Awesome Conferences

May 2004 Archives

Subversion

I've started using Subversion, a complete replacement for CVS. I really like it. I'm impressed at how fast it is, and how, as a dedicated CVS user, it was so easy to start using.

A lot of projects have a goal of replacing some old technology, but don't do a good job of putting the right things in place to make people want to convert. Those "things" may be features, documentation, or work-flow. I have a lot of respect for Subversion for meeting this challenge.

Another project that did a good job of that was Postfix (a replacement for Sendmail). Postfix has a program called sendmail that emulates all the things that Sendmail's sendmail does. In fact, if you forget to update your startup scripts and run the famous sendmail -bd -q15m command (the cryptic command most people use to start the Sendmail system), Postfix's sendmail is smart enough to do the right thing... even setting the queue re-run timer to 15 minutes.

I am equally impressed by Subversion. For the most part, I can do my old cvs commands, but type svn instead and things "just work."

So, besides carrying things over from CVS so well, what else do I like about Subversion?

  • It handles binaries really well. CVS had an obvious spot for someone to plug-in a binary difference engine like AT&T's vdelta, but nobody ever did. This is becoming more important as I use things like MS-Word (or even Star Office) for projects.
  • I can finally rename files. Oh god, I can't tell you how good it feels to rename files. (Yes, CVS had a workaround for that, but it sucked.)
  • It assigns a number to every revision (set of files checked in) that is sort of a state number. That means tagging an entire release means just recording that tag X is revision Y. In CVS, tagging meant modifying every file in the entire repository. The modification was at the top of the file, which meant you were rewriting every file. It was a bear of the backup system, and took forever. It also seemed really risky to me.

I haven't tried the WebDAV interface yet, but I hear it's pretty good. Any testimonials stories?

I'm not saying that CVS is bad. Heck, Christine and I wrote the entire TPoSaNA book using it, even used it to manage our status updates, schedule, notes, feedback, etc. It definitely was a life saver and I owe a big one to the people that wrote it (as well as the people that ported it to Windows). Any revision control system is better than none, and there are certainly many worse than, CVS. I still hear horror stories from people that use MS-SourceSafe.

I'm using Subversion for personal projects but I'm a little afraid to use it at work just yet. I'd hate to be one of the "early adopters" that gets burned by Subversion before it is "proven in the field". The early bird gets the worm, but the second mouse gets the cheese.

Question for readers of this blog: Is Subversion proven? When will it be?

Posted by Tom Limoncelli

I really enjoyed OnLamp's OpenBSD PF Developer Interview (Part 1 and Part 2). I usually wouldn't comment about an interview because, to be honest, I usually don't learn much from technical interviews. They talk in generalities and don't have much information. This interview is different. The interviewer, Federico Biancuzzi, obviously put a lot of planning into the interview and did a lot of research. As a result, he was able to ask questions that drew out interesting and highly technical discussions amongst the interviewees. I learned a lot!

Posted by Tom Limoncelli

Eric Rescorla has made his slides available from his excellent talk from USENIX Security last year titled "The Internet is Too Secure Already". The slides are here: http://www.rtfm.com/TooSecure-usenix.pdf.

Your homework, is to tattoo this presentation on the inside eyelids of every security researcher in the planet so they are forced to read it, and keep re-reading it.

But before that, take the time to register for some of the fine Usenix conferences: their Annual Technical Conference (mostly operating system and "advanced computing" topics), security (real security research, not "how to install a firewall"), and System Administration (mostly Unix and internet technologies). These are some of the best conferences around. (If registration isn't open yet, at least mark your calendar.)

Posted by Tom Limoncelli

Credits