Alex Hudson

I had separate chats with people about MDB yesterday, originally about how we’re going to fix a potential security problem with Bongo, but went into a wider-ranging discussion about MDB. For those who don’t know, MDB is the LDAP-like API we use to store virtually all configuration.

There are a couple of issues with our code base right now:

• The mdb.conf is world-readable, which is the security problem. This is necessitated by the current Dragonfly setup, which runs in the Apache process;
• Ideally, we want full configuration access from Hawkeye (the new web admin tool), also in a secure manner;
• Making MDB schema changes etc. is hard, and we don’t really have an upgrade strategy in place;
• Bongo was designed to be able to run in a clustered fashion – e.g., having IMAP run on a separate server to the store – but, at the moment, there are a number of hard-codings which make this virtually impossible. The main one being, the list of agents in bongo-manager is hardcoded;
• The above fact also makes it difficult to see how we could integrate third-party agents easily, which is sad.

It feels to me that we’re on something of a sticky wicket with MDB (translations into colloquial English involve creeks and paddles, I’m given to understand).

Read More

In general, using shared libraries already available on a system is a good thing. Witness the difference compiling against the system CLucene, rather than having to build your own:

$ time make # with system CLucene, and Bongo r19

real    3m0.256s
user    1m39.937s
sys     0m29.177s

$ time make # against the imported CLucene

real    6m27.311s
user    4m30.465s
sys     0m47.084s

Basically, Lucene accounts for half of the entire build time. If you’re lucky enough to have a clucene development package on your platform (on Fedora it’s clucene-core-devel, on Debian it’s libclucene-dev), you can ignore the CLucene we package and use the system one.

Read More

There’s a number of things I’ve been meaning to blog about recently. Thanks to Andrew, who has been blogging about stuff, people will have hopefully known about the web UI meeting we had recently. While relatively informal, it does feel like everyone wants to move in the same direction: a light-weight reliable UI framework pulling togther useful components to provide a compelling app. We’re going to start with “Flasher”, the UI for non-Bongo users, and I started story boarding some use cases. The key is simplicity as usual, but after a brief look around I realised something – no other free software package is doing this. A few doing something similar, but not this.

Read More

Within this post, I mention the B-word (business) a few times. Don’t let this put you off, please 😉

One thing I’ve noticed when meeting up with other free software users and developers is that a strikingly high proportion of them are involved in business in some way: either owner/managers of their own small business, or having a key role in one. Not most of them by any means, but a much higher proportion than any other group of people I meet (which perhaps says more about the company I keep – I don’t know!). People who are involved with business will know that occasionally you do less day-to-day stuff and think more strategically – at least, I’m told that’s what you’re supposed to do – and the one I’m involved in is no exception. Part of this strategic thinking is revisiting the vision of the business(es).

Read More

We all have New Year’s resolutions in some form or another; I haven’t really got mine straight in my head yet but there are a couple of things I’m committing to over the next month or two – one of which is to spend more time regularly hacking Bongo. I had hoped to get some hacking in over Christmas; family events overtook that and as a result I’ve spent virtually no time on Bongo at all. So, my immediate goals are:

Read More

(What are we to call them? I’ll stick with MoMsg for now I think)

Welcome to the planned MailCo, whose name has been revealed as Mozilla Messaging Inc.. This has been in the pipeline for a little while, and it doesn’t seem to be quite ready yet, but it seems they’re almost there.

I think this will be news to a lot of people – Bryan Clark tells us on his blog he only waved goodbye to RedHat yesterday – but it’s best that things go forward pretty quickly in my opinion. If anything, MoMsg needs to get going yesterday: Thunderbird 2 has been out a long time now, and Firefox 3 is just around the corner. Getting Thunderbird 3 out of the door very quickly ought to be a priority.

Read More

I noticed “boycott novell” made mention of Bongo today – they mistook our M3 release as the announcement of the project – but nice to see another mention in a new place. I’d like to comment slightly on the Yahoo! situation, though.

The boycott site is quite wrong when it talks of “pulling a Hula”: Hula was never sold because it was competitive to Microsoft Exchange. Anyone who was involved with the project, or used Hula (it’s still available in Ubuntu!), would know that’s not the case. But, unintentionally, there is a point there: the fact is, Microsoft could/would be in a position of owning two groupware systems, which is similar to the position Novell found themselves in (actually, not as bad, because Novell originally had three ;).

Read More