Chan's Personal Blog

Today at work we hit a major milestone. For the last five years, my work place has been building a large web application for the University. It was decided a long time ago that we would share this application with other institutions. The powers above decided that it was important for public universities to produce public goods, so they decided to release our software under an open source license. I've mentioned open source software a few times before, but to reiterate what it is, it is software that lets you have the source code, and it allows you to modify it, study it, and share it. In many cases, it's also free of charge.

This has been many years of hard work, and we finally did it. It has been an on-going work place joke about when we would release our software as open source. We had two years of legal non-sense from an organization that approves open source licenses, and it seemed like we were never going to go open source. When we finally got approved, we kicked into high gear to get everything ready for open source. We spent a term or two cleaning up our code, and improving it before we released it.

A lot of work has been put into getting our code ready for the release. We went through and cleaned out a bunch of obsolete and old code. Our code has gone from 330,000 lines of code, down to 243,000 lines of code. The most significant changes in the last little while was: bringing code up to XHTML standards, upgrading our database abstraction layer to promote database portability, security upgrades, removing obsolete code, implementing a plug-in architecture, moving from cookies to sessions, and refactoring ugly code.

This last three days alone, we've put in over 40 hours of work already. Working overtime always yields funny stories. Whenever we pull overtime hours, we order delicious delivery food. A few years ago, we tried to get delivery from Swiss Chalet, but their call centre (which is in a different city) refused to deliver to UVic because they didn't recognize the postal code. My boss went to Swiss Chalet for a dinner shortly after that incident, and asked one of the waitresses if they delivered to UVic, and the waitress replied of course since UVic was in Saanich. Today, we attempted to order food from Swiss Chalet again. So my boss called Swiss Chalet, and the customer service rep said they didn't deliver to UVic, and then my boss insisted that UVic exists and it's in Saanich, so the rep talked to his supervisor. The supervisor got us to transfer our call to the Swiss Chalet restaurant in Victoria. Talking to the restaurant, they checked to see if any of their drivers were willing to journey to Ring road, and we got a resounding no because the drivers were afraid they'd get lost! Bah! Are there no drivers brave enough to enter the Ring?! Now I'm cranky that I didn't get my shot of chalet sauce!

In either case, we promised a bunch of interested parties that we would release on June 29th, and we did so.... five minutes before midnight. Anyways, horray, we're officially open source now!

Now the challenge will be to build a community around our project.

Today I was in Vancouver to attend a conference on open source security and PHP. This was a day trip, so sorry to my Vancouver friends, I couldn't stay and hangout. We did a tactical in-and-out of Vancouver. I went with my boss to the conference, and Myron met us there. This was a work related trip as we wanted to learn more about hacking and securing web applications, and this was especially important since we are planning on releasing a project under an open source license.

In either case, the morning started with me being picked up by the PCL. I was greeted by a grumpy driver that charged me too much for my ticket. We got that all sorted out on the ferry. When we got on to the ferry, we had breakfast which was pretty good, albeit a tad overpriced. I had bacon, sausage, hashbrowns, waffles, and milk, mmmm.... breakfast of champions.... mmmm bacon.

The ferry arrived on the Vancouver side, and traffic was clogged up a bit. There was an accident on the highway very close to the ferries. We saw a truck tipped over on its side, with a bunch of its cargo spilled out onto the highway, and a Mazda minivan with its driver side completely gone. Apparently the minivan pulled a U-turn and hit the truck at highway speeds. The people involved in the accident had to be airlifted out of there. Traffic was reduced to one lane for each direction. Scary.

We arrived downtown via PCL on time, and we took a cab to the conference. We arrived twenty minutes before the thing started. We were greeted lines at the registration table because they didn't have a good system for checking people in.

(For those who don't know what open source software is, it is simply software that you are free to run, free to modify, and free to look at the source code to see how someone built the software. A more detailed explanation can be found at the Wikipedia. An example of open source software is the popular Firefox web browser.

Once we got in, Bruce Perens started with a keynote presentation. He talked about a variety of topics including software patents, proprietary software, some of his background, the open source movement, and current events in open source such as the Bitkeeper incident.

Mr.Perens told us an interesting story about the U.S. government fielding a study on open source software. Primarily, it wanted to know if the government should use such software. Apparently the study was headed by some former employee at Microsoft, who's very anti-open source software. The report recommended that the government should not use such software. However, the defence agencies such as the National Security Agency, Central Intelligence Agency, and the U.S. Military all had bright reports about how great open source software is, and how much they relied on it. They also said that if such software was banned, their ability to defend the nation would be greatly compromised. Interesting.

In either case, we had several other excellent speakers talk about securing web applications. They gave very down-to-earth, relevent, witty, smart presentations. I learned a few neat tricks and defences. A lot of the stuff I knew something about, but my understanding increased as they gave concrete examples of how hackers can attack, and how to defend against such an attack. There's a famous caveat about software security, "your application is only a secure as its weakest link." So, it's important that everyone programs as securely as possible.

We had a few breaks inbetween talks and a free lunch. I have to admit, this was one of the first times where I actually had to wait in line for the men's washroom. The demographics of such a conference is heavily heavily male (although, there were a handful of geek girls, nothing is hotter than a girl who can talk to you in binary, I almost dropped my retainer, and my glasses fogged up j/k ).

There was one speaker that wasn't very good. It seemed like he was completely unprepared for his presentation. At times he was fumbling between his laptop, and different programs he had open, and the crowd had to correct him on a few things. Other times, I asked myself, what is this guy trying to do, as I was completely lost. It made it even worst in that this presenter kept interrupting the next guy's presentation with trivial comments.

In either case, THE Bruce Perens sat infront of us for a few of the talks. I was literally inches away from him, and probably could have taken a hair sample if I wanted j/k.

The closing was amusing. They brought up all the speakers, and opened the floor up for questions. These two guys in the crowd that kept spouting out advertisements about their company, and how great and secure they were. Unfortunately, the guys were from Victoria. Anyways, they kept interrupting and answering questions that were directed at the panel at the front. At times, they were interrupting Bruce Perens as he talking. At one point, one of the panelists got mad and said, I ask you to refrain from talking about your company again until afterwards. That didn't really stop them. I was really tempted to issue a verbal beating on the rude guy with a zinger.

(Tangent: At conferences, they should have undercover security agents dressed in civilian clothes planted strategically into the crowd (kind of like an air marshal). They'd be trained in delivering crippling zingers against troubled guests. When one of the guests gets out of hand, the events coordinator should give the green light to the undercover agent, and authorize humilating force against the guest. Once the order is given, the undercover agent will give a one-liner zinger that will make the guest super embarassed, and the threat is supressed. I would happily volunteer for such a noble, thankless job.)

At the end, they drew a bunch of draw prizes. My boss and Myron both won, and they got a book written by Bruce Perens about open source security tools. The books were signed by Bruce Perens as well. My boss got to talk to him afterwards, and they briefly talked about our open source license, and we got to say that we were from the University of Victoria. My boss was able to give him a business card as well.

The conference ended at 6:30pm, and we headed to White Spot for dinner. The cab driver that took us there was absolutely insane, he cut off so many cars. Anyways, I had a delicious BC Chicken Burger and a blueberry milkshake. We finished at 7:40pm, and caught the PCL in time, and we headed back to Victoria. Again, this bus driver seemed kind of grumpy as well. It was unfortunate that the last ferry departed at 9:00pm, otherwise we probably would have stayed a bit longer in Vancouver, and it would have been less rushed.

In either case, the conference was well worth it. Our TODO list at work just got a bit bigger. It was also good that we got to plan some work related things while we were on the road. It was a long 17 hour day though, but apparently I get 2.5 vacation days for this. Yah! I'll just throw those vacation days onto the heap.

Again, sorry to my Vancouver friends, I couldn't visit. Oh, and Eton, hopefully your bachelor's party went well. Sorry I couldn't attend that too.

I'm totally pooped. Time for bed.

So today at work, we finally released a new version of our software, codenamed Branch 13. It is a culmination of four months of work done by five different developers. It contains massive changes as we cleaned up a lot of our code, patched up a lot of outstanding bugs, brought it up to the latest web standards, and completely replaced the database abstraction layer. I say more than half of the code in our program has been modified since the last version.

Myron unofficially called this branch the wild west because of all the changes that could potentially make the code very unpredictable and unstable. After testing this week, I'm surprised how stable it is, considering how much we modified.

In either case, this is our software's release candidate number one. We're looking at a public release at the end of the month, so it is going to get pretty busy, yet exciting. So, that somewhat explains why my blog updates have been slowing down a bit lately. I'll have longer articles after tomorrow when I finish up my school assignments.

This has been a major milestone in our project. I can't wait for the bug reports tomorrow morning .