itamar is currently certified at Master level.

Name: Itamar Shtull-Trauring
Member since: 2000-05-29 11:19:03
Last Login: N/A

FOAF RDF Share This

Homepage: http://itamarst.org

Notes:

See my software page for details, but high points are Python, Twisted and Zope.

Projects

Articles Posted by itamar

Recent blog entries by itamar

Syndication: RSS 2.0

Occassionally people will ask Twisted developers why we have a custom serialization format for our remote object protocol, instead of using Python's standard pickle format. Besides interoperability with other languages (e.g. Java), the main reason is security. Unpickling strings from untrusted sources is totally and utterly insecure.

For example, a pickle JP Calderone provided, which runs "touch blah" when unpickled:

>>> import pickle
>>> pickle.loads('c__builtin__\neval\np0\n(S"__import__(\'os\').system(\'touch blah\')"\np1\ntp2\nRp3\n.')
0
>>>
itamar@sheriffpony:~$ ls -l blah
-rw-r--r--    1 itamar   itamar          0 2004-04-09 14:02 blah
Why I lost a job to Open Source software

In the past few months I've been looking for a job, sending out resumes, asking friends if they know of anything. Two weeks ago I got my first job offer, from a company that develops software targeted at a specific vertical business market involving quite a bit of network programming. The work sounded like fun, it was in New York City so I wouldn't have to move across the country and so I accepted. They sent me their intellectual property agreement, and invited me (after I signed, of course) to a company meeting that Friday.

This is where the trouble began. The clause that caused me problems went something like this:

"I agree that I... hereby assign to the Company... any and all inventions... which relate in any way to the actual or anticipated business, research, developments or products of the Company."

Now, I fully support the right of the company to protect its proprietary knowledge, and I would never work on something that would compete with my employer's business. However, the language employed by the agreement above meant I could not really work on Twisted, of which I am one of the core developers. Since Twisted is a networking framework, and networking being "related in some way" to the company's business, the company would own the copyright and I would be unable to contribute to the project.

I thus asked for an exemption, either for any open source projects I wished to work on, or alternatively for a mutually agreed upon list of projects. Since other clauses in the agreement would have given them legal protection if I did something competing or conflicting (not that I would), I felt the company's rights would still be protected.

To some degree the company had no problems with my doing open source development. They use some open source software internally, and will feed patches back to the developers. They did however have a problem with my working on anything that relates to what their software does, the broad interpretation of the agreement. They felt that any skills, knowledge or techniques I learned from working on the company's software might leak into Twisted, thus allowing potential competition to have a head start developing competing software.

From my perspective, I felt that their fears were overstated, since Twisted is much lower-level than their business-specific application, apparently much slower and an already existing general networking platform. The company's product has been in development for four years, by some very smart people. Twisted would only save a small amount of the work necessary to get anywhere near what they have built. Additionally, the reason they wanted to hire me in the first place was due to the experience I had gained working on Twisted (network programming, framework design, protocol design). I believed the ongoing growth in skills I would gain by continuing to work on Twisted would far outweigh any theoretical gain some competing company would get from my Twisted development work. I know of no company using Twisted that is in the same business.

We negotiated back and forth about what pieces of Twisted I might work on, an argument between my emotional investment in code I've written and fear of losing it and their emotional investment in their code and their fear of losing it. Eventually they got back to me with an offer: stop working on Twisted completely, in return for a %20 raise in salary from their initial offer.

Which I then refused. I work on open source software because it allows me to create software I will always be able to use, not leave behind when I switch jobs. Because other people can use it, like it, and occasionally even tell me that. I've learned most of my programming skills from working on Twisted, from working with some of the smartest people I know and getting bug reports, complaints, suggestions and use cases from all of our users.

Certainly I would put my job first, and I would not let my open source development get in the way of my doing my job well. Nor would I work on software that competes with my employer's business. But I am not willing to have my employer determine what I do in my free time.

I'm still looking for a job. Anyone, ideally in NYC or Boston, want to hire me?

12 Jan 2004 (updated 12 Jan 2004 at 16:40 UTC) »

Further progress on the Java front. Kaffe OpenVM 1.1.3 now runs all tests (which includes being able to run Jython) for my remote object protocol library TwistedJava . Kinda slow since there is no PowerPC JIT, but I suspect that has to do with the startup process and Jython's importing system, the actual tests are pretty speedy.

Hm, maybe I should rephrase. I didn't make any changes to my code, rather Kaffe has been improving. So now there are two open source Java implementations that are good enough to run my code, which was written for the standard Sun JDK.

IBM seems to finally have a 1.4 JDK for Linux PPC, currently the only full 1.4 JDK/JRE available for PPC. While I dislike using proprietary software, I want to try running Freemind, a free software outliner.

Writing free software for proprietary platforms like Java (unless you make sure to test with gcj or kaffe), and even more so Mac OS X or Windows, is a far cry from writing for free platforms. It will often end up forcing your end users to use proprietary systems so they can run your software, and the underlying APIs you use are not under your control (and may be removed or canceled) until an open source reimplementation comes along.

The history of mTropolis, a multimedia system that competed with Director, is instructive (copied from here):

Originally a private company, mFactory, the creators of mTropolis, were bought by Quark, makers of Quark Xpress. Not long after Quark bought mTropolis, and only weeks before version 2 was due out Quark announced that they were killing mTropolis. Due to a Herculean effort by an extremely dedicated product manager version 2 was eventually released. Currently mTropolis is still used by several hundred die-hards and its capabilities have been increased by the development of third party mods. Unfortunately, mTropolis remains in limbo to this day.

What this doesn't mention is that a group of users tried to buy mTropolis from Quark, and Quark refused to sell it.

There a number of ways to deal with this:

  • For Java/C#, test and make sure your code runs on free platforms (kaffe, gcj, mono).
  • Use a cross-platform open source platform (e.g. Python) or write portable C or C++, implement a portable backend, and write OS specific bindings integrating with each OS. Abiword and Mozilla are good examples of this.
  • Only use libraries that run on multiple OSes (e.g. GTK2, which runs on Windows and X11).

Of course, for platform-specific coding you're pretty much stuck if the platform is proprietary.

14 Dec 2003 (updated 12 Jan 2004 at 16:39 UTC) »

Hooray! For the first time ever, my Java open source project (remote object protocol compatible with Twisted's) runs, or at least passes tests, on a totally free platform, gcj 3.3.3 pre0 in Debian.

Also playing with making native jython:

gcj -lreadline -fjni --main=org.python.util.jython /usr/share/java/servlet-2.2.jar \
    /usr/share/java/libreadline-java.jar /usr/share/java/jython.jar -o jython

seemed to do the trick on Debian. Testing it with -O2 and -maltivec to see if it's any faster.

24 older entries...

 

itamar certified others as follows:

  • itamar certified ping as Journeyer
  • itamar certified MJ as Journeyer
  • itamar certified faassen as Journeyer
  • itamar certified shalabh as Journeyer
  • itamar certified itamar as Journeyer
  • itamar certified moshez as Master
  • itamar certified Shenka as Apprentice
  • itamar certified butchland as Journeyer
  • itamar certified ppetru as Journeyer
  • itamar certified ChrisMcDonough as Journeyer
  • itamar certified hathawsh as Master
  • itamar certified stevea as Journeyer
  • itamar certified hugues as Journeyer
  • itamar certified michel as Journeyer
  • itamar certified chalst as Apprentice
  • itamar certified robla as Apprentice
  • itamar certified eli7 as Journeyer
  • itamar certified mbp as Master
  • itamar certified spiv as Journeyer
  • itamar certified glyph as Master
  • itamar certified jml as Journeyer
  • itamar certified z3p as Journeyer
  • itamar certified carmstro as Journeyer
  • itamar certified washort as Journeyer
  • itamar certified Artimage as Journeyer
  • itamar certified sjogren as Journeyer
  • itamar certified calderone as Journeyer
  • itamar certified etrepum as Journeyer
  • itamar certified xxant as Journeyer

Others have certified itamar as follows:

  • itamar certified itamar as Journeyer
  • MJ certified itamar as Journeyer
  • Wheat certified itamar as Journeyer
  • faassen certified itamar as Journeyer
  • moshez certified itamar as Journeyer
  • Shenka certified itamar as Journeyer
  • butchland certified itamar as Journeyer
  • nixnut certified itamar as Journeyer
  • hathawsh certified itamar as Master
  • michel certified itamar as Master
  • phill certified itamar as Journeyer
  • dneighbors certified itamar as Journeyer
  • shalabh certified itamar as Master
  • jao certified itamar as Journeyer
  • Omnifarious certified itamar as Journeyer
  • eli7 certified itamar as Journeyer
  • robla certified itamar as Journeyer
  • ChrisMcDonough certified itamar as Journeyer
  • glyph certified itamar as Journeyer
  • grant certified itamar as Journeyer
  • mulix certified itamar as Journeyer
  • lior certified itamar as Journeyer
  • ghaering certified itamar as Journeyer
  • stevea certified itamar as Journeyer
  • mwh certified itamar as Master
  • spiv certified itamar as Journeyer
  • 4am certified itamar as Journeyer
  • efge certified itamar as Journeyer
  • lalo certified itamar as Journeyer
  • lsdrocha certified itamar as Master
  • thayer certified itamar as Journeyer
  • z3p certified itamar as Master
  • aaronsw certified itamar as Apprentice
  • jhermann certified itamar as Journeyer
  • splork certified itamar as Master
  • fxn certified itamar as Journeyer
  • Artimage certified itamar as Journeyer
  • calderone certified itamar as Journeyer
  • rjones certified itamar as Journeyer
  • nbm certified itamar as Journeyer
  • kilmo certified itamar as Journeyer
  • shapr certified itamar as Journeyer
  • gt3 certified itamar as Master
  • alexm certified itamar as Journeyer
  • oubiwann certified itamar as Master
  • vasudevram certified itamar as Master
  • sqlguru certified itamar as Master
  • jnewbigin certified itamar as Master
  • Nafai77 certified itamar as Journeyer
  • gmoore certified itamar as Master

[ Certification disabled because you're not logged in. ]

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page