David A. Wheeler's FOSDEM 2002 Travelogue

I went to the Free and Open Source Software Developers' European Meeting (FOSDEM) conference on February 16-17, 2002 in Brussels, Belgium. It was great, and well worth the time. Here's my travelogue.. I hope you enjoy it.

Thursday, Feb. 14

My first task was to get through Washington, DC's Dulles airport; I hadn't flown for two years and I wasn't sure what the security would be like. It actually didn't take too long; I got through the security check in about 45 minutes. One interesting point: my plane was delayed about 15 minutes because someone checked in at the airport, had their luggage checked in, but didn't board the plane - so their baggage had to be removed from the plane. Actually, I was impressed that they found and removed the bag so quickly. I tried to sleep on the plane, grabbing maybe 4 hours of interrupted sleep sitting in the cattle section.

Friday, Feb. 15


Friday I spent trying to stay awake so my body would switch time zones. A three-hour change in time zone doesn't bother me, but 6 hours is a real pain. Brussels is a nice city (I've been there before), although in a way it's too easy for English speakers. I was hoping to practice my rotten French, so that it might become slightly less rotten. I practiced, but several people responded in English, no doubt so they wouldn't have to hear more of my French :-).

I finally got to see the new Euro; the coins look odd and slightly toy-like to me. The Europeans often said the same thing, actually. As a visitor, though, the Euro is wonderful - it's great to not lose all your money to the moneychangers when moving between European countries.

Night Life

Friday evening I connected with Philip Hazel (University of Cambridge and author of Exim), Andy Oram (O'Reilly), Miguel d'Icaza (GNOME/Ximian), a gang from the London Linux User group, and a few others. We showed up at the restaurant Spinnekopke (Spider) - and to their credit, they didn't flinch at a group of 14 showing up without reservations. Good food; Miguel told me he'd had a much worse time getting through security at Logan airport (in Boston) than I had. We then wandered over to a pub, where another gathering had already formed.

At the pub I briefly chatted with Raphael Bauduin, the lead organizer of FOSDEM. He told me that 750 people were registered and he was expecting many more unregistered attendees. Exact numbers are not available, but at one point during the FOSDEM conference itself there were 1000 people in the two conference rooms. That doesn't account for those not in the rooms at the time, nor does it account for those who only attended part. The best guess (figured out by Raphael at the end of the conference) is that there were at least 1300 different attendees at FOSDEM. There were women, but very few of them; according to OSDN, 98% of all open source and free software developers are male. I'd love to see more women participate in the future.

I really respect Raphael's vision for an inclusive conference. In particular, he made sure that people with few funds could attend, because there was no required attendance fee. Funding was provided by a number of sponsors, including O'Reilly, OSDN, Cisco, Sharp, and others (see the FOSDEM website for the list; every attendee got information about each sponsor when they came). Donations were also requested, and it was clear that many donated.. but even if you felt obligated to contribute, the donations cost far less than the typical conferences I go to. Keeping costs controlled was clearly a conference goal; they met at a university, for example. As a result, the FOSDEM organizers managed to pull off a major event while allowing those with few funds to participate. Having so many people in one place gave it a far more electric feel than some conferences.

I soon realized I couldn't think straight from fatigue, so by about midnight I was in bed and quite gone.

Saturday, Feb. 16

On Saturday the conference proper opened, officially starting at 10am. Starting at 10 was a good idea, since hackers are well-known for often staying up late hacking and sleeping in the next morning. Actually, it started a little late - about 10:30 - I'm not sure what the problem was.

Welcome Message

Raphael's introduction, by Raphael Quinet Raphael welcomed everyone, and noted that "It's not a professional organization - it's all by volunteers - so things may go wrong." This was particularly amusing, since right behind him was a scramble of video signals as a presenter was trying to get their laptop synchronized with the projection system. I'm afraid he was right - there were a few logistical problems during the conference (in particular with the facilities) - but I don't think they detracted from the conference at all. In fact, people seemed to easily adjust to the few minor problems and quickly move on to the matter at hand. Indeed, sometimes there seemed to be a visible sense of camaraderie while everyone worked together to make things succeed.

Richard Stallman on Free Software

Richard Stallman, by Raphael Quinet

Richard Stallman gave a presentation on free software (what it is, why he started it, and why it's important). If you've read his writings at the fsf.org website, you've heard all this, but it was still interesting to hear the pitch in person. At first, when told he only had an hour, he seemed surprised and said "I can't do my usual free software speech". .. but he relented and give a shortened presentation that was quite satisfactory. He started by saying that, "About 18 years ago I started developing the GNU operating system, that would be free software. Many were developing new operating systems for technical reasons; my reason was socialpolitical/ethical reasons." He chose Unix because it was portable (he hadn't used it then, though he had read about it). He gave the story behind naming GNU - he was searching for a funny name that was a recursive acronym ending with "not Unix", and once he found GNU it seemed obviously correct. He asks that people pronounce it "guh-new", because GNU has been in development a long time and it's obviously not a "new" system. Interestingly, gnu is a loan word from an African language - in that language, it has a click sound.

He noted that copyleft was created to protect software from becoming proprietary, and also gives a reason for someone to release their contribution as Free Software. The latter has been very advantageous; the C++ compiler was developed by an organization that didn't like to release software for free, but they wanted to use the existing gcc compiler as a basis.

The order he developed the GNU components in was based on the order that he thought would require the least effort, re-using as much as possible. After all, most people didn't think he would succeed at all -- he did believe it was possible, but he had to work smartly to do so. He delayed development of the kernel until the Mach microkernel was ready and Free, so the FSF could then begin development of the Hurd. "I thought this would make things faster - I was wrong, it turned out to be very difficult to implement". Torvalds used a traditional monolithic design for his kernel, and got it implemented far more quickly. Stallman stated that because GNU's work and name is not mentioned, GNU's goals of freedom are not even mentioned or discussed where their products are used. He encouraged people to agree with him that it was ethically necessary that users be able to modify and redistribute their software (and participate in a community of users).

At one time, the problem was finding developers; he believes that now that's not so hard. The problem now is that there are laws that try to make it illegal to write Free Software. In the US, this is represented by two awful laws: the DMCA (which prevents making copiers or viewers, even for legal uses) and patent law (since they've been recently expanded to cover software ideas). He went over the definition of Free Software, amplified it, and contrasted it with proprietary software. For example, he noted that only the owner can support a proprietary program - and since they have a monopoly, there's little reason to provide good support (so often their support is terrible). Preventing sharing of software inhibits helping neighbors; he believes that this ability to help your neighbor is necessary for a society, and noted that all major religions encourage people to help their neighbors. Proprietary vendors want people to think that sharing is equivalent to attacking ships, and noted this was nonsense. At best, it's "unauthorized copying". Instead, he advocates that people to never use proprietary software at any time (other than as a temporary measure to produce a Free version). He believes that there are two separate movements - "open source" and "Free Software" - that have different motives, though obviously they can often work together.

Stallman then donned his famous "Saint Ignucious" garb of the "Church of Emacs", and made several amusing pronouncements such as "vi is not a sin in the church of Emacs, as long it's Free Software - it's a penance." However, he explained why he doesn't want pictures of this garb circulating as pictures by the press, since someone who hadn't heard him talk and just saw the picture might think he actually believed in the "church of Emacs." His statement: "I'm an atheist - I don't believe in sainthood - this is just comic relief".

A question and answer period followed. One questioner asked "How I can build a multimedia system while staying independent, making enough money to live on, and [producing a good product]?" Stallman responded that "To be ethical, you may have to drop some of your desires. You may be able to do them all. Perhaps dropping independence would help, e.g., by requesting government or business support. You could just take a chance - start writing it and hope others join in." However, in Stallman's view, writing proprietary software is always unacceptable.

Another questioner asked "What about embedded systems?" In Stallman's view, once it becomes feasible to download new programs, then these issues arise and it should have Free Software, not proprietary software.

Panel on Patents

There was then a panel discussion on issues such as patents. There will be an announcement next Wednesday from the EU; unfortunately the presenter couldn't reveal its content. He could note what the issues have been: (1) can software be directly noted in the claims, (2) what about interoperability - how can it be safeguarded (and will it really be safeguarded), and (3) what is the scope of things that can be patented?

After this, the European Parliament will consider it, and possibly accept it; then the various countries will write it into their laws.

The DMCA directive has already been accepted by the European Parliament, unfortunately. On the positive side, the EU is funding free software projects.

One presenter commented that "Patents are like Windows - they're on every economist's desktop". Many economists assume that software patents are good (even though the evidence is overwhelmingly against them), and economists simply haven't examined the issue. Economists need to see open source/free software systems run; they generally don't know what code is. The speaker said that we need "generic software" like we need "generic drugs", e.g., competition and less-expensive products. There's a term called "the patent thicket" - when you need to use many ideas (e.g., software), the cost of licensing (and negotiating them) becomes greater than the resulting value, inhibiting new products. We need to write down a goal of protecting "public domain" / "generic" software in law.

"Open source" is important to the E-Europe project; I didn't get more information about this project.

Many are concerned about free software in universities - not because of patents, but because of liability. Often the source code is just "on the tape" - not practically available, so it's not open to review (say for security assessments) or distribution.

Stallman made several arguments against patents. In the past, the software industry wasn't governed by patents, and the industry still thrived. He argued that Beethoven could not have written good symphonies if he was subject to "musical idea patents". Hippo at MIT found that users are responsible for innovation - far more than they're given credit - and patents interfere with this.

An audience member said that patents made some sense a long time ago to protect the inventor, but they make no sense now. What can be done to remove them in software?

There seems to be no evidence that patents actually help innovation, but in many industries there's a symmetrical relationship (a few big companies with cross-licensing agreements), so they at least don't hurt (more specifically, patents don't hurt those companies). Now we have a different circumstance, where there is an asymmetry - many small groups can innovate as well as big companies, so patents more obviously interfere with innovation.

Secure Programming

David A. Wheeler's talk, by Johan Lenglet After lunch, I prepared for my own presentation on how to write secure applications (I already had the slides, but I try to look over slides just before I present them). Some may think that programmers don't want to bother making their programs secure, but I don't believe it, and the attendance at my presentation backs me up. When I stood up to speak, a flood over 150 more people poured in, and about the same number left when I was done - it was clear that a lot of open source/free software developers were specifically interested in making their code secure. I had someone count; he counted 248 attendees for my presentation on how to write secure programs. This was in spite of competing with two other presentations, including the "GNOME 2" presentation which I expect a majority of attendees were very interested in hearing (I would have loved to have heard it myself). One person told me later that he thought my talk was the best talk at the conference.. I don't know if about that, but that's the sort of thing a presenter loves to hear!

David A. Wheeler's talk, by Johan Lenglet For more details on what I said, go look at https://dwheeler.com/secure-programs. In short, I presented a long list of guidelines on how to avoid the security failures that past programs have had. The same mistakes get made in programs, because how to actually implement secure programs isn't taught and there haven't been many documents for developers to read so they can learn how to write secure programs. The list is long; I covered 33 slides in 45 minutes, and I could only summarize the issues. Although it was only a summary, I hope that it was enough to help people consider security problems that maybe they had not before.

David A. Wheeler's talk, by Johan Lenglet For more details on what I said, go look at In many ways, afterwards was the best part - a smaller group of people wanted to discuss specific issues in security, so we moved outside and discussed them, moved back inside to participate in the panel, and then moved on and discussed more issues on how to write secure programs. It was all very intellectually stimulating.

We then got locked into the campus building for a short time - it seems that campus security didn't know what to do with a conference where the people wanted to stay and talk. Once out, we hit the restaurants and stayed up way too late, discussing how to improve open source/free software and often just getting to know each other.

Night Life

A whole mass of attendees went together for dinner, and essentially took over a bus. The bus driver proceeded to imitate Mr. Toad's wild ride; the roller coaster ride was apparently an added bonus. Food, more chat. Approximate bed time: 2am.

Sunday, Feb. 17

At 9:30 the conference was supposed to start. Unfortunately, campus security hadn't opened the doors (presumably they have few classes scheduled on Sunday!). By 9:35, the doors were open, and by 9:45 the speaker began - only 15 minutes late after an inauspicious beginning.


Vincent Raijman presented Rijndael, the encryption algorithm he co-developed. Rijndael has been chosen as the U.S.'s Advanced Encryption Standard (AES), and I expect that within a few years the vast majority of all encrypted traffic done by the public (i.e., excluding national governments and banks) will use Rijndael.

His presentation started with a nice and simple introduction to cryptography. He noted that not only did DES have a short key length, but the short block size of DES also limited its future use. DES uses 64-bit block sizes, so there are 2^64 different possible block values. When more than the square root of the possible block values is sent, a significant amount of information leaks. In the case of DES, that means that you shouldn't send more than 2^32 bits with a single key. Since Rijndael uses 128-bit blocks, you can send more data with the same key (2^64 bits using this logic). He went through the Rijndael algorithm, stressing how simple it was (compared to other algorithms). In particular, he carefully designed the algorithm to be easily optimized.


The speaker began a few sentences in French.. which many attendees understood, but one person quickly pleaded "parlez anglais?".

This talk introduced an open source implementation of IETF PKIX, a standard for establishing organizational security (it's a "public key infrastructure"). It's released under the GPL. It includes OpenSSL, OpenLDAP, and Perl/PHP scripts that implement the standard. Their priorities were industrial strength, flexibility, modularity, and interoperability. The core implementation is in Perl; all the UI is via the web and PHP. Version 1.5 had user certificates (decentralized); version 1.6 added server certificates (decentralized). Version 1.7 is to come; it adds centralized user certificates and key escrow for encryption keys (version 1.7 exists in beta, but it's not tested well yet and they need to get agreement from the customer before releasing it publicly). Currently they've only tested it on Red Hat Linux 7.1, but the next version will support more platforms and will be easier to configure. He'd like to eventually replace parts of OpenSSL; OpenSSL does many things well, but it has various weaknesses he'd like to fix (for example, it doesn't support common hardware driver standards).

I didn't get a good sense of how mature the product was, unfortunately.


I caught the end of the GnomeMeeting presentation. GnomeMeeting supports video, audio, and text teleconferencing, and looked like a nice application when it was demonstrated. They use only free (unpatented) codecs, so there's apparently no problem running it in the U.S. They may add interaction with Evolution, so that meetings scheduled in Evolution can be automatically started in GnomeMeeting. It should be easy to integrate these two programs given GNOME's Bonobo infrastructure, since that's exactly the sort of interaction Bonobo was designed to support.


Tristan Nitot and Peter, both from Netscape, gave a presentation on Mozilla. Tristan Nitot is their "Technology Evangelist". Peter is a developer, who began by contributing to Mozilla and ended up being hired by Netscape after contributing so much. Currently the Mozilla project is working to switch all of the code into a triple license (MPL/GPL/LGPL).

Peter emphasized Mozilla as a platform and source of components, as well as a browser. There are lots of smaller components (e..g, Javascript, LDAP SDK, etc.); Komodo (Activestate) etc. use them for other projects. Gecko is the basic browser component; it combines many other components (e.g.,, parser, Javascript, DOM, Layout, Security).

Mozilla.org's purpose isn't primarily to distribute it directly; they release a version so that everyone else can then (1) debug and (2) distribute. They are getting ready for Mozilla 1.0, focusing on stability, performance, and standards compliance - "it's getting close now." They're freezing the APIs, which is a real help to API users. XUL is considered an API, and it's been changing a lot - they expect that with Mozilla 1.0 there will be a XUL 1.0. Every day they have a nightly build; every 5-6 weeks they branch it, stabilize it for a few days, and release a milestone release.

Peter mentioned the other tools the Mozilla project has created - LOTS of others use Bugzilla, for example, because it's a great tool.

Tristan talked, emphasizing the need for web pages that comply to open standards. Otherwise, the web will be split into pages that can be read by only browser or another, which would be terrible for everyone. If you find an invalid web page that Mozilla doesn't handle (because it's non-standard), report it to Bugzilla under "tech evangelism" module. It sounded like they would find a contact person on the website, diagnose/find a workaround, send a letter to webmaster, make sure they fixed the bug, and mark the bug in Mozilla as "Works for me". Document what you do in Bugzilla mentioning the keyword "Eurocontest" (the top 50 contributors before June get a T-shirt). See http://mozilla-evangelism.bclary.com/europe for more information.

I completely agree - a "split web" is terribly undesirable, so web pages should certainly comply with the standard. However, I think the Mozilla project will need to implement some of the nonstandard things that Internet Explorer does, since users need to be able to read some of these pages. I suspect that will happen too.

Advanced Web Searching

This presentation by Fjalar Ravia was on "how to find anything on the web." His tips are collected on http://www.searchlores.org. This is less directly connected to open source/free software, but developers often need to find hard-to-find information about interfaces for compatibility, and knowing how to find stuff is a useful general skill.

He noted that the best search engines (like Google) only index about 20% of the "core" web (e.g., the pages that connect to each other). It's even worse for pages that link TO the web core, but don't have anyone linking to them... they're generally unfindable using traditional approaches, since search engines will never be able to follow a link to them.

He noted that nothing in life is truly free. In particular, search engines want to know (and record) what you're looking for, and then sell that data to others; you may want to be careful what you search for.

If you're looking for something, use at least two main search engines when starting with a broad query (more is better). For example, Google is somewhat U.S-centric, so non-U.S. data may be missing.

Search engines can't really return all the "results" they claim - he calls this the "yo-yo" measure. Many search engines accept money payments to move something into the top ten, and many web sites do complex tricks to fool search engines. As a result, the top entries are often not really what you wanted. Google does pretty well, comparatively; but others are often bought or fooled into believing that certain pages are more relevant than they really are.

Use MORE search terms, in lowercase. Even repeating the same term twice helps ("nikon nikon"). This is odd, but it basically hints to search engines that you really want something that prominently discusses the term, not just a popular page that peripherally mentions the term. You could switch to looking for page names, e.g., "nikon.htm" or "links.html#nikon".

Of course, this won't find most items on the web. The problem is then how to search the four-fifths of the core Net that is not indexed. You could use Netcraft to look for websites with the name you're looking for (e.g., "nikon"); sometimes this helps. Often you need to comb (search people who have already searched). Usenet (e.g., via Google's newsgroup search), messageboards, homepages, and webrings will all help you find these other people who have collected the research, so that you can find them.

Here are a few other random comments:

  1. There are many cases where there are multiple different communities that do the same thing, but aren't aware of each other - often for many years. Thus, just following links (manually or as a search engine) may miss some communities.
  2. Home page searches can be helpful - many are garbage, but some are quite useful.
  3. Local search engines can be useful, e.g., the "Columbia" search engine will contain web sites from that country and may list web sites no one else lists.
  4. Search in other languages, using their search engines. E.G., searching for "Spanish Search Engines" works better if you enter it in Spanish, esp. on a Spanish site. The Russian search engines are good, in his opinion.
  5. Search when the Americans aren't at work - the Internet slows down while they're at work.
  6. One way to find "hidden" things is to read the "robots.txt" file - search engines won't read it, but YOU can. You can easily search for passwords, too - people still post passwords in ways that others can read them.
  7. So, what are some good search engines? After Google, he suggests www.wisenut.com ... it has more Oriental sites. Really, he'd suggest a boolean and a non-boolean search engine as well; since they work differently, they'll give you better coverage of the information out there. Other reasonable search engines include teoma.com (it tries to group information) and FAST/alltheweb.
  8. We'll probably lose many search engines, because Google is eliminating them. He thinks this is unfortunate.


Miguel de Icaza, by Raphael Quinet This presentation by Miguel de Icaza (founder of GNOME) discussed Mono, a controversial project because it's trying to re-implement Microsoft's ".NET Framework". Many are worried about trying to build a system whose interface is defined by open source's sworn enemy and strongest competitor.

First, Miguel discussed GNOME, which is mostly written in C, C++, Python, and Perl. GNOME has three parts: a desktop, the development platform, and a suite of productivity applications. GNOME's goal is to support any programming language and to support component programming (the latter, via Bonobo).

The problem, as he sees it, is that open source tends to use old development tools (such as C) that make applications more costly to develop. For example, Evolution (an email/groupware) took 750K lines of code, 2.5 years, 17 programmers. That's a lot of money, and thus applications are slow to develop and improve. He believes "we need better tools."

".NET" is a marketing term in Microsoft. Under this umbrella there are lots of technologies, including Passport, etc.; that's not relevant to this talk. What's relevant is the ".NET Framework," which is what Mono will implement. This framework contains the following:

Basically, it's just like the Java framework, but designed to be multi-lingual; it also claims to interoperate better with legacy code. According to Miguel, this provides a better infrastructure, and as a secondary affect it also allows easy migration of Windows programs to Unix/Linux. So, what's Mono's status?

  1. Currently, for the VES, they have a just-in-time compiler for x86 processors and an Interpreter for many others (POSIX and pthreads are required).
  2. Miguel implemented a C# compiler in 8 months part time. It only performs a few optimizations (constant folding and dead code removal), omitting many others (e.g., no code hoisting). This is okay, because the JIT can optimize these things well. Thus, they recommend that people create simple compilers, and put the "smarts" in the JIT (where the optimizations can be shared by all compilers)..
  3. They plan to implement both P/Invoke (Microsoft's way to invoke C), and their own extension called G/Invoke (which understands GNOME's object system).
  4. Currently their JITter is okay except that its register allocator is terrible. As a result it's much slower than Microsoft's JIT right now. They expect that its performance will improve substantially with a new allocator. Even as it is, it's twice as fast as Kaffe (for Java).
  5. Intel donated a garbage collector that's really good (X11 licensed), and that's helped greatly - good garbage collectors are painful to write.

Some worry that they'll have to rewrite their code. Miguel said "Rewriting code is a sin" - when Mono is ready, you can just embed it (like existing embeddable scripting languages) and use it without throwing away existing C code. You can then mix the models in one application

Most of the work will be in implementing class libraries. 900 classes have been authored out of 3,500 for the standard library. They currently plan on being 100% .NET compatible (though he's unsure if that's achievable), and emulate the I/O and IPC abstractions. Gtk# is a .NET binding for GTK+. GNOME has libart, which renders Postscript (with transparency) and will be useful for implementing this. They'll work on CORBA/Bonobo integration because that's really important for GNOME.

Miguel briefly discussed security in Mono. Permissions are granted per-class (not per-process), just like Java. Other elements are Policy, Evidence, and Permissions; he ran out of time to explain this further.

An interesting sidebar: MIT is apparently an extremely hostile environment for Windows machines; merely connecting to the network at MIT with a Microsoft system generally means you'll get hacked in minutes. A Microsoft employee who was once at MIT was going to give a demo using IIS; he started to connect to the network, and once reminded, stopped. I think that speaks eloquently to the poor security of Microsoft's current boxes; the Internet is a hostile place too, and I hope that they'll start protecting their customers better. My opinion.

The issue of patents was discussed. Historically Microsoft uses patents only for defense,but if they do attack with patents, they're ready to re-implement inefficiently, amputate, rewrite, or deviate from the standard. ECMA does allow RAND, unfortunately. Since his primary goal is to make development easier, strict compatibility simply isn't necessary. I should add that there's also prior art: the UCSD p-code system, the Zork Z-machine, ANDF, and Java all create generalized virtual machines, so the basic concept should not be patentable.

I asked about porting Perl and Python, since some claim this environment poorly supports them. Miguel said that compiling Perl in general is hard because there's no formal language spec. ActiveState just embedded the entire Perl language, which is easier but is known to be a slow technique. A Python implementation was partially done, but they ran out of money so using its half-baked results for performance measures of a finished product isn't fair. Miguel believes that interpreted languages were slow on older versions of the framework, but he thinks things are better now. He noted that Javascript and Visual Basic are okay, and those languages have similar properties.

Ximian plans to complete by August, release for real early 2003.

Someone asked "What about .NET 1.1?" Miguel said that It doesn't matter for the purpose of a useful software development platform. If you're worried about .NET compatibility, that's a problem, but you can add the new features later. He then claimed that "Open source is always late - that's the open source way." (That's not really true, of course - the first implementations of many Internet components were open source.) But his basic claim was that it was okay to not implement everything Microsoft does simultaneously, and clearly, Mono would add its own interfaces without waiting for Microsoft either.

There are different kinds of language support in this framework, e.g., you could just export. Hopefully, this will make it easier to get at least some connections to other languages quickly.

There was some discussion on Eiffel#, a subset of Eiffel that runs on the framework. Bertrand Meyer (Eiffel's developer) is now working on a complete implementation - and apparently Meyer believes the entire Eiffel language can be implemented on the .NET framework.

Someone asked "Why not just start with Java and extend it?" Miguel said that he wasn't a great ("big picture") architect, and that frankly he wasn't all that good at creating new ideas. However, he can implement ideas created by others. Fundamentally, he wants multi-language support, and Java doesn't offer that. He stated "I wish I was a genius but I'm not". Besides, Microsoft basically tried to respond to customer's complaints about Java when it developed this, so they've already done a lot of work that shouldn't be ignored.

There is a CIL decompiler; use google will find it.

He commented that you should write new API bindings, of course; you're not limited to what Microsoft does.

Miguel is joining ECMA, and will work to remove any Windows dependencies. They're also being paid to develop a Mac OS X implementation.


I would like to have heard the presentation on Exim (a mail transfer agent that competes with sendmail), but I couldn't. It's the basic trouble with all multi-track conferences - often two presentations that you want to see are scheduled simultaneously. I don't think it'd be practical for FOSDEM to be single-track, but perhaps in the future FOSDEM could record all sessions for those who missed it (so we could see them later).

I know that the Exim presentation covered the new features and changes in Exim.. and more importantly, why they were made. The slides are available at http://www.cus.cam.ac.uk/~ph10/FOSDEM/FOSDEM.htm. Unfortunately, they're not as informative as you'd like without the words that go with them. For example, the flow charts are examples of Exim routing configurations, not the way it does it.

Night Life

On Sunday night I went out with a gathering of people to Grande Place, where we found a few more FOSDEM attendees and invaded one of the restaurants. This group included Brad Knowles (OpenBSD), John Southern (Linux Magazine), Kevin Lee (FreeBSD), and Philip Hazel (Exim author). I had mussels - a virtual rite of passage when visiting Brussels. They were good, but more expensive than I'd planned - at this point, I had almost no cash and I still needed to get to the airport. After closing down the restaurant, we went to a pub/restaurant and closed it down too, talking about open source issues, politics, quirks of cultures, and just about anything else. Someone bought me a drink, since I was short on cash - thanks! Finally we went back to my hotel and camped in their restaurant (which wasn't serving dinner but did let us talk there).

At this point I found out that one of us, Brad Knowles, is a significant part of an Internet legend. Many years ago, line noise and other issues were a serious problem on the Internet, and they were jokingly blamed on the evil Shub-Internet (a name based on the Cthulu mythos horror stories). The legend grew, until it was established that Shub-Internet was living in the basement of the Pentagon. Brad Knowles actually worked in the basement of the Pentagon, and when he heard of this fable he nearly died laughing. He then hatched a plan.. and named the new mail server where he worked "shub-internet". Of course, this system really was in the basement of the Pentagon, and it had a legitimate ".mil" address as expected. People worldwide would ping this system and see that the legend was obviously true (and yes, I was one of them)!! The Jargon File (aka New Hacker's Dictionary) covers some of this story. Sadly, that military system has gone, but Brad's email address is at shub-internet.org, so there's still some remnants of this old community joke.

Finally, off to bed. Time: 5am.

Monday, Feb. 18

After 2 hours of sleep, I stumble out of bed and get ready for the return trip.. which should be subtitled "fumbling toward the airport." First, I check with the hotel front desk, asking for a "fast and cheap" way to the airport. The combination is unavailable; the choices are fast (taxi) or cheap (train). My wallet now sports 5 Euros and 2 USD... with that little, my choice has been made for me. Getting to the train station was easy, and when I buy my ticket I find that my train leaves in two minutes. I race like a maniac and just manage to get on board the train before the doors close.

I'm now full of relief.. until I find out from the passengers that I'm on the wrong train. Apparently all the locals know not to trust the ticket station for track numbers; perhaps they should put a warning to that effect in front of the ticket office. I get off at the next station and look at the timetable. Hmm, Flemish or French. My French is bad, but my Flemish is nonexistent; I figure out from the French version that I need track five. I manage to create the sentence "Ou est cinq?", a local manages to interpret my outrageous accent, and I whisk away to track 5. Then a loudspeaker announcement came; it sounds like a change in track numbers, but my French isn't good enough to follow which train is involved or which track number if it's mine. The announcer repeats in English.. it's my train, and now I need track 4. I hop on the train (the right one this time!), and arrive at the airport. Check-in, show passport, go through a search, walk to the gate area, go through a more thorough search, arrive at gate. After that, it was uneventful.

Random Comments

Discussions ranged all over the place. Richard Stallman is still respected for the seminal work he's done, but his insistence in trying to force others to use the term "GNU/Linux" instead of "Linux" really wrankles some. Europeans generally have a different cultural attitude towards guns than many Americans, and thus many Europeans are frankly perplexed by Eric Raymond's views on guns.

Several seemed to view open source/free software through a wider lens of freedom of speech, and it appears that several European governments are eying it through a political lens (for example, being free of control by an American company would be considered a good thing by many European governments). Microsoft's changes to its license fees are going to substantially increase costs for many users, and those users are re-examining open source systems to see where they can use them. Some members of Germany's ruling coalition (in Parliament) are quite frank - they view open source as a political issue, not just a technical one. Where will this all lead? My crystal ball is fuzzy, but it's certainly interesting.

Last I looked, OpenOffice was getting better but not really usable yet. Several claimed that while there were still warts, OpenOffice really had become usable for typical office uses, including word processing and presentation (Gnumeric's latest version is already wonderful for spreadsheets). If so, that's great news; I need to give the latest version a try.


FOSDEM was great. I hope there will be one next year, and I'd recommend going. I think the organizers will learn from this event and fix some of the logistical problems, and the opportunity to meet the people and see their projects was quite worthwhile.

(If you'd like, you can go see my home page, my book Secure Programming for Linux and Unix HOWTO, or my paper Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!).