Arnt Gulbrandsen
About meAbout this blog

Three programs, one feature

It's not something one does often, but I've implemented the same feature in three different programs. Not very different, all are written in the same programming language for the same platform, and all are servers.

Same platform, same language, same task, same developer... you would think the three patches would end up looking similar? They did not, not at all.

The feature I wrote is is support for using UTF8 on SMTP, which I've implemented for Postfix, Sendmail and Qmail, which all run on linux/posix systems. I tried to follow the code style for each of them, and surprised myself at how different my code looked.

One patch is well-engineered, prim and proper.

The next is for an amorphous blob of software. The patch is itself amorphous, and makes functions even longer that were too long already. Yet it's half as long as the first patch. The two are, in my own judgment, about equally readable. One wins on length, the other on readability, they're roughly tied overall. This surprised me not a little.

The third is a short, readable patch which one might call an inspired hack. It's a much smaller than the others and easily wins on readability too.

It wasn't supposed to be like that, was it? Good engineering shouldn't give the most verbose patch, and the hack shouldn't be the most lucid of the three.

I see two things here:

First: Proper engineering has its value, but perhaps not as much as common wisdom says. Moderately clean code offers almost all of the value of really clean code.

Second: A small program is easy to work with, such as the MVPs that are so fashionable these days. But ease of modification isn't all, the smallest among the three servers has fallen out of use because the world changed and it stopped being viable.

Some random verbiage on each of the three servers and patches:


Qmail, the last MTA I patched, is an inspired hack, and so's my patch. I expect Qmail works wondrously provided you use it as Dan Bernstein intended (ie. in the world of 1995, to solve the problems of 1995). Since the SMTPUTF8 extension is well-designed and Qmail doesn't implement DSN, my patch ends up being only a few tens of lines:

Qmail's SMTP server advertises advertises a new extension, accepts it, and uses the right keyword in the Received field.

When Qmail's SMTP client is told to send mail, it checks for that Received keyword as well as for UTF8 addresses, and adds the right protocol keyword if necessary.

That's all. Qmail's simplicity makes it that simple. One function implements a Qmail-like state machine to avoid keeping state in the queue file and looks different from my typical code, the rest is overwhelmingly simple.

This same simplicity has its drawbacks and I wouldn't recommend using Qmail for receiving mail on today's internet. I understand some people are using it for outgoing mail at online shops, though.

This patch is in Gentoo, you can read it there or install qmail-1.06-r5. I also have a version that doesn't depend on the TLS patch, send me mail if you'd like a copy of that.


Sendmail is the oldest MTA on the planet, and shows its age. While working with the source I saw that the maintainers mean well and have tried to update the program to comply with good new practice, but they're not doing very much of that. I think refactoring and dropping features is unusually difficult in their case. Maybe they dare not remove code that may still be in use, and their user base includes the oldest and most diverse sites. If there are 20 year old mail servers anywhere, they probably run sendmail.

Sendmail suffers from some overlong functions. Over the decades those functions have grown, and grown, and grown, and today they're so big that they effectively block dependency injection. That, in turn, blocks unit testing. My patch adds zero unit tests and my automatic system tests aren't portable to the maintainers' systems. Sad.

The Sendmail patch is much larger than the Qmail one, partly because sendmail's more orderly and partly because it's less orderly.

Sendmail stores information in queue files in an orderly, extensible way, unlike Qmail. Because of that, my patch can store its extra bit sensibly, which adds code to define, read, write and process the extra bit. Qmail didn't allow any of that, which was limiting, but oh how simple!

Sendmail's overlong functions led to less orderly changes than Qmail. I wanted to write code as tidy as that in Qmail, but it just wouldn't fit.

This patch is in the Sendmail maintainers' queue; send me mail if you'd like to have a copy.


The first MTA I patched was Postfix, almost three years ago now. That patch is even bigger than the one for Sendmail.

Postfix is similar to Sendmail in some ways, but more well-ordered, better documented and without all he dinosaur features. Postfix does not contain any overlong functions. (Maybe you think some functions are too long or have other problems, but the maintainers like Postfix as it is. I keep my opinion to myself — a good patch follows the maintainer's desired style and that's all I have to say.)

Postfix contains all the functionality you need on the network today, and the maintainers (chiefly Wietse Venema) are amazingly good at keeping the features complete and orthogonal. If you combine any two Postfix settings, the combination works as intended because Wietse has thought about that combination.

The price for that is that there are a lot of cases to handle. Qmail autodetects ASCII/UTF8 when you send mail via its command-line interface, Sendmail does the same, Postfix has has more complex logic and supports four cases instead of two.

This patch was integrated into Postfix 3.0.0, and is in all the major Linux distributions by now.


Code review times two

I like code review but complain about it all the time. Why? The other day I had an eureka moment: There are two quite different kinds, which I will give the misleading names agile review and waterfall review, and I'm annoyed when the reviewers perform one kind of review and I want the other.

Waterfall development is centered around planning, development and deployment in stages: First plan well and get rid of most bugs, then implement what's planned, then review and test to fix the remaining bugs, then deploy. In this model, code review focuses on catching minor bugs, ensuring code style harmony, proper use of internal/thirdparty APIs, etc. Big questions such as is this feature a good idea at all? are out of scope, because that's been settled in the planning phase. (I'm not saying waterfall works in practice, only describing the theory.)

Agile development is different. Instead of planning well, agile development is based around an iterative process: Implement something that seems to be a good idea, consider it, learn something from it, finish it and then deploy, then pick something else to do, something one now knows more about. Code review can be the first part of the consideration and learning process, so it's a good time to discover that although a feature seemed like a good idea, it's going to be a morass and should be dropped at once. (more…)


Morbid bindings

The first thing I learned about programming in-person (not from a book or from code) was morbid bindings, a strangely unused term.

I learned it from a university employee called Eric Monteiro, who was oddly clueful in a generally sparsely beclued environment. Can't remember his title, or what he taught.

I had just listened to Eric answer someone else about multiple inheritance, and asked a followup question, which he answered, and then he digressed into relationships in general: When two things are connected in a program, the binding is always one of three: A kind, a belonging, or else it's morbid, and morbid bindings always turn out to be bad in one way or another. He gave me a quick example: This number in this file has to be at the same as that number in that file and I think I answered, such as maximum line length in two functions that read/write the same file? (more…)


The value of features

A programmer doesn't always know whether a new feature of a program will turn out to be valuable or not. Perhaps: doesn't even often know. I've just had a repeat lesson on that topic.

I have a new phone. The manufacturer brags about a high-resolution camera and many other things, but I bought it because it's the smallest phone with a good screen and an up-to-date version of Android. (Yes it fits in a pocket, even sideways in some pockets.) I noticed in a review on the web that the phone's watertight, complete with an underwater photo of a beauty in bikini, but didn't give any thought to it. After all I don't spend much time in pools or at beaches, and if I do the bikini beauties don't gravitate towards me. When I bought the phone I had no idea that I would care about its being waterproof.

But I do care. The summer rains here in Munich can be impressively intense. Until now I've always been conscious that I was exposing an expensive and fragile electronic device to water when I used a phone in the rain. I have done that when I needed to, but in a corner of my mind I was always aware of the risk. Now I just do whatever I need to do, rain or shine, and don't worry about the device.


On software architecture

It's not particularly sensible, and not related to any software architecture I deal with at the moment, but I do want to post this photograph. Nominally it's is a photo of the concrete kind of architecture, not the software kind, but doesn't it look like an enterprise-ready, flexible, feature-rich and polished staircase framework?

It's from a hotel interior, so I expect there's a lift off-camera that people use when they want to get anywhere.


Testing versus code layout

Here is a simplified version of function I once wrote:

    if(foo() && bar())
        return true; // common case
    else if(foo())
        return false; // happens too...
    else if(mumble() == jumble() && bar())
        return true;
    else if(mumble() == jumble() && rotten())
        throw new MalevolentClientException( ... );
    else if(mumble() == null)
        return true;
    return false;

The real foo() was something along the lines of getRequest()­.getClientIpAddress()­.isRoutable(), so not awfully cheap, but it was O(1).

As you've noticed, foo() may be called twice even though the second return value has to be the same as the first. The function could be more efficient:

    if(foo()) {
            return true;
        return false;
    } else if(… (more…)


Making X11 usable across the internet. A sigh.

I am the fool who tweaked Qt to work with long-distance X11. The main problem was slow startup; if the ping time to the display was 0.1s, then applications needed 0.5s or more to start. So I fixed that, tested it using Qt/X11 applications on a transatlantic link, then fixed whatever else that I noticed because of the slow link.

As far as I know, noone ever made use of this work.

That didn't prevent someone at Trolltech from trying some of the same again twelve years later, except this time with better buzzwords and more effort.

So why did I do it? I don't remember. Perhaps someone had told me that X11 was network-agnostic by design and Qt's implementation fell short of the design, and I let myself be persuaded. Perhaps I told myself. One thing is sure: Noone had told me that this was a problem for their actual, concrete, existing application.

Maybe my work helped sell a seat or two for Qt. Many people are willing to pay for features or performance they don't need, so it's entirely possible. But I think it was probably waste. I feel good about it, though, because quite recently I was able to avoid a mistake by having learned from those two.

I've been a professional programmer for twenty years now. That seems to be long enough that for whatever mistake anyone proposes to make, I have made or watched a similar mistake at least once before. I'm not sure whether that's good or bad. Seeing a mistake be repeated is such a sad feeling.


inSort()'s revenge

Once upon a time, twenty years ago now, Qt's generic data structures included a function called QList::inSort(). Haavard Nord wrote that and didn't really document it, and when I wanted to write about it he only said it was useful sometimes. What was I to write? Use inSort() rather than insert() when that's useful?

There is a chance that I simply deleted it when I couldn't write sensible documentation.

Two decades later I finally understand why inSort() was a good idea after all. It's useful for a particular kind general data structure that only occurs in GUIs: The list that should be mostly sorted, but should not be resorted once it's shown on-screen.

Consider a list of things that the user can select and either open or delete. Sorting by modification time can make sense (for some kinds of things), but if a UI-thing were to move when someone else updates the actual-thing, then it might move an instant before the user selects and deletes that. Oops.

Thus inSort(). Stupid name, but its presence would have been an improvement to some GUIs.