Re: OpenSSH: What went wrong?

[Darren Reed <avalon@coombs.anu.edu.au>]

One last time...

In some mail from Theo de Raadt, sie said:
[...various personal things deleted...]

Theo, I try to leave working on things like VM, NFS, etc, to those who
like to concentrate on those things and who I would consider "expert"
on them.  I don't need to have a finger in every pie.

Oh, just to round it out, sometimes it is nice to hang out with people
"in the industry" and not talk shop and maybe just have fun for a while.

[...]
> Just look at any part of ipf for weak
> coding, and it stands out.  The userland commands especially show an
> utter lack of polish.

Do you mean the organisation or something else ?

In part, some of the problems are the price you pay for maintaining
some sort of backward compatibility.

Changing how the command line works (like recent pfctl changes) is
just not something I'd consider doing in a minor update.

[...]
> > I know my code in the past has been no better but I've set a
> > direction for at least myself to follow to ensure that isn't the
> > case for the future.
> 
> Your code is 15 year old crap, maintained in a minimalistic fashion,
> because you waste all your time on mailing lists trying to goad other
> people into doing less work, so that your ineffectually will not look
> as bad as it is.

If that is what you really think then you don't understand what I've
tried to say.

> You just say you're going to make it better.  We've given you a
> target: pf in -current is quite a bit faster than ipf in research done
> by two papers.  Where's the diffs to make ipf catch up?

I've read Daniel's paper, is there a URL for the other ?

I don't expect the code which they tested to be faster - I'd be very
surprised if it was!  But I know why it's slower, I can look at it and
say "here is why it is slower".  If ipf is already faster than pf for
doing some things, as shown by Daniel's paper, then I'm confident it
can get better.  The goal of ipf long ago was to make a complex collection
of things in a rule almost the same to evaluate as a simple collection.
The price to pay is it makes the fastest a bit slower.

[...]
> Where the diffs? Where the diffs? Where the diffs?

Is this all you care about - diffs ?

> Our gift culture works on an economy of source code changes.

Nice phrase.

> It does not operate on yelling and moaning and billegerant yammering
> from some inneffectual boy who does not fit into the community.

I'm not yelling or moaning and definately not trying to be billegerant.
Although maybe I am being the latter.  I'm just looking for answers to
some questions.

[...]
> >      Whilst I might not have time to contribute anything in terms
> > of auditting or writing code,
> 
> Again:  It is not the the lack of time -- it is your lack of skill.

Is it ?

[...]
> >      One thing I don't see in OpenSSH, which wasn't in OpenBSD either
> > for a long time, is the idea of "release branches".  I understand that
> > these can be a lot of work to maintain but maybe it is worth considering
> > so people can opt to use a version that ages only with patches rather
> > than new features as well.
> 
> Talk, talk, talk.

I'm surprised you didn't ask for diffs to make this happen too :)

Yes, it's just talk, but that's generally what people do when they
want to convey ideas/suggestions.

> > p.s. I'm not trying to tell you what to do, just offer you ideas on how
> > you might do things differently in the future which you are free to reject
> > ignore or take up.  I think I'll agree to disagree with you on how well
> > the current environment/mechanisms work.
> 
> I understand you very clearly Darren.  You are just sticking to your
> character of hate.

No, Theo, I'm not.
If I hated you I wouldn't even take the time to write this email.

I didn't write these emails out of hate/spite for you or anyone else.

I wrote them because I am looking for something I now realise I won't find.

Good day.