Tag Archives: development

The great web developer con

Another day, another dodgy web developer story. The premise:

We would like to offer you a website design for X amount. But to do so, we need to transfer your domain to us.

This tale is a pretty old one but it appears to be flourishing – the lure of a good once-off price for the design and what appears to be a reasonable monthly charge lead many to take up offers like these. But are these actually good offers? Let’s dissect this …

The web developer (let’s call them web devs from now on) is offering 2 products here:

  • website design
  • website hosting

The first is up to the client to determine whether they are getting reasonable value.

The 2nd is where we run into trouble, and for a number of reasons:

  1. web development is the core focus for web developers; web hosting is not
  2. many web development companies either subcontract the hosting to someone else or do it themselves with cheap shared hosting systems and then markup the cost to the client
  3. web devs are not skilled nor have experience with hosting – any issues and you are on your own
  4. run-of-the-mill web devs have little to no security skills
    • the platforms they use may be unsecured or have vulnerabilities
    • they do not offer an update service for your site or plugins
    • they do not scan your website for security issues
  5. web devs often have no care for email but will transfer your domain nonetheless leaving your email in limbo
  6. web devs do not understand site backup and recovery so if you have an issue with your site and need to restore it to a previous copy, you may be in trouble
  7. some web devs lock you into contracts – if you aren’t happy with their hosting, you just have to grin and bear it

Unfortunately, many clients don’t understand the relationship between web development and hosting, the 2 being very different things. They sound the same but have 2 very different skills requirements, with the latter skills requirement being something that web devs generally do not have.

As an example, if a web dev transfers your domain, they may not do the email hosting at all, or if they do, they may not migrate existing email from your old hosting provider. This leaves you managing, and paying for, 2 disparate systems.

Some web devs even go so far as to offer free web hosting. You get what your pay (or don’t pay) for.

The core premise of the requirement to transfer your domain is false. There is generally no specific requirement to move your domain – the web dev can design your website and place it with your existing hosting provider.

You then retain your website and email hosting as is, and save on hosting charges (as would have been paid to the web dev had you moved the domain).

Be careful and circumspect when approached by web devs who want to transfer your domain – it’s generally not required, you’ll likely get a poor and insecure service, and you’ll end up paying more.

Here follows some more reading on the subject:

2010 Date Programming snafus

Y2K was an interesting time with the prophets of doom out in full force. And yes while there were some issues, it wasn’t quite the end of the world as we knew it. 2010 however came up on us very quietly from a date problem p.o.v. but there have been some fairly major issues worldwide and not much has been heard about it.

There have been problems with Cisco CSM modules, Juniper’s router OS and Symantec’s End Point Protection.

Germany likely experienced the greatest date-related problem because software in a security microchip used in 30 million German bank cards was unable to recognize the date 2010.  Hmmm, I wouldn’t be happy if I couldn’t use my bank card …

In Australia, point-of-sales machines skipped ahead to 2016 rather than 2010 at midnight Dec. 31, rendering them unusable by retailers, some of whom reported thousands of dollars in lost sales.

Palm resolved a 2010 issue Jan. 1 when many of its users reported that their Palm Pre phones wouldn’t sync and their calendar applications wouldn’t work at all. Palm issued an OS version that fixes the problem.

Another wide ranging problem was a bug in one of the rules of the ubiquitous anti-spam solution SpamAssassin. A fix was quickly forthcoming and for those using sa_update, this would have been applied automatically. However, the daemon still needed to be restarted.

Also of concern to businesses, SAP found a 2010 issue with the date that is used to help identify individual spool requests. Left unpatched, SAP software enters the data 2100, which effectively leaves active all requests made since 2010 started.

Microsoft and its GPL Hyper-V drivers

Considering the lack of general attention this has received in the media, Nick asked me to blog on this topic and set a time-line. So here goes:

  • Microsoft first announced they were releasing the Hyper-V drivers as GPL code on the 20th of July 2009. Note this is an announcement and not the actual release. These drivers allow Linux guests running on top of Hyper-V to bypass emulation of I/O functions and talk to the hypervisor directly ( ie. paravirtualisation ), thereby increasing performance. There is some speculation that this move was as a result of possible GPL infringements in the LinuxIC code.
  • On the 5th of August, Thorsten Leemhuis from H-Online blogged that the LinuxIC drivers would be part of the upcoming 2.6.32 kernel release.
  • 10th Sept., the Hyper-V drivers are listed for inclusion in the kernel staging area. Greg Kroah-Hartman says that the staging area is not a dumping ground for dead code. “If no one steps up to maintain and work to get the code merged into the main portion of the kernel, the drivers will be removed”. A fly in the ointment for the Hyper-V drivers is that they may be removed in Linux 2.6.33, after a lack of response from the Microsoft developers concerning maintenance.
  • Microsoft responds to comments from Greg regarding the Hyper-V drivers, saying that work has not stopped on the drivers first released in July. Sam Ramji, Microsoft’s Open Source director, says that they are continuing to work hard on the drivers and that these are still scheduled for inclusion in the 2.6.32 kernel.
  • Thorsten blogs that the drivers are now part of the staging area as of 20th Sept. and that they are not likely to be removed as a result of Microsoft’s renewed vigour with regards to ongoing development of these.
  • The Hyper-V drivers remain in the staging area of 2.6.32 as of the 28th Sept. for further development.

Thunderbird 3 update

Thunderbird 3 is currently at b3 and even so is still in quite a state of flux if you read the development notes. There are a lot of changes from TB2 and quite a few differences in usage as well which may catch some out. This is a short article to mention some of these differences and indicate areas that are changing still. The input for this post is the MozillaZine ‘Thunderbird 3 – New features and Changes’ article.

  • one of the most contentious changes is the new message header pane ( removal of compact header view ) – the collapsible option has been removed and some are of the opinion that you lose too much space as a result. An extension has been developed to restore the old usage. Note that the CompactView extension ( now at 0.4.1 ) will not be updated if already installed, to a new version – you need to manually download and install the new version
  • there are now action buttons in the right corner of the header pane, these can also be had in the std toolbar below the menu
  • there is now a star next to each email address in the header pane, which is blank if the address is not in the address book, and yellow if in the address book; you can click the start to add the address ( if not there ) or edit it ( if there )
  • any of your identities included in to/from/cc headings are replace with ‘You’ – this is configurable
  • messages and folders can now be opened in tabs ala Firefox – there is some session restore capability allied to this although it’s not workin for me right now
  • there is automatic image resizing within the message pane and a zoom ability
  • there is now a disk cache which can cache any remote content including images, cert data and update files; also messages and attachments are cache for IMAP accounts
  • the attribution line in quotes now includes the data and time of original message
  • you can highlight a portion of text in a message, hit reply and only that portion will be quoted in the reply
  • inline attachments are not included in the quote when replying ( configurable )
  • messages are forwarded inline rather than as attachments
  • use shift-forward to forward a message as plain text ( rather than html )
  • sigs can be enabled or disabled for forwarding messages
  • there is now an option to send email/news messages in the background rather than interactively
  • a warning is activated if you have words in your email relating to attachments, and there is no attachment for this message; this list of words can be customised
  • TB3 now allows pasting of lossless png images from the clipboard into messages
  • there is now an archiving function ( this is a move function rather than a copy )
  • there is now a compact button available on the toolbar for compacting folders; note the auto function is still available per account
  • Smart Folders are available where the inbox of all accounts are merged
  • the Gloda indexing system is now available ( although disabled by default ) which indexes all mail/news contact across all folders/accounts
  • an Account auto-configuration option is now available, where TB will try to guess connection parameters based on the supplied account info
  • new IMAP accounts are set with offline folders enabled by default now!!! in addition, existing folders will quietly be set this way as well; all content is now sync’d in offline copies ( bandwidth issues? )
  • text or html sigs can now be had for accounts
  • the retention policy setting applies to both offline copies and remote IMAP folders!!! this pertains to POP messages too …
  • there is now an Activity Manager which tracks all activities in TB
  • passwords are stored in a different location to TB2 so there may be some work to do in terms of downgrading if you need to

So, all in all quite a lot of changes, and having used TB3 since b2, I can say that it’s in pretty good shape. Unfortunately there hasn’t been enough time to incorporate lightning but it’s still available as an extension.

Mono where art thow?

The debate surrounding Mono, the ‘open source implementation of .Net’, has been going on for some years now. And a very roudy debate it has become lately. Some history first.

Mono was originally conceived by Miguel de Icasa, now a Novell employee. Originally part of the Ximian project, it was later incorporated into Novell at a similar time to Novell’s first foray into Linux: the purchase of Suse. The current version of Mono, 2.4, provides API support for the .Net framework at the 2.0 version level, on a number of platforms including Linux and MacOS X. Also provided is Moonlight, the ‘open source’ version of Silverlight, Microsoft’s Adobe Flash equivalent.

You’ll notice that I have open source in parenthesis above – this is one of the prime issues surrounding Mono. Mono’s implementation of the .Net stack has not been submitted to any standards body, including ECMA, for standardisation. Therefore whatever functions are used within the Mono stack could be the object of patent violations. Considering that Microsoft ( or Novell for that matter ) have never hinted at what parts of Mono might be Microsoft-derived areas, a user of Mono is not sure from a technical point of view ( even though the code is available for inspection ) whether there is infringement. This lack of clarity leads me to speculate whether this project is in the spirit of FOSS.

You may of course know that Microsoft and Novell have had dealings and agreements for a number of years already, most recently the Microsoft purchase of some hundreds of millions of Dollars of Suse licenses in a cross-licensing deal. This may simply be a matter of interoperability as has been bandied about by both parties; however, some see it as a Microsoft ploy to infiltrate both its software products and methods into the open source arena, using one of the main Linux vendors. Considering Microsoft’s  continued abuse of standards organisations, FUD campaigns against open source and its general lack of scruples, there is a certain amount of weight to this argument. The EU Commission’s recent fines and continued investigations into Microsoft operations lends further credence.

You can apparently obtain a “royalty-free, reasonable and non-discriminatory” license from Microsoft regarding the patents surrounding Mono. This mere fact would seem to indicate that Microsoft believes that Mono contains Microsoft-derived code. ITwire recently tried to obtain such a license but that appeared to be next to impossible. Question: does this license really exist or is it just available on Microsoft’s say-so?

As mentioned, this is just a bit of history. The crux of this article is a recent upwelling in support for Mono being part of Linux distributions in general. That support coming from areas that would appear to be either Microsoft-influenced or just plain out of place. Jo Shields, the Mono packager for the Debian and Ubuntu projects, recently commented in a LinuxToday guest post:

Many of those who advertise themselves as anti-Mono are, quite frankly, frightening. Calling for the deaths of Microsoft employees (see comments on Boycott Novell)

For those unaware, the Boycott Novell site has been a vocal opposition to Novell, and its interaction with Microsoft. But never has there ever been any comments to the affect of the above statement from Jo Shields. This is an outright lie and certainly not becoming of someone leading a major packaging effort.

Jo indicates “the fact that statements have been made in public supporting the idea of royalty-free licensing essentially reduces the financial impact of such infringement to zero” – so are we to believe that Microsoft will not sue people simply because it has said so? Wow, let’s not sign a legal agreement ever again!

Jo goes further on the offensive in saying “trying to have people who make positive comments about Mono fired (see recent comments on Ubuntu mailing lists)…”

Any comments on the Ubuntu mailing list were not affiliated to Boycott Novell in any way. Shields ended his rant on the B.N site with the following:

Know what? Fuck it, and fuck you. I’m done. My contempt for the human filth you are has reached levels hitherto unknown.

Sounds more like a spoilt brat to me than someone who should be in charge of Mono packaging. de Icasa must be proud of his cohorts … So why is Jo Shields vilifying Boycott Novell for no sound reason?

Another comment on B.N.:

Good for you Roy for doing a great job at trying to debate a serious topic that affects all foss users even though throughout some people were trying to distract with colorful adjectives, though to their dismay making it more than clear than ever, that their goal wasn’t serious debate between respected peers, but serious insults and attacks meant to be divisive.

This brings to the fore the difference in those who would push agendas and those who have the tenets of FOSS in mind.

My thoughts on the matter: Mono is not required on FOSS platforms. FOSS already has the richest development environment available with many solid programming standards, IDE’s and  applications. Why port .Net apps to Linux ( for example ) when most of these apps already exist on Linux in a non-patent polluted superior form?

I’m not saying there isn’t a place for Mono – but don’t force it down everyone’s throat. Provide a clean patent-free Linux distro and then leave it up to the users to decide on what extras they want. Most Linux distro’s make it easy to download additional apps after the installation phase so difficulty of installation can’t be used in mitigation of including Mono in the base distro.

The Fedora project  has removed Mono from its most recent version, and Red Hat removed it some years ago already. That just leaves Debian and Ubuntu as maintream Linux’s that are shipping or may ship with Mono. It will be interesting to see any change in direction from these 2 projects as a result of Jo Shield’s outburst.

For further reading, here is Stefano Forenza’s take on Shield’s tirade …

Code/Software quality

Code quality and quality of software development/applications has always been a hot topic. The problem in the commercial world is that because code is closed source, you as a customer of a commercial software vendor, have no idea what the quality is of that application because you have no access to the code. Code could be of the highest quality or the poorest, suffering from bugs and security issues unknown to you.

On the other side of the coin, Microsoft and others would have you believe that FOSS software ( because of it’s openness ) is vulnerable to back doors and like – but I’m sure you’ve seen through that argument immediately. If there was a problem in the code, the very fact that it is open allows many to check it for issues like those MS have indicated.

Coverity is a commercial software developer who happens to create tools to check the quality of software code – and have developed a strong relationship with the FOSS community, having done code checks on a number of FOSS projects including the Linux kernel. The reports have been very favorable towards the quality of FOSS software, which in contrast to commercial software, has some of the lowest bug counts of any applications available. In addition, FOSS software appears to have bugs/security issues fixed at a much high rate, and sooner, than commercial software. The FOSS community development model has proven itself over and over, and is likely to be the dominant model going forward for the foreseeable future.

But where is this all going? Well I’m setting the scene for some startling information to come out of a court case in the US – State vs Chun. Draeger make a product called the DRAEGER ALCOTEST 7110 MKIII-C – an alcohol breath tester used in the States. As part of the court case, the judge allowed the state’s request to have the code from the breathalyser tested by an independent code tester, Base One Tech ( similar to Coverity ). What Base One found was pretty interesting:

Despite Draeger’s protestations that the code was proprietary, Base One found that the code consists mostly of general algorithms arranged in a manner to implement the breath testing sequence. “That is, the code is not really unique or proprietary.” Draeger reviewed the code, as well, through its software house, SysTest Labs, which agreed with Base One, that the patchwork code that makes up the 7110 is not written well, nor is it written to any defined coding standard. Base One, however, did an extensive evaluation, finding 19,400 potential errors in the code!

The final outcome was that the unit should be suspended from use until such time as it could be coded against an acceptable set of software development standards.

“An incorrect breath test could lead to accidents and possible loss of life, because the device might not detect a person who is under the influence, and that person would be allowed to drive. The possibility also exists that a person not under the influence could be wrongly accused and/or convicted.”

Scary that we are at the mercy of commercial vendors like Draeger, the results of which can lead to loss of life and incorrect incarceration. Moral? Commercial vendors should open their code and stand up to public security. That is the only way we can be certain their code has our best interest in mind.

Mono, Suse and Microsoft – problems all around

Microsoft’s recent patent suit against a prominent printer manufacturer ( that happens to use open source software in some of its products ) has raised more than a few eyebrows. This is the first execution of Microsoft’s threat against FOSS since its announcement over a year ago, when it indicated that FOSS was in violation of a number of patents.  This particular lawsuit is aimed at the use Microsoft’s FAT patent.  Consideration the proliferation of FAT support amongst pretty much every area of computing, this is going to be a very interesting court drama.

This is proof that interacting with Microsoft in a FOSS sense can get you in trouble. And a good reason to stay away from Microsoft-backed software such as Mono and Moonlight. Novell’s increasing involvement with Microsoft and it’s software stack is resulting in layoffs of pure FOSS staff ( including some on the OpenSuse project ) at Novell yet an increasing reliance on MS-orientated staff. This shows Novell’s obvious direction in terms of it’s software stack and technologies. Add to this Novell’s reliance on Microsoft investment and it’s own financial woes, and you start getting the picture.

Most Linux distributions these days do not ship any Microsoft-inspired software although OpenSuse with its Mono stack and Mono-tied Evolution is the exception. And perhaps this could cause a number of people ( both developers and users ) to back away from the distribution. So the choice is yours: involve yourself with Microsoft/Novell and be in the limelight or quietly go on about your work with distributions that have no ties to Microsoft.

Software design strategies

Open Source and its community-based development model is starting to give some in the commercial world a bit of a headache. You’ll remember that I’ve blogged about the fact that I think all software development will go the OS-type way in future and it seems this is happening already. We’ve already seen behemoths like Microsoft change their documentation and community practices based on this ( Microsoft now has quite a few projects on software forges like Sourceforge ).

Note that I’m not indicating that products will all be free in terms of cost some day. There’s a big difference in the development model of software and whether it has a cost attached or not. Ultimately though, the OS nature of things will permeate the way software is sold. Red hat, for example, is doing very good commercial business ( against industry heavyweights like BEA, Orcale and others ) as a result of its purchase of JBoss, all of which is based on an Open Source dev model. Yes, the basic software is ‘free’, and by the way, if you need professional support, we’ve got this contract that will put you in touch with support, systems design and implementation. Around the clock. Anywhere in the world.

Many have complained specifically about how OS spans the divide between free and commercial software. I believe the model works by providing ‘free’ ( as in cost ) products to all with professional services waiting in the wings if you need it. Both OpenSuse and Fedora are reasonable examples of this methodology. They may not be perfect but for most of us, they provide an OS, Application and development platform, while providing enterprise level software in the form of products like RHEL, SLES and JBoss. Everyone wins.