Monthly Archives: November 2009

Can Google Wave Bring Something New to Peer Code Review?

If you haven’t already heard about Google Wave, watch this video.

In a nutshell, Google Wave is an attempt at integrating wikis, instant messaging, email and social networking, into a nice, tight, Google-y ball of goodness.

What’s particularly interesting, is that developers can write “gadgets” by coding against the Google Wave API.  Check this out – a collaborative tool for systems modeling built into the Google Wave client.  That’s pretty cool!

Which makes me wonder… could a code review tool be built on top of Google Wave?  And if so, what services, if any, does the Wave protocol offer that might make such an application superior to other web-based code review tools?

What does Google Wave offer that would make such a code review tool special, more effective, and better?

Playing Around with FTP

I’m taking a Computer Networks course this semester, and for my final project, my partner and I are trying to create signatures for FTP, HTTP, and Skype packets.

The big idea:  we want to create some signatures, and then “replay” those signatures against some arbitrary IP and port.  If we get a response, we analyze the response to see if it matches what we expect from the signature.  If it matches, chances are we’ve determined what kind of server is behind that IP/Port.

FTP and HTTP are the trivial ones.  Skype is going to be quite a bit harder.

Anyhow, here is what I’ve found out about FTP…


FTP runs over a TCP connection, so if you’ve got Telnet, then you’ve got a basic FTP client.  Traditionally, FTP servers run on port 21 – but really you could put one on whichever port you feel like.

So, I’m going to try to futz around with the Mozilla public FTP server, and show you what I get.

First, I’ll connect to the FTP server with Telnet, like so:

mike@faceplant-linux:~$ telnet 21

Here’s what comes back:

Connected to
Escape character is '^]'.
220- / - files are in /pub/
220-   Notice: This server is the only place to obtain nightly builds and needs to
220-   remain available to developers and testers. High bandwidth servers that
220-   contain the public release files are available at
220-   If you need to link to a public release, please link to the release server,
220-   not here. Thanks!
220-   Attempts to download high traffic release files from this server will get a
220-   "550 Permission denied." response.

If I type in anything and press RETURN, the server responds with:
530 Please login with USER and PASS.
Since I don’t have an account, I’ll just use the basic anonymous one:

USER anonymous

The server responds back with:

331 Please specify the password.

I don’t have a password, so I’ll just try a blank one…


and blam, I get a ton of stuff back:

230- / - files are in /pub/
230-   Notice: This server is the only place to obtain nightly builds and needs to
230-   remain available to developers and testers. High bandwidth servers that
230-   contain the public release files are available at
230-   If you need to link to a public release, please link to the release server,
230-   not here. Thanks!
230-   Attempts to download high traffic release files from this server will get a
230-   "550 Permission denied." response.
230 Login successful.

Hey alright, I’m in!  Er…where exactly am I, though?  I type in PWD, and the server responds with “/”.  So I’m in the root.  Nice.

So what’s in the root directory, anyhow?  I type in LIST.  Here’s what I get back:

425 Use PORT or PASV first.

And here’s where it gets interesting.  This Telnet session I’ve got here is like a control window.  But if I want any actual data from the server, I’m going to need to either open up one of my ports (and do some port-forwarding on my router) to receive it (PORT), or connect to another port that the FTP server can pipe data through (with PASV).

I’d rather not go through all of the trouble of port-forwarding, so I’m going to choose the latter.  I type in PASV.  The server responds with:

227 Entering Passive Mode (63,245,208,138,225,55)

So what does that big string of numbers mean?  The first 4 are the IP address I’m to connect to (  The last two tell me what PORT to connect to.  The formula to determine the port number is N1*256 + N2.  N1, in this case, is 225.  N2 is 55.  So 225*256 + 55 is 57655.

So I open another Telnet in a separate window, connect to on port 57655, and get….


Yep, just a blank.  I’ve made the connection, but I haven’t asked for any data, so there’s nothing for the connection to say.

However, if I type LIST again in the command window, I get

150 Here comes the directory listing.
226 Directory send OK.

sent into the control window, and

-rw-r--r--    1 ftp      ftp           528 Nov 01  2007 README
-rw-r--r--    1 ftp      ftp           560 Sep 28  2007 index.html
drwxr-xr-x   34 ftp      ftp          4096 Nov 24 23:32 pub
Connection closed by foreign host.

pumped into my data window.  Notice that the connection closed in the data window.  That means that, for every bit of data I want, I either need to redo the whole PASV thing, or supply a PORT that the server can connect to.  Bleh.

Let’s see what else I can do.  I type in “CWD pub” to change to the pub directory.  Using PASV and LIST, I get the following from another data window:

drwxrwxr-x    3 ftp      ftp          4096 Jun 05  2002 OJI
-rw-rw-r--    1 ftp      ftp          1144 Jul 03  2001 README
drwxr-xr-x 5561 ftp      ftp        430080 Nov 24 22:14 addons
drwxr-xr-x    2 ftp      ftp          4096 Jul 05  2005 artwork
drwxr-xr-x    2 ftp      ftp          4096 Jun 13  2008 bouncer
drwxrwxr-x    5 ftp      ftp          4096 Apr 20  2009 calendar
drwxrwxr-x    6 ftp      ftp          4096 Aug 11  2008 camino
drwxr-xr-x   16 ftp      ftp          4096 Oct 16  2006 cck
drwxrwxr-x    3 ftp      ftp          4096 Jul 10  2004 chimera
drwxrwxr-x   12 ftp      ftp          4096 Aug 31  2001 data
drwxrwxr-x    8 ftp      ftp          4096 Jun 19  2007 directory
drwxr-xr-x    4 ftp      ftp          4096 May 17  2005 diskimages
drwxrwxr-x    4 ftp      ftp          4096 Jul 26  2008 extensions
drwxrwxr-x    4 ftp      ftp          4096 May 16  2003 firebird
drwxrwxr-x    5 ftp      ftp          4096 Aug 12  2008 firefox
drwxrwxr-x    3 ftp      ftp          4096 Aug 07  1999 grendel
drwxrwxr-x    5 ftp      ftp          4096 Mar 22  2009 js
drwxrwxr-x    4 ftp      ftp          4096 Oct 22  2004 l10n-kits
drwxrwxr-x    2 ftp      ftp          4096 Nov 24 20:28 labs
-rw-r--r--    1 ftp      ftp       1868178 Sep 17  2003 ls-lR
-rw-rw-r--    1 ftp      ftp        169159 Sep 17  2003 ls-lR.gz
drwxr-sr-x    4 ftp      ftp          4096 Sep 15  2005 minimo
drwxrwsr-x   12 ftp      ftp          4096 Nov 11 06:09 mobile
drwxrwxr-x   15 ftp      ftp          4096 Jan 04  2008 mozilla
lrwxrwxrwx    1 ftp      ftp             1 Sep 15  2006 -> .
drwxrwxr-x    2 ftp      ftp          4096 Aug 25  1998 msgsdk
drwxrwxr-x    5 ftp      ftp          4096 Jul 09  2002 nspr
drwxrwxr-x    4 ftp      ftp          4096 Sep 23  2002 phoenix
drwxrwxr-x    3 ftp      ftp          4096 Aug 03  2000 profiles
drwxrwxr-x    6 ftp      ftp          4096 Aug 12  2008 seamonkey
drwxrwxr-x    5 ftp      ftp          4096 May 04  2006 security
drwxr-xr-x    5 ftp      ftp          4096 Aug 13  2008 static-analysis
drwxrwxr-x    8 ftp      ftp          4096 Sep 24 19:03 thunderbird
drwxrwsr-x    4 ftp      ftp         20480 Nov 19 02:26 webtools
drwxrwxr-x    6 ftp      ftp          4096 Aug 11  2008 xulrunner
drwxr-xr-x    2 ftp      ftp          4096 Sep 12 05:51 zz
Connection closed by foreign host.

Nice.  Alright, now let’s see if I can download one of those files.  I’m going to try to download README.  Using PASV, I create a new data window, and then I type:


And, after a little wait, my data window gets:

Welcome to!
This is the main distribution point of software and developer tools
related to the Mozilla project.  For more information, see our home
page ( Go here to download Netscape Communicator:
A list of's mirror sites can be found at:
This site contains source code that is subject to the U.S. Export
Administration Regulations and other U.S. law, and may not be exported
or re-exported to certain countries (currently Afghanistan (Taliban
controlled areas), Cuba, Iran, Iraq, Libya, North Korea, Sudan and
Syria) or to persons or entities prohibited from receiving U.S.
exports (including Denied Parties, entities on the Bureau of Export
Administration Entity List, and Specially Designated Nationals).
If you plan to mirror our site read our crypto FAQ. Send mail to to be added to our mirrors list.
We do not guarantee that any source code or executable code
available from the domain is Year 2000 compliant.
Connection closed by foreign host.

Awesome! I think I have enough information to come up with some kind of signature.


What, you think I figured all this stuff out alone?  No way – I had some help:

Code Spelunking for Students

Last Friday, I went to the FSOSS conference at Seneca@York Campus with Zuzel and Greg.

One of the talks I attended was an open discussion about getting students involved in open source software.

I’m going off of memory there, but I believe one of the speakers at that talk said something like:

Students generally don’t have to deal with large code-bases in their school assignments…1000 lines of code is really nothing.  When students work on an open source project, they get dropped into a massive code-base with only a fork, a spoon, and a compass.  They have to find their way around, and that’s where the real challenge and learning is.  This is a skill that most students just don’t get with normal school assignments.

Again, I’m paraphrasing.

So is this true?  Hm.

During my undergraduate career, I’ve certainly had to explore strange code that someone else has written.  But nothing even close to the size of, say, the Mozilla Firefox code-baseOr the Chromium code-base.  I mean, these are massive wads of code.  This is not a criticism of my teachers or the UofT CS program by any means – it’s just an observation.

But some students explore these large code-bases on their own in their free time.  During my (admittedly brief) break before summer work began, I started poking around the Firefox code.  I made two discoveries:

  1. The code that I saw was, in my opinion, very well written
  2. I was completely lost, and didn’t know where to start

I still haven’t worked on any software that is nearly as large as Firefox.  Not even close.  MarkUs is a nice chunk of code, but minuscule in comparison.

So just go with me on this for a second.  Let’s assume that a large code base is intimidating and difficult for students to wrap their heads around, and this is one of the main challenges in getting those students to contribute to open source software.

Again, I only have my own experience to back up that claim.  Looking at Firefox, I didn’t know where to start.  I didn’t know where to go.  I didn’t know which way was up.  I was lost.

So how can students get a better grasp on a mountain of code?  A few ideas:

  1. Write tests for the code, starting small and going big.  This is a relatively easy way to play with the code without having to change it. This assumes, of course, that the software has been designed to be easy to test…
  2. Ask someone else.  Go into the appropriate IRC channel and ask around.  This, of course, has it’s own problems.
  3. Read up on the developer documentation.  Let’s just hope it’s up to date and relevant…
  4. Read up on someone else’s experiences exploring the same code base.  Good luck finding those.

Not Quite Blueprints

I’ve always thought of computer software as being like an invisible machine inside my computer.

And to me, the source code is a bit like the description of the blueprints for that invisible machine.  It’s not the top-down crystal-clear cutaways that a blueprint provides…it’s a flat, textual interpretation of those blueprints.  And it takes quite a bit of reading before those descriptions sink in, and the “personality” of the machine becomes clearer.

In his article “Code Spelunking Redux“, George V. Neville-Neil says:

Working in this way is a bit like trying to understand the United States by staring at a street sign in New York City. The ability to look at a high-level representation of the underlying system without the fine details would be perhaps the best tool for the code spelunker. Being able to think of software as a map that can be navigated in different ways—for example, by class relations and call graphs—would make code spelunkers far more productive.

I was thinking a lot about that on my ride home from FSOSS.  When I got home to my computer, I found out that there are some really cool alternative ways of viewing software.  Here are three that I found quite interesting:


Imagine that you’re curious about developing on Firefox.  You can wade through the swaths of source code…

or you can stroll through a city that represents the software:



CodeCity is an integrated environment for software analysis, in which software systems are visualized as interactive, navigable 3D cities. The classes are represented as buildings in the city, while the packages are depicted as the districts in which the buildings reside. The visible properties of the city artifacts depict a set of chosen software metrics, as in the polymetric views of CodeCrawler.

Imagine virtually driving around that city, hearing a guided tour through your headphones…you can walk into buildings, check out the different floors…check the plumbing.  Interesting idea.


Or how about a neighbourhood…



CocoViz address software comprehension by a combination of visualization and audio. It uses common place metaphors (like houses) for an intuitive understanding of software structures and evolution.

For each source code entity, evolution and structural aspects are mapped to such metaphors and annotated with different audio, to represent concepts such as design erosion, code smells or evolution metrics.

The tool is used in the software evolution analysis domain but offers DB-, XML-importer and a plugin architecture to extend its use into other domains.


Another attempt at using the architecture/neighbourhood metaphor.  This one does a neat job of displaying execution traces though – check out the video demo.

These are cool ideas.

But are they useful? Are they usable?  Do they work? Could they help students get a firm grasp on a large code-base?  Can they help visualize the evolution of software?

Has anyone actually used any of these?