September 14, 2014


Linpei Fan

SPO600: Procedure of bug fixing on open source software - Bug 1041788@ Bugzilla@Mozilla

I used advance search at Bugzilla@Mozilla with following criteria: Status-Resolved, Product-Firefox, Resolution-Fixed, and Classification-Client Software to find a resolved bug. It showed me a listed bug met above-mentioned criteria. I sorted them by date of Changed and found Bug 1041788 - Unable to close tab after slow script warning at chrome://browser/content/tabbrowser.xml:1989. The reason why I chose this bug is because this bug is unusual and there were a lot of conversations about it. It is easy for readers to understand what’s going on during the process.

This bug was reported on 2014-07-21 and was modified on 2014-08-06. There were 11 users involved in the comments. The user, bull500, who reported the bug, has less experience in the community. And the user, Mike Conley, is the one who was assigned to solve the bug and has a lot of experience in this community. And there were some other experience users and QA (Paul Silaghi) contact in the reviews.

During the bug fix procedure, user bull500 reported a bug, which is unable to close the table after opening a large number of tags and showing a slow script warning, together with more details like the OS / software version, steps to reproduce and the results. Then Paul and Mike tried to reproduce it. Paul failed. But Mike did and found where cause the bug. And then Mike asked another experience user’s (Tim’s) opinion about this bug. Tim suggested a patch for this bug and asked the bull500’s and Mike’s feedback. They did not have the issue after install the patch. Thus the bug is resolved.
The whole process for resolving this bug took 16 days. Bull500 got the response the day after he reported the bug. When he reported that he met the same issue 5 days after, he received immediate response. Then they actively discussed the issue and found out where it came from. 9 days after the bug was reported, the solution came up. In the following days, they discussed how the solutions worked.

Moreover, I also browsed the Bugzilla@Eclipse. It has the exact same procedure as Bugzilla@Mozilla has.

After reviewing the procedure of above bug, I have some ideas on how the open source software works on resolving the bugs. However, I am still confused about who assigns the tasks or how developers take the task. 

by Lily Fan (noreply@blogger.com) at September 14, 2014 04:57 PM

OSD600/DPS909: First Glance at Node.js

I firstly heard about the Node.js from my friend, who worked at CDOT @ Seneca. He told me Node.js is a server side Javascript and his main job was working with Node.js. Then I got the frist impression about Node.js, which is a JavaScript library in server side.

Now I take the course Open Source Development. Node.js is one of the topics in the list of the Case Study. To be honest, Node.js is the only topic that I have heard about. It is an opportunity for me to dig out what is Node.js and how it works on the server.

This is what is Node.js on Wikipedia:
“Node.js is a cross-platform runtime environment for server-side and networking applications. Node.js applications are written in JavaScript, and can be run within the Node.js runtime on OS XMicrosoft Windows and Linux with no changes.

And according to the Wikipedia, Node.js is gaining popularity and is adopted as a high-performance server-side platform by Groupon, SAP, LinkedIn, Microsoft, Yahoo!, Walmart, and PayPal.

In nodejs.org, Node.js is described as follows:
“Node.js® is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.”

Here it provides more information about Node.js. It describes that Node.js uses an even-driven, non-blocking I/O model, which I will find out what the meaning of these words are later.

The first project I work on in OSD600 is to enable Filter have “du” functionality as Unix does. Filer is a POSIX-like file system interface for node.js and browser-based JavaScript. It seems that my research on Node.js will be helpful on my first project. And I may keep work on Filer in my later projects, or may switch to MakeDrive (MakeDrive is a JavaScript library and server (node.js) that provides an offline-first, always available, syncing filesystem for the web.), which I am interest in.


Source: 

by Lily Fan (noreply@blogger.com) at September 14, 2014 04:56 PM


Shuming Lin

Open Source: Brackets

Apps-Brackets-B-icon
Brackets is a free open-source editor written in HTML, CSS, and Javascript with a primary focus
on Web Development. It was created by Adobe Systems and is currently maintained on GitHub.
Brackets is available for cross-platform download on Mac,Windows, and Linux.
Design In The Browser
Brackets doesn’t get in the way of your creative process. It blends visual tools into the editor while pushing HTML and CSS to the browser as you code.
Live HTML Development
As you code, HTML changes are instantly pushed to browser without having to save or reload the page

To learn more about socket.io, you can visit their website: brackets.io


by okevin0 at September 14, 2014 04:55 PM


Stanley Moote

All About The Bower

DPS909 Presentation

For my DPS909 presentation I have chosen Bower from the list of options. I have never heard of bower before but after reading up on it I can understand its usefulness.

So what is bower?

Bower is an OS software for managing all of the different frameworks, libraries assets and utilities on your web server. Anyone who has been doing web development in the recent years knows there are a multitude of these that must be drawn from to make the site run smoother and to ensure you aren’t doing any extra work yourself that could be accomplished via a library.

A couple of questions about Bower:

  • What is Bower?
  • Why do I want to use Bower?
  • How will it make my life easier?
  • What is the future of Bower?

These are a few of the questions I will be asking myself and answering for the class during my presentation. I look forward to installing and messing around with Bower in my own environment.


by golddiggity at September 14, 2014 04:15 PM


Frank Panico

Looking for a JSHint????

So I’ve decided to pick JSHint from the leftovers of research options for our case study.

JSHint is a community-driven tool to detect errors and potential problems in JavaScript code. Developed and maintained by Anton Kovalyov (who holds the Grandmaster title of chess in Canada), it is very flexible so you can easily adjust it to your particular coding guidelines and the environment you expect your code to execute in. JSHint is open source and will always stay this way.

Its License is fairly standard in the Open Source sense. All that’s really required is to place the copyright notice in all copies and portions of the software. Also because it includes the JSLint library, Douglas Crockford (the creator of JSLint) stated in his license that anything with his software must also include this little tidbit just for the lulz…
- “The Software shall be used for Good, not Evil.”

Any code base eventually becomes huge at some point, and simple mistakes—that would not show themselves when written—can become show stoppers and waste hours of debugging. And this is when static code analysis tools come into play and help developers to spot such problems. JSHint scans a program written in JavaScript and reports about commonly made mistakes and potential bugs. The potential problem could be a syntax error, a bug due to implicit type conversion, a leaking variable or something else.

The codebase in github currently has over 150 contributors and is used by over 30 different companies and projects including Mozilla, Facebook, Twitter, SoundCloud and Yahoo!.

Getting involved is very easy. There’s a Git repository with all the code (https://github.com/jshint/jshint). If a developer would like to get involved, they just need to clone that repository, make changes* and open a pull request to get their code in.
* To find what changes one can make, they can go to the list of bugs and fix one of them.

Anton’s Handles are:
email: anton@kovalyov.net.
twitter:https://twitter.com/valueof
github:https://github.com/valueof


by fpanico04 at September 14, 2014 04:51 AM


Fadi Tawfig

MongoDB

I’ve chosen to research and present on MongoDB for a case study assignment for my OSD600 course. This topic was selected from a list of open source projects from which I could choose to research and present on. By the time I signed myself up for a topic, there were only a handful that weren’t yet taken, including MongoDB. I am, however, quite pleased with my topic of choice due to a genuine curiosity in this project.

I’ve seen the name MongoDB several times on programming forums, blogs, etc. but I’ve never really taken the time to really research what exactly it is. I suppose this case study is my opportunity to do so.

After doing some reading on MongoDB’s site and the Wikipedia page for MongoDB I learned that MongoDB is the world’s most successful NoSQL database. What is a NoSQL database? A database which eschews the traditional relational database model. What advantages does this provide? www.mongodb.com claims that NoSQL databases feature increased scalability and superior performance to relational databases. Of course, this is a biased source, but I’m interested in discovering the validity of that statement in further research.

Some questions I’d like to answer in my presentation include:

  • What is MongoDB?
  • What is the history of MongoDB as an open source project?
  • What is a NoSQL database?
  • Why choose a NoSQL database over relational database?

I look forward to answering these questions for my own curiosity, and for any others in the class which were wondering the same things.

- Fadi Tawfig


by ftawfig at September 14, 2014 01:46 AM

September 13, 2014


Ava Dacayo

Introductory blog post on Bootstrap – OSD600

I picked Bootstrap for the open source case study as I was doing some reading about it anyway after seeing it in one of the files included in Visual Studio 2013.

So what is Bootstrap anyway? Here are some of the highlights I found out from http://getbootstrap.com/

  • It is a HTML, CSS, and JS framework for developing websites
  • It automatically scales the websites depending on the device where it is viewed
  • It is Mobile first

You can view the project here on github: https://github.com/twbs/bootstrap

A quick test in ASP.net MVC VS2013 and the Bootstrap v3.0.0 that came with it:

1. Normal size

1

Nothing fancy. I simply ran this in chrome after creating a new project. But take note of the contents.

2. Resized 

2

Ta-dah! Without actually coding ANYTHING, it figured out how to display the page when resized. The menu is now hidden and expandable and the contents are all shown without scrolling.

I’ll probably show a mobile view on my presentation day on different devices and different browsers to test how it will be displayed. And that’s it! End of my quick overview of Bootstrap!


by eyvadac at September 13, 2014 08:57 PM

September 12, 2014


Ali Al Dallal

TIL: How to search on Google and exclude word

Sometime when I'm trying perform a Google search for things related to my work or even random stuff on the web, and it's annoying to see things that's not even related to what I'm looking for at all.

Today I learn that when you search on Google you can simply exclude a word that you don't want to see in your result like this:

alicoding -twitter  

The above will result with a keyword alicoding, but with no twitter word in the search result at all.

I hope you find this blog post useful, and if you have a better way or suggestion please feel free to leave a comment! :)

by Ali Al Dallal at September 12, 2014 06:14 PM


Yasmin Benatti

React.js

Another task that I have for the Open Source class is to learn about a project and then make a presentation to the rest of the class. I decided to research about a project called React. For now I’m just looking at what is possible to do using it. Because I don’t know JavaScript very well I cannot explain the codes right now, but for my presentation (in November) and for later posts I’ll be able to.

Basically, it is a JavaScript library to develop user interfaces. This post on React’s web site explain in a easy way how React works, showing step-by-step the creation of an app. It has some methods used to take input data and displaying it later on the app, to create a todo list, a counter and others, shown on the first page of the website.

React is developed by people from Facebook and Instagram’s team. If you want to look for more information and details, here are some links: GithubIRC and Twitter.

Cheers!

by yasminbenatti at September 12, 2014 05:16 PM


Brendan Donald Henderson

GNU GCC Compiler Options and C Programming:

Recently I was asked to explore the output that the GNU GCC compiler generates when different command-line options are used. To this I thought no sweat, how powerful could these compiler options really be, and that is where this story starts…

The tools I used were:

  • GNU’s GCC compiler, version 4.8.3
  • objdump with the -f -s -d options
  • A simple make file(just for good practice)
  • A very simple C program

I chose to keep the same, relatively simple c program throughout this process because I didn’t want to spend too much time needlessly reversing dead-listings(disassembly) and I wanted to be sure that any change in gcc’s output was based on the command-line options and not on the source code changing.

Here is the source code of the C program:


#include <stdio.h>
int main()
{
printf(“Hello World\n”);
return 0;
}


The make file is very basic, but with all options being used it looks like:
# Makefile
#
w2: w2.c
gcc -g -O0 -fno-builtin -static -ow2


Compile statement: gcc -g -O0 -fno-builtin w2.c
After a call to objdump we find the following disassembly of our main function under the <main> label of the .text section. The .text section contains the executable code, it is analogous to the code segment of a Windows PE binary. By the way if you are wondering where the “Hello World” string constant ended up, take a look in the .rodata section.

disassembly:


<main>

push %rbp                               ;The first 2 lines set up a conventional rbp stack frame,
mov %rsp,%rbp                       ;this is done for many benefits(add more info below)
sub $0x10,%rsp                      ;Create space on the stack(16 bytes, 4 variables)
mov %edi, -0x4(%rbp)            ;These have to do with the parameters argc and argv
mov %rsi, -0x10(%rbp)
mov $0x4005f0, %edi             ;Moving the address of the string constant into edi
mov $0x0, %eax                     ;Clear eax, maybe it’s part of IA-64 convention?
callq 400410 <printf@plt>
mov $0x0, %eax                     ;Return values are commonly stored in eax
leaveq                                    ;High-level procedure exit, paired with enter usually, cleans up stack frame
retq                                        ;Pops the top of the stack into rip register
nopw %cs:$0x0(%rax,%rax,1)    ;I believe that these nops are being used for padding to boundaries
nop


GAS: the GNU assembler uses the syntax(AT&T syntax) seen above, for those used to MASM syntax this can seem quite ugly.
The main things to note from objdump’s output is that there are a few debugging related headers within the executable due to the -g option. The code is not optimized what-so-ever(-O0), this will become very noticable once I show the optimized code a little later.

Finally, the -fno-builtin option instructs the compiler to not optimize built-in function and instead to keep the library function call. GCC provides many built-in version of the Standard C Library functions, these built in version use different, optimized operations to accomplish the same task. However, this option does not ignore functions prefixed with __builtin_, which to the compiler are analogous to the Standard C functions.

Side Note: Our code is using the fastcall calling convention to pass arguments to the function.

Adding the -static option:

Compile Statement: gcc -g -O0 -fno-builtin -static -ow2 w2.c

The -static option causes dynamic linking to be disabled. What this means for our code is that the call to printf(), which exists within the stdio library, will cause the entire stdio library to be embedded into our executable at compile time(still the object file at that exact time).

This option should not be taken lightly! In this case it grew the executable from  roughly 8500 bytes to 1.04 megabytes, it also took the output of objdump from a few hundred lines to approximately 186,000 lines! In the case of objdump this is not only source code, there are a lot of other headers that the compiler generates as a result(.remember our -g debug info option). And how often does your application only contain 1 library?

A few interesting things to note:

  1. the call was changed from <printf@plt> to <_IO_printf>
  2. there were quite a few headers added that began with either _dl or _nl

Removing the -fno-builtin option:
Compile Statement: gcc -g -O0 -fno-builtin -static -ow2 w2.c

The main change here is with the call operation:

  • with -static: from <_IO_printf> to <_IO_puts>
  • without -static: from <printf@plt> to <puts@plt>

puts is GCC’s built-in optimized implementation of the Standard C printf().

Also, the three lines that previously followed the call line:

mov $0x0, %eax
nopw %cs:$0x0(%rax,%rax,1)
nop

were removed.

GCC C built-ins explanation: https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html

Removing the -g option:

Compile Statement: gcc -O0 -ow2 w2.c
The size of the executable shrinks slightly because there is no debug information included in the executable. Also the debug section headers are no longer present and neither is debug setup code within the objdump’s output.

This debug information is invaluable during development of your code. However, when you transition to production this code is not only unnecessary and bloats your executable, it can also leave some very interesting information for anyone trying to hack or reverse engineer your application.

Adding arguments to printf() call:

Here I am adding 10 simple integer arguments to the call to printf() to try to determine the order in which registers will be used to pass arguments to a function.

disassembly of <main>:


push %rsp
mov %rbp,%rsp
sub $0x60,%rsp                 ;Creating 96 bytes of stack space, within the frame, for locals
movl $0x1,-0x4(%rbp)        ;These instructions are just moving the numeric constants into the
movl $0x2,-0x8(%rbp)        ;stack space we just created for the locals.
movl $0x3,-0xc(%rbp)
movl $0x4,-0x10(%rbp)
movl $0x5,-0x14(%rbp)
movl $0x6,-0x18(%rbp)
movl $0x7,-01c(%rbp)
movl $0x8,-0x20(%rbp)
movl $0x9,-0x24(%rbp)
movl $0xa,-0x28(%rbp)
mov -0x14(%rbp),%r8d
mov -0x10(%rbp),%edi
mov -0xc(%rbp),%ecx               ;Here is where the parameters for the printf call begin getting
mov -0x8(%rbp),%edx              ;loaded into a combination of stack space and registers.
mov -0x4(%rbp),%eax
mov -0x28(%rbp),%esi
mov %esi,0x20(%rsp)
mov -0x24(%rbp),%esi
mov %esi,0x18(%rsp)
mov -0x20(%rbp),%esi
mov %esi,0x10(%rsp)
mov -0x1c(%rbp),%esi
mov %esi,0x8(%rsp)
mov -0x18(%rbp),%esi
mov %esi,(%rsp)
mov %r8d,%r9d
mov %edi,%r8d
mov %eax,%esi
mov $0x400660,%edi        ;This is the string constant, the first argument in the printf call is
mov $0x0,%eax                 ;the last argument moved into a register.
callq 400410 <printf@plt>
mov $0x0,%eax
leaveq
retq


I have only commented the difference in this new disassembly. One thing to note is the order in which registers are used to pass arguments, also that arguments are loaded into registers from right to left(if you are looking at a function prototype).

The register priority that I was able to determine:

The code loads the first 5 arguments(reverse) onto the stack, then uses r8d, r9d , ecx, edx, esi

Some interesting side notes:

  • The seemingly unnecessary clearing of eax immediately before the procedure call only seems to arise in non-optimized code.
  • The compiler inserts nops of varying lengths to pad the code(in most cases to DWORD boundaries).

Moving the call to printf():
Moving the call to printf() to a  function outside of main() and then calling that function from main() didn’t generate any unexpected output.

Optimizing Our Code!:
Compile Statement: gcc -O3 -ow2 w2.c

To me this part is the most interesting, these optimization are as simply as supplying a command line option to the compiler! No extra work, the compiler will optimize your code for you, as best it can without changing the code’s intent. But how does the compiler actually “optimize” your code??

Here I changed the -O0 option to -O3:


<main>

sub $0x8,%rsp
mov $0x4005f0,%edi
callq 400410 <puts@plt>
xor %eax,%eax
add $0x8,%rsp
retq
nopl (%rax)


Main differences to note:

  • There is no longer any rbp stack frame, but there is a seemingly needless creation of 8 bytes of local space within the function.
  • “xor %eax,%eax” replaces “mov $0x0,%eax”(this is something that to me always gives away compiler optimized code). The difference is a 5 byte instruction into a 2 byte instruction, it doesn’t seem like much now but when there is often a return 0,false, or NULL option for many of your functions then it will add up.
  • A lot of the odd looking code that showed up in previous test runs was gone.

Important: Quite a significant part of optimizations that the compiler will add end up being related to arithmetic operations, condition branching, and rolling out loops into consecutive statements. None of which take place in this program, so do more exploration into this if you are interested!!

Ipsa Scientia Potestas Est ~ Knowledge itself is power


by paraCr4ck at September 12, 2014 12:13 AM

September 11, 2014


Brendan Donald Henderson

Open Source Projects: Patches

Recently I was asked to choose 2 open source projects and look into the patch submission process, from reporting of a bug up until the acceptance of a patch by the maintainers of that project. There are certainly some similarities between how these two projects operate. This makes sense as well established methods can and should be replicated in most cases. An example is that most open source projects use Bugzilla as a bug tracking system. But I digress, here are the 2 projects that I researched:

The following is a link to a Google Doc containing an example of a successfully submitted and accepted patch for both of the projects below.

https://drive.google.com/folderview?id=0By2dimikrupscnZaRjVERFREdFk&usp=sharing

GNU GCC:

License: GNU GPL 3.0
Legal Prerequisites: for “small changes”(they don’t provide the most clear differences between a small and large change) there is no legal aspect beyond agreeing that your work is being submitted to the project under their license. However, for “larger changes” there is a requirement to sign a copyright assignment or if a contributor is uncomfortable with that option then a copyright disclaimer.
Coding Standards: Your patch must conform to the GNU Coding Standards. If the patch is large enough they may also require that you submit documentation, test cases(individually or integrated into their test suite by the patch submitter), and code formatting(such as line indentation, etc.). Note: Sometimes the maintainers provide a script to test your code’s conformance to speed up the process.
Testing your patch: Some general good practices are, to test your code thoroughly and to the best of your abilities, as well as testing your patch on as many implementations as possible(Win32/64,Linux32/64,Intel,ARM,etc.). For this project(and most other large projects) there are specifications for:

  • the minimum level of testing
  • provided test suites that must complete successfully
  • any mandatory bootstrapping

These aspects will all depend on what component you are contributing to and its scope within the package/project.
Example: Obviously if you are patching one of the lower level optimization components of the gcc compiler then you would need to ensure that higher level components don’t break as a result.

Tip: Just as in science, when you are conducting a test(or experiment) you should never change to much before testing the results of those change(s). In fact, the fewer amount of changes to a single test, the better and more accurately assessable the result is(this really matters when other people are looking for reasons to reject your patch, don’t give them any!).

Submission: Once your patch is ready to submit for assessment, assuming that you don’t have maintainer status and aren’t a special/frequent developer and thus can’t don’t have write access to the SVN repository, you will need to package the patch and other required deliverables into a mail message and submit it to the appropriate mailing list.
Required Deliverables:

  • Description of the problem/feature and what it’s fixing/why it’s necessary..
  • Reference a specific bug on https://gcc.gnu.org/bugzilla/ .
  • Make mention of any existing test cases within the for the bug within the GCC test suite.
  • If you stray from the GNU Coding Standards you must justify why.
  • Add a plaintext entry into the ChangeLog.
  • List the host and target combinations used to test your code as well as the results of those tests.

link to their contribution specifications page: https://gcc.gnu.org/contribute.html

 


 

Eclipse:
License: Eclipse Public License(EPL)
Legal Prerequisite: Regardless of the size of contribution that you make the contributor must sign a Contributor License Agreement(CLA). The 1000 lines rule: If your contribution exceeds 1000 added(new) lines(this includes code, comments, and whitespace) then it must go through a mandatory IP Review Process, unless it can be committed via a committer from the same company as you.
Submission: A bug report must exist for the issue/improvement: https://bugs.eclipse.org/bugs/ .
Requirements for your patch:

  • Start with the newest available build of the component to which your patch applies.
  • Add your patch and comment the source code which you have added.
  • Within the file’s header there will be a contributor’s list, add to it: your name, company, etc.
  • Ensure that your patch follows the guidelines of the project to which you are contributing, for the linked example it is the CDT guildines
  • Do not change anything that you are not patching, if you would like to then create another bug report and submit the change seperately
  • Create jUnit test cases for your code and include them with the patch submission(This is optional)
  • There are maintainer committees that monitor Bugzilla and Gerrit(where applicable) and will see your submission
  • If your have submitted a patch and no project member(maintainer, moderator, other staff) has gotten back to you then Follow up with them.

Side Note: Some projects use Gerrit instead of Bugzilla and/or mailing lists for patch submission.

link to the contributing specifications page http://wiki.eclipse.org/CDT/contributing


by paraCr4ck at September 11, 2014 05:08 AM


Ryan Dang

Socket.io for beginner

Socket.io is an amazing JavaScript frame work which was built for Node.js. It “enables real-time bidirectional event-based communication. It works on every platform, browser or device, focusing equally on reliability and speed

What is real time bidirectional event-based communication? It refer to the communication between the server and the client. With socket.io, it will allow the server to push the change to the client without reloading the page. Traditionally, if you want to update a table data in real time, you could do an ajax call every second to constantly update the data. This approach put a toll on the client cpu and the server. With socket.io, we can send update to all the clients that connect to the socket when a change is made in the database or a server side function is called.

Some of socket.io uses are : real time chat application, documents collaboration, real time data update…

 

To learn more about socket.io, you can visit their website:

http://socket.io/

 


by byebyebyezzz at September 11, 2014 04:54 AM

First Look into MakeDrive

Today I will be talking about MakeDrive. A very interesting “Cloud base dropbox” but for web browser. Since the introduction of HTML5, we are able to do many things that we were not able to do before with the web. Have you ever running low on data usage or experiencing bad or no internet signal? There are many part in the world that don’t even have access to internet. When you’re in that situation, would it be nice if you can work on your web app in “offline” mode? and all the data will be saved and later sync up with the data you have on the server? MakeDrive will allow you to do that. You can do everything without the internet on your favorite webapp!

Get involved to day and be part of the community that help to make the web better. Visit the link below for more information on this project:

https://github.com/mozilla/makedrive


by byebyebyezzz at September 11, 2014 04:08 AM


Hunter Jansen

SPO Lab2 C Compiler

SPO Lab2 C Compiler

Written by Hunter Jansen on September 11, 2014

The second lab for my SPO600 course involves poking around in a c compiler’s output for a simple hello world program
and trying to understand what I’m looking at.

The lab can be found here.

The Program

Like I said, it’s a super simple c program:

#include <stdio.h>

int main() {
    printf("Hello World!\n");
}

From there we compile with the gcc compiler using the following flags: -g, -O0, -fno-builtin. This produced an a.out file.

Following that, we’re to examine the a.out file using the objdump program using the following flags: -s, -f, -d, –source.

In the output, we’re then to identify the section containing the source, as well as the section containing the string to be printed.

The source

Obviously the source can be seen if you only use the –source flag on objdump. In performing that command, you’re provided with the
output:

[hunter@li62-155 SPO600]$ objdump --source a.out 

a.out:     file format elf64-x86-64


Disassembly of section .init:

00000000004003e0 <_init>:
  4003e0:	48 83 ec 08          	sub    $0x8,%rsp
  4003e4:	48 8b 05 0d 0c 20 00 	mov    0x200c0d(%rip),%rax        # 600ff8 <_DYNAMIC+0x1d0>
  4003eb:	48 85 c0             	test   %rax,%rax
  4003ee:	74 05                	je     4003f5 <_init+0x15>
  4003f0:	e8 3b 00 00 00       	callq  400430 <__gmon_start__@plt>
  4003f5:	48 83 c4 08          	add    $0x8,%rsp
  4003f9:	c3                   	retq   

Disassembly of section .plt:

0000000000400400 <printf@plt-0x10>:
  400400:	ff 35 02 0c 20 00    	pushq  0x200c02(%rip)        # 601008 <_GLOBAL_OFFSET_TABLE_+0x8>
  400406:	ff 25 04 0c 20 00    	jmpq   *0x200c04(%rip)        # 601010 <_GLOBAL_OFFSET_TABLE_+0x10>
  40040c:	0f 1f 40 00          	nopl   0x0(%rax)

0000000000400410 <printf@plt>:
  400410:	ff 25 02 0c 20 00    	jmpq   *0x200c02(%rip)        # 601018 <_GLOBAL_OFFSET_TABLE_+0x18>
  400416:	68 00 00 00 00       	pushq  $0x0
  40041b:	e9 e0 ff ff ff       	jmpq   400400 <_init+0x20>

0000000000400420 <__libc_start_main@plt>:
  400420:	ff 25 fa 0b 20 00    	jmpq   *0x200bfa(%rip)        # 601020 <_GLOBAL_OFFSET_TABLE_+0x20>
  400426:	68 01 00 00 00       	pushq  $0x1
  40042b:	e9 d0 ff ff ff       	jmpq   400400 <_init+0x20>

0000000000400430 <__gmon_start__@plt>:
  400430:	ff 25 f2 0b 20 00    	jmpq   *0x200bf2(%rip)        # 601028 <_GLOBAL_OFFSET_TABLE_+0x28>
  400436:	68 02 00 00 00       	pushq  $0x2
  40043b:	e9 c0 ff ff ff       	jmpq   400400 <_init+0x20>

Disassembly of section .text:

0000000000400440 <_start>:
  400440:	31 ed                	xor    %ebp,%ebp
  400442:	49 89 d1             	mov    %rdx,%r9
  400445:	5e                   	pop    %rsi
  400446:	48 89 e2             	mov    %rsp,%rdx
  400449:	48 83 e4 f0          	and    $0xfffffffffffffff0,%rsp
  40044d:	50                   	push   %rax
  40044e:	54                   	push   %rsp
  40044f:	49 c7 c0 c0 05 40 00 	mov    $0x4005c0,%r8
  400456:	48 c7 c1 50 05 40 00 	mov    $0x400550,%rcx
  40045d:	48 c7 c7 30 05 40 00 	mov    $0x400530,%rdi
  400464:	e8 b7 ff ff ff       	callq  400420 <__libc_start_main@plt>
  400469:	f4                   	hlt    
  40046a:	66 90                	xchg   %ax,%ax
  40046c:	0f 1f 40 00          	nopl   0x0(%rax)

0000000000400470 <deregister_tm_clones>:
  400470:	b8 3f 10 60 00       	mov    $0x60103f,%eax
  400475:	55                   	push   %rbp
  400476:	48 2d 38 10 60 00    	sub    $0x601038,%rax
  40047c:	48 83 f8 0e          	cmp    $0xe,%rax
  400480:	48 89 e5             	mov    %rsp,%rbp
  400483:	77 02                	ja     400487 <deregister_tm_clones+0x17>
  400485:	5d                   	pop    %rbp
  400486:	c3                   	retq   
  400487:	b8 00 00 00 00       	mov    $0x0,%eax
  40048c:	48 85 c0             	test   %rax,%rax
  40048f:	74 f4                	je     400485 <deregister_tm_clones+0x15>
  400491:	5d                   	pop    %rbp
  400492:	bf 38 10 60 00       	mov    $0x601038,%edi
  400497:	ff e0                	jmpq   *%rax
  400499:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)

00000000004004a0 <register_tm_clones>:
  4004a0:	b8 38 10 60 00       	mov    $0x601038,%eax
  4004a5:	55                   	push   %rbp
  4004a6:	48 2d 38 10 60 00    	sub    $0x601038,%rax
  4004ac:	48 c1 f8 03          	sar    $0x3,%rax
  4004b0:	48 89 e5             	mov    %rsp,%rbp
  4004b3:	48 89 c2             	mov    %rax,%rdx
  4004b6:	48 c1 ea 3f          	shr    $0x3f,%rdx
  4004ba:	48 01 d0             	add    %rdx,%rax
  4004bd:	48 d1 f8             	sar    %rax
  4004c0:	75 02                	jne    4004c4 <register_tm_clones+0x24>
  4004c2:	5d                   	pop    %rbp
  4004c3:	c3                   	retq   
  4004c4:	ba 00 00 00 00       	mov    $0x0,%edx
  4004c9:	48 85 d2             	test   %rdx,%rdx
  4004cc:	74 f4                	je     4004c2 <register_tm_clones+0x22>
  4004ce:	5d                   	pop    %rbp
  4004cf:	48 89 c6             	mov    %rax,%rsi
  4004d2:	bf 38 10 60 00       	mov    $0x601038,%edi
  4004d7:	ff e2                	jmpq   *%rdx
  4004d9:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)

00000000004004e0 <__do_global_dtors_aux>:
  4004e0:	80 3d 4d 0b 20 00 00 	cmpb   $0x0,0x200b4d(%rip)        # 601034 <_edata>
  4004e7:	75 11                	jne    4004fa <__do_global_dtors_aux+0x1a>
  4004e9:	55                   	push   %rbp
  4004ea:	48 89 e5             	mov    %rsp,%rbp
  4004ed:	e8 7e ff ff ff       	callq  400470 <deregister_tm_clones>
  4004f2:	5d                   	pop    %rbp
  4004f3:	c6 05 3a 0b 20 00 01 	movb   $0x1,0x200b3a(%rip)        # 601034 <_edata>
  4004fa:	f3 c3                	repz retq 
  4004fc:	0f 1f 40 00          	nopl   0x0(%rax)

0000000000400500 <frame_dummy>:
  400500:	48 83 3d 18 09 20 00 	cmpq   $0x0,0x200918(%rip)        # 600e20 <__JCR_END__>
  400507:	00 
  400508:	74 1e                	je     400528 <frame_dummy+0x28>
  40050a:	b8 00 00 00 00       	mov    $0x0,%eax
  40050f:	48 85 c0             	test   %rax,%rax
  400512:	74 14                	je     400528 <frame_dummy+0x28>
  400514:	55                   	push   %rbp
  400515:	bf 20 0e 60 00       	mov    $0x600e20,%edi
  40051a:	48 89 e5             	mov    %rsp,%rbp
  40051d:	ff d0                	callq  *%rax
  40051f:	5d                   	pop    %rbp
  400520:	e9 7b ff ff ff       	jmpq   4004a0 <register_tm_clones>
  400525:	0f 1f 00             	nopl   (%rax)
  400528:	e9 73 ff ff ff       	jmpq   4004a0 <register_tm_clones>
  40052d:	0f 1f 00             	nopl   (%rax)

0000000000400530 <main>:
#include <stdio.h>

int main() {
  400530:	55                   	push   %rbp
  400531:	48 89 e5             	mov    %rsp,%rbp
    printf("Hello World!\n");
  400534:	bf e0 05 40 00       	mov    $0x4005e0,%edi
  400539:	b8 00 00 00 00       	mov    $0x0,%eax
  40053e:	e8 cd fe ff ff       	callq  400410 <printf@plt>
}
  400543:	5d                   	pop    %rbp
  400544:	c3                   	retq   
  400545:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
  40054c:	00 00 00 
  40054f:	90                   	nop

0000000000400550 <__libc_csu_init>:
  400550:	41 57                	push   %r15
  400552:	41 89 ff             	mov    %edi,%r15d
  400555:	41 56                	push   %r14
  400557:	49 89 f6             	mov    %rsi,%r14
  40055a:	41 55                	push   %r13
  40055c:	49 89 d5             	mov    %rdx,%r13
  40055f:	41 54                	push   %r12
  400561:	4c 8d 25 a8 08 20 00 	lea    0x2008a8(%rip),%r12        # 600e10 <__frame_dummy_init_array_entry>
  400568:	55                   	push   %rbp
  400569:	48 8d 2d a8 08 20 00 	lea    0x2008a8(%rip),%rbp        # 600e18 <__init_array_end>
  400570:	53                   	push   %rbx
  400571:	4c 29 e5             	sub    %r12,%rbp
  400574:	31 db                	xor    %ebx,%ebx
  400576:	48 c1 fd 03          	sar    $0x3,%rbp
  40057a:	48 83 ec 08          	sub    $0x8,%rsp
  40057e:	e8 5d fe ff ff       	callq  4003e0 <_init>
  400583:	48 85 ed             	test   %rbp,%rbp
  400586:	74 1e                	je     4005a6 <__libc_csu_init+0x56>
  400588:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  40058f:	00 
  400590:	4c 89 ea             	mov    %r13,%rdx
  400593:	4c 89 f6             	mov    %r14,%rsi
  400596:	44 89 ff             	mov    %r15d,%edi
  400599:	41 ff 14 dc          	callq  *(%r12,%rbx,8)
  40059d:	48 83 c3 01          	add    $0x1,%rbx
  4005a1:	48 39 eb             	cmp    %rbp,%rbx
  4005a4:	75 ea                	jne    400590 <__libc_csu_init+0x40>
  4005a6:	48 83 c4 08          	add    $0x8,%rsp
  4005aa:	5b                   	pop    %rbx
  4005ab:	5d                   	pop    %rbp
  4005ac:	41 5c                	pop    %r12
  4005ae:	41 5d                	pop    %r13
  4005b0:	41 5e                	pop    %r14
  4005b2:	41 5f                	pop    %r15
  4005b4:	c3                   	retq   
  4005b5:	66 66 2e 0f 1f 84 00 	data32 nopw %cs:0x0(%rax,%rax,1)
  4005bc:	00 00 00 00 

00000000004005c0 <__libc_csu_fini>:
  4005c0:	f3 c3                	repz retq 
  4005c2:	66 90                	xchg   %ax,%ax

Disassembly of section .fini:

00000000004005c4 <_fini>:
  4005c4:	48 83 ec 08          	sub    $0x8,%rsp
  4005c8:	48 83 c4 08          	add    $0x8,%rsp
  4005cc:	c3                   	retq  

Looking at this, we can see that the source code for this file can be found in the ‘' section.

The String

The string output looks like it can be found in the ‘.rodata’ section of the output that can be seen using the -s flag.

[hunter@li62-155 SPO600]$ objdump -s a.out 

a.out:     file format elf64-x86-64

Contents of section .interp:
 400238 2f6c6962 36342f6c 642d6c69 6e75782d  /lib64/ld-linux-
 400248 7838362d 36342e73 6f2e3200           x86-64.so.2.    
Contents of section .note.ABI-tag:
 400254 04000000 10000000 01000000 474e5500  ............GNU.
 400264 00000000 02000000 06000000 20000000  ............ ...
Contents of section .note.gnu.build-id:
 400274 04000000 14000000 03000000 474e5500  ............GNU.
 400284 87d14922 11734b7a 54671f88 075e22ff  ..I".sKzTg...^".
 400294 8d8851d5                             ..Q.            
Contents of section .gnu.hash:
 400298 01000000 01000000 01000000 00000000  ................
 4002a8 00000000 00000000 00000000           ............    
Contents of section .dynsym:
 4002b8 00000000 00000000 00000000 00000000  ................
 4002c8 00000000 00000000 0b000000 12000000  ................
 4002d8 00000000 00000000 00000000 00000000  ................
 4002e8 12000000 12000000 00000000 00000000  ................
 4002f8 00000000 00000000 24000000 20000000  ........$... ...
 400308 00000000 00000000 00000000 00000000  ................
Contents of section .dynstr:
 400318 006c6962 632e736f 2e360070 72696e74  .libc.so.6.print
 400328 66005f5f 6c696263 5f737461 72745f6d  f.__libc_start_m
 400338 61696e00 5f5f676d 6f6e5f73 74617274  ain.__gmon_start
 400348 5f5f0047 4c494243 5f322e32 2e3500    __.GLIBC_2.2.5. 
Contents of section .gnu.version:
 400358 00000200 02000000                    ........        
Contents of section .gnu.version_r:
 400360 01000100 01000000 10000000 00000000  ................
 400370 751a6909 00000200 33000000 00000000  u.i.....3.......
Contents of section .rela.dyn:
 400380 f80f6000 00000000 06000000 03000000  ..`.............
 400390 00000000 00000000                    ........        
Contents of section .rela.plt:
 400398 18106000 00000000 07000000 01000000  ..`.............
 4003a8 00000000 00000000 20106000 00000000  ........ .`.....
 4003b8 07000000 02000000 00000000 00000000  ................
 4003c8 28106000 00000000 07000000 03000000  (.`.............
 4003d8 00000000 00000000                    ........        
Contents of section .init:
 4003e0 4883ec08 488b050d 0c200048 85c07405  H...H.... .H..t.
 4003f0 e83b0000 004883c4 08c3               .;...H....      
Contents of section .plt:
 400400 ff35020c 2000ff25 040c2000 0f1f4000  .5.. ..%.. ...@.
 400410 ff25020c 20006800 000000e9 e0ffffff  .%.. .h.........
 400420 ff25fa0b 20006801 000000e9 d0ffffff  .%.. .h.........
 400430 ff25f20b 20006802 000000e9 c0ffffff  .%.. .h.........
Contents of section .text:
 400440 31ed4989 d15e4889 e24883e4 f0505449  1.I..^H..H...PTI
 400450 c7c0c005 400048c7 c1500540 0048c7c7  ....@.H..P.@.H..
 400460 30054000 e8b7ffff fff46690 0f1f4000  0.@.......f...@.
 400470 b83f1060 0055482d 38106000 4883f80e  .?.`.UH-8.`.H...
 400480 4889e577 025dc3b8 00000000 4885c074  H..w.]......H..t
 400490 f45dbf38 106000ff e00f1f80 00000000  .].8.`..........
 4004a0 b8381060 0055482d 38106000 48c1f803  .8.`.UH-8.`.H...
 4004b0 4889e548 89c248c1 ea3f4801 d048d1f8  H..H..H..?H..H..
 4004c0 75025dc3 ba000000 004885d2 74f45d48  u.]......H..t.]H
 4004d0 89c6bf38 106000ff e20f1f80 00000000  ...8.`..........
 4004e0 803d4d0b 20000075 11554889 e5e87eff  .=M. ..u.UH...~.
 4004f0 ffff5dc6 053a0b20 0001f3c3 0f1f4000  ..]..:. ......@.
 400500 48833d18 09200000 741eb800 00000048  H.=.. ..t......H
 400510 85c07414 55bf200e 60004889 e5ffd05d  ..t.U. .`.H....]
 400520 e97bffff ff0f1f00 e973ffff ff0f1f00  .{.......s......
 400530 554889e5 bfe00540 00b80000 0000e8cd  UH.....@........
 400540 feffff5d c3662e0f 1f840000 00000090  ...].f..........
 400550 41574189 ff415649 89f64155 4989d541  AWA..AVI..AUI..A
 400560 544c8d25 a8082000 55488d2d a8082000  TL.%.. .UH.-.. .
 400570 534c29e5 31db48c1 fd034883 ec08e85d  SL).1.H...H....]
 400580 feffff48 85ed741e 0f1f8400 00000000  ...H..t.........
 400590 4c89ea4c 89f64489 ff41ff14 dc4883c3  L..L..D..A...H..
 4005a0 014839eb 75ea4883 c4085b5d 415c415d  .H9.u.H...[]A\A]
 4005b0 415e415f c366662e 0f1f8400 00000000  A^A_.ff.........
 4005c0 f3c36690                             ..f.            
Contents of section .fini:
 4005c4 4883ec08 4883c408 c3                 H...H....       
Contents of section .rodata:
 4005d0 01000200 00000000 00000000 00000000  ................
 4005e0 48656c6c 6f20576f 726c6421 0a00      Hello World!..  
Contents of section .eh_frame_hdr:
 4005f0 011b033b 34000000 05000000 10feffff  ...;4...........
 400600 80000000 50feffff 50000000 40ffffff  ....P...P...@...
 400610 a8000000 60ffffff c8000000 d0ffffff  ....`...........
 400620 10010000                             ....            
Contents of section .eh_frame:
 400628 14000000 00000000 017a5200 01781001  .........zR..x..
 400638 1b0c0708 90010710 14000000 1c000000  ................
 400648 f8fdffff 2a000000 00000000 00000000  ....*...........
 400658 14000000 00000000 017a5200 01781001  .........zR..x..
 400668 1b0c0708 90010000 24000000 1c000000  ........$.......
 400678 88fdffff 40000000 000e1046 0e184a0f  ....@......F..J.
 400688 0b770880 003f1a3b 2a332422 00000000  .w...?.;*3$"....
 400698 1c000000 44000000 90feffff 15000000  ....D...........
 4006a8 00410e10 8602430d 06500c07 08000000  .A....C..P......
 4006b8 44000000 64000000 90feffff 65000000  D...d.......e...
 4006c8 00420e10 8f02450e 188e0345 0e208d04  .B....E....E. ..
 4006d8 450e288c 05480e30 8606480e 3883074d  E.(..H.0..H.8..M
 4006e8 0e406c0e 38410e30 410e2842 0e20420e  .@l.8A.0A.(B. B.
 4006f8 18420e10 420e0800 14000000 ac000000  .B..B...........
 400708 b8feffff 02000000 00000000 00000000  ................
 400718 00000000                             ....            
Contents of section .init_array:
 600e10 00054000 00000000                    ..@.....        
Contents of section .fini_array:
 600e18 e0044000 00000000                    ..@.....        
Contents of section .jcr:
 600e20 00000000 00000000                    ........        
Contents of section .dynamic:
 600e28 01000000 00000000 01000000 00000000  ................
 600e38 0c000000 00000000 e0034000 00000000  ..........@.....
 600e48 0d000000 00000000 c4054000 00000000  ..........@.....
 600e58 19000000 00000000 100e6000 00000000  ..........`.....
 600e68 1b000000 00000000 08000000 00000000  ................
 600e78 1a000000 00000000 180e6000 00000000  ..........`.....
 600e88 1c000000 00000000 08000000 00000000  ................
 600e98 f5feff6f 00000000 98024000 00000000  ...o......@.....
 600ea8 05000000 00000000 18034000 00000000  ..........@.....
 600eb8 06000000 00000000 b8024000 00000000  ..........@.....
 600ec8 0a000000 00000000 3f000000 00000000  ........?.......
 600ed8 0b000000 00000000 18000000 00000000  ................
 600ee8 15000000 00000000 00000000 00000000  ................
 600ef8 03000000 00000000 00106000 00000000  ..........`.....
 600f08 02000000 00000000 48000000 00000000  ........H.......
 600f18 14000000 00000000 07000000 00000000  ................
 600f28 17000000 00000000 98034000 00000000  ..........@.....
 600f38 07000000 00000000 80034000 00000000  ..........@.....
 600f48 08000000 00000000 18000000 00000000  ................
 600f58 09000000 00000000 18000000 00000000  ................
 600f68 feffff6f 00000000 60034000 00000000  ...o....`.@.....
 600f78 ffffff6f 00000000 01000000 00000000  ...o............
 600f88 f0ffff6f 00000000 58034000 00000000  ...o....X.@.....
 600f98 00000000 00000000 00000000 00000000  ................
 600fa8 00000000 00000000 00000000 00000000  ................
 600fb8 00000000 00000000 00000000 00000000  ................
 600fc8 00000000 00000000 00000000 00000000  ................
 600fd8 00000000 00000000 00000000 00000000  ................
 600fe8 00000000 00000000 00000000 00000000  ................
Contents of section .got:
 600ff8 00000000 00000000                    ........        
Contents of section .got.plt:
 601000 280e6000 00000000 00000000 00000000  (.`.............
 601010 00000000 00000000 16044000 00000000  ..........@.....
 601020 26044000 00000000 36044000 00000000  &.@.....6.@.....
Contents of section .data:
 601030 00000000                             ....            
Contents of section .comment:
 0000 4743433a 2028474e 55292034 2e382e33  GCC: (GNU) 4.8.3
 0010 20323031 34303632 34202852 65642048   20140624 (Red H
 0020 61742034 2e382e33 2d312900           at 4.8.3-1).    
Contents of section .debug_aranges:
 0000 2c000000 02000000 00000800 00000000  ,...............
 0010 30054000 00000000 15000000 00000000  0.@.............
 0020 00000000 00000000 00000000 00000000  ................
Contents of section .debug_info:
 0000 8d000000 04000000 00000801 07000000  ................
 0010 01000000 00b30000 00300540 00000000  .........0.@....
 0020 00150000 00000000 00000000 00020807  ................
 0030 a1000000 0201087c 00000002 02075f00  .......|......_.
 0040 00000204 07a60000 00020106 7e000000  ............~...
 0050 02020572 00000003 0405696e 74000208  ...r......int...
 0060 058a0000 00020807 93000000 02010685  ................
 0070 00000004 9c000000 01035700 00003005  ..........W...0.
 0080 40000000 00001500 00000000 0000019c  @...............
 0090 00                                   .               
Contents of section .debug_abbrev:
 0000 01110125 0e130b03 0e1b0e11 01120710  ...%............
 0010 17000002 24000b0b 3e0b030e 00000324  ....$...>......$
 0020 000b0b3e 0b030800 00042e00 3f19030e  ...>........?...
 0030 3a0b3b0b 49131101 12074018 96421900  :.;.I.....@..B..
 0040 0000                                 ..              
Contents of section .debug_line:
 0000 36000000 02001d00 00000101 fb0e0d00  6...............
 0010 01010101 00000001 00000100 6c616232  ............lab2
 0020 2e630000 00000000 09023005 40000000  .c........0.@...
 0030 0000144b e5020200 0101               ...K......      
Contents of section .debug_str:
 0000 6c616232 2e630047 4e552043 20342e38  lab2.c.GNU C 4.8
 0010 2e332032 30313430 36323420 28526564  .3 20140624 (Red
 0020 20486174 20342e38 2e332d31 29202d6d   Hat 4.8.3-1) -m
 0030 74756e65 3d67656e 65726963 202d6d61  tune=generic -ma
 0040 7263683d 7838362d 3634202d 67202d4f  rch=x86-64 -g -O
 0050 30202d66 6e6f2d62 75696c74 696e0073  0 -fno-builtin.s
 0060 686f7274 20756e73 69676e65 6420696e  hort unsigned in
 0070 74007368 6f727420 696e7400 756e7369  t.short int.unsi
 0080 676e6564 20636861 72006c6f 6e672069  gned char.long i
 0090 6e740073 697a6574 79706500 6d61696e  nt.sizetype.main
 00a0 006c6f6e 6720756e 7369676e 65642069  .long unsigned i
 00b0 6e74002f 686f6d65 2f68756e 7465722f  nt./home/hunter/
 00c0 53504f36 303000                      SPO600.   
 ```

###Recompiling
After looking at the objdump data and trying to figure out what's going on, it's time to recompile with the added flag -static.

ls -l of the previous version:

-rwxr-xr-x 1 hunter wheel 9528 Sep 13 19:08 a.out
```

and after adding the static flag:

-rwxr-xr-x 1 hunter wheel 812521 Sep 16 20:10 a.out

We can quite clearly see that by compiling with the static call ends up in a much larger file. But why? Well, from what I can
understand, it’s because instead when we add static, it no longer links to the external library needed for the program (stdio for printf),
but instead has to statically embed that library into our program.

With that in mind, let’s compare a couple of the other sections. Due to the static linking, it makes looking through the various
objdump values a lot more bloated than without statically linking it. So I’ll try to only grab relevant comparison bits.

The Source

now looks like this: ``` 0000000000400e30 : #include int main() { 400e30: 55 push %rbp 400e31: 48 89 e5 mov %rsp,%rbp printf("Hello World!\n"); 400e34: bf 70 9a 48 00 mov $0x489a70,%edi 400e39: b8 00 00 00 00 mov $0x0,%eax 400e3e: e8 1d 0a 00 00 callq 401860 <_io_printf> } 400e43: 5d pop %rbp 400e44: c3 retq 400e45: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 400e4c: 00 00 00 400e4f: 90 nop ``` If you compare to the previous version...It's the same...Almost! The only difference that I can notice is that the call to '<printf@plt>' is replaced to the call '<_io_printf>'. ###Recompiling After looking at the objdump data and puzzling over it some more, it's time to recompile without the -fno-builtin. I kept the static flag though. ls -l of the new version: ``` -rwxr-xr-x 1 hunter wheel 812580 Sep 16 22:36 a.out ``` It's even bigger! Not by too much, but it's still bigger. ###The Source Why might this be? From what I gather, it's because instead of using built in system calls, it now uses GCC's optimized functions that do the same, but perhaps more efficiently. The current version of main looks like this: ``` 0000000000400e30 : #include int main() { 400e30: 55 push %rbp 400e31: 48 89 e5 mov %rsp,%rbp printf("Hello World!\n"); 400e34: bf b0 9b 48 00 mov $0x489bb0,%edi 400e39: e8 12 0a 00 00 callq 401850 <_io_puts> } 400e3e: 5d pop %rbp 400e3f: c3 retq ``` As you can see - it's three lines shorter and instead of calling IO_PRINT, it's not calling IO_PUTS! ###Recompiling After poking at the objdump data and getting a headache, it's time to recompile without the -g. I also left -fno-builtin though. I kept the static flag though. ls -l of the new version: ``` -rwxr-xr-x 1 hunter wheel 811580 Sep 16 22:47 a.out ``` It's smaller! But why on earth is that?! ###The Source The -g flag adds debugging information in the operating system’s native format. So it makes sense that by excluding that flag the file size is smaller. It would make sense to include this flag when developing, but not when producing a final product. ###Changing it up Alright, so now we need to add some arugments to the printf statement and see what's up. The source in our file is now: ``` #include int main() { printf("Hello World! %d, %d, %d, %d, %d, %d, %d, %d, %d, %d\n", 5, 10, 15, 20, 25, 30, 35, 40, 45, 50); } ``` This time I'm compiling with: 'gcc -g -O0 -fno-builtin lab2.c' ###The Source Our main now looks like this: ``` 0000000000400530 : #include int main() { 400530: 55 push %rbp 400531: 48 89 e5 mov %rsp,%rbp 400534: 48 83 ec 30 sub $0x30,%rsp printf("Hello World! %d, %d, %d, %d, %d, %d, %d, %d, %d, %d\n", 5, 10, 15, 20, 25, 30, 35, 40, 45, 50); 400538: c7 44 24 20 32 00 00 movl $0x32,0x20(%rsp) 40053f: 00 400540: c7 44 24 18 2d 00 00 movl $0x2d,0x18(%rsp) 400547: 00 400548: c7 44 24 10 28 00 00 movl $0x28,0x10(%rsp) 40054f: 00 400550: c7 44 24 08 23 00 00 movl $0x23,0x8(%rsp) 400557: 00 400558: c7 04 24 1e 00 00 00 movl $0x1e,(%rsp) 40055f: 41 b9 19 00 00 00 mov $0x19,%r9d 400565: 41 b8 14 00 00 00 mov $0x14,%r8d 40056b: b9 0f 00 00 00 mov $0xf,%ecx 400570: ba 0a 00 00 00 mov $0xa,%edx 400575: be 05 00 00 00 mov $0x5,%esi 40057a: bf 20 06 40 00 mov $0x400620,%edi 40057f: b8 00 00 00 00 mov $0x0,%eax 400584: e8 87 fe ff ff callq 400410 <printf@plt> } 400589: c9 leaveq 40058a: c3 retq 40058b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) ``` compare this to the original: ``` 0000000000400530 : #include int main() { 400530: 55 push %rbp 400531: 48 89 e5 mov %rsp,%rbp printf("Hello World!\n"); 400534: bf e0 05 40 00 mov $0x4005e0,%edi 400539: b8 00 00 00 00 mov $0x0,%eax 40053e: e8 cd fe ff ff callq 400410 <printf@plt> } 400543: 5d pop %rbp 400544: c3 retq 400545: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 40054c: 00 00 00 40054f: 90 nop ``` And we'll notice an extra 10 move commands occuring; funnily enough we have 10 variables in our printf. ###Switching it up - Again! So now, I'm moving the print to a new function and calling that function from main. ``` #include int main() { saythething(); } void saythething(){ printf("Hello World! %d, %d, %d, %d, %d, %d, %d, %d, %d, %d\n", 5, 10, 15, 20, 25, 30, 35, 40, 45, 50); } ``` I compiled with the same command as last time: I did get some warnings, but I'm ignoring them. ###The source Now along with the section we should take note of the section. 0000000000400530 : #include ``` int main() { 400530: 55 push %rbp 400531: 48 89 e5 mov %rsp,%rbp saythething(); 400534: b8 00 00 00 00 mov $0x0,%eax 400539: e8 02 00 00 00 callq 400540 } 40053e: 5d pop %rbp 40053f: c3 retq 0000000000400540 : void saythething(){ 400540: 55 push %rbp 400541: 48 89 e5 mov %rsp,%rbp 400544: 48 83 ec 30 sub $0x30,%rsp printf("Hello World! %d, %d, %d, %d, %d, %d, %d, %d, %d, %d\n", 5, 10, 15, 20, 25, 30, 35, 40, 45, 50); 400548: c7 44 24 20 32 00 00 movl $0x32,0x20(%rsp) 40054f: 00 400550: c7 44 24 18 2d 00 00 movl $0x2d,0x18(%rsp) 400557: 00 400558: c7 44 24 10 28 00 00 movl $0x28,0x10(%rsp) 40055f: 00 400560: c7 44 24 08 23 00 00 movl $0x23,0x8(%rsp) 400567: 00 400568: c7 04 24 1e 00 00 00 movl $0x1e,(%rsp) 40056f: 41 b9 19 00 00 00 mov $0x19,%r9d 400575: 41 b8 14 00 00 00 mov $0x14,%r8d 40057b: b9 0f 00 00 00 mov $0xf,%ecx 400580: ba 0a 00 00 00 mov $0xa,%edx 400585: be 05 00 00 00 mov $0x5,%esi 40058a: bf 30 06 40 00 mov $0x400630,%edi 40058f: b8 00 00 00 00 mov $0x0,%eax 400594: e8 77 fe ff ff callq 400410 <printf@plt> } 400599: c9 leaveq 40059a: c3 retq 40059b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) ``` We can see that in the main section, we now have a call command to the saythething section and the saythething section looks mostly like our old main. And that makes sense. ###One Final Change So for our final thing, we're going to remove the optimizing flag -O0 and add -O3 to the gcc options. I'll keep the code the same. ``` [hunter@li62-155 SPO600]$ gcc -g -O3 -fno-builtin lab2.c ``` ###The Source - ONE LAST TIME Things are in a different order this time! Previously, the main and saythething section were in order. This time, the main section is at the top and looks like: ``` 0000000000400440 : #include int main() { saythething(); 400440: 31 c0 xor %eax,%eax 400442: e9 f9 00 00 00 jmpq 400540 400447: 90 ``` and a bit further down, the saythething section ``` void saythething(){ 400540: 48 83 ec 38 sub $0x38,%rsp printf("Hello World! %d, %d, %d, %d, %d, %d, %d, %d, %d, %d\n", 5, 10, 15, 20, 25, 30, 35, 40, 45, 50); 400544: 41 b9 19 00 00 00 mov $0x19,%r9d 40054a: 41 b8 14 00 00 00 mov $0x14,%r8d 400550: c7 44 24 20 32 00 00 movl $0x32,0x20(%rsp) 400557: 00 400558: c7 44 24 18 2d 00 00 movl $0x2d,0x18(%rsp) 40055f: 00 400560: b9 0f 00 00 00 mov $0xf,%ecx 400565: c7 44 24 10 28 00 00 movl $0x28,0x10(%rsp) 40056c: 00 40056d: c7 44 24 08 23 00 00 movl $0x23,0x8(%rsp) 400574: 00 400575: ba 0a 00 00 00 mov $0xa,%edx 40057a: c7 04 24 1e 00 00 00 movl $0x1e,(%rsp) 400581: be 05 00 00 00 mov $0x5,%esi 400586: bf 30 06 40 00 mov $0x400630,%edi 40058b: 31 c0 xor %eax,%eax 40058d: e8 7e fe ff ff callq 400410 <printf@plt> } 400592: 48 83 c4 38 add $0x38,%rsp 400596: c3 retq 400597: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1) 40059e: 00 00 ``` These look different compared to the previous versions. This version has xor instead of push and jmpq instead of mov. There's also no 'pop' or 'leaveq' commands. While, I certainly don't pretend to understand everything that was shown here - this step by step walk through of compiled output has begun the process to comprehending the bananas world of assembler! Until Next time -Hunter

September 11, 2014 12:00 AM

Open Source Community Research

Open Source Community Research

Written by Hunter Jansen on September 10, 2014

This semester at Seneca I’m enrolled in SPO600, and the first lab
assignment is to research two different open source communities with different licenses and review their practices and procedures
for discussing/accepting new code. This blog post covers those findings.

After a quick romp around, I decided to chose Docker and Exercism.io.

Both of these projects can be found on github!

github

Docker

What is it?

From their website - Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. Consisting of
Docker Engine, a portable, lightweight runtime and packaging tool, and Docker Hub, a cloud service for sharing applications
and automating workflows, Docker enables apps to be quickly assembled from components and eliminates the friction between
development, QA, and production environments. As a result, IT can ship faster and run the same app, unchanged, on laptops,
data center VMs, and any cloud.

Docker is a well established project that has nearly 600 contributors, nearly 3000 forks, 75 releases and 10.5 thousand commits and is used by some large companies, as well
as individual developers as an alternative to workflows involving vagrant and virtualbox and the such.

docker

Licensing

Docker is licensed under the Apache License, Version 2.0

Community and Practices

Docker’s actually taken the liberty of writing up a rather descriptive series of processes you can follow for various forms of contribution.
You can find this doc on their github repo here. They use two main
forms of communication: Their mailing list for the discussion of
development plans and announcements, and using github issues to discuss and propose significant changes.

The contribution doc also outlines all the steps that are required for merge approval, patch conventions, code formatting, etc.

A Successful Patch

I decided to follow a patch from it’s proposal stage here all the way through to its patched
implemenation here. I’ve looked through their mailing list, expecting to see a corresponding
conversation, but found none. This proposal itself has 50 people commenting on, however - looking through their other issues this is
outside the norm, and most issues range from 1-5 comments on them.

This particular proposal starts off with a suggestion for a feature, has some recommendations for additional functionality on that
feature, discussion of not only the original proposal but also the added on suggestions. Some discussion and questions on how
it would be implemented and how the community would prefer syntax/params to be defined. The original proposer is very active in the
conversation. Approximately two weeks after the original proposal and discussion a pull request from the original author is merged in
with starter code, requests for code review and people to help test.

As stated in their contribution guide, after a code maintainer uses LGTM (looks good to me) - the patch is merged into the release

Exercism.io

What is it?

From their website - Application to support working through sequential programming problems, with crowd-sourced code reviews.

Exercism isn’t as well established as Docker, but has 200 contributors, 2 releases and 4020 commits

Exercism

Licensing

Exercism is licensed under the GNU Affero General Public License

Community and Practices

Exercism has also written up a contributing guide which can be found on their github repo here.
Pretty much all of their conversations happen on the issues pages for their github project. If a contributor is hoping to begin
work on a new language (as the project is essentially a code review platform), they need to email the main contributor to have the branch
created.

They follow github code formatting guidelines as well as a self written code of conduct. As well specific rules for successfully
working on a new language track.

A Successful Patch

For Exercism I followed a merge request for a new feature here.
Looking at the messaging for this patch is fun, it involves a new contributor and an accidental merge! The new contributor is
helped out by a maintainer on the project, given tips on how best to submit their contribution. The patch is all but accepted, but then
there’s then a conversation regarding which CDN should be used if any, and which ruby gems to use. After some discussion
and guidance, the merge request is accidentally merged into master. After some more discussion, the merge is reverted and
ultimately the patch itself is put on the back burner until the project maintainer wants to put more time into it.

The whole mess is about 30 comments deep and is only contributed by three different parties.

So while it’s not exactly, SUCCESSFUL, it DID get merged into master!

That’s it!

bye
Until Next time
-Hunter

September 11, 2014 12:00 AM

September 10, 2014


Dylan Segna

Investigating Cordova Plugins

Cordova uses plugins to allow applications access to native functionality from a Javascript environment.

For example, the following is the plugin for using a phone’s camera :

https://git-wip-us.apache.org/repos/asf?p=cordova-plugin-camera.git;a=tree;f=src;h=443a414ab9e320109fd16abbf7428e788209b1a3;hb=HEAD

Each operating system has it’s own version of the plugin written in it’s native code.

These plugins are managed by a plugin manager within Cordova, written in native code. This is the Android version :

https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/PluginManager.java

After executing a plugin, a PluginResult will be returned to the applications webview.
(https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/PluginResult.java)
This result is then converted into a JSONObject so that it can be used in the Javascript environment.


by Dylan Segna at September 10, 2014 06:15 PM


Brendan Donald Henderson

The blog is LIVE!

Hello everyone and welcome,

I hope to use this blog as a portal to delve into a community that has been quite challenging to find thus far. I hope to learn from and contribute to this community.

This blog will cover: posts that pertain to SPO600, disassembly and system-level reverse engineering(only Windows 32-bit PE binaries for now, hopefully ELF and 64-bit version within the near future), C\C++ programming concepts as they relate to my work, and A LOT of security related information.

I will be focusing mainly on security, specifically on Windows XP and later. This is what the vast majority of my research and learning is focused on.

I hope that everyone has a chance to learn and a chance to teach me something.

Ipsa Scientia Potestas Est ~ Knowledge itself is power


by paraCr4ck at September 10, 2014 05:01 PM


Gary Deng

Introduction to Redis

Recently, NoSQL databases are increasingly used in big data and real-time web applications. There have been various approaches to classify NoSQL databases, and Redis is one of them. It is an open source, BSD licensed, advanced key-value cache and store. Redis is often referred to as a data structure server as keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs. Most of the Redis source code was written and is copyrighted by Salvatore Sanfilippo and Pieter Noordhuis. Version 2.8.14 is current stable release. Project is available on GitHub: https://github.com/antirez/redis.

In my OSD600 class case study project, I will do more research on Redis project. In addition, I am going to start with the Filer project, and try to fix issue #227 as my 0.1 release for the class project.


by garybbb at September 10, 2014 03:11 AM


Hunter Jansen

Socket To Me

Socket To Me

Written by Hunter Jansen on September 10, 2014

After this past year’s AndroidTO conference, I decided it would be fun to experiment with node and sockets. I had
thought of some ways that we could make use of sockets if we ever decided to make the switch to a node backend for our
API. The super simple, and little app ‘Socket To Me’ was the result.

I’d actually created this a little while ago using the popular socketing engine socket.io, but was having extreme difficulty
in hosting it in the route that I wanted to in conjuction with the ghost blog I had been hosting on my server. As a result,
I got frustrated and practically gave up on it. However, with the recent re-mergence of my blogging experiment on github
pages, I wiped my ghost blog from existence, freeing up whatever conflicts that was causing.

That said, I’m still not an expert on nginx and still haven’t managed to get exactly the correct configuration set up for that
(if anyone happens to want to offer any expertise they might have, then by all means, please). So without further ado, might
I introduce:

SocketToMe

Found at

www.calmlycoding.com/sockettome

Why Make This?

There’s an aspect of our application in which users can update certain fields and the updates should instantly be visible
to anyone else who has those fields on their page. Our current solution is to poll the server every 15 seconds or so for
changes and update the ui accordingly. Sockets would eliminate that delay and allow for instantaneous updates - which could
be a boon for us down the road. So, I decided to experiment with a super small use case with a bunch of items with a pair of options.
This is essentially our use case but taken down to a very small amount.

Difficulties

Just the initial learning curve of how socket.io actually works and getting the first event firing and triggering listeners. It’s
essentially a case of once you’ve figured it out once, it’s pretty easy to go from there and do whatever you need to do and experiment with.
Of course, in order to test it across multiple devices, it’d be good to have it running on a network so that you can test outside
of just separate browsers.

Basics

So socket.io is essentially built on broadcasters and listeners. Your server or client emits a message, and anything that’s listening
reacts to that message accordingly.

Setting up the server to listen for new connections is simple. You start off on the server with:

var io = require('socket.io').listen(server);

and on the client:

var socket = io.connect('http://calmlycoding.com:9876');

And blamo, you’ve got an open connection between your clients and server with both ready to emit or listen for messages!

From there, you can go on to define what happens for different messages. So for instance, when a client connects to the
server initially, a default ‘connection’ message is sent - so normally you’d want to handle that message with some logic.
Listening for these messages is dead simple, and the code’s the same on both the server and the client (because JavaScript).
So to get your initial connection listener set up you can start with:

io.sockets.on('connection', function (socket) {
    //emits and listeners go here
});

And then from there you can listen or emit whatever. So if you wanted to listen for a ‘Whatever’ message, inside that code
block you just say:

 socket.on('buttonPressed', function (data) {
    //Logic to do whatever you need to with data
 });

As you can see, each listener’s callback function includes a data value, this is passed in as a value when sending out the message.
so if I did the following on a client or server:

    io.sockets.emit('userUpdate', {userCount: activeUsers});

I’d catch this and access the userCount member of the object passed like this:

socket.on('userUpdate', function(data){
   $('#userCount').text(data.userCount);
});

Of course there’s some more to it than that, but those are the basics. From there you can do all SORTS of things. I’ll definitely
be experimenting more with it as time goes on, as it’s a pretty nifty functionality, and not hard to get going at all.

I’ve made the source available on github, so check it out and experiment for yourself!

Feel free to fire any questions or comments at me.

Until Next time
-Hunter

September 10, 2014 12:00 AM

September 09, 2014


Gideon Thomas

Software Licenses and how we as contributors are screwed

It is well known that proprietary licenses offered by companies such as Apple, Microsoft, etc. are designed in such a way that we can’t see how the magic behind the scenes happens (how iOS works, how Visual Studio is able to make code appear out of no where…). Moreover, not only can we not see code, a lot of the time, we cannot even copy the software  or make backups of it.

As a software developer all I can say is…

while they’re like…

So now to get into it…

If you would like to read the actual license (more than 300 pages) and draw your own conclusions, here is the link to the iOS7 license which is what my focus is on: iOS7 license

But here are the cliff notes:

  1. It is >300 pages long (granted in different languages 10 in English). No one in their right mind would want to read that much boring (albeit relevant and important) information before using software. In fact, several companies use this attribute to hide dangerous terms and conditions because they know that you won’t read them. Sneaky eh?
  2. It specifically states that you cannot, and I quote :

    “copy (except as expressly permitted by this License), decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the iOS Software or any services provided by the iOS Software or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law or by licensing terms governing use of open-source components that may be included with the iOS Software).”

    This basically means that I can only use iOS but not modify or even see how it works. As a developer and student that basically cuts me off from everything. Consequently, if I want to use a part of iOS code, not only can I not access it, even if I can, I cannot use it in anything.

  3. You cannot sublicense the iOS license nor can you re-sell iOS. This ties in to the above point since you cannot access their code. You cannot put iOS under another license, compatible or not. This also implies the obvious – that you cannot modify their license terms.

But there is hope…ok I admit, the title is misleading. We aren’t totally screwed. We can always depend on something more permissive (and there are several such licenses). So here are the ways the BSD 3-clause license comes to our rescue:

  1. It is barely half a page long. Soooo much easier to read and understand. As a programmer, I am willing to read 3 short clauses.
  2. The genius in this license lies in its ambiguity. It does not explicitly specify anything about whether or not we can copy/modify software under this license. However, it says that redistributions (with or without modifications) must include this license in it, which implies that redistributions can occur which implicitly means that copying/modifying, etc. can be done.
  3. Once again, ambiguity is useful. Nothing is mentioned about sublicensing. Simply put, this means that you can sublicense with compatible licenses.

So there it is…we aren’t screwed after all. But it is clear that as a new open-source developer, which license I will prefer…


by Gideon Thomas at September 09, 2014 04:37 PM


Fadi Tawfig

Closed and Open Source Licenses

As an introduction to the idea of open source I’ve been tasked with reading and commenting on both a proprietary license and an open source one. This exercise proved to be quite an enlightening one since, although I’ve probably agreed to hundreds of software licenses in my life, I’ve never actually taken the time to read any of them (shocking, I know).

Along with getting a better idea of the types of licenses I’ve been agreeing to all these years I also feel that I now have a better understanding of the concept of open source. As a student of software development I’ve obviously come across the term dozens of times. Although I had previously felt that I had a fairly solid grasp of what open source means, It does further improve my understanding of open source to read through the precise legal definitions of what makes a piece of software open.

First an example of a “closed source” license. The license agreement to Microsoft’s Windows 8 operating system. A ten page document from Microsoft detailing what you can and can’t do with their operating system. The first two pages are more of a plain English summary of what restrictions you’re agreeing to by using the software. The following seven pages further detail the these restrictions in dense legal language to ensure there is absolutely no ambiguity in the terms (e.g. what constitutes a computer). The last page contains warranty information.

The pdf document can be downloaded for your own perusal here: http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/UseTerms/Default.aspx

Some things I found notable while reading this license agreement.

Copies and Backups

You can make a single copy of the operating system for backup purposes and no others. If you have multiple computers, you’ll need to purchase a separate license for each one if you’d like to run Windows on them concurrently. You may transfer the software to another computer or even another person, but only provided you remove the copy on the prior computer.

I feel that this is all very straightforward and most reasonable people should expect these types of restrictions with any piece of paid software.

Activation

Here’s something I never knew. Apparently the first time your copy of Windows is connected to the internet, it will “phone home” and activate the software to verify that the copy of Windows that you’re running is indeed genuine. Although I’ve seen and heard of other types of software which employ similar anti-piracy measures, I wasn’t aware that operating systems did the same.

Although this is new information to me, I don’t exactly find it surprising. However, what I read next did give some pause.

Your Personal Information

This is probably what stuck out most to me in this agreement.

Does the software collect my personal information? If you connect your computer to the Internet,
some features of the software may connect to Microsoft or service provider computer systems to send or
receive information, including personal information. You may not always receive a separate notice when
they connect. If you choose to use any of these features, you agree to send or receive this information
when using that feature. Many of these features can be switched off or you can choose not to use them.”

So by using specific features of the OS, Microsoft is collecting your personal information AND they will not necessarily notify you when this happens.  They say that many (not all) of these features can be turned off, but nowhere do I see listed what these features actually are.

If you found it slightly unnerving that by using Windows 8 you are giving Microsoft permission to collect personal information about you, you might be even more surprised to find out that they also have permission to share said information with others.

How do we use your information? Microsoft uses the information it collects through the software
features to upgrade or fix the software and otherwise improve our products and services. In certain
circumstances, we also share it with others. For example, we share error reports with relevant hardware
and software vendors, so that they can use the information to improve how their products run with
Microsoft products. You agree that we may use and disclose the information as described in our Privacy
Statement, at go.microsoft.com/fwlink/?linkid=190175.

 

I find this all a bit surprising since I’ve always thought of my operating system to be a relatively private computing environment. I suppose that this was a somewhat naive  assumption given modern society’s rapidly decreasing emphasis on privacy.

Moving on to open source, I decided to read the famous GNU General Public License which I’ve heard so much about. Although this is apparently a third revision of the license.

The license is readable in full here: http://opensource.org/licenses/GPL-3.0

Some thoughts:

Preamble

The license opens with an introduction to the philosophy of open and free software and makes sure to explain to users why this license is different from traditional software licenses. This is perhaps necessary due to the somewhat confusing nature of open source to a newcomer. Continuing in the vein of explaining open software to readers, the document is sure to point that by “free” they are referring to the freedom to use and edit the software in any way you wish and not that the software is necessarily free of charge to users. Although this previous point is brought up a lot when discussing open source, I think that it’s an important distinction to make since many people misunderstand open source as simply meaning that the software is free to download.

Patents

The GPL claims that it’s designed so that “patents cannot be used to render the program non-free.” It’s clear that the people at the Free Software Foundation are inherently against the idea of patenting software. After hearing of the constant legal battles waged by companies such as Apple and Samsung over such trivial software functions as “swipe to unlock” It’s easy to see why.

In an industry such as software development, where often times there is a mathematically provable best solution to a problem, it makes no sense that the first person to come up with that solution should be the only one to reap the benefits, while the rest of the world suffers with sub-par attempts to emulate that solution. I feel that this also brings into question the ethics of patenting in other industries as well but that’s a much broader topic that would require its own post.

Licensing

Applying the GNU GPL to your program is as easy as including the following text in each source file:

    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

Closing this up I’m starting to realize how much I’ve just written. I apologize for the rambling nature of this post will aim more towards brevity in future.  If anyone actually reads all this I thank you and commend your patience, but if not at least I enjoyed writing it.

- Fadi Tawfig


by ftawfig at September 09, 2014 03:25 AM


Haiyu Qiao

License for Filer

Filer is a POSIX-like file system interface for node.js and browser-based JavaScript.
*POSIX: Portable Operating System Interface

The Filer's License is a BSD 2-Clause License:

Copyright (c) 2013, Alan Kligman
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

by Calla Qiao (noreply@blogger.com) at September 09, 2014 02:35 AM


Stanley Moote

A Tale of Two EULAs

Looking at two types of EULA:

  • Closed license/EULA
  • Open license/EULA

Skype’s EULA

This was the first EULA I clicked on and it sure turned out longer than I had expected. What struck me first after the size of my scrollbar was the first thing i actually read when i dove into it “NO ACCESS TO EMERGENCY SERVICES”. I use skype all the time and I had never even thought about using it as an emergency line. Skype clearly does not want to be held responsible for any dropped calls leading to death or dismemberment and this is one way to weed these types of scenarios out. Later on in the document we will learn that in enabled countries you can indeed use skype to have “limited emergency calling functionality”.

I continued to grind through the large web page on my subway ride to work, simple things such as number changes, definitions of free product, changes etc went by until the next interesting caught my eye.

“Quality”. Skype doesn’t guarantee any sort of quality with their products. Early in the document they state that they may not even make Skype to work on any platform they currently support and now they say they don’t support the quality. This document is a support person’s dream, they never said anything would work properly ever, you are lucky it is even working at all. And to be fair we are lucky that this free program lets us chat with people throughout the world! 

The last thing that struck me was that skype credit becomes inactive and actually expires in japan!! That’s right “f you are located in Japan and you buy Skype Credit from the Skype Website…your Skype Credit shall expire 6 months from the date of purchase.” That seems crazy to me, you purchased something from them and it just disappears if you don’t use it for half a year! I can understand it becoming inactive so that it can be removed from some master table but just deleting it forever seems wrong. Millions of people never pay a cent for Skype and the paying customers get dinged.

Next up I decided to read the…

Apache EULA

The first thing that hit me was how tiny this EULA was! How refreshing after slogging through that entire Skype EULA. I couldn’t believe that the open source one would be shorter than the closed source EULA, especially since Apache lets you do more powerful things like hosting a website for everyone to see.

In the Apache EULA the first thing they do is slog you with a bunch of Definitions. These will dictate exactly what they mean every time they are used in the document. After reading through all of them it really did seem like a good idea from a legal standpoint, you can avoid any vagueness or even create vagueness if you so desire it with these definitions. 

I also found the last section of the Apache EULA interesting. Accepting Warranty or Additional Liability, this section was all about making money off of Apache through different means. It is great to see that they let and even support you making money off of their free open source project. It really is amazing to see that people will work on something and just give it away for free so that others can enjoy, alter and even profit from their hard work.

Reading these EULAs has been interesting, I won’t say that it’s something I would like to do again in the future, but it has given me a new respect for the legal team behind every piece of software.

Bonus: I also learned a new word while reading these EULAS

in·dem·ni·fy
inˈdemnəˌfī/
verb
 
  1. compensate (someone) for harm or loss.
    “the amount of insurance that may be carried to indemnify the owner in the event of a loss”
    • secure (someone) against legal responsibility for their actions.
      “the newspaper could not be forced to indemnify the city for personal-injury liability”

by golddiggity at September 09, 2014 02:19 AM


Kieran Sedgwick

[OSD600] Software licensing in open & closed-source development

I’m happy to be a part of David Humphrey‘s Open Source class at Seneca College this fall, for a number of reasons. Dave’s knowledge and contributions to the open-source community, as well as the college, make his influence valuable. This post itself is a good example of what I’m mean, since I doubt I would have looked twice at software licensing if not for it’s requirement in his class.

And I’m glad I did.

…except on full moons. Or, read the fine print!

This could take a while.

Without exception, the proprietary licenses I examined showed a collective insistence on restricting the user’s actions. You could install the software, but never claim to own it. You could use it, but never modify (or even read) it’s source code. In Microsoft’s case, a pre-installed version of Word could never be transferred to another machine! The license even goes so far as to specify how you could transfer your license to someone else: By selling the machine it’s installed on.

This restriction even explicitly includes forbidding virtualized copies of the software, or running 32-bit and 64-bit versions simultaneously. Rather unsettling.

This trend of restriction really showed itself in Apple’s characteristically meticulous manner, when their EULA states usage conditions on all aspects of their OS, even down to sections on the very fonts and sounds. As Microsoft’s EULA put it:

We do not sell our software or your copy of it – we only license it.

The other clear trend in proprietary licenses was a limitation of liability. Skype’s license was similar in it’s insistence that the user is being granted the privilege to use certain functionality in a prescribed manner, but took it further by stating something I had to do a double take on:

In order to use the Software and the Products you will need an Internet broadband connection. You are responsible for providing all equipment required to access the Internet or enable communications such as headsets, microphones and webcams.

It was baked in! Restrictions, rules and conditions are the game of proprietary software licensing.

Just please don’t hurt anyone! Or, do good and don’t be greedy

There is a divide between open and free software. The “Free” software license (GNU) was aptly described in class as a virus. Any software using even a portion of software written under this license immediately adopts the license for its entire codebase. This means that you can’t use any GNU-licensed code without giving up your proprietary rights to whatever you’re working on.

Personally, this doesn’t sit well with me. I’m a little too young to have been in the heat of this particular war, so I can see the utility in charging for a comprehensive product that works as advertised. We also have examples, such as those discussed in class, of companies using open-source software to improve their own products while giving back to the community. “Free” software seems to take it to an extreme, which inevitably becomes absurd at some point.

Open software on the other hand, open software is flexible. As exemplified in the MIT license, the only hard restriction tends to be that copyright and license notices must accompany the source and binary versions of the software. All this means is that no one is allowed to forbid anyone else from using open code in a way they themselves were allowed to. This system I like.

Of note is the Mozilla public license, which in contrast to the MIT license has provisions for patent law. In my opinion, this makes it the best of the open licenses I reviewed (though it isn’t the only license to offer this protection. I suppose I also like Mozilla).

The shadow cannot exist but for the light

I like how open licenses allow for a combination approach, which seems right to me. Want to put serious money into developing a specialized software product? Want to leverage open solutions to pre-existing problems that stand in your way? Want to get rich off of it? You can do this.

Or you can be a purist in either direction. But I like the balanced approach.


by ksedgwick at September 09, 2014 01:13 AM


Andrew Li

Exploring closed and Open Source licenses

For our first DPS909 blog post we were asked to analyze one closed and one open source license. I chose to analyze the Apache license and Apple TV EULA. Choosing a license when starting a project is important because it sets a framework for communicating to others what can or cannot be done.

Open Source - Apache License, Version 2.0

I decided to explore the Apache license after learning in class that it has been gaining popularity due its “Grant of Patent” feature.

3 - Grant of Patent License.

Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

What’s interesting is, from my understanding, if a “Contributor” includes code that infringes its own patent claim then the “Contributor” must not sue anyone for infringement otherwise they shall lose the right to use the work for the license in question. It also grants a patent license to use the code that is part of a “Contributor’s” patent claim without having to be charged or be required to pay royalties.

The rest of the license is similar to other open source licenses. Provided that the copyright, notice, license and statement of change are included then the Apache license grants copying, modifying, distributing and sub-licensing. It does not allow permission to use trademark names or product names of the licensor. Lastly, contributors cannot be held liable for any damages.

Closed - Apple TV EULA

What strikes me about this EULA is the fact that the software and everything that comes included in the box is not sold to the user but only licensed to them.

1 - General.

A. The software (including Boot ROM code and other embedded software), documentation, interfaces, content, fonts and any data that came with your Apple TV, whether on disk, in read only memory, on any other media or in any other form (collectively the “Apple Software”) are licensed, not sold, to you by Apple Inc. (“Apple”) for use only under the terms of this License. Apple and/or Apple’s licensor(s) retain ownership of the Apple Software itself and reserve all rights not expressly granted to you.

Meaning, if you thought you own the Apple TV you bought then think again because technically Apple owns it. The user is merely given permission to use the product according to the agreement by the license.

are collected in a form that does not personally identify you

I like the fact that Apple gives the user the ability to choose to enable or disable sending information upstream. It is also encouraging to know that any information collected will not be personally identifiable.

September 09, 2014 12:00 AM

September 08, 2014


Haiyu Qiao

Skype Terms of use VS. BSD 2-Clause License

BSD licenses are a family of free software licence with minimal requirements about how the software can be redistributed. There are two variants of BSD license which include BSD 3-Clause "New" or "Revised" License (BSD-3-Clause) and BSD 2-Clause "Simplified" or "FreeBSD" License (BSD-2-Clause) listed on the page http://opensource.org/licenses/alphabetical.

The 2-Clause License must met the following two conditions:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

The Skype Terms of Use is the agreement between user and Skype. In order to download or use Skype, user must first accept the agreement.
Compare with BSD license, the first thing strikes me is the “Acceptance of The Terms” of Skype EULA.

2.2 You cannot accept these Terms if: (a) you are not lawfully entitled to use the Software, Products and/or Skype Websites in the country in which you are located or reside or (b) if you are not of legal age to form a binding agreement with Skype.

Only adults are allowed to accept the Skype EULA, and could be granted permission to download and use Skype.

Secondly, the “Changes To The Terms” of Skype license is not fair for users.

3.1 Skype may make changes to these Terms from time to time. Skype will publish the changes at www.skype.com/go/tou. Changes to the fair usage policies and/or Additional Terms will be posted on the applicable Skype Website. The changes will be effective when published. Please review the Terms on a regular basis. You understand and agree that your express acceptance of the Terms or your use of the Software, Products and/or Skype Websites after the date of publication shall constitute your agreement to the updated Terms. If you do not agree with the amended Terms, you may terminate your relationship with Skype in accordance with paragraph 11 below.

As a Skype user, you must review the changes of terms on a regular basis. Otherwise, you might infringe one of Skype’s rights. Finally, I am worried about the products licensed under BSD. Basically, BSD allows you to do anything with the products without any warranty and liability because the License tells us that:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

That could be a disaster for the open source community. User should choose and use the BSD software wisely and carefully.

by Calla Qiao (noreply@blogger.com) at September 08, 2014 07:18 PM


Yoav Gurevich

Apache vs. Apple Licenses

While I do come from a bit of experience with open-source contributing, the licenses that mine or other peoples' code are wrapped in was never a real big concern of mine. I sort of cruised along with the vague understanding that open source is meant to be free and reusable by all in order to achieve a global sense of community and progress. It's quite eye-opening to read and discuss the various flavors and takes that some of these licenses adopt in our day and age. For my case study, I took on the comparison between the Apple EULA and the Apache license. Below are a few snippets from each:

Apple's Logic Studio Software:

1. General.
The Apple software and any third party software (including any content), documentation and any fonts accompanying this License whether on disk, in read only memory, on any other media or in any other form (collectively the "Apple Software") are licensed, not sold, to you by Apple Inc. ("Apple") for use only under the terms of this License, and Apple reserves all rights not expressly granted to you. You own the media on which the Apple Software is recorded but Apple and/or Apple's licensor(s) retain ownership of the Apple Software itself. The terms of this License will govern any software upgrades provided by Apple that replace and/or supplement the original Apple Software product, unless such upgrade is accompanied by a separate license in which case the terms of that license will govern.

Title and intellectual property rights in and to any content displayed by or accessed through the Apple Software belongs to the respective content owner. Such content may be protected by copyright or other intellectual property laws and treaties, and may be subject to terms of use of the third party providing such content. This License does not grant you any rights to use such content nor does it guarantee that such content will continue to be available to you.

2. Permitted License Uses and Restrictions.
A. Subject to the terms and conditions of this License, you are granted a limited non-exclusive license to install and use one copy of the Apple Software on one Apple-branded desktop computer and one Apple-branded laptop computer so long as both computers are owned and used by you. You may not make the Apple Software available over a network where it could be used by multiple computers at the same time. You may make one copy of the Apple Software in machine-readable form for backup purposes only; provided that the backup copy must include all copyright or other proprietary notices contained on the original.

B. With respect to the Logic Node Installer, the Logic Node application may be installed and used concurrently on as many Apple-branded client computers owned, leased, or otherwise controlled by you as reasonably necessary. These computers must be networked and running Mac OS X.

C. Except as otherwise indicated, you may use the Apple and third party audio file content (including, but not limited to, the Apple Loops, built-in sound files, samples and impulse responses) (collectively the “Audio Content”), contained in or otherwise included with the Apple Software, on a royalty-free basis, to create your own original soundtracks for your film, video and audio projects. You may broadcast and/or distribute your own soundtracks that were created using the Audio Content, however, individual Apple loops, audio files, sound settings, samples and impulse responses may not be commercially or otherwise distributed on a standalone basis, nor may they be repackaged in whole or in part as audio samples, sound files, sound effects or music beds.

D. Certain components of the Apple Software, and third party open source programs included with the Apple Software, have been or may be made available by Apple on its Open Source web site (http://www.opensource.apple.com/) (collectively the "Open-Sourced Components"). You may modify or replace only these Open-Sourced Components; provided that: (i) the resultant modified Apple Software is used, in place of the unmodified Apple Software, on a single Apple-branded computer; and (ii) you otherwise comply with the terms of this License and any applicable licensing terms governing use of the Open-Sourced Components. Apple is not obligated to provide any maintenance, technical or other support for the resultant modified Apple Software.

E. You may not, and you agree not to, or to enable others to, copy (except as and only to the extent permitted in this License), decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the Apple Software or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law).


3. Transfer. You may not rent, lease, lend, sell, redistribute or sublicense the Apple Software. You may, however, make a one-time permanent transfer of all of your license rights to the Apple Software to another party, provided that: (a) the transfer must include all of the Apple Software, including all its component parts, original media, printed materials and this License; (b) you do not retain any copies of the Apple Software, full or partial, including copies stored on a computer or other storage device; and (c) the party receiving the Apple Software reads and agrees to accept the terms and conditions of this License. You may not rent, lease, lend, redistribute, sublicense or transfer any Apple Software that has been modified or replaced under Section 2C above. All components of the Apple Software are provided as part of a bundle and may not be separated from the bundle and distributed as standalone applications.

Apache's General License (version 2.0):

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
  1. You must give any other recipients of the Work or Derivative Works a copy of this License; and
  2. You must cause any modified files to carry prominent notices stating that You changed the files; and
  3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
  4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.

    You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
---------------------------------------------------------------------------------------------------------------------
3 Key Differences - 
* While Apple's license does refer to some open source components being reusable and redistributed, the vast majority of the rhetoric in the license agreement goes into great detail about the "temporary privilege" of this being a 1 sole obtainable license that cannot be modified, or sublicensed by anyone except Apple who are the true "owners" of this particular piece of intellectual property. Apple makes every effort to constrain you from doing anything except the intended end-use of a product such as this, as blatantly written in this clause: 
"You may not, and you agree not to, or to enable others to, copy (except as and only to the extent permitted in this License), decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the Apple Software or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law)."
* Apache is in clear contrast mostly open-source in its philosophies, especially with clauses explaining classic conventions such as being able to redistribute the work in any modified or unmodified form onto any medium so long as the original authors are given credit where it is and that this continues to be published under the same license respectively.
* Interesting additions to the Apache license even as far as open source goes, extending to such things as "trademarks" that protect the name of the released product from liberal reuse, or the clauses referring to how you can sell this and warranty or maintenance plans along with it so long as you follow certain conditions.

by Yoav Gurevich (noreply@blogger.com) at September 08, 2014 06:54 PM


Tai Nguyen

Things You Might Want to Know About Skype’s EULA and the MIT License

Before you agree to Skype’s EULA, you should read up on the part about your privacy. I want two point out two interesting points that may concern you with regards to the compromise of your personal data and what you’re agreeing to when you hand over your data to Skype. 

“We may access, disclose and preserve personal data, including your private content (such as the content of your instant messages, stored video messages, voicemails or file transfers), when we have a good faith belief that doing so is necessary to: comply with applicable law or respond to valid legal process from competent authorities, including from law enforcement or other government agencies; protect our customers, for example to prevent spam or attempts to defraud our users, or to help prevent the loss of life or serious injury of anyone; operate and maintain the security of our websites, products and services, including to prevent or stop an attack on our computer systems or networks; or protect our rights or property including enforcing the terms governing the use of our websites, products or services – however, if we receive information indicating that someone is using our products to traffic in stolen intellectual or physical property of Skype or Microsoft, we will not inspect a customer’s private communications or documents ourselves, but we may refer the matter to law enforcement.” – http://www.skype.com/en/legal/privacy/

In this particular clause, Skype states that they can disclose your personal information to the government agencies or law enforcements. I personally do not believe the government should have any legality over anyone’s information. Some may argue that its reasonable to make data apparent to the government agencies to prevent potential threats or endangerment. I disagree with this entirely because its extremely invasive and can be politically dangerous if Skype permits this.

“Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links; and (c) as part of our effort to protect the Skype software, products or our customers. In limited instances, Skype may capture and manually review instant messages or SMS in connection with these efforts. Skype may, in its sole discretion, block or prevent delivery of suspected Spam, and remove suspicious links or content from messages.”

In this particular passage I find it shocking that Skype has the ability to scan and potentially filter out messages. In this clause Skye claims that the purpose is to deflect “spam, fraud, or phishing links”. But it also means Skype can basically eavesdrop on your communication.

——

The MIT license allows for the free use of the software product. It also allows people to modify, expand, or publish the software.


by tylermeetsworld at September 08, 2014 05:33 PM


Ryan Dang

Interesting Closed and Open license/EULA. Things that we never read!

The first product I think of when it comes to closed license/eula is Microsoft Software.

The one thing that got my attention was a section regarding class action law suit. The whole section was put in all CAPS!

“CLASS ACTION WAIVER. ANY PROCEEDINGS TO RESOLVE OR LITIGATE ANY DISPUTE IN ANY FORUM WILL BE CONDUCTED SOLELY ON AN INDIVIDUAL BASIS. NEITHER YOU NOR MICROSOFT WILL SEEK TO HAVE ANY DISPUTE HEARD AS A CLASS ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR IN ANY OTHER PROCEEDING IN WHICH EITHER PARTY ACTS OR PROPOSES TO ACT IN A REPRESENTATIVE CAPACITY. NO ARBITRATION OR PROCEEDING WILL BE COMBINED WITH ANOTHER WITHOUT THE PRIOR WRITTEN CONSENT OF ALL PARTIES TO ALL AFFECTED ARBITRATIONS OR PROCEEDINGS.”

I guess there must be a lot of class action that why they feel the need to put the whole section in all CAPS.

 

I am also working with a project using angularjs so I am curious to what their license look like. Surprisingly it’s pretty short. The only part that got my attention was

 

“THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

THE SOFTWARE”

 

One of the topic that I will be talking about next week is socket.io. It makes sense for me to at least look at their license

“THE SOFTWARE IS PROVIDED ‘AS IS’, WITHOUT WARRANTY OF ANY KIND,

EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY

CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE

SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.”

 

It looks like all MIT license look the same. The license allows the users to freely use the software but no one is held responsible for any warranties.


by byebyebyezzz at September 08, 2014 05:21 PM


James Laverty

To read the EULA or not to read the EULA

I decided to read the ITunes EULA and the MIT License today.

The first thing that struck me was the differences and similarities in length and style of writing. The length of the two documents is vastly different, ITunes being very long and the MIT License being very short. I believe the purpose in a long length is to diminish the customers desire to read the EULA, where as the shorter version is more clear, concise and to the point. the The writing style is similar, a mix of lower case and upper case, as well as a lot of legal diction, but the EULA is filled with some very odd stipulations where as the MIT License is straight to the point.

An example of this is,

"The Application Provider, and its licensors, reserve the right to change, suspend, remove, or disable access to any Services at any time without notice"

ITunes essentially says that they take away your use of the product for no reason, even after paying for it. As well as to change the license without any notice. This leaves the customer very vulnerable and very, very ridiculous.

Another part that caught my eye was,

" Location data provided by any Services is for basic navigational purposes only and is not intended to be relied upon in situations where precise location information is needed or where erroneous, inaccurate or incomplete location data may lead to death, personal injury, property or environmental damage."

This one is interesting, there is a possibility you could die by using this service. How crazy is that? This makes me worried about what could possibly be in other EULA's that I was never aware of.

The one if I found the most ludicrous is this,

" By using the Licensed Application, you represent and warrant that you are not located in any such country or on any such list. You also agree that you will not use these products for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missiles, or chemical or biological weapons."

Step one, this is trying to impose US law on the entire world (not so different, I know) through a software agreement.
Step two, nuclear weapons(WHAT?!), just incase I wanted to create nuclear weapons with ITunes, I should be worried that they might cancel my service.

As well as reading through this EULA, I scanned a few others and found they had equally funny/crazy stipulations thrown in. Whether these will hold up in court is another matter, but I'm sure in a few years someone will try and own our entire life through the use of their software and we'll find out.

As a contrast, here is the entire MIT License,

"The MIT License (MIT)
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE."
That's it; no bombs, no deaths, no financial advise. Enjoy, share, learn,

Cheers,

James Laverty


by James L (noreply@blogger.com) at September 08, 2014 04:55 PM


Ryan Dang

Welcome to my Blog

Thanks for stopping by and welcome to my new blog! This is just an introductory post so I’ll keep it short and sweet.

I decided to start a blog because I [what inspired you start a blog?]

Over the next few months I plan to be writing and sharing posts about [what topics will you be writing about?]

That’s it for now! If you’d like to be kept updated with my posts “Like” this post or subscribe to my blog.


by byebyebyezzz at September 08, 2014 04:43 PM


Shuming Lin

Skype vs. Apache

After I read these two licenses (Closed and Open ), I found out following things:

  1. The open licenses are pretty simple than close license.
  2. Compare these two licenses, the open license has many restrictions that You may not and you agree not to.
  3. Open license allows the user of the software the freedom to use the software for any purpose, to distribute it, to modify it, and to distribute modified versions of the software, under the terms of the license, without concern for royalties.

 The Skype is a close license. It is a free voice over IP service and instant messaging client, currently developed by Microsoft-owned Skype Technologies.

  1. Licence. Subject to your compliance with these Terms, you are granted a limited, non-exclusive, non-sublicensable, non-assignable, free of charge license to download and install the Software on a personal computer, mobile phone or other device; and personally use the Software through your individual Skype user account (“User Account”).
  2. Some Restrictions You may not and you agree not to.
  3. Other Technology. If you are using Software pre-loaded on, embedded in, combined, distributed or used with or downloaded onto other products, hardware, software applications, programs or devices

The Apache License is a free software license written by the Apache Software Foundation (ASF). The Apache License requires preservation of the copyright notice and disclaimer.

  1. “License” shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
  2. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form,provided that You meet the  some conditions.
  3.  Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License.

 


by okevin0 at September 08, 2014 04:41 PM


Frank Panico

What’s up with this EULA thing?

So I decided to peruse a popular piece of software’s License agreement; Windows 8. I figured that it would be interesting to see what the agreements are that we blindly accept so that we can continue on with our lives.

I chose the Windows 8 EULA that is distributed with a computer. I’ve never actually read one of these things all the way through but I managed to find a few interesting things.

“Automatic Internet Activation”
This little clause in the “How does Internet activation work?” section stipulated that once your PC verifies an internet connection, your OS will immediately connect to Microsoft servers to verify that your installation is legit (Skynet anyone??).  This is to make sure that the Windows OS you have installed is the proper one licensed for that specific PC, and btw, “you may not bypass or circumvent activation“.

“How does Microsoft use your information?”
Not only does it connect to the servers and verify, but it also sends system info as well about where you are and if there are any issues with your version of Windows.  This clause also stated that Microsoft will share this info with vendors (but mostly error reports) so that other developers can be up-to-date with issues regarding the OS.

“We know where you are..”
Another interesting tidbit I found was in section “3.CHOICE OF LAW”. Laws are different across the varying countries on this great big earth of ours, and now I understand why they ask us to choose which region we are in when we are installing our software. Microsoft knows which country your version of Windows belongs to and once its through the activation process, they verify and allow you to continue installation/registration.  I never considered that location would be a great issue. It seems that if you are installing in a certain area, Microsoft tailors its updates and installation according to where you are, and if you are trying to install the software in the wrong location, Microsoft withholds the right to adhere you from updates or even complete installation.

Now to “Open” things up (see what I did there ;) )

I decided to look into an Open source license from Apache since I’ve used so many of their services especially Maven and Tomcat.

What I really liked was that they make it clear who is who and what is what.

‘”You” (or “Your”) shall mean an individual or Legal Entity exercising permissions granted by this License.’

‘”Source” form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.’

As much as I like being told who I am ( actually I don’t), I actually enjoyed reading this License; and not just because it was so short. The license clearly states that we can do whatever we want to with the software and what our responsibilities are. They even absolve themselves from any issues if you decide to start making a product and selling it.

 So in conclusion what have I really noticed about Licensing? well its pretty clear. Licensing protects software and those who manufacture/sell it. These licenses lay down the rules of use of the software for which it was originally made; so things shouldn’t come as a shock to you if you try doing something you weren’t supposed to do; like give a friend in Australia your Canadian registration key, Or try and go after Apache if you can’t configure your tomcat server to work for your own homebrew enterprise application. As developers in training Scope means alot to us, and licenses help to establish what the proper use of software really is.


by fpanico04 at September 08, 2014 02:32 PM


Gary Deng

LGPL License VS. EULA

The GNU Lesser General Public License (LGPL) is a free software license published by the Free Software Foundation (FSF). LGPL allows you to use and distribute the open source software with your application without releasing the source code for your application.This allows the code to be used in otherwise proprietary software.The components developed by the BigBlueButton project are available under LGPL. End-user license agreement (EULA) or software license agreement is the contract between the licensor and purchaser, establishing the purchaser’s right to use the software.

Proprietary software providers usually create lengthy license agreement to protect their own rights and benefits, and fool their customers as most users won’t spend the time to read and understand all terms of the agreement. In addition, under EULA, users must pay, 100% agree to be bound by the terms, and take their own risk to use the software. For instance, I personally hate the termination term of MAC SDK AND XCODE AGREEMENT:

Apple reserves the right to terminate this License if a new version of Apple’s operating system software or the Developer Software is released which is incompatible with this version of the Developer Software. Upon the termination of this License,you shall cease all use of the Developer Software and destroy all copies, full or partial, of the Developer Software.

In order to increase business profits, proprietary software providers can take advantage of this term and keep releasing new version of the software with very little updated features.

On the contrary, I pretty much like LGPL because it’s easy to read. And there are absolutely no traps in the agreement.


by garybbb at September 08, 2014 12:29 PM


Habib Zahoori

Apple and MIT (Open Source) License

1. Apple products are somehow not very safe for the users.Because As per the license agreement we agree certain things that a lot of people will not do it if they know about it.

For Example for those of you who is using ICloud.As per your agreement with Apple; they have the full right to access your account:

“Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.”

Probably the above consent shocked a lot of you, because by reading it, you can tell that the contents that you upload on Apple ICloud, can be accessed by others too.

2. During the Apple product installing, you also agree, that the product can share my location Data with Apple, then Apple can share it with their third party developers.

“Apple and its partners, licensees and third party developers may provide certain services through the Apple Software that rely upon location information. To provide and improve these services, where available, Apple and its partners, licensees and third party developers may transmit, collect, maintain, process and use your location data. The location data and queries collected by Apple are collected in a form that does not personally identify you and may be used by Apple and its partners, licensees and third party developers to provide and improve location-based products and services. By using any location-based services provided by or through the Apple Software, you agree and Consent to Apple’s and its partners’, licensees’ and third party developers’ transmission, collection, maintenance, processing and use of your location data and queries to provide and improve such products and services.
You may withdraw this consent at any time by going to the Location Services setting on your iOS device and either turning off the global Location Services setting or turning off the individual location setting for the Apple Software. When using third party applications or services on the iOS device that use or provide location data, you are subject to and should review such third party’s terms and privacy policy on use of location data by such third party applications or services”

The above agreement shows, that even our locations are not hidden when it comes to using an Apple product.

On the other hand there is the Open Source Software license, which gives you a lot of flexibility to use it or customize it.

MIT license.

“Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the “Software”), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.”

Which means the MIT open-source allows you to use it,edit it, modify it and  and redistribute it to as many people as you want, or maybe improve it, and there is not restriction towards its use.It is short, and straight forward


by HZahoori at September 08, 2014 04:15 AM


Ava Dacayo

Closed and Open license/EULA

Things that I noticed after looking at Open and Closed licenses:

1.  (Most) Open licenses are simple and short. It’s very much direct to the point so you know what you are dealing with. Closed licenses have so many terms that just wouldn’t fit in one page using a humanly readable font size, hence the reason people just click Agree.  

 

2. I browsed through Apple’s Terms of Use and one of the first things I noticed in this document (http://images.apple.com/legal/sla/docs/iOS7.pdf) is that it basically tells you that if you don’t agree in at least one out of their 1xxxxxx terms, you just can’t use your phone which came with the iOS Software and you may return it. 

 

3.  Open licenses also seem to focus on what you can do with it:

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. – http://opensource.org/licenses/LGPL-3.0

 

     Closed licenses tell you everything they won’t let you do:

You also agree that you will not use the iOS Software for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of missiles, nuclear, chemical or biological weapons. – http://images.apple.com/legal/sla/docs/iOS7.pdf

     In other words, they are still the ones in control, not you, even if you have purchased your device.

 

 


by eyvadac at September 08, 2014 02:09 AM

September 07, 2014


Yasmin Benatti

Software Licenses

This semester I started a new class at Seneca College called Open Source Development. My first task was to create this blog (done!) and my first post is about Software Licenses.

I chose to read the licenses from Skype (proprietary software) and Mozilla Public License (MPL is a license that is used for all software developed by Mozilla). The main thing I concluded after comparing both licenses, and that’s obvious, is that in the proprietary license almost everything is relates to what you cannot do. For instance, on Skype Terms of Use in section 4.2 one agrees to not modify the software, not find the source code, not translate and lots of other things. Additionally, if one is using extra features one must agree with the Terms of Use from each different feature (section 4.3). These are agreements that almost every proprietary license has but there are some tricky points, such as in section 8.1 where the software’s company allows itself to change the rates for callings and not telling anything to consumers directly, just having to change it on the web site. In section 19.3 is shown that the service “Unlimited World Extra” has a minimum time of 2 years and the customer is not allowed to break the service’s contract before this time and if they do, they will be charged. There is also the part about the user’s data, that is a whole new document, which shows that the company behind the software can use basically all the information one provides, including voice calls, video calls, and location.

On the other hand, the license from Mozilla, in addition to being much smaller and clearer, focuses on guaranteeing the right of the users to change, modify, sell or transfer the contributions of others. A nice point is that if one changes something and creates a new version, it has to have a license that doesn’t infringe this one (section 3.1) that helps to maintain the principles of the company and the user’s rights. Also, new versions have to have an attachment with the new Terms of Use or a link to the MPL (section 10). Something that is in the MPL and  also on the Terms of Use from Skype is that the software is not warranted to be free of errors or to work perfectly due to outside features that have to be provided and the user’s use, being this one responsible for repairs (section 6).

Overall, these are the main things I noticed when reading the licenses.

by yasminbenatti at September 07, 2014 11:33 PM


Linpei Fan

OSD600/DPS909: Opened license vs. Closed license/EULAs

I read the BSD 2-Clause License and Skype’s license. I was surprised following facts about these two types of license. First of all, the length of the licenses are quite different. BSD 2-Clause license is very short. On the contrary, Skype’s license is quite long. Second, the content of the license have the big difference as well. BSD 2-Clause license only contains the license template and conditions to redistribute and use. Skype license have much more content, containing 22 sections. Each section is about the different aspects, such as charges, payments, and license, use of the software and products and Skype and so on. It puts as much as possible related content into the license. Third, the tone and the words they used in these two license are different. BSD 2-Clause license is not strictly like a business document. The Skype license is a formal business document. It has everything that a formal business document should have.

by Lily Fan (noreply@blogger.com) at September 07, 2014 11:02 PM

September 05, 2014


Dylan Segna

Compiling Information On Cordova

Is it possible to package a custom web browser with a PhoneGap application, and allow the app to use the custom browser rather than the native browser?

That’s what I am attempting to research now, and I plan to outline every step I take in my next series of posts.

The first thing I started doing was taking a look at the underlying library that allows PhoneGap to work on multiple platforms, Cordova.

The project page is available here for information : http://cordova.apache.org/

All the different Cordova platform source code can be found here : https://github.com/apache/

Since most of my past experience has been with Android development, I decided that’s where I would start investigating . I got the repository from here : https://github.com/apache/cordova-android/ and can now start looking through the code to unravel how Cordova allows PhoneGap to run an application through the native web browser.


by Dylan Segna at September 05, 2014 08:06 PM


Stanley Moote

September 04, 2014


James Laverty

This is my first blog. I am writing to you to say hello and that I am very excited. My blogs will get a little more technical after this, but for now I'm keeping it as a simple hello.

by James L (noreply@blogger.com) at September 04, 2014 01:11 AM

August 25, 2014


David Humphrey

Introducing MakeDrive

I've been lax in my blogging for the past number of months (apologies). I've had my head down in a project that's required all of my attention. On Friday we reached a major milestone, and I gave a demo of the work on the weekly Webmaker call. Afterward David Ascher asked me to blog about it. I've wanted to do so for a while, so I put together a proper post with screencasts.

I've written previously about our idea of a web filesystem, and the initial work to make it possible. Since then we've greatly expanded the idea and implementation into MakeDrive, which I'll describe and show you now.

MakeDrive is a JavaScript library and server (node.js) that provides an offline-first, always available, syncing filesystem for the web. If you've used services like Dropbox or Google Drive, you already know what it does. MakeDrive allows users to work with files and folders locally, then sync that data to the cloud and other browsers or devices. However, unlike Dropbox or other similar services, MakeDrive is based purely on JavaScript and HTML5, and runs on the web. You don't install it; rather, a web application includes it as a script, and the filesystem gets created or loaded as part of the web page or app.

Because MakeDrive is a lower-level service, the best way to demonstrate it is by integrating it into a web app that relies on a full filesystem. To that end, I've made a series of short videos demonstrating aspects of MakeDrive integrated into a modified version of the Brackets code editor. I actually started this work because I want to make Brackets work in the browser, and one of the biggest pieces it is missing in browser is a full featured filesystem (side-note: Brackets can run in a browser just fine :). This post isn't specifically about Brackets, but I'll return to it in future posts to discuss how we plan to use it in Webmaker. MakeDrive started as a shim for Brackets-in-a-browser, but Simon Wex encouraged me to see that it could and should be a separate service, usable by many applications.

In the first video I demonstrate how MakeDrive provides a full "local," offline-first filesystem in the browser to a web app:

The code to provide a filesystem to the web page is as simple as var fs = MakeDrive.fs();. Applications can then use the same API as node.js' fs module. MakeDrive uses another of our projects, Filer, to provide the low-level filesystem API in the browser. Filer is a full POSIX filesystem (or wants to be, file bugs if you find them!), so you can read and write utf8 or binary data, work with files, directories, links, watches, and other fun things. Want to write a text file? it's done like so:

  var data = '<html>...';
  fs.writeFile('/path/to/index.html', data, function(err) {
    if(err) return handleError();
    // data is now written to disk
  });

The docs for Filer are lovingly maintained, and will show you the rest, so I won't repeat it here.

MakeDrive is offline-first, so you can read/write data, close your browser or reload the page, and it will still be there. Obviously having access to your filesystem outside the current web page is also desirable. Our solution was to rework Filer so it could be used in both the browser and node.js, allowing us to mirror filesystems over the network using Web Sockets). We use a rolling-checksum and differential algorithm (i.e., only sending the bits of a file that have changed) inspired by rsync; Dropbox does the same.

In this video I demonstrate syncing the browser filesystem to the server:

Applications and users work with the local browser filesystem (i.e., you read and write data locally, always), and syncing happens in the background. That means you can always work with your data locally, and MakeDrive tries to sync it to/from the server automatically. MakeDrive also makes a user's mirrored filesystem available remotely via a number of authenticated HTTP end points on the server:

  • GET /p/path/into/filesystem - serve the path from the filesystem provided like a regular web server would
  • GET /j/path/into/filesystem - serve the path as JSON (for APIs to consume)
  • GET /z/path/into/filesystem - export the path as export.zip (e.g., zip and send user data)

This means that a user can work on files in one app, sync them, and then consume them in another app that requires URLs. For example: edit a web component in one app and include and use it in another. When I started web development in the 1990s, you worked on files locally, FTP'ed them to a server, then loaded them via your web server and browser. Today we use services like gh-pages and github.io. Both require manual steps. MakeDrive automates the same sort of process, and targets new developers and those learning web development, making it a seamless experience to work on web content: your files are always "on the web."

MakeDrive supports multiple, simultaneous connections for a user. I might have a laptop, desktop, and tablet all sharing the same filesystem via a web app. This app can be running in any HTML5 compatible browser, app, or device. In this video I demonstrate syncing changes between different HTML5 browsers (Chrome, Firefox, and Opera):

Like Dropbox, each client will have its own "local" version of the filesystem, with one authoritative copy on the server. The server manages syncing to/from this filesystem so that multiple clients don't try to sync different changes to the same data at once. After one client syncs new changes, the server informs other clients that they can sync as well, which eventually propagates the changes across all connected clients. Changes can include updates to a file's data blocks, but also any change to the filesystem nodes themselves: renames, deleting a file, making a new directory, etc.

The code to make this syncing happen is very simple. As long as there is network, a MakeDrive filesystem can be connected to the server and synced. This can be a one-time thing, or the connection can be left open and incremental syncs can take place over the lifetime of the app: offline first, always syncing, always available.

Because MakeDrive allows the same user to connect multiple apps/devices at once, we have to be careful not to corrupt data or accidentally overwrite data when syncing. MakeDrive implements something similar to Dropbox's Conflicted Copy mechanism: if two clients change the same data in different ways, MakeDrive syncs the server's authoritative version, but also creates a new file with the local changes, and lets the user decide how to proceed.

This video demonstrates the circumstances by which a conflicted copy would be created, and how to deal with it:

Internally, MakeDrive uses extended attributes on filesystem nodes to determine automatically what has and hasn't been synced, and what is in a conflicted state. Conflicted copies are not synced back to the server, but remain in the local filesystem. The user decides how to resolve conflicts by deleting or renaming the conflicted file (i.e., renaming clears the conflict attribute).

MakeDrive works today, but isn't ready for production quite yet. On Friday we reached the end of our summer work, where we tried hard to follow initial mockups are very cool. If you have a web-first filesystem, you can do some interesting things that might not make sense in a traditional filesystem (i.e., when the scope of your files is limited to web content).

  • Having a filesystem in a web page naturally got me wanting to host web pages from web pages. I wrote nohost to experiment with this idea, an httpd in browser that uses Blob URLs. It's really easy to load DOM elements from a web filesystem:
  • var img = document.createElement('img');
    fs.readFile('/path/into/filesystem/image.png', function(err, data) {
      if(err) return handleError();
    
      // Create a Blob and wrap in URL Object.
      var blob = new Blob([data], {type: 'image/png'})
      var url = URL.createObjectURL(blob);
      img.src = url;
    });
    
    • Using this technique, we could create a small bootloader and store entire web apps in the filesystem. For example, all of Brackets loading from disk, with a tiny bootloader web page to get to the filesystem in appcache. This idea has been discussed elsewhere, and adding the filesystem makes it much more natural.
    • The current work on the W3C stream spec is really exciting, since we need a way to implement streaming data in and out of a filesystem, and therefore IndexedDB.
    • Having the ability to move IndexedDB to worker threads for background syncs (bug 701634), and into third-party iframes with postMessage to share a single filesystem instance across origins (bug 912202) would be amazing
    • Mobile! Being able to sync filesystems in and out of mobile web apps is really exciting. We're going to help get MakeDrive working in Mobile Appmaker this fall.

    If any of this interests you, please get in touch (@humphd) and help us. The next 6 months should be a lot of fun. I'll try to blog again before that, though ;)

    by David Humphrey at August 25, 2014 04:11 PM

    August 22, 2014


    Marcus Saad

    17th Semana da Computação USP – São Carlos

    The 17th Semana da Computação (Computing week) took place at University of São Paulo – Campus São Carlos. Being known for its education quality, at first the event had every component to be a blast; Venue has been the same since the beginning, becoming a tradition for students in the city; Sponsors of all types promoting the event; A highly competent organization that has been doing this for 17 years. Lets agree, it ain’t easy to organize such successful event for 17 year.

    Having said that, let’s move to my general insight on how the event itself was and how metrics were not achieved.

    At the same time this event was happening, BrazilJS was taking place at Porto Alegre/RS. Mozilla’s all-star Chris Mills was there to be a keynote presenter, which dragged most of the Brazilian community to the event (That is to mention the fact that it also dragged Ricardo Panaggio, who was meant to present about Webmaker with me at the event I attended).

    With some downs on my team (Can’t compete with Chris), I went ahead and give them a fast brush of what Webmaker, Appmaker and our efforts on the Open web are. I’m not as skilled on the matter as Panaggio is, so I decided to move on and start talking about what I’m proficient, Firefox OS.

    Settled to start at 8AM on a Thursday, most of the attendees arrived around 8:20 to 8:30, making us lose 30 precious minutes. However, I won’t blame attendees for being late, I’ll blame on the organization for allocating my event on Campus 2, far far away from the known-to-be- for 17 years location of the event. I accredit some of the failure of this event on the fact that the event was spread through both campus.

    For my presentation, I’ve created an Firefox OS app that works as a presentation that can be found on my github/appresentation-firefox-os. The idea behind the app was to introduce to basic structure of apps in general, how to begin coding and how Mozilla’s building blocks framework works. Overall, feedback on the app was good. I’ll take the risk and say that if it wasn’t for the lack of knowledge on basics such as Javascript event manipulation and listening, HTML input creation and things like that, we could have done much more. It’s important not to forget that only half of the expected 40 attendees were actually there.

    Metrics (let the shame begin)

    I’ll quickly go through metrics. And when I say quickly I mean that I want to get done with this failure as fast as possible.

    • Metric 1
      • Number of Firefox Marketplace app demos – 20
        • Huge failure. Because prerequisites.
    • Metric 2
      • Number of new web literates at the end of event – 40
        • Fail. Because attending events you paid for is for poor people. (Please, stop occupying slots on presentations if you’re not going)
    • Metric 3
      • Number of new webmaker.org accounts created – 40
        • Fail with a ZERO (Read zed-e-r-o for my Canadian friends). Because BrazilJS, Mozilla’s all-star, Panaggio.
    • Metric 4
      • Number of participants interested in hosting their own Maker Parties – 5
        • Word.
    • Metric 5
      • Number of people who will contribute to Mozilla after the event- 5
        • Fail. Not a single attendee joined mailing list.
    • Metric 6
      • Number of press/blog articles generated – 2
        • Fail. Mine will be the only one.

     

    Pics and Gifts

    I would like to thanks Christian Carrizo for the support given throughout the event. He also took some pictures for us and gave me a few gifts! Thank you!

    Crowd hacking on FFOS apps!

    Crowd hacking on FFOS apps!

     

    T-shirt and Certificate!

    T-shirt and Certificate!

    My criticism.

    Mozilla needs to stop putting it’s community against itself.

    Mozilla needs to trust and empower local communities. We need local leaders. PLURAL. Not a single face you all run to when an event organized by Mozilla itself happens in Brazil.

    We had to do magic last FISL on our launch party budget. Now I’m looking at the extravaganza happening at BrazilJS. Is that the way it is meant to be? When organized by Mozilla it is fine to dump money on things? When organized by local community we will automatically cut their budget in half because they probably are overspending. Come on, EQUALITY. There are a few hard working community members who are hard working to keep Brazil’s community alive and as one. Meanwhile, there are a few corporate climbers, that won’t attend a SINGLE EVENT THE WHOLE YEAR, but when people from outside the country comes, they will be the first to confirm their attendance in the event. For you people, you have my deepest scorn.

     

    “I generally don’t like to say out loud I’ve done something. In Brazil we
    have this problem that people do little but say too much about it. Most
    people here do almost nothing, and keep marketing themselves using that
    almost nothing as it was a big thing”
    quoting a friend from moz-br.

     

    Thanks

    by msaad at August 22, 2014 03:01 PM

    August 21, 2014


    Ali Al Dallal

    Hide bar item in Weechat for a specific buffer

    So, I have been using this IRC client called Weechat. It runs on many platforms like Linux, Unix, BSD, GNU Hurd, Mac OS X and Windows (cygwin). Weechat is similar to Irssi. Both clients are terminal based IRC client for UNIX systems, and some people would wonder why using IRC in a terminal, but I must say this is really a powerful IRC client where you can so much with plugins/scripts but I won't go in details why I choose this client over a nice native IRC client like Textual, LimeChat or any other native app for Mac or Windows.

    In this post I just wanted to share on how I'm able to hide a specific bar item in Weechat buffer.

    What I have right now is something like this

    As you can see, I have two window splitted vertically (top 20%, bottom 80%).

    That top bar I just want to have it to read twitter timeline or use it for highmon (See who mention or highlight your name). But, that annoying status bar, title bar and nicklist taking so much spaces and I want to get rid of it.

    To do that search your configs for:

    weechat.bar.input.conditions            string   ""  
    weechat.bar.isetbar.conditions          string   ""  
    weechat.bar.nicklist.conditions         string   ""  
    weechat.bar.status.conditions           string   ""  
    weechat.bar.title.conditions            string   ""  
    

    Now, lets go that that buffer you want to hide the bar and get the buffer name using /eval

    /eval ${name}
    

    I did it in hignmon buffer and got highmon in return.

    Now all I need to do is write a condition that will evaluate this:

    weechat.bar.nicklist.conditions         string   "${name} != highmon && ${name} != &bitlbee.#twitter_alicoding"  
    weechat.bar.status.conditions           string   "${name} != highmon && ${name} != &bitlbee.#twitter_alicoding"  
    weechat.bar.title.conditions            string   "${name} != highmon && ${name} != &bitlbee.#twitter_alicoding"  
    

    At the end I have something like this:

    I hope that this post is useful for people who started to learn or use Weechat like me :)

    by Ali Al Dallal at August 21, 2014 12:49 PM

    August 08, 2014


    Edward Hanna

    Recent Updates

    In the recent weeks I have done  many sub-projects related to the EDX platform research project here at Seneca CDOT. These include installing EDX on a commercial server that will be accessed for EDX research and lesson planning at Seneca. I have also continued working on the theme; including the colors and layout.  Time was also spent working on the Java Assignment Auto-Grader that will accept assignments submitted by students in the form of Jar files, including validation, grading, and attempts. The Java-Auto-grader is written in Django and is currently being deployed with Tornado. While I settled on using Tornado, I spent many hours exploring other options and ways of deploying the Auto-grader. I found out about Heroku, OpenShift, Apache ModWSGI, PythonAnywhere, to say just a few. I am not saying that these do not work, they work for some, but not all. Stack Overflow is a great resource to ask questions, and find answers to questions your ready to ask. The Java-Auto-Grader will need a way to insert grades for students, so I am currently exploring that option with the MySQL workbench and Robomongo for the respective database types.  Yes it is true that EDX uses models for many of these things.  Aside from this I spent time writing documentation to affirm the steps that I have been taking to operate the EDX platform. It is important to be aware how these change and to be up-to-date with them.

    I learned how to do something interesting with the EDX platform. I used a vagrant Fullstack image and Webmin, with Postfix relaying to GMAIL. That way I didn’t have to edit code manually or change any of the EDX code default settings. By configuring Postfix to relay to GMAIL, the Fullstack mail function works right out of the box. It is true though that you will have to customize the server-var file with your own unique settings to really make EDX your own unique EDX platform.  I only expect you to understand this if you have read EDX documentation.

    I found many solutions at the Google Groups for the EDX platform. There are two groups including the “Open edX operations” and “General Open edX discussion” Both groups have a member base where I have learned a lot from the EDX contributors.

    My current goals are to continue working on the theme. This is easier to do once you can understand FireFox Inspector and Chrome Inspector. Currently I am trying to install the Production Stack on a VMWare image of the Ubuntu 12.04 Server 64Bit specification looking forward to the end of the installation. I will continue working on the Auto Grader, repository maintenance and syncing, blogging, and EDX project goals.


    by Edward Hanna at August 08, 2014 10:50 PM