Sunday, August 19, 2007

Purple Plugin Pack 2.1.0 and 2.1.1; Plans for 2.2.0

Well, last night I released two versions (yes, two!) of the Purple Plugin Pack. The initial release was 2.1.0, which included a new plugin and the completion of a plugin that's been in our tree for ages. However, what I did not catch in this initial release is the fact that there were files missing from the convbadger plugin that would prevent it from building on any platform. I didn't want a duplicate tag in our monotone database, so instead of trying to rerelease the same version, I just did a quick micro version increment, added the files, tested the new version, then tagged and released 2.1.1. As a result, I called 2.1.1 "The rekkanoryo is an idiot release" to indicate it was largely my stupidity that caused two releases in such close proximity.

That said, I'm sure I'm going to hear complaints because I signed the packages. With the 2.0.0 release, there was a complaint because I signed the package with my GPG key, which has no signatures. Because of that I'm reasonably sure I'm going to hear complaints again about my signature being worthless because there is no relation to the web of trust. To that I have one response--find me a key-signing party within a 45-minute drive of my home and I'll show up with all the identifying documents I need for someone to verify my identity and sign my key. Otherwise, shut up and don't ever complain to me about it. I live in an area where technology seems to be a foreign concept, and anyone having a clue about GPG or any other sort of useful technological tool just doesn't happen. People here have trouble determining whether a website is SSL-secured or not, let alone something more complex. I work a full-time job which does pay my bills but doesn't provide me with the luxury of enough money (or time off at the correct times!) to travel to random conferences where I would be presented with keysigning opportunities. Because I attended a local school for postsecondary education, I didn't exactly gain exposure to any keysigning opportunities there either.

With that out of the way, I'll get to my plans for Purple Plugin Pack 2.2.0. I have a few things in mind:
  1. Merge autorejoin and irc-more. Autorejoin is IRC-specific, as is irc-more, so there is no need to have two plugins whose function is to enhance IRC.
  2. Add processing capabilities for libpurple's blist.xml file into the listhandler plugin so that users who have managed to destroy their server-side buddy lists can import their backed-up blist.xml file to restore the server-side list.
  3. Split the alias list support that was patched into listhandler into its own files.
  4. Hopefully finish the smartear plugin integration work I've had on the back burner for way too long.
I'm already working on item #1 there. At this rate, I might have the entire list done in weeks instead of eons.

Thursday, August 16, 2007

The downside to popularity

As many people reading Planet IM know, I am a developer on the Guifications project and the Purple Plugin Pack, and a "Crazy Patch Writer" for Pidgin. Over the course of my time with these projects, we've seen our fair share of...well, pretty much everything. New developers; departing developers; people stepping back due to frustrations, busy schedules, etc.; and the biggest of them all, spam.

Not too long ago, Guifications and the Plugin Pack were hosted at SourceForge. Back then, things were pretty good--our website was pretty well static, although it was done in PHP so we could do cool stuff like pull in our SourceForge project news feed to use as our home page and have extensible menus with XML and whatnot. We also operated under one project at SourceForge. Over time, we (Gary most of all) became displeased with and irritated by things that we saw happen and things we experienced while there, and we eventually decided to leave SourceForge for self-hosting.

When we began self-hosting, Gary started renting a virtual private server from Steadfast Networks while waiting for a dedicated server to become available. It was a bad time for us to have been VPS customers, though, as performance was bad due to overloading. We were finally able to move to a dedicated box and couldn't be happier with it. I personally rented a VPS from them as well, and initially had similar frustrations. In the 9+ months since we've had Guifications and the Plugin Pack hosted on the dedicated server, the VPS performance issues have been resolved. The VPS I have is fast enough that I can barely tell the difference between it and a real box.

With the move to self-hosting, we needed something that could replace SourceForge's trackers. The solution was simple--we'd heard quite a few good things about Trac and tried it out. We've been with it ever since, and Gary even went to the trouble to update the SourceForge to Trac migration script to migrate our tracker items into tickets.

Over time, we discovered issues on one of the two Trac environments we were running--spammers were attacking us. At first it was comment bombing, where the spammers would flood us with links in comments on tickets--primarily closed tickets, but any ticket was a target. After the third attack, we cracked down and locked our Tracs to the point that only developers could open tickets or edit the wiki. This caused some friction in our user community, because we had bugs that no one could report and no one could make feature requests. Our apache logs showed a continued series of attempts to attack, growing similarly to our popularity with Pidgin users.

Thankfully, several people pointed us toward the Spam Filter plugin. It's a great plugin because now we can have authenticated users making ticket submissions, comments, wiki changes, etc. but at the same time we have blacklisted regular expression filtering, IP throttling, evaluation via Akismet, and external links filtering. Since installing and configuring this plugin we've had a whopping three successful spams. The monitoring feature is useful for adding blacklisted regexes, as well.

The only problem with the spam filter is that it requires work. That is, it's not perfect. On occasion it will have false positives, although this has happened significantly less frequently since we moved to requiring new registered users supply a first name, a last name, and an email address at the time of registration. Also, on occasion, we have to teach it about new bad expressions by editing the BadContent wiki page. It is sometimes funny, though, to see the karma scores assigned to some of the spam attempts. The karma can go wildly negative, especially if multiple filters are invoked multiple times on the same message. Currently the record for our Tracs is -41, due mostly to external links subtracting 35 points from the post's initial karma.

And this, my friends, is the downside of popularity--the spammers are out and ready to strike, and we have to fight them at every step of the way. Thankfully, for every group of spammers that don't deserve the privilege of using a computer, much less the privilege of an internet connection, we also have at least one talented programmer creating a tool to help in the battle against spam. It does make you wonder at times, though, what the spammers can possibly gain from attacking us.

Thursday, August 2, 2007

Random Ramblings

This blog post is going to be a bit of . . . well, quite literally, random rambling. I guess the title of the post should make this a dead giveaway, but I'm in a bit of a weird mood tonight so I'll just get to the topics I was thinking of.

I'll start off with music. My tastes in music are a bit eclectic in some respects, and usually downright unpopular. I was raised primarily on country and oldies. In the US this means late 80's and 90's country music, which isn't a whole lot different from pop, and music from the 50's and 60's that fit into pretty much any genre but country. My one older sister (I have two older sisters and no other siblings) has always liked music in general, and so growing up with her around I occasionally picked up on some other forms of music, including rock. I find myself now, at 25, to be a somewhat picky music lover. For example, I despise rap, although a few mainstream country songs that have introduced some rap elements fall within my range of acceptability. My usual fare (as is quite obvious from my Last.fm profile) is country, although I branch out into Bon Jovi, Kelly Clarkson, and others. There's even a bit of Japanese music in there for good measure.

There's nothing specific that I look for in music to make me say I like it or I don't. I usually disagree with the majority of critics, although exceptions to the rule have happened. For example, the Dixie Chicks released an album called Taking the Long Way, their first album since being shunned from the music world following their criticism of President Bush (who I was stupid enough to vote for in 2000 as an 18-year-old first-time voter because I thought Gore was too stupid). Several critics loved the album, giving it very high praise. I too enjoyed the album. It had a pretty solid pissed-off tone throughout, while still covering a diverse range of stylistic influences and topics. Wow, I sound like a critic myself now. I need to stop that.

At the same time as I agree with some critics on select albums, I often disagree with critics and find myself quite liking albums that the critics have written off as pathetic. Essentially my musical taste runs the gamut from Neal McCoy's fun "Billy's Got His Beer Goggles On" to Sophie B. Hawkins' "The Darkest Childe", hitting numerous high points on the way, such as Massive Attack's "Teardrop" (House fans will recognize this as the theme song) and the entire body of Martina McBride's recordings.

The real point I am getting at here is that while I may gravitate towards some artists or styles, my taste is not limited to such. Even so, I've taken quite a bit of flak over it. Coworkers, codevelopers, etc.; you name the person, I've gotten remarks from them ranging from well-meaning jabs to acid-infused comments. I don't really care what people think of my musical tastes; I don't ask them to pay for the music I listen to, nor do I force them to endure it. It's my life, my money, and my ears. It's a legal practice, so I will use them in the way I see fit. I also won't take any crap from anyone over it.

With the music topic pretty much resolved to my satisfaction, I'll move to the other topic that I had in mind when I started this post--development fatigue. Every developer at some point reaches the point of being fatigued from the process. Every developer has his or her own breaking point, so there's obviously no sure-fire way to tell when this is going to happen. The important thing here is that we realize our limitations, push them at the appropriate times, and step back to take a breath when needed. The point of fatigue is the most important time at which to step back and breathe. If we don't stop at that point, burnout will follow soon. Stepping back before burnout happens and taking the needed rest and relaxation time away from the world of computers and code is an important step for both our mental health and our continued productivity as developers.

If a developer allows him/herself to burn out, it will likely take longer to "recover" from the burnout and return to productivity. If development projects are taken too personally, that burnout can also spill over into other aspects of life quite easily and cause a whole host of problems. Furthermore, once you've burned yourself out once, it's easier to do it again.

This all seems pretty obvious, right? Really it is; it just isn't a thought that occurs to us frequently. These are all pretty easy things to overlook. They're important, though, so we should try to be a bit more aware of them. When we're feeling particularly stressed over our projects, it's time to step back and go read a book or take a walk or something else relaxing. Maybe even do some manual labor like mowing the lawn or doing a home repair/improvement project. Or kick back, watch TV, and be lazy for a while. There's nothing wrong with any of these, most especially if it helps you take your mind off the problems for a while so you can come back later with a clearer head and attack from a different angle.

Several people have noticed the C Plugin HowTo that I've been writing on the Pidgin wiki. It's far from complete--I'm less than halfway through the libpurple part, and I intend to give a brief overview of writing UI-specific plugins for Finch and Pidgin. This project, though, is an exhausting one for me. It takes a lot of thought to write a how-to document that I'm willing to publish, with or without my name on it, and I'm trying to strike a balance between people who are starting out like myself, with a basic understanding of the C syntax and concepts, and those who have a firm grasp on it all but just need to see the structure of a plugin and how to interact with the libraries and application. For the most part I'm striking this balance by focusing solely on the former class--the ones who started like me. The latter class is generally intelligent and/or experienced enough to read the API documentation, use existing code as examples, and come away with the necessary understanding of what needs to be done. This isn't to say that the inexperienced or beginning plugin developer is stupid; it often takes a bit of orientation for these less experienced developers to be capable of finding their way through the plugin API.

Being an exhausting project, this how-to series has gotten me to the fatigue point more quickly than I expected. I realized this, however, and have taken the appropriate steps backwards to try to catch my breath. I'm still poking and prodding here and there, but so far the mini-vacation from wiki editing is proving to be a good thing, and I think I'm ready to start attacking the wiki again. I hope to pound out the Request API how-to, which will likely be the hardest one for me to write, this weekend. If it's not done by Monday, I will finish it the following weekend.

On an unrelated note, I'm messing around with CentOS 5 on a test server at work for use as replacements for our public DNS servers running older versions of the OS. The installer impressed me by having more granular package-level control, although I'm still having to go through and rip out a ton of crap that a public DNS-only server with ssh for the only allowed remote access has no need for. Once I have it pared back to bare minimums, the real fun starts.

Now I think I'll go to bed, since I have to be awake in two hours to go to work.