Mongrel users - Aug 2006 - http parser

Just thought I''d let you know that your http parser worked great for
creating an http protocol handler for Eventmachine.  It wouldn''t take
that much effort to use Eventmachine for Mongrel, might be worth a
shot just to see how it does.  A few things would need to be
restructered, like HttpRequest where you read the rest of the body,
and calling the handler.  But it wouldn''t be all that much work I
don''t think.  Took me about an hour to create a working http server
with Eventmachine, your parser, and subclassing HttpRequest to get rid
of the socket reading.  I''ll spend some more time on it tommorrow and
see how it progresses.

Chris

On Aug 20, 2006, at 2:50 AM, snacktime wrote:
> Just thought I''d let you know that your http parser worked great
for
> creating an http protocol handler for Eventmachine.  It wouldn''t
take
> that much effort to use Eventmachine for Mongrel, might be worth a
> shot just to see how it does.  A few things would need to be
> restructered, like HttpRequest where you read the rest of the body,
> and calling the handler.  But it wouldn''t be all that much work I
> don''t think.  Took me about an hour to create a working http
server
> with Eventmachine, your parser, and subclassing HttpRequest to get rid
> of the socket reading.  I''ll spend some more time on it tommorrow
and
> see how it progresses.
>
> Chris
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users
>

Hey Chris-

	I would love to see your code for this. I have been working with  
eventmachine on some similar stuff.

-Ezra

On Sun, 2006-08-20 at 02:50 -0700, snacktime wrote:
> Just thought I''d let you know that your http parser worked great
for
> creating an http protocol handler for Eventmachine.  It wouldn''t
take
> that much effort to use Eventmachine for Mongrel, might be worth a
> shot just to see how it does.  A few things would need to be
> restructered, like HttpRequest where you read the rest of the body,
> and calling the handler.  But it wouldn''t be all that much work I
> don''t think.  Took me about an hour to create a working http
server
> with Eventmachine, your parser, and subclassing HttpRequest to get rid
> of the socket reading.  I''ll spend some more time on it tommorrow
and
> see how it progresses.
The EventMachine stuff doesn''t really buy you much since they use
Ruby''s
select still to process connections.  That means you''re still stuck
with
1024 max files and still stuck with Ruby''s threads.  All they do is
then
move IO processing out to a *large* amount of convoluted C++ code.  I''m
sure you''ll love security auditing that. :-)

They are also working on their Mongrel competitor, but being in true
open source NIH form couldn''t be bothered to borrow the parser I wrote
and decided to write their own by hand (it''s like I don''t even
say
anything).  For whatever reason I''ve always thought those guys were a
little on the shady side.  Not sure why, they just seem desperate for
cash or something.

I''d say play around with it and if you get something interesting
working
then that''s cool, but in the end adding even more compiled code that
I''d
have to distribute that''s then tied to a group of developers
who''re
obviously trying to make bank off my work isn''t going to go over well.

FYI, I''m also working on a different approach that moves all of the
HTTP
processing into an ultra fast ucontext/poll based IO system.  I''m
hoping
it''ll work with any language too (Python baby).

But don''t let this discourage you, Mongrel is open source so people can
try these things out.  You never know, it could end up being the bee''s
knees on a platform like win32.

-- 
Zed A. Shaw
http://www.zedshaw.com/
http://mongrel.rubyforge.org/
http://www.railsmachine.com/ -- Need Mongrel support?

Here is a quick and dirty example of how to use the parser.  Notice
that the server isn''t sending a valid reply to the client, and the
handler doesn''t exist, I added that just as an example for others of
how you might use the Eventmachine thread pool to run the handler.
But you should get the general idea.  Zed correct me if I am wrong,
but nparsed returns the length of the headers that were parsed, so if
the parser finishes nparsed is the header length.  Then I just add the
content length to that and keep reading until we get all the content.
I also subclassed HttpRequest since in mongrel that''s where the rest
of the body is read, but in eventmachine it''s not.

To use EM in mongrel you would need to find the best way to only run
one handler at a time.  An array of connections in process_request
together with a state variable might work.  New requests get pushed
onto a list, and process_request takes the first request in the list,
sets the state to busy, then when it''s done sets the state to idle and
checks the array for more request to process before finishing.  Need
to think that one through a bit more.


require ''rubygems''
require ''mongrel''
require ''eventmachine''


class Mongrel::HttpRequest
    attr_reader :body, :params

    # You don''t really call this.  It''s made for you.
    # Main thing it does is hook up the params, and store any remaining
    # body data into the HttpRequest.body attribute.
    #
    # TODO: Implement tempfile removal when the request is done.
    def initialize(params, initial_body)
      @params = params
  end

class Server < EventMachine::Connection

  def initialize *args
    super
    @linebuffer = ""
  end

  def post_init
    @parser = Mongrel::HttpParser.new
    @params = {}
    @nparsed = 0
    @request = nil
    @request_len = nil
    #start_tls
  end

  def unbind
    puts "Connection Closed\r\n"
  end

  def process_request(request)
    # Run the handler in a thread.  Not implemented just put here to
show how to use
    # EventMachine.defer to run the handler in EventMachine''s thread
pool.
    start = proc {run_handler}
    stop = proc {|r|
      send_data r
      close_connection
    }
    EventMachine.defer(start,stop)
  end

  def receive_data data
    @linebuffer << data
    @nparsed = @parser.execute(@params, @linebuffer, @nparsed)
    p "nparsed=#{@nparsed}"
    if @parser.finished?
      if @request_len.nil?
        @request = Mongrel::HttpRequest.new(@params, at linebuffer)
        @request_len = @nparsed +
@request.params[Mongrel::Const::CONTENT_LENGTH].to_i
        if @linebuffer.length >= @request_len
          process_request(@request)
        end
      elsif @linebuffer.length >= @request_len
        process_request(@request)
      end
    end
  end
end

EventMachine::run {
  EventMachine::start_server "127.0.0.1", 80, Server
}

On 8/20/06, Zed Shaw <zedshaw at zedshaw.com>
wrote:
> On Sun, 2006-08-20 at 02:50 -0700, snacktime wrote:
> > Just thought I''d let you know that your http parser worked
great for
> > creating an http protocol handler for Eventmachine.  It
wouldn''t take
> > that much effort to use Eventmachine for Mongrel, might be worth a
> > shot just to see how it does.  A few things would need to be
> > restructered, like HttpRequest where you read the rest of the body,
> > and calling the handler.  But it wouldn''t be all that much
work I
> > don''t think.  Took me about an hour to create a working http
server
> > with Eventmachine, your parser, and subclassing HttpRequest to get rid
> > of the socket reading.  I''ll spend some more time on it
tommorrow and
> > see how it progresses.
>
> The EventMachine stuff doesn''t really buy you much since they use
Ruby''s
> select still to process connections.
I didn''t realize that.  I thought they used a native select.  If
that''s the case then EM would actually perform worse, since you are
always grabbing threads from a pool to run blocking operations and
then jumping back into the event loop.  I do like how you did your
parser though, it would be easy to drop that into pretty much any ruby
project that needs an http parser.

Chris

On 8/20/06, Zed Shaw <zedshaw at zedshaw.com>
wrote:
> The EventMachine stuff doesn''t really buy you much since they use
Ruby''s
> select still to process connections.  That means you''re still
stuck with
> 1024 max files and still stuck with Ruby''s threads.  All they do
is then
> move IO processing out to a *large* amount of convoluted C++ code. 
I''m
> sure you''ll love security auditing that. :-)
>
> They are also working on their Mongrel competitor, but being in true
> open source NIH form couldn''t be bothered to borrow the parser I
wrote
> and decided to write their own by hand (it''s like I don''t
even say
> anything).  For whatever reason I''ve always thought those guys
were a
> little on the shady side.  Not sure why, they just seem desperate for
> cash or something.
>
> I''d say play around with it and if you get something interesting
working
> then that''s cool, but in the end adding even more compiled code
that I''d
> have to distribute that''s then tied to a group of developers
who''re
> obviously trying to make bank off my work isn''t going to go over
well.
>
> FYI, I''m also working on a different approach that moves all of
the HTTP
> processing into an ultra fast ucontext/poll based IO system.  I''m
hoping
> it''ll work with any language too (Python baby).
>
> But don''t let this discourage you, Mongrel is open source so
people can
> try these things out.  You never know, it could end up being the
bee''s
> knees on a platform like win32.

It''s hard to know how to answer this, given that I''ve felt the
Ruby
community has generally been about looking for good answers to
technical problems, and not about making unsupported statements that
have a strong odor of suspicion and insecurity about them.

EventMachine is not and has never been fundamentally about HTTP. It
started out as a general framework for writing fast, event-driven
programs without having to use threads, and it wasn''t designed only
for working with Ruby. It is stuck with a limit of the number of
descriptors when used with Ruby because we hook Ruby''s select
implementation in order to interoperate with Ruby threads, which EM
does with no problems whatsoever.

I wrote the EM I/O engine in C++ for two primary reasons: first
because this code base builds on more than ten years of experience
with extremely high-speed network servers on a range of different
platforms. And second, because when I wrote it (last April), Ruby
didn''t have proper nonblocking I/O. The Ruby-core guys generously
added proper nonblocking support at the end of May, and at this point
EM has a nearly-complete pure Ruby implementation, that has an
identical API and will be used transparently on platforms where the
extension fails to compile.

I just checked EM''s C++ code, and it''s only 4200 lines.
That''s not a
*large* amount of code. It''s a *small* amount of code. If you think
it''s "convoluted," then I have to say you probably
haven''t tried to
read it. (It''s also possible that you''re not that strong a C++
programmer.) I''ve been through some hard-core source-code audits in my
time, and I''m confident this code would pass without an abnormal
amount of effort. And at any rate, it''s wide open on Rubyforge SCM, so
anyone and everyone is invited to take a crack at finding the security
holes in it. We''ll gratefully accept any patch correcting security
flaws.

Working on a Mongrel competitor: I''m not particularly interested in
competing against Mongrel for a couple of reasons. Most importantly,
I''m not entirely sure what Mongrel''s goal in life is. It seems
nice to
have a better-performing Webrick, but you''ve also said that you expect
Mongrel to be deployed in conjunction with Apache or Lighty, so I''m
left assuming the primary value-added is that people can save the
trouble of configuring FastCGI or such stuff. Also, it seems nice to
be able to cluster Rails instances intelligently. And you have said to
me yourself that adding faster I/O to Rails is of limited value
because there are so many performance problems in Rails itself. And
none of those are problems I''m interested in solving any differently
than you have.

I''m not quite sure what you think anything I''m working on is
that
might be competitive to Mongrel. I know that Mongrel has an HTTP
parser in it, and we have one too, but that''s not a whole lot of
overlap. I''ve read your statements on parsing HTTP, and I''m
not
terribly convinced by your approach, which seems to be all about
implementing a very complex RFC as completely and strictly as
possible. I''ve been writing practical high-speed HTTP parsers for
almost ten years now, and I know a lot about which parts of the
standard(s) really matter and which matter less, and also about which
parts should be treated in a relaxed way. You and I are trying to
solve different problems, and for my problem-domain, your chosen
approach isn''t too interesting. You''re trying to write a
well-behaved
proxying layer between Rails and standard web servers. I''m trying to
write a general framework for event-driven applications that can
easily incoroporate a range of different protocols. Speed and ease of
development matter a lot more to me than strict conformance with RFC
2616.
>>>For whatever reason I''ve always thought those guys were a
little on the shady side.  Not sure why, they just seem desperate for
cash or something.<<<
This borders on libel. I challenge you to produce the evidence on the
basis of which you make these statements. I''ve been a senior
technology executive and investor for quite a long time. I don''t
contribute to open-source projects in order to make a living. Are you
willing to make the same statement in regard to yourself?
>>>but in the end adding even more compiled code that I''d
have to distribute that''s then tied to a group of developers
who''re
obviously trying to make bank off my work isn''t going to go over
well.<<<
To my knowledge, no one in my group is trying to induce you to add
anything, compiled or otherwise, to your code base. Your statement
sounds like more than just protesting too much: it sounds insecure. I
can''t speak for your motivations, but the rest of us just want to work
with the best possible technology, and investigate new ideas to see if
they lead to interesting places.

Zed, you''re an important guy in the community and you''ve
written some
impressive technology. But you''re showing a personal side that is
quite disappointing.

On 8/20/06, snacktime <snacktime at gmail.com>
wrote:
>
>
> I didn''t realize that.  I thought they used a native select.  If
> that''s the case then EM would actually perform worse, since you
are
> always grabbing threads from a pool to run blocking operations and
> then jumping back into the event loop.  I do like how you did your
> parser though, it would be easy to drop that into pretty much any ruby
> project that needs an http parser.


 Read the code, Chris. We use a native select loop built in the normal
(native) way, using fully nonblocking I/O. There are no threads anywhere
inside of EventMachine (except for the thread pool accessed by #defer which
you and I have already corresponded about). When EM is built for a Ruby
environment, it hooks Ruby''s thread scheduler to give Ruby a chance to
run
its threads. It''s not any slower. You''ve already seen that EM
can make 1000
TCP client connections in well under a second.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/mongrel-users/attachments/20060820/a0f61357/attachment.html

On Sun, 2006-08-20 at 17:04 -0400, Francis Cianfrocca
wrote:
> On 8/20/06, Zed Shaw <zedshaw at zedshaw.com> wrote:
While a public forum might not be the place to air my thoughts, since
you replied here, I''ll comment here.  Feel free to contact me off list
so we can possibly patch this up.

Let''s skip all the technical stuff for now, and focus on this one area:
> >>>For whatever reason I''ve always thought those guys
were a
> little on the shady side.  Not sure why, they just seem desperate for
> cash or something.<<<
> This borders on libel. I challenge you to produce the evidence on the
> basis of which you make these statements. I''ve been a senior
> technology executive and investor for quite a long time. I don''t
> contribute to open-source projects in order to make a living. Are you
> willing to make the same statement in regard to yourself?
> 
> >>>but in the end adding even more compiled code that I''d
> have to distribute that''s then tied to a group of developers
who''re
> obviously trying to make bank off my work isn''t going to go over
well.<<<
> To my knowledge, no one in my group is trying to induce you to add
> anything, compiled or otherwise, to your code base. Your statement
> sounds like more than just protesting too much: it sounds insecure. I
> can''t speak for your motivations, but the rest of us just want to
work
> with the best possible technology, and investigate new ideas to see if
> they lead to interesting places.
You know what man, you''re right, that was uncalled for.  You
aren''t
shady (no irony here, I''m seriously apologizing).

But, let''s go over what behaviors you''re doing that make me
think you''re
not completely honest in your intentions.  Then you can explain them to
me and we can come to an understanding.

First off, if we''re going to throw out legal challenges then lets
compare project names.  You have a very nasty habit of picking project
names that are very similar to names of already established or more
famous projects.  Let''s compare:

* Ruby/EventMachine -- http://rubyforge.org/projects/eventmachine/
* Ruby/Event -- http://www.zedshaw.com/projects/ruby_event/

* monorail -- http://rubyforge.org/projects/monorail/
* monorail -- http://www.castleproject.org/index.php/MonoRail
* Which is really similar to "mongrel rails", but let''s just
say that
wasn''t your intention.

Then, you also have a habit of creating these to be similar to existing
ones, pimping them in what seems like an attempt to wipe out the
existing projects:

"Monorail is the lightweight, fast, scalable and SECURE alternative to
Ajax-application frameworks. Its native-HTTP server incorporates SSL and
auth/az services natively. Page development is Rails-like but simpler."

It looks like you''re capitalizing on Rails fame and Mongrel fame at the
same time, then telling people that your framework is more SECURE.  Yet,
you have this in your monorail:http.cpp file:

// This processing depends on the fact that the end
// of the data buffer we receive will have a null terminator
// just after the last byte indicated by the length parameter.

Anyone worth his SECURE salt knows that using \0 buffer termination is
*not* secure.

Not to mention this gem of a buffer overflow:

  else if (!strncasecmp (header, "cookie:", 7)) {
    const char *s = header + 7;
    while (*s && ((*s=='' '') ||
(*s==''\t'')))
      s++;
    setenv ("HTTP_COOKIE", s, true);
  }

(HINT: A while loop that waits for a \0 terminator is always wrong.)

Finally, in every communication I''ve had with you, you''ve
never
contributed anything to Mongrel or any of my work.  You''ve been very
adamant about me using *your* work, and me *doing the work* to use your
stuff, but you''ve never contributed.  Mr. snacktime has done more to
get
Mongrel working with EventMachine than you have.

In fact, I''ve contributed more to your software than you have to mine:

http://rubyforge.org/forum/forum.php?forum_id=6607

Which means, in my *opinion* you take and do not give.  In fact, I wrote
this:

http://mongrel.rubyforge.org/not_mongrel.html

Partially in response to your behavior.  If you remember you e-mailed me
repeatedly asking me to use your Ruby/EventMachine to power Mongrel,
despite my concerns about your licensing, copyright and motivations
(which I told you then).

In summary, the fact that you:

 * Create competitive projects that are closely named to mine.
 * Make false security claims about your work.
 * Imply that your work is more secure than mine (yet without a security
testing policy, unlike Mongrel).
 * Use my advice and work to further your own means without contributing
back in kind.
 * AND accuse me of libel (which only a profit motivated "open source"
person would do).

All point to why I don''t much appreciate your behavior and
don''t think
highly of your true motivations.

Now, I don''t know you personally, you may be a great guy for all I
know.
But I am basing my *opinion* of your business practices on the above
evidence.

If there''s a misunderstanding in how you behave and act toward me then
feel free to talk to me about it off list.  Until then, I''d appreciate
it if you''d stop naming your projects after mine, stop pimping your
projects on *my* mailing list, and stop accusing me of libel when I have
supporting evidence of my opinion.  You''re free to compete with
Mongrel,
but don''t use my project to further your gains.

Thanks for your time.

-- 
Zed A. Shaw
http://www.zedshaw.com/
http://mongrel.rubyforge.org/
http://www.railsmachine.com/ -- Need Mongrel support?

On 8/20/06, Zed Shaw <zedshaw at zedshaw.com>
wrote:
>
>  First off, if we''re going to throw out legal challenges then lets
> compare project names.  You have a very nasty habit of picking project
> names that are very similar to names of already established or more
> famous projects.  Let''s compare:
>
> * Ruby/EventMachine -- http://rubyforge.org/projects/eventmachine/
> * Ruby/Event -- http://www.zedshaw.com/projects/ruby_event/

I picked the name for EventMachine before I was aware of yours. I used the
word "Ruby" in my title because EM doesn''t work only with
Ruby, and that was
intended to indicate a version that had Ruby bindings. As far as
"Event" is
concerned, there are plenty of projects with that word in their titles
(libevent for one), that have primacy over yours. But no one is trying to
make money off this, so where''s the issue?


* monorail -- http://rubyforge.org/projects/monorail/
> * monorail -- http://www.castleproject.org/index.php/MonoRail
> * Which is really similar to "mongrel rails", but let''s
just say that
> wasn''t your intention.

"Monorail" was picked out of the air by a guy who works for me as we
were
thinking about a lighter-weight version of Rails. You''ve evidently
researched this project, which is gratifying, but it''s not a released
project, and anyway has evolved a great deal. It''s no longer a lighter
Rails, but something else entirely, and not competitive to Rails. As far as
competing against Mongrel in this connection, I have to smile at your
self-importance, but Mongrel wasn''t even on our radar. In regard to the
Castle guys, we became aware a couple of weeks ago that they were using
"Monorail," and we''re still looking into whether we have
priority over the
name (our first pub was last April, and theirs is a recent name change). If
it turns out theirs was published before ours, we''ll change ours.


Then, you also have a habit of creating these to be similar to
existing
> ones, pimping them in what seems like an attempt to wipe out the
> existing projects:
I create a lot of projects, Zed, and I (and the guys who work for me) make
up a lot of code names. They can''t all be unique gems, especially not
for
the open source ones where the point isn''t to make any money. I spend a
lot
of time (and money) coming up with well-researched names for my commercial
projects. And if you think I have it in mind to wipe out Rails, all I can
say is that I have far more realistic goals in life, nor do I think Rails,
which benefits a lot of people, deserves to be wiped out. But if you think I
have in mind to wipe out Mongrel, then I have to laugh and ask you why
you''re afraid of me!



>
> // This processing depends on the fact that the end
> // of the data buffer we receive will have a null terminator
> // just after the last byte indicated by the length parameter.
>
> Anyone worth his SECURE salt knows that using \0 buffer termination is
> *not* secure.
In the first place, Zed, this comment is in code that is NOT in the
EventMachine, but in a project based on it. Note the code in EM that creates
the buffers that are passed to the code path where the comment you quoted
appears. There is specific language in there specifying a guaranteed
behavior that all buffers generated by EM for passing to user code will have
an extra appended null terminator.

> Not to mention this gem of a buffer overflow:
>
>   else if (!strncasecmp (header, "cookie:", 7)) {
>     const char *s = header + 7;
>     while (*s && ((*s=='' '') ||
(*s==''\t'')))
>       s++;
>     setenv ("HTTP_COOKIE", s, true);
>   }
>
> (HINT: A while loop that waits for a \0 terminator is always wrong.)

You''re reaching, Zed, and it''s not impressing me. That while
loop stops when
it finds a character that isn''t blank or tab. Obviously it''s
also going to
stop if it hits the end of the string. It would be far less safe (not to
mention wrong) if it didn''t. Also notice the (only) call to this
(private)
method that contains this code path. The line immediately preceding it
ensures the null terminator is present.


On contributing to your work: you have it pretty well under control, so what
help do you need from me? I wrote to you back in April or May to ask if you
had an interest in it, and you made it quite clear that you didn''t. So
I
didn''t bother to ask the question again. That''s no problem for
you or for
me. But if you think I was "adamant" about you using my work, all I
can say
to that is that I''m an experienced technology salesman, and I try to
convince people by being persuasive, not adamant. Again, you made it clear
you weren''t interested, so that''s the end of that story.

As far as you contributing to my work, you pointed out that you had had a
problem with your Event library that I hadn''t tested for. You also said
you
hadn''t been able to solve it. I solved it, then solved it again in a
better
way. I acknowledged you for pointing out the problem, which I do with
everyone who helps me out, but your point here would be a lot more
compelling if you had actually contributed a solution. But again, this is
open-source freeware, Zed. We''re all supposed to be helping each other,
and
no one is trying to take food out of anyone''s mouth. None of us are
involved
in this for money. You really need to lighten up.


* Imply that your work is more secure than mine (yet without a
security
> testing policy, unlike Mongrel).
>
* Use my advice and work to further your own means without
contributing
> back in kind.

You''re really giving the game up here, Zed. I''ve never so much
as mentioned
Mongrel in any public communication that I''m aware of, much less
implied
that an unpublished product in a totally different space is more secure than
yours. This isn''t personal, Zed. The fact that you''re making
it personal
really makes me wonder about you.

* AND accuse me of libel (which only a profit motivated "open
source"
> person would do).
I said your statements "border on libel." You stated that my friends
and I
are somewhat shady in your opinion, and perhaps desperate for cash. Libel is
a written statement of disparaging character that is not substantiated by
facts, and you haven''t provided any. I don''t let ANYONE mess
with me the way
you did.


> it if you''d stop naming your projects after mine, stop pimping
your
> projects on *my* mailing list,
I''ll name my projects however I wish, but I already do make a practice
of
not knowingly infringing on other people''s marks. I''ve paid
enough money to
trademark lawyers over the years to know where the lines are. I have never
ONCE written a single thing on your mailing list until this afternoon, and
that was in answer to your unwarranted and borderline-libelous comments
about me, not to "pimp" anything. Once again, you need to lighten up.

 You''re free to compete with Mongrel,
> but don''t use my project to further your gains.

If I had any interest in competing against Mongrel, believe me, you''d
know
it. If you think I am getting "gains" from giving away open-source
freeware,
then you flatter me unduly. If you think I''m stealing from you,
you''re
flattering yourself unduly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/mongrel-users/attachments/20060820/d97c718f/attachment.html

On Sun, 2006-08-20 at 19:49 -0400, Francis Cianfrocca wrote:

When you have statements like this:
> Libel is a written statement of disparaging character that is not
> substantiated by facts, and you haven''t provided any. I
don''t let
> ANYONE mess with me the way you did. 
(You forgot "that causes damages", of which you have none).

...is when I get worried.

I''ll of course take it personally when you take an off-handed sentence
as
a reason to make threats like the above. I take threats of lawsuit very
seriously.

*This* is the reason nobody should trust you.  You are a stated
"technology salesman" who has threatened a free project developer with
a
law suit in public for a few sentences in an e-mail.  It doesn''t get
much more predatory than that.

Feel free to file your lawsuit with the stated damages from the above
e-mail exchange.  I''ll gladly give you my lawyer''s number so
you can
file the complaint.  I''m sure everyone will love you for shutting down
a
popular open source project.

Or, we can end this here with you accepting my apology for saying
you''re
shady (yes, that was wrong), and for you apologizing for threatening me
with legal action (twice).  Even mentioning "libel" in this world is
cause for threat.

-- 
Zed A. Shaw
http://www.zedshaw.com/
http://mongrel.rubyforge.org/
http://www.railsmachine.com/ -- Need Mongrel support?

On 8/20/06, Zed Shaw <zedshaw at zedshaw.com>
wrote:
> On Sun, 2006-08-20 at 19:49 -0400, Francis Cianfrocca wrote:
>
> > Libel is a written statement of disparaging character that is not
> > substantiated by facts, and you haven''t provided any. I
don''t let
> > ANYONE mess with me the way you did.
> (You forgot "that causes damages", of which you have none).
>
> ...is when I get worried.
>
I didn''t threaten you, Zed, not at any point. You made statements not
substantiated by facts that are potentially damaging to my reputation,
and I take that seriously.

You apologized for calling me and my friends shady. Accepted. But what
was your basis and your evidence for saying that we are desperate for
cash? Especially since neither you nor I make our livings from our
freeware Ruby projects! I can''t understand your motivations but I
think any reasonable person would read your statements, in a forum
that you control and in which you are well-respected, as intended to
cast doubt on (and thus impair the value of) a project that I have
contributed a great deal of time and effort to.

If that wasn''t your intention, then say so and we''re done.
This is
your list, so you can also tell me to pound sand and not post here
again, and I''ll respect that too.

On Sun, 2006-08-20 at 21:38 -0400, Francis Cianfrocca
wrote:
> On 8/20/06, Zed Shaw <zedshaw at zedshaw.com> wrote:
> > On Sun, 2006-08-20 at 19:49 -0400, Francis Cianfrocca wrote:
> >
> > > Libel is a written statement of disparaging character that is not
> > > substantiated by facts, and you haven''t provided any. I
don''t let
> > > ANYONE mess with me the way you did.
> > (You forgot "that causes damages", of which you have none).
> >
> > ...is when I get worried.
> >
> 
> I didn''t threaten you, Zed, not at any point. You made statements
not
> substantiated by facts that are potentially damaging to my reputation,
> and I take that seriously.
> 
Don''t even mention the word "libel" again unless you file a
suit.
You''re free to say what you want about me, and anyone I know, but
don''t
threaten me ever again or even imply the threat of lawsuit.  Since you
refuse to apologize this will be my last e-mail on the topic with you.
> If that wasn''t your intention, then say so and we''re
done. This is
> your list, so you can also tell me to pound sand and not post here
> again, and I''ll respect that too.
I don''t believe in censoring people who have a difference of opinion
with me, I feel that everyone has a right to express their opinions in
an open forum and censoring you would be wrong.  Like I said before,
I''ve got no problem with you since I don''t know you, I have a
problem
with your behavior.

That''s the difference, I would have handled the same situation by
e-mailing you personally and ask you to retract your statements, not
attack you in your own backyard.  I''d assume that maybe you were having
a bad day and give you a chance make amends.  I wouldn''t go on a
Freudian innuendo rampage about your insecurities and toss around empty
threats of "libel".

Have a good day Francis.

-- 
Zed A. Shaw
http://www.zedshaw.com/
http://mongrel.rubyforge.org/
http://www.railsmachine.com/ -- Need Mongrel support?

On Sun, 2006-08-20 at 21:38 -0400, Francis Cianfrocca
wrote:
> On 8/20/06, Zed Shaw <zedshaw at zedshaw.com> wrote:
> > On Sun, 2006-08-20 at 19:49 -0400, Francis Cianfrocca wrote:
> >
> > > Libel is a written statement of disparaging character that is not
> > > substantiated by facts, and you haven''t provided any. I
don''t let
> > > ANYONE mess with me the way you did.
> > (You forgot "that causes damages", of which you have none).
> >
> > ...is when I get worried.
> >
> 
> I didn''t threaten you, Zed, not at any point. You made statements
not
> substantiated by facts that are potentially damaging to my reputation,
> and I take that seriously.
> 
> You apologized for calling me and my friends shady. Accepted. But what
> was your basis and your evidence for saying that we are desperate for
> cash? Especially since neither you nor I make our livings from our
> freeware Ruby projects! I can''t understand your motivations but I
> think any reasonable person would read your statements, in a forum
> that you control and in which you are well-respected, as intended to
> cast doubt on (and thus impair the value of) a project that I have
> contributed a great deal of time and effort to.
> 
> If that wasn''t your intention, then say so and we''re
done. This is
> your list, so you can also tell me to pound sand and not post here
> again, and I''ll respect that too.
Now, will you please leave me alone?  I have to get another release of
Mongrel out so that Apple can include it in their next release of OSX.

Sent to the list just now, so please take it as a full retraction and
apology, and again if you''re not satisfied then from now on have your
lawyer talk to me instead.
-----

Dear Mongrel Users,

It appears that Francis still isn''t satisfied with my attempts to
apologize and he''s now asked me privately to retract my statements.

So, just to be sure he finally gets it:

I retract my statements that Francis and his friends are "shady" and
"desperate for cash".  He is in no way a shady guy, having dealt with
this situation with the utmost of professionalism and courtesy with me.
He is also obviously not threatened by any of my work and feels no
pressure to compete with me, infect his work into mine, or any of the
other statements he so quickly felt slighted by.

And again, sincere apologies all around to anyone who''s felt he was in
the right and I''m a bad guy.  I shall use my power to influence people
more appropriately with rational technical comparisons from now on.

Hopefully, this will put a final end to any misconceptions as to the
depth of my remorse for having said that Francis is shady or desperate
for cash.

My heart felt apologies.

Zed

Hi,

regarding the ''monorail'' name: I remember having investigated
the castle
project 10 months ago or so. I still have this download lying around:

2005-09-27 12:01 downloads/Castle.MonoRail.beta-4.zip

so it seems the castle guis claimed that name somewhat earlier...

Jens

On Sun, Aug 20, 2006 at 07:49:30PM -0400, Francis Cianfrocca
wrote:
> On 8/20/06, Zed Shaw <zedshaw at zedshaw.com> wrote:
[..]
> 
> * monorail -- http://rubyforge.org/projects/monorail/
> >* monorail -- http://www.castleproject.org/index.php/MonoRail
> >* Which is really similar to "mongrel rails", but
let''s just say that
> >wasn''t your intention.
> 
> "Monorail" was picked out of the air by a guy who works for me as
we were
> thinking about a lighter-weight version of Rails. 
[..]
> In regard to the
> Castle guys, we became aware a couple of weeks ago that they were using
> "Monorail," and we''re still looking into whether we have
priority over the
> name (our first pub was last April, and theirs is a recent name change). If
> it turns out theirs was published before ours, we''ll change ours.
[..]

-- 
webit! Gesellschaft f?r neue Medien mbH          www.webit.de
Dipl.-Wirtschaftsingenieur Jens Kr?mer       kraemer at webit.de
Schnorrstra?e 76                         Tel +49 351 46766  0
D-01069 Dresden                          Fax +49 351 46766 66

On 8/21/06, Jens Kraemer <kraemer at webit.de>
wrote:
> Hi,
>
> regarding the ''monorail'' name: I remember having
investigated the castle
> project 10 months ago or so. I still have this download lying around:
>
> 2005-09-27 12:01 downloads/Castle.MonoRail.beta-4.zip
>
> so it seems the castle guis claimed that name somewhat earlier...
>
> Jens
Thanks, Jens, I appreciate you running that down. If that information
checks out, we''ll change the name of our project.