Hi,
Here's the summary of the previous IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-devel on irc.freenode.net
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thursday 29th Nov 2012
Time: 18:00 UTC
Planned meeting topics for this meeting were on this page:
<https://community.openvpn.net/openvpn/wiki/Topics-2012-11-29>
Next meeting will be announced in advance, but will probably be on the same
weekday and at the same time. Your local meeting time is easy to check
from services such as
<http://www.timeanddate.com/worldclock>
or with
$ date -u
SUMMARY
cron2, dazo, ecrist, krzee, jamesyonan, mattock, novaflash, plaisthos,
raidz and swg0101 participated in this meeting.
--
Started the meeting with short round of introductions. Some were not
formally introduced, but are included here. On the community side:
- cron2: The OpenVPN IPv6+BSD+Solaris developer, buildbot farmer (Germany)
- dazo: master of plugins and git, does patch management, cleanups and
lots of other good work (Norway)
- d12fk: develops the new openvpn-gui for Windows (Germany)
- ecrist: takes care of forums, easy-rsa maintenance, #openvpn channel,
etc. (Unites States)
- krzee: takes care of the forums and IRC with ecrist; a mystical figure
(somewhere in the Caribbean)
- plaisthos: did the Android port; in charge of overhauling the socket.c
code (Germany)
On the company side:
- jamesyonan: Father of OpenVPN (United States/Colorado)
- mattock: Community manager, server administrator, does OSS releases,
testing, etc. (Finland)
- novaflash: Support technician (Netherlands)
- raidz: Support engineer, network engineer, and janitor (United
States/California)
- swg0101: Support and development (United States)
A few non-participants were also mentioned:
- andj: Added polarssl support to openvpn and is maintaining that part
(Netherlands)
- juanjo: The other IPv6 guy who we seldom see (from where?)
---
Jamesyonan gave a short introduction of the new C++ codebase:
- about 30K lines of C++ code
- an object-oriented rethinking of openvpn from the ground up
- design similar to original OpenVPN 3.0:
<http://community.openvpn.net/openvpn/wiki/RoadMap>
- is very modular in the sense that SSL/crypto libraries, transport
protocols, etc. can be modularized
- fairly prototypical/incomplete at this stage; only the client-side has
been implemented
- has been tested against Access Server (based on OpenVPN 2.1.x) and
OpenVPN 2.3* servers
- is 100% protocol compatible with 2.x branches
- has most 2.x's options
- is being used in the OpenVPN tech android client and the upcoming iOS
client
- may (at some point) supplant the 2.x branch, but that'll probably take
at least 1-2 years
Some more technical tidbits:
- core leverages on Boost Asio as it's async i/o layer
- C++ is really ready for prime time in system programming / networking
space
- C++ 2003 that's used seems to work very well on different compilers
- C++ static polymorphism (templates) is great for network programming
where we have small objects that have polymorphic properties, such as
IPv4 vs IPv6 addresses
---
Discussed open sourcing the C++ codebase:
According to jamesyonan, the plan is to release this probably under GPL
within the next couple months, but the company needs the ability to
relicense the C++ core because of (Apple) app store issues. It was
agreed that having OpenVPN on that platform is a must. To accomplish
this, relicensing the codebase is necessary. The consensus was that this
can be done in a way that's acceptable to all parties, without resorting
to the classic "copyright handover" scheme, which was not ok for everyone.
The alternative would be to release the C++ codebase under a permissive
license (e.g. BSD), but that would allow companies such as Apple or
Microsoft to "steal" it. This was not seen as a good option, either.
---
Discussed the role of OpenVPN 2.3 within the company:
The company is planning to migrate the Access Server to OpenVPN 2.3*.
Before the meeting mattock had already managed to get the Access Server
running with OpenVPN-2.3-rc1 in a few hours, with only few minor
modifications. Tests run by raidz during the meeting revealed no further
issues. More details will follow later.
---
Discussed having a joint company/community meeting in FOSDEM
(https://fosdem.org/2013). Most of the present developers seem to be
coming, but nobody has dared book the flights or hotel yet.
---
Decided to arrange a second meeting next Thursday at the same time. The
meeting will focus on helping James move to 2.3 and Git (from 2.1.x and
SVN).
---
Full chatlog as an attachment
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
mattock_ 20.14.15
ah, finally
damn empathy 20.14.17
it disconnected without saying anything 20.14.33
everyone set? 20.14.46
dazo 20.14.49
heh ... been talking for your self?
mattock_ 20.14.51
yeah
krzee 20.14.52
*is here from work, so in and out depending on how busy it is*
mattock_ 20.14.53
ecrist 20.15.13
*too*
dazo 20.15.30
d12fk might appear as well, but I don't think we should wait for him now ...
we're 15 min past already
mattock_ 20.15.34
ok, so here are today's topics:
https://community.openvpn.net/openvpn/wiki/Topics-2012-11-29
vpnHelper 20.15.35
Title: Topics-2012-11-29 – OpenVPN Community (at community.openvpn.net)
dazo 20.15.50
everyone from the company present?
novaflash 20.16.05
i am present
raidz 20.16.10
here
novaflash 20.16.13
james appears to be present as well, and raidz as well
raidz 20.16.16
jamesyonan
cron2 20.16.23
/whois novaflash?
novaflash 20.16.30
an idiot
i mean.. err.. 20.16.32
raidz 20.16.37
introduce yourself johan
novaflash 20.16.38
one of the support techs at openvpn technologies
cron2 20.16.51
(sorry if I missed the introduction, I'm not always paying close attention)
novaflash 20.17.00
that's okay i don't think i ever did introduce myself here
i just sort of sidled in 20.17.07
sneakily 20.17.11
cron2 20.17.18
now done - welcome to the secret society
novaflash 20.17.31
*does secret handshake*
mattock_ 20.17.59
novaflash: btw. where do you live? besides the IRC channel, that is...
novaflash 20.18.08
i'm in the netherlands
mattock_ 20.18.20
yeah, I thought so
cron2 20.18.35
fun. So how big is OpenVPN tech?
novaflash 20.18.41
so i usually am the one answering tickets and questions in #openvpn-as while
raidz and co and dreaming of unicorns and fairies
raidz 20.18.59
there are about 7 of us cron2
novaflash 20.19.01
7 billion people working in the company at the moment!
raidz 20.19.04
we are a small bunch
cron2 20.19.46
I assumed so, but sometimes you guess wrong, and that sounded like "having
support force round the world, in all time zones!!"
dazo 20.19.54
So, raidz, novaflash, jamesyonan and mattock_ are the company guys here now,
right?
raidz 20.19.58
hahaha
novaflash 20.20.12
*checks list of nicks in the channel*
yes. 20.20.14
i think so 20.20.31
raidz 20.20.39
correct dazo
mattock_ 20.20.40
raidz: have you ever formally introduced yourself?
novaflash 20.20.56
introduce yourself raidz
raidz 20.20.58
I have a feeling people recognize me, but in case you don't:
cron2 20.21.02
I think he has
he's the one breaking stuff @ company all day 20.21.15
raidz 20.21.17
I am OpenVPN's support engineer, network engineer, and janitor
cron2 20.21.23
what I said
raidz 20.21.29
We wear a lot of hats around here
exactly cron2! 20.21.38
novaflash 20.21.51
raidz is selling himself short, he's also a ladies man - with a girl on each
finger
raidz 20.22.03
not anymore! Just 1 now!
mattock_ 20.22.13
shall I give a "flash introduction" of the community guys?
novaflash 20.22.14
oh what a tragic accident, just one finger?
dazo 20.22.23
mattock_: makes sense
mattock_ 20.22.30
ok
raidz 20.22.31
mattock_: I think I know most of the people in here, but I think it would be
nice
in case any of us don't 20.22.39
cron2 20.22.50
+1
mattock_ 20.23.20
andj added polarssl support to openvpn and is maintaining that part... lives in
Netherlands
krzee 20.23.28
are the corp guys here? (besides james / mattock)
mattock_ 20.23.41
cron2 is one of the IPv6 guys, from Germany
cron2 20.23.44
*points krzee at "20 lines up"*
novaflash 20.23.45
krzee: james, mattock, me, raidz.
krzee 20.23.57
oh whoa, i didnt know you were corp
mattock_ 20.23.59
then there's the other IPv6 guy who we don't see much (juanjo)
novaflash 20.24.09
krzee: surprise
raidz 20.24.12
krzee: we are pretty much it, I am not sure if Francis will make it or not, I
don't think he knows how to use IRC
20.24.18
cron2 20.24.21
*g*
mattock_ 20.24.22
d12fk: is developing the new openvpn-gui for Windows and is also from Germany
krzee 20.24.27
heh
novaflash 20.24.31
good, keep it that way, because i say way too many crazy shit on IRC
mattock_ 20.24.47
ecrist is taking care of forums, easy-rsa maintenance, #openvpn channel, etc.
and is from the States
raidz 20.24.49
I thought cron2 was the ipv6 guy mattock_
mattock_ 20.25.00
ender can introduce himself
raidz: he's one of them, the active one 20.25.07
novaflash 20.25.08
raidz: that's what he said
cron2 20.25.16
raidz: I did "IPv6 payload", juanjo did "IPv6 transport"
novaflash 20.25.22
ahh.
mattock_ 20.25.24
keitsi can also introduce himself
plaisthos 20.25.28
sup
cron2 20.25.29
both together form "IPv6 support"
keitsi? 20.25.35
mattock_ 20.25.48
krzee is also working on forums and IRC like krzee, and I believe he's
currently somewhere in the Caribbean
raidz 20.25.48
ahh
plaisthos 20.25.54
I managed to get here a bit earlier (reading backlog now)
cron2 20.26.10
and plaisthos is the community janitor
mattock_ 20.26.27
plaisthos has done the Android port of OpenVPN and has been pretty active here
that's it I guess 20.26.32
cron2 20.26.34
cleaning up some damp and smelly stuff inside socket.c
krzee 20.26.49
<-- pirate of the caribbean ;]
raidz 20.26.56
Nice to re-meet/meet you all!
mattock_ 20.27.04
plaisthos: +5 for cleaning up the scary parts
cron2 20.27.05
and dazo is the master of plugins and git
novaflash 20.27.17
plaisthos is arne schwabe?
mattock_ 20.27.19
ah yes, did I somehow manage to skip dazo
? 20.27.24
cron2 20.27.25
easy to overlook
mattock_ 20.27.29
uh
cron2 20.27.32
novaflash: yes
novaflash 20.27.36
gotcha
plaisthos 20.27.37
novaflash: yes
novaflash 20.27.40
gotcha
mattock_ 20.27.41
also from Germany?
dazo 20.27.42
I'd like to add that plaisthos is also in charge of overhauling the often
feared socket.c code
raidz 20.27.42
how did you manage to skip dazo?!
krzee 20.27.50
+5 more for how awesome plaisthos's android client is
dazo 20.27.59
*considers to get grumpy on mattock_ *
cron2 20.28.05
raidz: he's hardly saying anything on IRC these days, so we tend to forget him
raidz 20.28.11
ouch
mattock_ 20.28.14
so, dazo is taking care of patch management, cleaning up the codebase and in
general doing lots of good work
from Norway 20.28.18
cron2 20.28.21
or maybe mattock's IRC client is just ignoring dazo
novaflash 20.28.37
poor dazo
dazo 20.28.42
heh ... too much noise from me
krzee 20.28.43
from norway by way of .cz
20.28.46
L'utente swg0101 è entrato nella stanza 20.28.51
novaflash 20.28.56
i hope some of openvpn's donations go to dazo's mental healthcare. those pills
can't be cheap.
plaisthos 20.28.58
*is from germany*
novaflash 20.28.59
oh hello swg0101
raidz 20.29.01
oh, here is one more company guy: swg0101
swg0101 20.29.05
hey...
mattock_ 20.29.07
hi swg0101
swg0101 20.29.15
everyone is coughing here so I stepped away for a bit
now hopefully I don't get sick 20.29.34
mattock_ 20.29.44
swg0101: you're from somewhere near San Francisco?
Bay area 20.29.48
swg0101 20.29.52
in Davis
cron2 20.29.54
swg0101: so what are you doing?
novaflash 20.30.02
yes and he's got brains the size of my balls. wait that didn't come out quite
right...
swg0101 20.30.05
I am doing cronjobs... haha, jk
cron2 20.30.25
*has the feeling that "cronjobs" means work*
novaflash 20.30.33
he's in support and development - he figures out the really gritty problems
some of our clients have and proposes fixes
krzee 20.30.40
swg0101, im from the bay originally
swg0101 20.30.48
yes, krzee is krzee
mattock_ 20.30.56
krzee has no real name afaik
he's just krzee 20.31.00
swg0101 20.31.08
you are krzee
krzee 20.31.10
this is true, krzee is my name
mattock_ 20.31.13
I don't think he has an email address, either
20.31.18
novaflash 20.31.18
you're all a little krzee
mattock_ 20.31.31
mkay, are we done with introductions?
krzee 20.31.34
the publishing company of JJK's book didnt like that i have no real name lol
swg0101 20.31.35
so what are we talking about?
mattock_ 20.31.42
swg0101: https://community.openvpn.net/openvpn/wiki/Topics-2012-11-29
vpnHelper 20.31.43
Title: Topics-2012-11-29 – OpenVPN Community (at community.openvpn.net)
novaflash 20.31.44
the topics are here
https://community.openvpn.net/openvpn/wiki/Topics-2012-11-29 20.31.45
swg0101 20.32.03
fun stuff
novaflash 20.32.12
i am seeing openvpn c++ here, i think it that's different from what openvpn has
been up till now?
i assume it was python before and now c++ ? 20.32.23
mattock_ 20.32.30
james could probably start by explaining what the C++ thingy is, and what
should we do about it
jamesyonan: shall you do the honors? 20.32.58
jamesyonan 20.33.12
yes, basically I've been working for a while on a new openvpn core that might
(at some point) supplant the 2.x branch
it's fairly prototypical at this stage 20.33.27
it's ~ 30K lines of C++ code 20.33.42
swg0101 20.33.53
jamesyonan: is that the core that you are working on that allows for different
transport protocols on top of OpenVPN?
jamesyonan 20.34.07
yes, among other things
swg0101 20.34.12
very interesting
jamesyonan 20.34.49
it is very modular in the sense that SSL/crypto libraries, transport protocols,
etc. can be modularized
krzee 20.34.55
is it being built with the 3.0 roadmap in mind?
sounds like a yes ^ 20.35.00
jamesyonan 20.35.17
basically yes, but it's still incomplete at this point
right now it's just a client 20.35.27
krzee 20.35.48
(for anyone not familiar, http://community.openvpn.net/openvpn/wiki/RoadMap )
vpnHelper 20.35.51
Title: RoadMap – OpenVPN Community (at community.openvpn.net)
jamesyonan 20.35.53
it's being used in the OpenVPN tech android client and the upcoming iOS client
novaflash 20.36.20
neat.
cron2 20.36.30
hah, he said the word
raidz 20.36.41
novaflash 20.36.57
supercallifragilisticexpialidocious then
krzee 20.37.18
hows it licensed?
jamesyonan 20.37.58
the plan is to release this probably under GPL within the next couple months
mattock_ 20.38.31
jamesyonan: I would suggest "in FOSDEM"
novaflash 20.38.45
i am not familiar with fosdem?
mattock_ 20.39.07
you could give an introduction of it there
cron2 20.39.10
that's an open source conference in brussels, early february
dazo 20.39.11
novaflash: http://fosdem.org/2012/
plaisthos 20.39.15
jamesyonan: with a contributer agreement? So you can merge changes to iOS and
the android client base?
mattock_ 20.39.16
https://fosdem.org/2013/
vpnHelper 20.39.19
Title: fosdem.org (at fosdem.org)
Title: FOSDEM 2013 - Home (at fosdem.org) 20.39.21
jamesyonan 20.39.25
but bear in mind that this is a new code base, and is still far from being a
drop-in replacement for 2.x
novaflash 20.40.19
so, FOSDEM is an event, not a license type?
mattock_ 20.40.24
yeah
krzee 20.40.25
novaflash, correct
novaflash 20.40.28
righto
when i went to the frontpage i saw beer mentioned 20.40.41
so they've got me sold 20.40.44
cron2 20.41.03
.nl->brussels is a nice train trip, andj and jjk did this last year
novaflash 20.41.14
jan just keizer?
yes i don't think brussels is too far, it can be done 20.41.30
jamesyonan 20.41.44
you guys are lucky that you have trains
cron2 20.41.45
novaflash: yeah, we all met last year at fosdem, first ever face-to-face
meeting. Very goood.
dazo 20.41.47
what is this rumour about "contributor agreement"?
novaflash 20.42.12
jamesyonan: europe is interesting in that it has so much stuff so close
together.
cron2 20.42.21
dazo: well, it's a logical consequence: you can't release iOS code under GPL -
so if that code is open sourced, and you want people to be able to contribute
back, you need them to accept re-releasing it under a non-GPL license
mattock_ 20.42.51
there are other ways to handle the copyright ownership issues which iOS
requires
novaflash 20.42.52
hm. apple restricting GPL eh?
mattock_ 20.42.55
none of them are pretty
cron2 20.42.57
(stupid Apple and Microsoft store license shit, but we *need* OpenVPN on these
platforms)
mattock_ 20.43.17
so we need to somehow minimize damages to everyone involved
cron2 20.43.20
novaflash: Apple store requires "receiver must not modify", GPL requires
"receiver must receive source and all rights to modify". Incompatible
novaflash 20.43.30
gotcha.
jamesyonan 20.43.36
right, basically we need the ability to relicense the C++ core because of app
store issues
krzee 20.43.37
openvpn on native ios will be a pretty fat win
mattock_ 20.43.45
there are other options besides contributor agreements
but some version of openvpn needs to "compatible" with iOS policies 20.44.13
plaisthos 20.44.16
BSD license but I can understand if OpenVPN Corp does not want a BSD licensed
OpenVN core
novaflash 20.44.24
perhaps if we promise to bring Steve Jobs back to life, Apple will allow us a
more flexible licensing method.
mattock_ 20.44.28
plaisthos: exactly
dazo 20.44.47
well, I can understand that argument ... from a business perspective .... I can
even agree to a kind of contributor agreement that permits re-licensing to
Apple and Microsoft stores ... but if the agreement requires copyright
handover, then I'm fairly sceptical and will probably drop out instantly
jamesyonan 20.45.09
no, we're certainly not asking for copyright handover
cron2 20.45.25
the agreement would need to be worded carefully to keep the GPL stuff GPLed,
and just permit extra licensing
jamesyonan 20.45.34
we just need the ability to relicense if necessary
dazo 20.45.47
fair enough
cron2 20.45.48
*is fine with that*
mattock_ 20.46.38
nobody really _wants_ those pesky agreement and bureaucracy... they basically
hurt everyone (in our situation)
dazo 20.46.39
jamesyonan: when you have a draft ready, I can check if the GPL lawyer at my
work have time to review it and comment it
novaflash 20.46.47
the open source project must of course be kept intact, and not have some
apple/microsoft bozos stealing it all.
mattock_: yeah agreed. but best to have it covered. 20.47.11
jamesyonan 20.47.22
dazo: sure
mattock_ 20.47.46
dazo: oh yes, you have GPL lawyers at RedHat
novaflash 20.48.14
that's pretty supercallifragilisticexpialidocious
mattock_ 20.48.46
jamesyonan: perhaps you could share a word about the architecture of the C++
codebase... it should help limit the scope of any copyright ownership issues
swg0101 20.48.48
dazo works at RH?
dazo 20.48.50
mattock_ yeah, Richard Fontana is quite into this stuff
mattock_ 20.48.51
yes
dazo 20.48.53
swg0101: I do
swg0101 20.48.59
interesting
security team? 20.49.07
novaflash 20.49.20
dazo: he will now try to obtain your company secrets by squeezing your brain
like a lemon.
swg0101 20.49.37
easy peasy lemon squeezy so they call
jamesyonan 20.49.38
no, as long as openvpn is under GPL, none of the big guys can really steal it
dazo 20.49.59
swg0101: actually, no ... openvpn is one of my spare time projects ... I'm
doing real time kernel QA and development of related test tools
jamesyonan 20.50.24
ok, let me give a short primer on the new C++ code base
dazo 20.50.38
+1
mattock_ 20.50.53
jamesyonan: that's a valid point... companies like Apple would probably steal
the code the very instant it was released under a BSD license
raidz 20.51.07
^^^
jamesyonan 20.52.00
right, BSD license would allow any company to create a proprietary fork
novaflash 20.52.21
GPL with permissions in specific cases for relicensing would still seem to be
the best option
jamesyonan 20.52.30
but I don't see that this could be done with GPL
and I think we've seen cases in the past, where the big guys have tried to
shred the GPL 20.53.29
MS called it a "cancer" at one point 20.53.40
but I think it has proved it's resiliancy at preventing proprietary forks
20.54.06
dazo 20.54.06
yupp
novaflash 20.54.19
if microsoft hates it, i love it already
krzee 20.54.45
http://en.wikipedia.org/wiki/Viral_license "The term is most often used to
describe the GPL, which requires that any derivative work also be licensed with
the GPL."
vpnHelper 20.54.46
Title: Viral license - Wikipedia, the free encyclopedia (at en.wikipedia.org)
jamesyonan 20.55.57
so the C++ core is basically an object-oriented rethinking of openvpn from the
ground up
the core leverages on Boost Asio as it's async i/o layer 20.56.38
mattock_ 20.57.08
http://www.boost.org/doc/libs/1_52_0/doc/html/boost_asio.html
jamesyonan 20.57.09
rather than sort of roll it's own async i/o layer as the 2.x branch does
vpnHelper 20.57.10
Title: Boost.Asio - 1.52.0 (at www.boost.org)
jamesyonan 20.57.35
Asio is really great
C++ is an interesting animal 20.58.29
dazo 20.59.01
heh ... that's a nice way to put it
mattock_ 20.59.12
I've heard everyone loves C++
20.59.15
cron2 20.59.22
interesting way to word it... (I've never liked C++, especially from a sysadmin
perspective it's higly annoying that half the source doesn't compile with half
the compilers...)
novaflash 20.59.29
i've heard it's better than B++
jamesyonan 20.59.32
I would have to say that I was originally very sceptical that C++ would be a
good systems programming language
swg0101 20.59.35
lol
x++ 20.59.42
; 20.59.51
jamesyonan 21.00.15
but here are some of the points that won me over...
I remember back in maybe '06 I gave C++ a trial run for a network project I was
working on 21.01.05
I used whatever gcc was current at the time, linked in boost Asio, and ran some
benchmarks 21.01.35
this was a very simple server app, sort of like a very basic HTTP server
21.01.54
it's a program that would have been 60KB written in C but it ended up linking
at 600KB in C++ and being several times slower than equivalent C 21.02.49
cron2 21.03.22
now *that* doesn't truly convince me yet
krzee 21.03.31
lol
jamesyonan 21.03.37
then several years layer, maybe around '11 I gave C++ another shot
this time I used the latest boost and gcc 4.6 21.04.03
what I discovered is that some really serious optimization work had gone into
gcc (and LLVM as well) 21.05.06
plaisthos 21.05.14
*outs himself as C++ programmer too*
jamesyonan 21.05.55
for example, the compiler people figured out a really cool way to deal with C++
exceptions so that they didn't incur any overhead unless they are thrown
cron2 21.06.09
plaisthos: if you ever need a new job, one of my customers is doing quite a lot
of C++ and Java
raidz 21.07.09
jamesyonan 21.07.28
I was quite amazed that I could write very clean, abstracted network code using
gcc 4.6 + boost asio and the code size had come down to ~ 60 KB and the
compiler seemed to really factor out all the abstraction so the resulting
generated code was very efficient
plaisthos 21.07.38
llvm guys also figured out how to give you good error messages (:
jamesyonan 21.08.36
yes, llvm is looking good, but it still seems slightly behind gcc on generating
fast code from C++
but in any event, I think C++ is really ready for prime time in the kind of
system programming / networking space that openvpn is in 21.09.18
some other things I like about modern C++ ... 21.09.43
it's a very-well standardized language across the different major compilers,
i.e. gcc, llvm, visual studio, etc. 21.10.30
mattock_ 21.10.49
hmm, even visual studio... that's something
jamesyonan 21.10.49
now granted, I am using C++ 2003 for this project -- haven't ventured into '11
yet
I wrote ~20K lines before I even tested it on visual studio 21.11.17
and I think it took under a couple hours to get it building and running with VS
21.11.51
cron2 21.12.12
that is definitely a plus
novaflash 21.12.32
yeah a C plus plus (groan)
jamesyonan 21.12.36
so let me get into some of the features of C++ that I think make it well-suited
for use as a basis for OpenVPN
C++ is one of the few languages that supports both static and dynamic
polymorphism 21.13.21
dynamic polymorphism via virtual functions 21.14.03
and static polymorphism via templates 21.14.18
ecrist 21.15.36
are you suggesting a switch, completely, from C to C++?
jamesyonan 21.15.44
templates are great for network programming, because we have a lot of cases
where we have small objects that have polymorphic properties, such as IPv4 vs
IPv6 addresses
I think it makes a lot of sense for OpenVPN 3 to be C++ 21.16.16
ecrist 21.16.32
http://www.joelonsoftware.com/articles/fog0000000069.html
vpnHelper 21.16.33
Title: Things You Should Never Do, Part I - Joel on Software (at
www.joelonsoftware.com)
jamesyonan 21.16.38
but I think the 2.x branch should remain in C
ecrist 21.17.25
dazo pointed me to that doc
mattock_ 21.17.39
ecrist, dazo: complements, excellent article
ecrist 21.17.49
I'd be afraid 3 would never be released
cron2 21.18.11
*tends to agree on both extents - "rewriting 2.x into C++" is likely to be more
effort than "doing it fresh from the start and adding features on the go"*
or so 21.18.14
ecrist 21.18.14
and what did potentially get released would be riddled with bugs that were
already solved, or simply not a problem, in our current code base
jamesyonan 21.18.21
I think it's an interesting article, but I disagree with it
novaflash 21.18.27
ecrist; at the moment jamesyonan has a prototypical version that is already
functioning in c++ as the client in android and now ios.
or when it is released anyways (for iOS i mean) 21.18.41
ecrist 21.18.56
novaflash: I'm aware
jamesyonan 21.19.05
yes, the C++ core is already in production
cron2 21.19.25
what you can't do is "stop 2.x, rewrite everything, and stall until 3.x is
ready" - *that* would be a major mistake
ecrist 21.19.26
but untested relative to the community code base
cron2 21.19.33
ecrist: no, it works nicely
jamesyonan 21.20.00
well actually the C++ core, because it's only a client, ALWAYS connects to an
OpenVPN 2.x server
cron2 21.20.04
ecrist: I've given it enough beating that I would be happy for my customers to
use it, against a 2.3RC1 server
and what james says 21.20.32
jamesyonan 21.20.48
cron2 has worked with us on testing the new iOS client
cron2 21.20.49
jamesyonan: do you test C++ -> 2.1/AS or vs. 2.3?
jamesyonan 21.21.03
both
krzee 21.21.27
from our previous talks, a lot of 3.0 would need to be re-write anyways
cron2 21.21.36
yeah
novaflash 21.21.41
the OpenVPN Android client that jamesyonan made is capable of working for both
the open source server and the access server
raidz 21.21.59
same goes for ios
krzee 21.22.00
to account for making it modular, which sounds to be a lot of what this new
core aims for
jamesyonan 21.22.15
yes, the new C++ core is 100% protocol compatible with 2.x branch
ecrist 21.22.27
is it feature-complete?
jamesyonan 21.22.55
no, it doesn't have all of the 2.x options
but it has most of them 21.23.17
raidz 21.23.25
jamesyonan: will it have them all?
plaisthos 21.23.35
Having worked with the socket.c code I must say I would not aim at having all
options
some of them are very disruptive 21.23.46
cron2 21.23.47
*expected that comment *
jamesyonan 21.24.06
it could -- right now I believe fragment option is not implemented
yeah, the new code base doesn't even have a socket.c-like source file 21.24.52
because Asio handles the i/o layer 21.25.06
ecrist 21.25.19
what about the MTU and mssfix bits?
plaisthos 21.25.19
I got to get going 21.25.32
have to leave you guys 21.25.45
novaflash 21.25.47
bye plaisthos
swg0101 21.25.51
cya
jamesyonan 21.25.51
mssfix isn't there now, but it's on my short list of things to add
bye plaisthos 21.26.04
cron2 21.26.51
james: I did mssfix for IPv6 today. If you're working on that, you might want
to look at it - haven't sent the patch yet, but it's working on our corp VPN
server
http://public.greenie.net/gert/misc/ipv6-mss-diff2.txt 21.26.59
jamesyonan 21.27.11
cool
plaisthos 21.27.15
jamesyonan: One last question before I go. My client is currently named
"OpenVPN for Android". At the time I first named the client I did not give it
much thought. I have later realized that the name might sound "official". If
you do not like this I can change the name
jamesyonan 21.27.59
no, I don't think that's really necessary
raidz 21.28.18
plaisthos: Love your client btw
jamesyonan 21.28.29
we tend to brand the OpenVPN Tech products with "OpenVPN Connect" anyway
novaflash 21.29.11
and in future releases of access server we'll probably have links to the
openvpn tech versions for android and ios anyways
at least, that's what i'd expect 21.29.19
plaisthos 21.29.31
raidz: thanks
jamesyonan: okay thanks bye 21.29.40
jamesyonan 21.29.55
see ya
mattock_ 21.30.11
jamesyonan: you mentioned that the C++ codebase is still very far from being a
replacement for 2.x
so we'll be living with the original code for quite a while 21.30.27
novaflash 21.30.37
2.* will continue
cron2 21.30.59
mattock_: it has no server side yet
jamesyonan 21.31.07
yes, it's much closer to being a client-side replacement, but the server side
will take more development
mattock_ 21.31.15
today I tried merging some of your SVN patches to Git, and it wasn't pretty
jamesyonan 21.31.34
snappy?
mattock_ 21.31.44
I think we're past the point where we "should move" to 2.3, and are in "need to
move a.s.a.p."
yes, that and all others actually 21.31.50
snappy is probably the worst of the bunch 21.31.59
novaflash 21.32.11
the new compressor?
mattock_ 21.32.17
yep
novaflash 21.32.34
ironic that a name like snappy should take much time to get integrated.
jamesyonan 21.33.06
snappy is really great though -- I don't know if you've looked through the
source
swg0101 21.33.15
Google's implementation?
jamesyonan 21.33.22
this is what google uses company-wide as its main compressor
swg0101 21.33.46
would be curious to see if it makes good performance differences
perhaps with aes-ni 21.33.54
mattock_ 21.36.34
jamesyonan: can you port the patches I sent you for 2.3?
I could then do more testing with 2.3 with those patches included 21.36.45
jamesyonan 21.37.02
the snappy patch?
mattock_ 21.37.22
all of the patches, except r8129
that one was fairly trivial to port 21.37.32
the first problem is that files have been moved around 21.37.41
e.g. 21.37.44
init.c -> src/openvpn/init.c 21.37.50
that's trivial, but doesn't do the trick anymore, too many changes/cleanups in
2.3 21.38.10
so manual merging is necessary for all patches 21.38.31
jamesyonan 21.38.31
ok, I'll take a look at it
mattock_ 21.39.22
jamesyonan: how is your 2.3-fu? meaning, should we arrange a meeting where we
take a look at what's exactly has change since 2.1.x?
jamesyonan 21.39.25
yes, we are planning to migrate to 2.3 for the next version of AS
mattock_ 21.39.45
in fact, I did some tests on openvpn 2.3-rc1 and AS, and got the thing running
novaflash 21.39.47
AS 1.9?
jamesyonan 21.39.53
yes, that would make sense
mattock_ 21.39.54
with fairly minimal modifications
cron2 21.39.58
mattock: oh, that's cool
jamesyonan 21.40.05
novaflash: yes
novaflash 21.40.18
neat. i mean, cool.
mattock_ 21.40.26
I thank dazo for keeping Git in sync with SVN for this long... for the missing
patches, I don't blame him for dropping the ball
Alon's buildsystem work made merging much more difficult 21.40.55
dazo 21.41.07
heh ... no it just got too complicated to merge it in for me ... well, I could
do it ... but it would require a lot of analysing of each conflict
mattock_ 21.41.35
jamesyonan: "yes, that would make sense" ... was this a response to the meeting
suggestion?
dazo 21.41.43
on the plus side ... alons build system now works fairly well on cross-compiles
and cross-platform stuff, I htink
jamesyonan 21.41.47
yes
cron2 21.41.47
*grumbles quietly about the build system accident^Wrevolution*
mattock_ 21.41.53
dazo: yes, that's correct, it's pretty good
best buildsystem so far 21.42.17
cron2 21.42.18
some parts are great, but rearranging all the source tree was... "more
religious than useful"
mattock_ 21.42.44
...maybe if we rebuilt another buildsystem from scratch, then we could fix all
the problems in the current one?
dazo 21.43.13
cron2: to some extent, I can agree ... but the "everything in root dir" was
also quite chaotic too
mattock_ 21.43.27
I think the new layout is quite nice
cron2 21.43.30
it's not so much the build system, as the "other changes"
*hates it every time I look at stuff* 21.43.39
src/openvpn/ is just overdoing it for a single program, "src/" is fully fine,
and "everything in toplevel dir" was good enough for me 21.44.14
but we digress - damage has been done, and it's easy to oppose something in
hindsight 21.44.31
mattock_ 21.45.49
jamesyonan: as C++ codebase is not going to go server anytime soon, so what
about 2.4?
moving AS to 2.3 should be _fairly_ painless 21.46.06
then we have 2.4 release cycle coming up 21.46.15
what is our strategy regarding it? 21.46.24
"what drives us forward with 2.4" 21.47.06
jamesyonan 21.47.18
yes, don't see the C++ codebase as altering the evolution of 2.x branch for a
least another year or two
my attitude is that the C++ codebase should prove itself in multiple areas
before it is embraced en-mass 21.49.03
mattock_ 21.49.16
will 2.4 be mostly about cleanups/stabilization, or do we (=the project) have
some other agenda?
dazo 21.51.11
well, plaisthos does a lot of code clean-up in socket.c ... and we have a lot
of other clean-ups as well ... and it might be we try to modularise other
things better as well
mattock_ 21.51.33
I'm thinking of removing rarely used options
dazo 21.51.34
but some important things I hope we can sort out with 2.4 is listening to
multiple ports and protocols
mattock_ 21.51.40
i.e. historic baggage
novaflash 21.51.54
multiple cores? *hopeful*
cron2 21.51.56
mattock: what you consider historic baggage might be the reason why people are
using OpenVPN...
mattock_ 21.52.10
cron2: I hear you complaining about too many options
but you're right 21.52.20
dazo 21.52.29
novaflash: nope, that won't fit into 2.4 .... going from single thread to
multi-thread requires a too massive change now
mattock_ 21.52.30
so we'd need to identify what's just baggage, and what's being used
cron2 21.52.41
indeed, we have way too many options, but sometimes you find yourself in a
corner and all that helps is one of the more obscure options...
mattock_ 21.52.51
lol
novaflash 21.53.06
dazo: i have to admit, knowing how openvpn works, it's best to leave the multi
core handling outside of it
jamesyonan 21.53.28
why not preserve the options in 2.x branch and let 3.x be testing ground for
removal of obsolete options
cron2 21.53.28
dazo: oh, if someone comes along and finds a way to split encryption,
decryption, crypto, and "the rest" into a handful of threads, I might be open
to take a closer look...
mattock_ 21.53.32
actually, I don't think not having multiple threads is that bad
cron2 21.53.39
s/crypto/compression/
well, it limits performance... 21.53.54
novaflash 21.54.10
maybe not but it'd only really be of much use in very large deployments (where
people use multiple openvpn processes anyways) and on systems with very low
power but dual core cpu systems like atom systems.
dazo 21.54.15
cron2: true ... but there's this nasty thing called CPU caching as well ... so
to make that optimal, that will require some nasty analysing too
jamesyonan 21.54.23
the C++ core supports multiple threads, HOWEVER, you really can't do fine
grained threading and expect to see a performance gain
mattock_ 21.54.25
one can have multiple processes, which, while heavier than threads are adequate
cron2 21.54.39
my goals for 2.4 is "code overhaul to integrate IPv6 more nicely" (it's
bolted-on right now - working but ugly)
novaflash 21.54.44
agree with mattock_ .
cron2: seconded, ipv6 is hot right now 21.55.00
dazo 21.55.07
and the things with threading ... you loose performance instantly in the moment
you have more high loaded threads than CPU cores available
cron2 21.55.12
dazo: well, that speaks for "two threads" (one for incoming, one for outgoing
packets)...
dazo 21.55.21
cron2: agreed
cron2 21.55.36
and you don't loose if you do not synchronize around too much... (maybe a 3rd
thread for handshaking)
but I'm not writing it - not enough experience with writing threaded code to
feel comfortable about doing this in a security product 21.56.08
mattock_ 21.56.09
we actually have one more important topic today:
"Joint company/community meeting in FOSDEM in Bruessels" 21.56.19
jamesyonan: we insist you come there 21.56.35
novaflash 21.56.38
perhaps it's best to take small but important steps with 2.*, and big steps in
3 ?
cron2 21.56.39
novaflash: it's in, and it's working, but it's missing some bells and whistles,
and needs polishing
novaflash 21.56.50
mattock_: that would be so cool, having james here
jamesyonan 21.56.56
yes, I'm going to try to be there
cron2 21.57.06
cool
dazo 21.57.12
I'm trying to get the bookings done this or next week
novaflash 21.57.32
mattock_: do you know the exact date and shit?
mattock_ 21.57.53
jamesyonan: if we can open source the C++ codebase by then, then your should
_definitely_ be there and give a presentation of it
cron2 21.58.04
novaflash: all on fosdem.org/2013/
jamesyonan 21.58.09
yes, that's what I'm thinking
dazo 21.58.14
novaflash: February 2-3
novaflash 21.58.23
ah thanks, neato
oh hell! 21.58.38
mattock_ 21.58.39
also, the company should offer a nice dinner for everyone involved in the
project
novaflash 21.58.40
it's belgium!
beer! 21.58.48
mattock_ 21.58.50
jamesyonan 21.59.03
sure, great idea
novaflash 21.59.05
okay, yes, i'm okay now.
mattock_ 21.59.17
novaflash: that is most correct
dazo 21.59.17
novaflash: I've been told that in Germany 7 beers counts as a dinner ...
novaflash 21.59.17
i'll buy you guys some beer
cron2 21.59.25
*will bring warmer shoes this time*
dazo 21.59.35
*too*
novaflash 21.59.36
cron2: did you go naked again?
cron2 22.00.12
novaflash: nah, but last year they had a huge amount of snow, and the heating
in the university buildings was... not up to it
novaflash 22.00.19
yikes
mattock_ 22.00.21
was there any heating?
novaflash 22.00.39
yes, the beamer was on
cron2 22.00.40
mattock: if you bring in 1000 open source zealots, there *is* heat. But it
wasn't enough
dazo 22.00.59
it's the first conference I've been to where I saw plenty of geeks hacking in
thick jackets ... not t-shirts
novaflash 22.01.15
note to self: don't go naked
so um what's next on the agenda? 22.02.58
mattock_ 22.03.20
hmm, I guess we're mostly done
cron2 22.03.41
we just need confirmation that dazo is happy and will now end his strike
novaflash 22.03.51
he's on strike?
dazo 22.03.51
hehe
mattock_ 22.04.07
definitely
novaflash 22.04.13
perhaps he needs a good ole whipping
cron2 22.04.27
*whips dazo with lots of ACKs*
on strings 22.04.29
mattock_ 22.04.36
or "in strings"?
novaflash 22.04.46
i am getting a very odd image here now
of cron2 in g-string 22.04.54
cron2 22.04.55
*doesn't want to know*
novaflash 22.04.56
whipping dazo
mattock_ 22.04.57
oh my, all of this will go to the mailing list
dazo 22.04.58
jamesyonan: would it be possible to get you more visible on the -devel mailing
list? Like just giving "ACK" or "NACK" to patches which makes sense ...
doesn't need to too often but a few times every month when there are some
un-reviewed patches would help
mattock_ 22.05.13
+1
novaflash 22.05.18
mattock_: just delete everything i said then
mattock_ 22.05.22
we've missed you
novaflash: the trust must not me tampered with 22.05.29
oops 22.05.32
truth 22.05.33
novaflash 22.05.42
mattock_: but that typo will MAGICALLY be repaired?
mattock_ 22.05.46
no
novaflash 22.05.50
heh
jamesyonan 22.05.51
I think that's a good idea, I just need to scale better
novaflash 22.05.54
okay good then.
cron2 22.06.20
jamesyonan: you need to reimplement yourself using C++ and Boost, obviously
mattock_ 22.06.22
jamesyonan: I think moving to 2.3 will help... raidz is running a test suite
with 2.3-rc1 atm
dazo 22.06.47
jamesyonan: I think we're fairly good now ... cron2 have done a good job
reviewing stuff ... but I do know we have some stuff which needs to be reviewed
for 2.4
novaflash 22.06.55
mattock_: i got your test suite forwarded and am going to give it a shot too
jamesyonan 22.06.56
no, I think I need to go quantum
mattock_ 22.07.02
we need to communicate with the community devs using the "normal" methods to be
effective
dazo 22.07.05
(which is rather old stuff ... but I'll summarise it on a wiki first)
mattock_ 22.07.33
the "weekly meeting with James" worked initially, but quite often it created
lot of delay
dazo 22.07.47
and I know plaisthos will come with some socket.c clean-up too
novaflash 22.07.50
jamesyonan: remove your GPL license and let us fork you a couple of times so
there's more of you to spread around
mattock_ 22.08.30
there's also the option of stopping all the interesting side-projects?
I'm constantly struggling with that myself 22.08.43
22.08.48
dazo 22.09.21
*would like to reduce the openvpn side-project, so he could focus more on his
own eurephia project *
mattock_ 22.09.44
dazo: how's the openvpn linux gui side-project going?
jamesyonan 22.09.44
it's easier for me to spend a couple hours a week with undivided attention than
to multitask off-and-on into community discussions
dazo 22.09.53
oh true
GUI programming is a mess 22.10.03
even GTK 22.10.11
novaflash 22.10.19
dazo is developing a gui for linux? awesome!
dazo 22.10.32
I've took over the maintenance of gopenvpn
the previous maintainer didn't have much time for it any more 22.10.46
jamesyonan 22.11.17
dazo: have you looked at SRP (
http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol )?
vpnHelper 22.11.18
Title: Secure Remote Password protocol - Wikipedia, the free encyclopedia (at
en.wikipedia.org)
cron2 22.11.40
dazo: is that a useful thing to have, gopenvpn, as to "make the integration in
NM better" (as everybody seems to go to NM anyway)
mattock_ 22.12.01
jamesyonan: we haven't had "classic" IRC meeting on Thursdays for a while,
because things have worked fine without them
dazo 22.12.31
cron2: NM is useful for "I just need one VPN tunnel" .... but I usually use 3
in parallel, and gopenvpn is somewhat closer in behaviour to the Windows GUI
.... using real config files
cron2 22.12.56
dazo: ah, so NM cannot do multiple tunnels? Indeed, that would be a good
reason for "something better"
dazo 22.13.12
jamesyonan: nope ... but that looks interesting (at least if I don't have to go
to deep on the mathematics
cron2 22.13.17
*is confused by graphical stuff*
dazo 22.13.32
cron2: and if NM looses the wireless for a second ... it disconnects/stops all
VPN tunnels
mattock_ 22.13.36
jamesyonan: it'd be great if you could, say, check openvpn-devel list 2-3 times
a week and then immediately close the email client
dazo 22.13.43
that's my second big complaint about NM
mattock_ 22.13.58
that strategy saves my nerves and improves my focus
dazo 22.14.01
(to fix that, it seems the core NM needs to be reworked)
cron2 22.14.15
mattock: and you compensate by hanging in IRC all day
dazo 22.14.21
hehe
mattock_ 22.14.27
well, yes... but I hate email more than I hate IRC
email => somebody wants me to do something 22.14.46
novaflash 22.14.55
as it appears that the main agenda points have been handled (unless our
illustrious leaders indicate otherwise) i am going to go get some things sorted
here and head off to bed.
mattock_ 22.15.04
novaflash: good idea
cron2 22.15.08
dazo: seems we really need to sit together with d12fk @FOSDEM to sort out the
privilege separation / gui / service stuff
that should happen "soon" now... 22.15.16
novaflash: good night 22.15.24
mattock_ 22.15.36
and we should book the flights / hotels soon, before the prices start climbing
up
dazo 22.15.59
cron2: agreed ... that's 2.4 material
and if jamesyonan will be present at FOSDEM ... it would be natural to gain
from his experience there as well 22.16.30
mattock_ 22.16.39
oh, one more thing
I want to set a time when James comes here to be moved to wonderful world of
Git and 2.3.x 22.17.01
jamesyonan: please pick a date and time 22.17.25
jamesyonan 22.17.46
yes, I do like git, but I'm still stuck with svn for now
mattock_ 22.17.47
I can take care of the Git part, I've been dazo's apprentice
how do we get you unstuck? how can we help? 22.18.04
cron2 22.18.12
"rpm -e svn"
jamesyonan 22.18.26
rpm: not found
mattock_ 22.18.33
uh
dazo 22.18.40
heh
cron2 22.18.49
jamesyonan: now I think dazo will stop talking to you...!
dazo 22.19.07
hmmmm
jamesyonan 22.19.17
actually I use mac most of the time
mattock_ 22.19.49
jamesyonan: next Thursday, same time, same place?
jamesyonan 22.19.53
sure
mattock_ 22.20.02
ok, excellent
I think we're done, then 22.20.18
any objections? 22.20.58
cron2 22.21.49
*is fine*
jamesyonan 22.22.23
fine here
ecrist 22.22.24
none from me
mattock_ 22.23.07
nice!
dazo 22.23.08
*is fine*
mattock_ 22.23.25
ok, next meeting next week this time
I'll send a summary tomorrow 22.23.36
dazo 22.23.41
thx all!
mattock_ 22.26.54
good night!
or midday, or whatever 22.27.00
