Hi, Here's the summary of the previous IRC meeting.
--- COMMUNITY MEETING Place: #openvpn-devel on irc.freenode.net List-Post: openvpn-devel@lists.sourceforge.net Date: Thursday 29th Nov 2012 Time: 18:00 UTC Planned meeting topics for this meeting were on this page: <https://community.openvpn.net/openvpn/wiki/Topics-2012-11-29> Next meeting will be announced in advance, but will probably be on the same weekday and at the same time. Your local meeting time is easy to check from services such as <http://www.timeanddate.com/worldclock> or with $ date -u SUMMARY cron2, dazo, ecrist, krzee, jamesyonan, mattock, novaflash, plaisthos, raidz and swg0101 participated in this meeting. -- Started the meeting with short round of introductions. Some were not formally introduced, but are included here. On the community side: - cron2: The OpenVPN IPv6+BSD+Solaris developer, buildbot farmer (Germany) - dazo: master of plugins and git, does patch management, cleanups and lots of other good work (Norway) - d12fk: develops the new openvpn-gui for Windows (Germany) - ecrist: takes care of forums, easy-rsa maintenance, #openvpn channel, etc. (Unites States) - krzee: takes care of the forums and IRC with ecrist; a mystical figure (somewhere in the Caribbean) - plaisthos: did the Android port; in charge of overhauling the socket.c code (Germany) On the company side: - jamesyonan: Father of OpenVPN (United States/Colorado) - mattock: Community manager, server administrator, does OSS releases, testing, etc. (Finland) - novaflash: Support technician (Netherlands) - raidz: Support engineer, network engineer, and janitor (United States/California) - swg0101: Support and development (United States) A few non-participants were also mentioned: - andj: Added polarssl support to openvpn and is maintaining that part (Netherlands) - juanjo: The other IPv6 guy who we seldom see (from where?) --- Jamesyonan gave a short introduction of the new C++ codebase: - about 30K lines of C++ code - an object-oriented rethinking of openvpn from the ground up - design similar to original OpenVPN 3.0: <http://community.openvpn.net/openvpn/wiki/RoadMap> - is very modular in the sense that SSL/crypto libraries, transport protocols, etc. can be modularized - fairly prototypical/incomplete at this stage; only the client-side has been implemented - has been tested against Access Server (based on OpenVPN 2.1.x) and OpenVPN 2.3* servers - is 100% protocol compatible with 2.x branches - has most 2.x's options - is being used in the OpenVPN tech android client and the upcoming iOS client - may (at some point) supplant the 2.x branch, but that'll probably take at least 1-2 years Some more technical tidbits: - core leverages on Boost Asio as it's async i/o layer - C++ is really ready for prime time in system programming / networking space - C++ 2003 that's used seems to work very well on different compilers - C++ static polymorphism (templates) is great for network programming where we have small objects that have polymorphic properties, such as IPv4 vs IPv6 addresses --- Discussed open sourcing the C++ codebase: According to jamesyonan, the plan is to release this probably under GPL within the next couple months, but the company needs the ability to relicense the C++ core because of (Apple) app store issues. It was agreed that having OpenVPN on that platform is a must. To accomplish this, relicensing the codebase is necessary. The consensus was that this can be done in a way that's acceptable to all parties, without resorting to the classic "copyright handover" scheme, which was not ok for everyone. The alternative would be to release the C++ codebase under a permissive license (e.g. BSD), but that would allow companies such as Apple or Microsoft to "steal" it. This was not seen as a good option, either. --- Discussed the role of OpenVPN 2.3 within the company: The company is planning to migrate the Access Server to OpenVPN 2.3*. Before the meeting mattock had already managed to get the Access Server running with OpenVPN-2.3-rc1 in a few hours, with only few minor modifications. Tests run by raidz during the meeting revealed no further issues. More details will follow later. --- Discussed having a joint company/community meeting in FOSDEM (https://fosdem.org/2013). Most of the present developers seem to be coming, but nobody has dared book the flights or hotel yet. --- Decided to arrange a second meeting next Thursday at the same time. The meeting will focus on helping James move to 2.3 and Git (from 2.1.x and SVN). --- Full chatlog as an attachment -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
mattock_ 20.14.15 ah, finally damn empathy 20.14.17 it disconnected without saying anything 20.14.33 everyone set? 20.14.46 dazo 20.14.49 heh ... been talking for your self? mattock_ 20.14.51 yeah krzee 20.14.52 *is here from work, so in and out depending on how busy it is* mattock_ 20.14.53 ecrist 20.15.13 *too* dazo 20.15.30 d12fk might appear as well, but I don't think we should wait for him now ... we're 15 min past already mattock_ 20.15.34 ok, so here are today's topics: https://community.openvpn.net/openvpn/wiki/Topics-2012-11-29 vpnHelper 20.15.35 Title: Topics-2012-11-29 – OpenVPN Community (at community.openvpn.net) dazo 20.15.50 everyone from the company present? novaflash 20.16.05 i am present raidz 20.16.10 here novaflash 20.16.13 james appears to be present as well, and raidz as well raidz 20.16.16 jamesyonan cron2 20.16.23 /whois novaflash? novaflash 20.16.30 an idiot i mean.. err.. 20.16.32 raidz 20.16.37 introduce yourself johan novaflash 20.16.38 one of the support techs at openvpn technologies cron2 20.16.51 (sorry if I missed the introduction, I'm not always paying close attention) novaflash 20.17.00 that's okay i don't think i ever did introduce myself here i just sort of sidled in 20.17.07 sneakily 20.17.11 cron2 20.17.18 now done - welcome to the secret society novaflash 20.17.31 *does secret handshake* mattock_ 20.17.59 novaflash: btw. where do you live? besides the IRC channel, that is... novaflash 20.18.08 i'm in the netherlands mattock_ 20.18.20 yeah, I thought so cron2 20.18.35 fun. So how big is OpenVPN tech? novaflash 20.18.41 so i usually am the one answering tickets and questions in #openvpn-as while raidz and co and dreaming of unicorns and fairies raidz 20.18.59 there are about 7 of us cron2 novaflash 20.19.01 7 billion people working in the company at the moment! raidz 20.19.04 we are a small bunch cron2 20.19.46 I assumed so, but sometimes you guess wrong, and that sounded like "having support force round the world, in all time zones!!" dazo 20.19.54 So, raidz, novaflash, jamesyonan and mattock_ are the company guys here now, right? raidz 20.19.58 hahaha novaflash 20.20.12 *checks list of nicks in the channel* yes. 20.20.14 i think so 20.20.31 raidz 20.20.39 correct dazo mattock_ 20.20.40 raidz: have you ever formally introduced yourself? novaflash 20.20.56 introduce yourself raidz raidz 20.20.58 I have a feeling people recognize me, but in case you don't: cron2 20.21.02 I think he has he's the one breaking stuff @ company all day 20.21.15 raidz 20.21.17 I am OpenVPN's support engineer, network engineer, and janitor cron2 20.21.23 what I said raidz 20.21.29 We wear a lot of hats around here exactly cron2! 20.21.38 novaflash 20.21.51 raidz is selling himself short, he's also a ladies man - with a girl on each finger raidz 20.22.03 not anymore! Just 1 now! mattock_ 20.22.13 shall I give a "flash introduction" of the community guys? novaflash 20.22.14 oh what a tragic accident, just one finger? dazo 20.22.23 mattock_: makes sense mattock_ 20.22.30 ok raidz 20.22.31 mattock_: I think I know most of the people in here, but I think it would be nice in case any of us don't 20.22.39 cron2 20.22.50 +1 mattock_ 20.23.20 andj added polarssl support to openvpn and is maintaining that part... lives in Netherlands krzee 20.23.28 are the corp guys here? (besides james / mattock) mattock_ 20.23.41 cron2 is one of the IPv6 guys, from Germany cron2 20.23.44 *points krzee at "20 lines up"* novaflash 20.23.45 krzee: james, mattock, me, raidz. krzee 20.23.57 oh whoa, i didnt know you were corp mattock_ 20.23.59 then there's the other IPv6 guy who we don't see much (juanjo) novaflash 20.24.09 krzee: surprise raidz 20.24.12 krzee: we are pretty much it, I am not sure if Francis will make it or not, I don't think he knows how to use IRC 20.24.18 cron2 20.24.21 *g* mattock_ 20.24.22 d12fk: is developing the new openvpn-gui for Windows and is also from Germany krzee 20.24.27 heh novaflash 20.24.31 good, keep it that way, because i say way too many crazy shit on IRC mattock_ 20.24.47 ecrist is taking care of forums, easy-rsa maintenance, #openvpn channel, etc. and is from the States raidz 20.24.49 I thought cron2 was the ipv6 guy mattock_ mattock_ 20.25.00 ender can introduce himself raidz: he's one of them, the active one 20.25.07 novaflash 20.25.08 raidz: that's what he said cron2 20.25.16 raidz: I did "IPv6 payload", juanjo did "IPv6 transport" novaflash 20.25.22 ahh. mattock_ 20.25.24 keitsi can also introduce himself plaisthos 20.25.28 sup cron2 20.25.29 both together form "IPv6 support" keitsi? 20.25.35 mattock_ 20.25.48 krzee is also working on forums and IRC like krzee, and I believe he's currently somewhere in the Caribbean raidz 20.25.48 ahh plaisthos 20.25.54 I managed to get here a bit earlier (reading backlog now) cron2 20.26.10 and plaisthos is the community janitor mattock_ 20.26.27 plaisthos has done the Android port of OpenVPN and has been pretty active here that's it I guess 20.26.32 cron2 20.26.34 cleaning up some damp and smelly stuff inside socket.c krzee 20.26.49 <-- pirate of the caribbean ;] raidz 20.26.56 Nice to re-meet/meet you all! mattock_ 20.27.04 plaisthos: +5 for cleaning up the scary parts cron2 20.27.05 and dazo is the master of plugins and git novaflash 20.27.17 plaisthos is arne schwabe? mattock_ 20.27.19 ah yes, did I somehow manage to skip dazo ? 20.27.24 cron2 20.27.25 easy to overlook mattock_ 20.27.29 uh cron2 20.27.32 novaflash: yes novaflash 20.27.36 gotcha plaisthos 20.27.37 novaflash: yes novaflash 20.27.40 gotcha mattock_ 20.27.41 also from Germany? dazo 20.27.42 I'd like to add that plaisthos is also in charge of overhauling the often feared socket.c code raidz 20.27.42 how did you manage to skip dazo?! krzee 20.27.50 +5 more for how awesome plaisthos's android client is dazo 20.27.59 *considers to get grumpy on mattock_ * cron2 20.28.05 raidz: he's hardly saying anything on IRC these days, so we tend to forget him raidz 20.28.11 ouch mattock_ 20.28.14 so, dazo is taking care of patch management, cleaning up the codebase and in general doing lots of good work from Norway 20.28.18 cron2 20.28.21 or maybe mattock's IRC client is just ignoring dazo novaflash 20.28.37 poor dazo dazo 20.28.42 heh ... too much noise from me krzee 20.28.43 from norway by way of .cz 20.28.46 L'utente swg0101 è entrato nella stanza 20.28.51 novaflash 20.28.56 i hope some of openvpn's donations go to dazo's mental healthcare. those pills can't be cheap. plaisthos 20.28.58 *is from germany* novaflash 20.28.59 oh hello swg0101 raidz 20.29.01 oh, here is one more company guy: swg0101 swg0101 20.29.05 hey... mattock_ 20.29.07 hi swg0101 swg0101 20.29.15 everyone is coughing here so I stepped away for a bit now hopefully I don't get sick 20.29.34 mattock_ 20.29.44 swg0101: you're from somewhere near San Francisco? Bay area 20.29.48 swg0101 20.29.52 in Davis cron2 20.29.54 swg0101: so what are you doing? novaflash 20.30.02 yes and he's got brains the size of my balls. wait that didn't come out quite right... swg0101 20.30.05 I am doing cronjobs... haha, jk cron2 20.30.25 *has the feeling that "cronjobs" means work* novaflash 20.30.33 he's in support and development - he figures out the really gritty problems some of our clients have and proposes fixes krzee 20.30.40 swg0101, im from the bay originally swg0101 20.30.48 yes, krzee is krzee mattock_ 20.30.56 krzee has no real name afaik he's just krzee 20.31.00 swg0101 20.31.08 you are krzee krzee 20.31.10 this is true, krzee is my name mattock_ 20.31.13 I don't think he has an email address, either 20.31.18 novaflash 20.31.18 you're all a little krzee mattock_ 20.31.31 mkay, are we done with introductions? krzee 20.31.34 the publishing company of JJK's book didnt like that i have no real name lol swg0101 20.31.35 so what are we talking about? mattock_ 20.31.42 swg0101: https://community.openvpn.net/openvpn/wiki/Topics-2012-11-29 vpnHelper 20.31.43 Title: Topics-2012-11-29 – OpenVPN Community (at community.openvpn.net) novaflash 20.31.44 the topics are here https://community.openvpn.net/openvpn/wiki/Topics-2012-11-29 20.31.45 swg0101 20.32.03 fun stuff novaflash 20.32.12 i am seeing openvpn c++ here, i think it that's different from what openvpn has been up till now? i assume it was python before and now c++ ? 20.32.23 mattock_ 20.32.30 james could probably start by explaining what the C++ thingy is, and what should we do about it jamesyonan: shall you do the honors? 20.32.58 jamesyonan 20.33.12 yes, basically I've been working for a while on a new openvpn core that might (at some point) supplant the 2.x branch it's fairly prototypical at this stage 20.33.27 it's ~ 30K lines of C++ code 20.33.42 swg0101 20.33.53 jamesyonan: is that the core that you are working on that allows for different transport protocols on top of OpenVPN? jamesyonan 20.34.07 yes, among other things swg0101 20.34.12 very interesting jamesyonan 20.34.49 it is very modular in the sense that SSL/crypto libraries, transport protocols, etc. can be modularized krzee 20.34.55 is it being built with the 3.0 roadmap in mind? sounds like a yes ^ 20.35.00 jamesyonan 20.35.17 basically yes, but it's still incomplete at this point right now it's just a client 20.35.27 krzee 20.35.48 (for anyone not familiar, http://community.openvpn.net/openvpn/wiki/RoadMap ) vpnHelper 20.35.51 Title: RoadMap – OpenVPN Community (at community.openvpn.net) jamesyonan 20.35.53 it's being used in the OpenVPN tech android client and the upcoming iOS client novaflash 20.36.20 neat. cron2 20.36.30 hah, he said the word raidz 20.36.41 novaflash 20.36.57 supercallifragilisticexpialidocious then krzee 20.37.18 hows it licensed? jamesyonan 20.37.58 the plan is to release this probably under GPL within the next couple months mattock_ 20.38.31 jamesyonan: I would suggest "in FOSDEM" novaflash 20.38.45 i am not familiar with fosdem? mattock_ 20.39.07 you could give an introduction of it there cron2 20.39.10 that's an open source conference in brussels, early february dazo 20.39.11 novaflash: http://fosdem.org/2012/ plaisthos 20.39.15 jamesyonan: with a contributer agreement? So you can merge changes to iOS and the android client base? mattock_ 20.39.16 https://fosdem.org/2013/ vpnHelper 20.39.19 Title: fosdem.org (at fosdem.org) Title: FOSDEM 2013 - Home (at fosdem.org) 20.39.21 jamesyonan 20.39.25 but bear in mind that this is a new code base, and is still far from being a drop-in replacement for 2.x novaflash 20.40.19 so, FOSDEM is an event, not a license type? mattock_ 20.40.24 yeah krzee 20.40.25 novaflash, correct novaflash 20.40.28 righto when i went to the frontpage i saw beer mentioned 20.40.41 so they've got me sold 20.40.44 cron2 20.41.03 .nl->brussels is a nice train trip, andj and jjk did this last year novaflash 20.41.14 jan just keizer? yes i don't think brussels is too far, it can be done 20.41.30 jamesyonan 20.41.44 you guys are lucky that you have trains cron2 20.41.45 novaflash: yeah, we all met last year at fosdem, first ever face-to-face meeting. Very goood. dazo 20.41.47 what is this rumour about "contributor agreement"? novaflash 20.42.12 jamesyonan: europe is interesting in that it has so much stuff so close together. cron2 20.42.21 dazo: well, it's a logical consequence: you can't release iOS code under GPL - so if that code is open sourced, and you want people to be able to contribute back, you need them to accept re-releasing it under a non-GPL license mattock_ 20.42.51 there are other ways to handle the copyright ownership issues which iOS requires novaflash 20.42.52 hm. apple restricting GPL eh? mattock_ 20.42.55 none of them are pretty cron2 20.42.57 (stupid Apple and Microsoft store license shit, but we *need* OpenVPN on these platforms) mattock_ 20.43.17 so we need to somehow minimize damages to everyone involved cron2 20.43.20 novaflash: Apple store requires "receiver must not modify", GPL requires "receiver must receive source and all rights to modify". Incompatible novaflash 20.43.30 gotcha. jamesyonan 20.43.36 right, basically we need the ability to relicense the C++ core because of app store issues krzee 20.43.37 openvpn on native ios will be a pretty fat win mattock_ 20.43.45 there are other options besides contributor agreements but some version of openvpn needs to "compatible" with iOS policies 20.44.13 plaisthos 20.44.16 BSD license but I can understand if OpenVPN Corp does not want a BSD licensed OpenVN core novaflash 20.44.24 perhaps if we promise to bring Steve Jobs back to life, Apple will allow us a more flexible licensing method. mattock_ 20.44.28 plaisthos: exactly dazo 20.44.47 well, I can understand that argument ... from a business perspective .... I can even agree to a kind of contributor agreement that permits re-licensing to Apple and Microsoft stores ... but if the agreement requires copyright handover, then I'm fairly sceptical and will probably drop out instantly jamesyonan 20.45.09 no, we're certainly not asking for copyright handover cron2 20.45.25 the agreement would need to be worded carefully to keep the GPL stuff GPLed, and just permit extra licensing jamesyonan 20.45.34 we just need the ability to relicense if necessary dazo 20.45.47 fair enough cron2 20.45.48 *is fine with that* mattock_ 20.46.38 nobody really _wants_ those pesky agreement and bureaucracy... they basically hurt everyone (in our situation) dazo 20.46.39 jamesyonan: when you have a draft ready, I can check if the GPL lawyer at my work have time to review it and comment it novaflash 20.46.47 the open source project must of course be kept intact, and not have some apple/microsoft bozos stealing it all. mattock_: yeah agreed. but best to have it covered. 20.47.11 jamesyonan 20.47.22 dazo: sure mattock_ 20.47.46 dazo: oh yes, you have GPL lawyers at RedHat novaflash 20.48.14 that's pretty supercallifragilisticexpialidocious mattock_ 20.48.46 jamesyonan: perhaps you could share a word about the architecture of the C++ codebase... it should help limit the scope of any copyright ownership issues swg0101 20.48.48 dazo works at RH? dazo 20.48.50 mattock_ yeah, Richard Fontana is quite into this stuff mattock_ 20.48.51 yes dazo 20.48.53 swg0101: I do swg0101 20.48.59 interesting security team? 20.49.07 novaflash 20.49.20 dazo: he will now try to obtain your company secrets by squeezing your brain like a lemon. swg0101 20.49.37 easy peasy lemon squeezy so they call jamesyonan 20.49.38 no, as long as openvpn is under GPL, none of the big guys can really steal it dazo 20.49.59 swg0101: actually, no ... openvpn is one of my spare time projects ... I'm doing real time kernel QA and development of related test tools jamesyonan 20.50.24 ok, let me give a short primer on the new C++ code base dazo 20.50.38 +1 mattock_ 20.50.53 jamesyonan: that's a valid point... companies like Apple would probably steal the code the very instant it was released under a BSD license raidz 20.51.07 ^^^ jamesyonan 20.52.00 right, BSD license would allow any company to create a proprietary fork novaflash 20.52.21 GPL with permissions in specific cases for relicensing would still seem to be the best option jamesyonan 20.52.30 but I don't see that this could be done with GPL and I think we've seen cases in the past, where the big guys have tried to shred the GPL 20.53.29 MS called it a "cancer" at one point 20.53.40 but I think it has proved it's resiliancy at preventing proprietary forks 20.54.06 dazo 20.54.06 yupp novaflash 20.54.19 if microsoft hates it, i love it already krzee 20.54.45 http://en.wikipedia.org/wiki/Viral_license "The term is most often used to describe the GPL, which requires that any derivative work also be licensed with the GPL." vpnHelper 20.54.46 Title: Viral license - Wikipedia, the free encyclopedia (at en.wikipedia.org) jamesyonan 20.55.57 so the C++ core is basically an object-oriented rethinking of openvpn from the ground up the core leverages on Boost Asio as it's async i/o layer 20.56.38 mattock_ 20.57.08 http://www.boost.org/doc/libs/1_52_0/doc/html/boost_asio.html jamesyonan 20.57.09 rather than sort of roll it's own async i/o layer as the 2.x branch does vpnHelper 20.57.10 Title: Boost.Asio - 1.52.0 (at www.boost.org) jamesyonan 20.57.35 Asio is really great C++ is an interesting animal 20.58.29 dazo 20.59.01 heh ... that's a nice way to put it mattock_ 20.59.12 I've heard everyone loves C++ 20.59.15 cron2 20.59.22 interesting way to word it... (I've never liked C++, especially from a sysadmin perspective it's higly annoying that half the source doesn't compile with half the compilers...) novaflash 20.59.29 i've heard it's better than B++ jamesyonan 20.59.32 I would have to say that I was originally very sceptical that C++ would be a good systems programming language swg0101 20.59.35 lol x++ 20.59.42 ; 20.59.51 jamesyonan 21.00.15 but here are some of the points that won me over... I remember back in maybe '06 I gave C++ a trial run for a network project I was working on 21.01.05 I used whatever gcc was current at the time, linked in boost Asio, and ran some benchmarks 21.01.35 this was a very simple server app, sort of like a very basic HTTP server 21.01.54 it's a program that would have been 60KB written in C but it ended up linking at 600KB in C++ and being several times slower than equivalent C 21.02.49 cron2 21.03.22 now *that* doesn't truly convince me yet krzee 21.03.31 lol jamesyonan 21.03.37 then several years layer, maybe around '11 I gave C++ another shot this time I used the latest boost and gcc 4.6 21.04.03 what I discovered is that some really serious optimization work had gone into gcc (and LLVM as well) 21.05.06 plaisthos 21.05.14 *outs himself as C++ programmer too* jamesyonan 21.05.55 for example, the compiler people figured out a really cool way to deal with C++ exceptions so that they didn't incur any overhead unless they are thrown cron2 21.06.09 plaisthos: if you ever need a new job, one of my customers is doing quite a lot of C++ and Java raidz 21.07.09 jamesyonan 21.07.28 I was quite amazed that I could write very clean, abstracted network code using gcc 4.6 + boost asio and the code size had come down to ~ 60 KB and the compiler seemed to really factor out all the abstraction so the resulting generated code was very efficient plaisthos 21.07.38 llvm guys also figured out how to give you good error messages (: jamesyonan 21.08.36 yes, llvm is looking good, but it still seems slightly behind gcc on generating fast code from C++ but in any event, I think C++ is really ready for prime time in the kind of system programming / networking space that openvpn is in 21.09.18 some other things I like about modern C++ ... 21.09.43 it's a very-well standardized language across the different major compilers, i.e. gcc, llvm, visual studio, etc. 21.10.30 mattock_ 21.10.49 hmm, even visual studio... that's something jamesyonan 21.10.49 now granted, I am using C++ 2003 for this project -- haven't ventured into '11 yet I wrote ~20K lines before I even tested it on visual studio 21.11.17 and I think it took under a couple hours to get it building and running with VS 21.11.51 cron2 21.12.12 that is definitely a plus novaflash 21.12.32 yeah a C plus plus (groan) jamesyonan 21.12.36 so let me get into some of the features of C++ that I think make it well-suited for use as a basis for OpenVPN C++ is one of the few languages that supports both static and dynamic polymorphism 21.13.21 dynamic polymorphism via virtual functions 21.14.03 and static polymorphism via templates 21.14.18 ecrist 21.15.36 are you suggesting a switch, completely, from C to C++? jamesyonan 21.15.44 templates are great for network programming, because we have a lot of cases where we have small objects that have polymorphic properties, such as IPv4 vs IPv6 addresses I think it makes a lot of sense for OpenVPN 3 to be C++ 21.16.16 ecrist 21.16.32 http://www.joelonsoftware.com/articles/fog0000000069.html vpnHelper 21.16.33 Title: Things You Should Never Do, Part I - Joel on Software (at www.joelonsoftware.com) jamesyonan 21.16.38 but I think the 2.x branch should remain in C ecrist 21.17.25 dazo pointed me to that doc mattock_ 21.17.39 ecrist, dazo: complements, excellent article ecrist 21.17.49 I'd be afraid 3 would never be released cron2 21.18.11 *tends to agree on both extents - "rewriting 2.x into C++" is likely to be more effort than "doing it fresh from the start and adding features on the go"* or so 21.18.14 ecrist 21.18.14 and what did potentially get released would be riddled with bugs that were already solved, or simply not a problem, in our current code base jamesyonan 21.18.21 I think it's an interesting article, but I disagree with it novaflash 21.18.27 ecrist; at the moment jamesyonan has a prototypical version that is already functioning in c++ as the client in android and now ios. or when it is released anyways (for iOS i mean) 21.18.41 ecrist 21.18.56 novaflash: I'm aware jamesyonan 21.19.05 yes, the C++ core is already in production cron2 21.19.25 what you can't do is "stop 2.x, rewrite everything, and stall until 3.x is ready" - *that* would be a major mistake ecrist 21.19.26 but untested relative to the community code base cron2 21.19.33 ecrist: no, it works nicely jamesyonan 21.20.00 well actually the C++ core, because it's only a client, ALWAYS connects to an OpenVPN 2.x server cron2 21.20.04 ecrist: I've given it enough beating that I would be happy for my customers to use it, against a 2.3RC1 server and what james says 21.20.32 jamesyonan 21.20.48 cron2 has worked with us on testing the new iOS client cron2 21.20.49 jamesyonan: do you test C++ -> 2.1/AS or vs. 2.3? jamesyonan 21.21.03 both krzee 21.21.27 from our previous talks, a lot of 3.0 would need to be re-write anyways cron2 21.21.36 yeah novaflash 21.21.41 the OpenVPN Android client that jamesyonan made is capable of working for both the open source server and the access server raidz 21.21.59 same goes for ios krzee 21.22.00 to account for making it modular, which sounds to be a lot of what this new core aims for jamesyonan 21.22.15 yes, the new C++ core is 100% protocol compatible with 2.x branch ecrist 21.22.27 is it feature-complete? jamesyonan 21.22.55 no, it doesn't have all of the 2.x options but it has most of them 21.23.17 raidz 21.23.25 jamesyonan: will it have them all? plaisthos 21.23.35 Having worked with the socket.c code I must say I would not aim at having all options some of them are very disruptive 21.23.46 cron2 21.23.47 *expected that comment * jamesyonan 21.24.06 it could -- right now I believe fragment option is not implemented yeah, the new code base doesn't even have a socket.c-like source file 21.24.52 because Asio handles the i/o layer 21.25.06 ecrist 21.25.19 what about the MTU and mssfix bits? plaisthos 21.25.19 I got to get going 21.25.32 have to leave you guys 21.25.45 novaflash 21.25.47 bye plaisthos swg0101 21.25.51 cya jamesyonan 21.25.51 mssfix isn't there now, but it's on my short list of things to add bye plaisthos 21.26.04 cron2 21.26.51 james: I did mssfix for IPv6 today. If you're working on that, you might want to look at it - haven't sent the patch yet, but it's working on our corp VPN server http://public.greenie.net/gert/misc/ipv6-mss-diff2.txt 21.26.59 jamesyonan 21.27.11 cool plaisthos 21.27.15 jamesyonan: One last question before I go. My client is currently named "OpenVPN for Android". At the time I first named the client I did not give it much thought. I have later realized that the name might sound "official". If you do not like this I can change the name jamesyonan 21.27.59 no, I don't think that's really necessary raidz 21.28.18 plaisthos: Love your client btw jamesyonan 21.28.29 we tend to brand the OpenVPN Tech products with "OpenVPN Connect" anyway novaflash 21.29.11 and in future releases of access server we'll probably have links to the openvpn tech versions for android and ios anyways at least, that's what i'd expect 21.29.19 plaisthos 21.29.31 raidz: thanks jamesyonan: okay thanks bye 21.29.40 jamesyonan 21.29.55 see ya mattock_ 21.30.11 jamesyonan: you mentioned that the C++ codebase is still very far from being a replacement for 2.x so we'll be living with the original code for quite a while 21.30.27 novaflash 21.30.37 2.* will continue cron2 21.30.59 mattock_: it has no server side yet jamesyonan 21.31.07 yes, it's much closer to being a client-side replacement, but the server side will take more development mattock_ 21.31.15 today I tried merging some of your SVN patches to Git, and it wasn't pretty jamesyonan 21.31.34 snappy? mattock_ 21.31.44 I think we're past the point where we "should move" to 2.3, and are in "need to move a.s.a.p." yes, that and all others actually 21.31.50 snappy is probably the worst of the bunch 21.31.59 novaflash 21.32.11 the new compressor? mattock_ 21.32.17 yep novaflash 21.32.34 ironic that a name like snappy should take much time to get integrated. jamesyonan 21.33.06 snappy is really great though -- I don't know if you've looked through the source swg0101 21.33.15 Google's implementation? jamesyonan 21.33.22 this is what google uses company-wide as its main compressor swg0101 21.33.46 would be curious to see if it makes good performance differences perhaps with aes-ni 21.33.54 mattock_ 21.36.34 jamesyonan: can you port the patches I sent you for 2.3? I could then do more testing with 2.3 with those patches included 21.36.45 jamesyonan 21.37.02 the snappy patch? mattock_ 21.37.22 all of the patches, except r8129 that one was fairly trivial to port 21.37.32 the first problem is that files have been moved around 21.37.41 e.g. 21.37.44 init.c -> src/openvpn/init.c 21.37.50 that's trivial, but doesn't do the trick anymore, too many changes/cleanups in 2.3 21.38.10 so manual merging is necessary for all patches 21.38.31 jamesyonan 21.38.31 ok, I'll take a look at it mattock_ 21.39.22 jamesyonan: how is your 2.3-fu? meaning, should we arrange a meeting where we take a look at what's exactly has change since 2.1.x? jamesyonan 21.39.25 yes, we are planning to migrate to 2.3 for the next version of AS mattock_ 21.39.45 in fact, I did some tests on openvpn 2.3-rc1 and AS, and got the thing running novaflash 21.39.47 AS 1.9? jamesyonan 21.39.53 yes, that would make sense mattock_ 21.39.54 with fairly minimal modifications cron2 21.39.58 mattock: oh, that's cool jamesyonan 21.40.05 novaflash: yes novaflash 21.40.18 neat. i mean, cool. mattock_ 21.40.26 I thank dazo for keeping Git in sync with SVN for this long... for the missing patches, I don't blame him for dropping the ball Alon's buildsystem work made merging much more difficult 21.40.55 dazo 21.41.07 heh ... no it just got too complicated to merge it in for me ... well, I could do it ... but it would require a lot of analysing of each conflict mattock_ 21.41.35 jamesyonan: "yes, that would make sense" ... was this a response to the meeting suggestion? dazo 21.41.43 on the plus side ... alons build system now works fairly well on cross-compiles and cross-platform stuff, I htink jamesyonan 21.41.47 yes cron2 21.41.47 *grumbles quietly about the build system accident^Wrevolution* mattock_ 21.41.53 dazo: yes, that's correct, it's pretty good best buildsystem so far 21.42.17 cron2 21.42.18 some parts are great, but rearranging all the source tree was... "more religious than useful" mattock_ 21.42.44 ...maybe if we rebuilt another buildsystem from scratch, then we could fix all the problems in the current one? dazo 21.43.13 cron2: to some extent, I can agree ... but the "everything in root dir" was also quite chaotic too mattock_ 21.43.27 I think the new layout is quite nice cron2 21.43.30 it's not so much the build system, as the "other changes" *hates it every time I look at stuff* 21.43.39 src/openvpn/ is just overdoing it for a single program, "src/" is fully fine, and "everything in toplevel dir" was good enough for me 21.44.14 but we digress - damage has been done, and it's easy to oppose something in hindsight 21.44.31 mattock_ 21.45.49 jamesyonan: as C++ codebase is not going to go server anytime soon, so what about 2.4? moving AS to 2.3 should be _fairly_ painless 21.46.06 then we have 2.4 release cycle coming up 21.46.15 what is our strategy regarding it? 21.46.24 "what drives us forward with 2.4" 21.47.06 jamesyonan 21.47.18 yes, don't see the C++ codebase as altering the evolution of 2.x branch for a least another year or two my attitude is that the C++ codebase should prove itself in multiple areas before it is embraced en-mass 21.49.03 mattock_ 21.49.16 will 2.4 be mostly about cleanups/stabilization, or do we (=the project) have some other agenda? dazo 21.51.11 well, plaisthos does a lot of code clean-up in socket.c ... and we have a lot of other clean-ups as well ... and it might be we try to modularise other things better as well mattock_ 21.51.33 I'm thinking of removing rarely used options dazo 21.51.34 but some important things I hope we can sort out with 2.4 is listening to multiple ports and protocols mattock_ 21.51.40 i.e. historic baggage novaflash 21.51.54 multiple cores? *hopeful* cron2 21.51.56 mattock: what you consider historic baggage might be the reason why people are using OpenVPN... mattock_ 21.52.10 cron2: I hear you complaining about too many options but you're right 21.52.20 dazo 21.52.29 novaflash: nope, that won't fit into 2.4 .... going from single thread to multi-thread requires a too massive change now mattock_ 21.52.30 so we'd need to identify what's just baggage, and what's being used cron2 21.52.41 indeed, we have way too many options, but sometimes you find yourself in a corner and all that helps is one of the more obscure options... mattock_ 21.52.51 lol novaflash 21.53.06 dazo: i have to admit, knowing how openvpn works, it's best to leave the multi core handling outside of it jamesyonan 21.53.28 why not preserve the options in 2.x branch and let 3.x be testing ground for removal of obsolete options cron2 21.53.28 dazo: oh, if someone comes along and finds a way to split encryption, decryption, crypto, and "the rest" into a handful of threads, I might be open to take a closer look... mattock_ 21.53.32 actually, I don't think not having multiple threads is that bad cron2 21.53.39 s/crypto/compression/ well, it limits performance... 21.53.54 novaflash 21.54.10 maybe not but it'd only really be of much use in very large deployments (where people use multiple openvpn processes anyways) and on systems with very low power but dual core cpu systems like atom systems. dazo 21.54.15 cron2: true ... but there's this nasty thing called CPU caching as well ... so to make that optimal, that will require some nasty analysing too jamesyonan 21.54.23 the C++ core supports multiple threads, HOWEVER, you really can't do fine grained threading and expect to see a performance gain mattock_ 21.54.25 one can have multiple processes, which, while heavier than threads are adequate cron2 21.54.39 my goals for 2.4 is "code overhaul to integrate IPv6 more nicely" (it's bolted-on right now - working but ugly) novaflash 21.54.44 agree with mattock_ . cron2: seconded, ipv6 is hot right now 21.55.00 dazo 21.55.07 and the things with threading ... you loose performance instantly in the moment you have more high loaded threads than CPU cores available cron2 21.55.12 dazo: well, that speaks for "two threads" (one for incoming, one for outgoing packets)... dazo 21.55.21 cron2: agreed cron2 21.55.36 and you don't loose if you do not synchronize around too much... (maybe a 3rd thread for handshaking) but I'm not writing it - not enough experience with writing threaded code to feel comfortable about doing this in a security product 21.56.08 mattock_ 21.56.09 we actually have one more important topic today: "Joint company/community meeting in FOSDEM in Bruessels" 21.56.19 jamesyonan: we insist you come there 21.56.35 novaflash 21.56.38 perhaps it's best to take small but important steps with 2.*, and big steps in 3 ? cron2 21.56.39 novaflash: it's in, and it's working, but it's missing some bells and whistles, and needs polishing novaflash 21.56.50 mattock_: that would be so cool, having james here jamesyonan 21.56.56 yes, I'm going to try to be there cron2 21.57.06 cool dazo 21.57.12 I'm trying to get the bookings done this or next week novaflash 21.57.32 mattock_: do you know the exact date and shit? mattock_ 21.57.53 jamesyonan: if we can open source the C++ codebase by then, then your should _definitely_ be there and give a presentation of it cron2 21.58.04 novaflash: all on fosdem.org/2013/ jamesyonan 21.58.09 yes, that's what I'm thinking dazo 21.58.14 novaflash: February 2-3 novaflash 21.58.23 ah thanks, neato oh hell! 21.58.38 mattock_ 21.58.39 also, the company should offer a nice dinner for everyone involved in the project novaflash 21.58.40 it's belgium! beer! 21.58.48 mattock_ 21.58.50 jamesyonan 21.59.03 sure, great idea novaflash 21.59.05 okay, yes, i'm okay now. mattock_ 21.59.17 novaflash: that is most correct dazo 21.59.17 novaflash: I've been told that in Germany 7 beers counts as a dinner ... novaflash 21.59.17 i'll buy you guys some beer cron2 21.59.25 *will bring warmer shoes this time* dazo 21.59.35 *too* novaflash 21.59.36 cron2: did you go naked again? cron2 22.00.12 novaflash: nah, but last year they had a huge amount of snow, and the heating in the university buildings was... not up to it novaflash 22.00.19 yikes mattock_ 22.00.21 was there any heating? novaflash 22.00.39 yes, the beamer was on cron2 22.00.40 mattock: if you bring in 1000 open source zealots, there *is* heat. But it wasn't enough dazo 22.00.59 it's the first conference I've been to where I saw plenty of geeks hacking in thick jackets ... not t-shirts novaflash 22.01.15 note to self: don't go naked so um what's next on the agenda? 22.02.58 mattock_ 22.03.20 hmm, I guess we're mostly done cron2 22.03.41 we just need confirmation that dazo is happy and will now end his strike novaflash 22.03.51 he's on strike? dazo 22.03.51 hehe mattock_ 22.04.07 definitely novaflash 22.04.13 perhaps he needs a good ole whipping cron2 22.04.27 *whips dazo with lots of ACKs* on strings 22.04.29 mattock_ 22.04.36 or "in strings"? novaflash 22.04.46 i am getting a very odd image here now of cron2 in g-string 22.04.54 cron2 22.04.55 *doesn't want to know* novaflash 22.04.56 whipping dazo mattock_ 22.04.57 oh my, all of this will go to the mailing list dazo 22.04.58 jamesyonan: would it be possible to get you more visible on the -devel mailing list? Like just giving "ACK" or "NACK" to patches which makes sense ... doesn't need to too often but a few times every month when there are some un-reviewed patches would help mattock_ 22.05.13 +1 novaflash 22.05.18 mattock_: just delete everything i said then mattock_ 22.05.22 we've missed you novaflash: the trust must not me tampered with 22.05.29 oops 22.05.32 truth 22.05.33 novaflash 22.05.42 mattock_: but that typo will MAGICALLY be repaired? mattock_ 22.05.46 no novaflash 22.05.50 heh jamesyonan 22.05.51 I think that's a good idea, I just need to scale better novaflash 22.05.54 okay good then. cron2 22.06.20 jamesyonan: you need to reimplement yourself using C++ and Boost, obviously mattock_ 22.06.22 jamesyonan: I think moving to 2.3 will help... raidz is running a test suite with 2.3-rc1 atm dazo 22.06.47 jamesyonan: I think we're fairly good now ... cron2 have done a good job reviewing stuff ... but I do know we have some stuff which needs to be reviewed for 2.4 novaflash 22.06.55 mattock_: i got your test suite forwarded and am going to give it a shot too jamesyonan 22.06.56 no, I think I need to go quantum mattock_ 22.07.02 we need to communicate with the community devs using the "normal" methods to be effective dazo 22.07.05 (which is rather old stuff ... but I'll summarise it on a wiki first) mattock_ 22.07.33 the "weekly meeting with James" worked initially, but quite often it created lot of delay dazo 22.07.47 and I know plaisthos will come with some socket.c clean-up too novaflash 22.07.50 jamesyonan: remove your GPL license and let us fork you a couple of times so there's more of you to spread around mattock_ 22.08.30 there's also the option of stopping all the interesting side-projects? I'm constantly struggling with that myself 22.08.43 22.08.48 dazo 22.09.21 *would like to reduce the openvpn side-project, so he could focus more on his own eurephia project * mattock_ 22.09.44 dazo: how's the openvpn linux gui side-project going? jamesyonan 22.09.44 it's easier for me to spend a couple hours a week with undivided attention than to multitask off-and-on into community discussions dazo 22.09.53 oh true GUI programming is a mess 22.10.03 even GTK 22.10.11 novaflash 22.10.19 dazo is developing a gui for linux? awesome! dazo 22.10.32 I've took over the maintenance of gopenvpn the previous maintainer didn't have much time for it any more 22.10.46 jamesyonan 22.11.17 dazo: have you looked at SRP ( http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol )? vpnHelper 22.11.18 Title: Secure Remote Password protocol - Wikipedia, the free encyclopedia (at en.wikipedia.org) cron2 22.11.40 dazo: is that a useful thing to have, gopenvpn, as to "make the integration in NM better" (as everybody seems to go to NM anyway) mattock_ 22.12.01 jamesyonan: we haven't had "classic" IRC meeting on Thursdays for a while, because things have worked fine without them dazo 22.12.31 cron2: NM is useful for "I just need one VPN tunnel" .... but I usually use 3 in parallel, and gopenvpn is somewhat closer in behaviour to the Windows GUI .... using real config files cron2 22.12.56 dazo: ah, so NM cannot do multiple tunnels? Indeed, that would be a good reason for "something better" dazo 22.13.12 jamesyonan: nope ... but that looks interesting (at least if I don't have to go to deep on the mathematics cron2 22.13.17 *is confused by graphical stuff* dazo 22.13.32 cron2: and if NM looses the wireless for a second ... it disconnects/stops all VPN tunnels mattock_ 22.13.36 jamesyonan: it'd be great if you could, say, check openvpn-devel list 2-3 times a week and then immediately close the email client dazo 22.13.43 that's my second big complaint about NM mattock_ 22.13.58 that strategy saves my nerves and improves my focus dazo 22.14.01 (to fix that, it seems the core NM needs to be reworked) cron2 22.14.15 mattock: and you compensate by hanging in IRC all day dazo 22.14.21 hehe mattock_ 22.14.27 well, yes... but I hate email more than I hate IRC email => somebody wants me to do something 22.14.46 novaflash 22.14.55 as it appears that the main agenda points have been handled (unless our illustrious leaders indicate otherwise) i am going to go get some things sorted here and head off to bed. mattock_ 22.15.04 novaflash: good idea cron2 22.15.08 dazo: seems we really need to sit together with d12fk @FOSDEM to sort out the privilege separation / gui / service stuff that should happen "soon" now... 22.15.16 novaflash: good night 22.15.24 mattock_ 22.15.36 and we should book the flights / hotels soon, before the prices start climbing up dazo 22.15.59 cron2: agreed ... that's 2.4 material and if jamesyonan will be present at FOSDEM ... it would be natural to gain from his experience there as well 22.16.30 mattock_ 22.16.39 oh, one more thing I want to set a time when James comes here to be moved to wonderful world of Git and 2.3.x 22.17.01 jamesyonan: please pick a date and time 22.17.25 jamesyonan 22.17.46 yes, I do like git, but I'm still stuck with svn for now mattock_ 22.17.47 I can take care of the Git part, I've been dazo's apprentice how do we get you unstuck? how can we help? 22.18.04 cron2 22.18.12 "rpm -e svn" jamesyonan 22.18.26 rpm: not found mattock_ 22.18.33 uh dazo 22.18.40 heh cron2 22.18.49 jamesyonan: now I think dazo will stop talking to you...! dazo 22.19.07 hmmmm jamesyonan 22.19.17 actually I use mac most of the time mattock_ 22.19.49 jamesyonan: next Thursday, same time, same place? jamesyonan 22.19.53 sure mattock_ 22.20.02 ok, excellent I think we're done, then 22.20.18 any objections? 22.20.58 cron2 22.21.49 *is fine* jamesyonan 22.22.23 fine here ecrist 22.22.24 none from me mattock_ 22.23.07 nice! dazo 22.23.08 *is fine* mattock_ 22.23.25 ok, next meeting next week this time I'll send a summary tomorrow 22.23.36 dazo 22.23.41 thx all! mattock_ 22.26.54 good night! or midday, or whatever 22.27.00