Development, edge mode

The recent bug that was released to production in the userman module (Mult emals - Cron <[email protected]> [ -e /usr/sbin/fwconsole ] && sleep $((RANDOM - #33 by LesD) didn’t seem to spend any meaningful time in edge mode. Was it released directly to stable repo?

What’s the deal with development, QA, and edge mode? There seems to be no rhyme or reason. Some code seems to get scrutinized and kept in edge mode for months while the buggy userman module got fasttracked to GA. And let’s be clear about it, that bug could have been discovered by the developer if he or she actually tested it ONCE and reviewed the log. So I question whether it was even tested a single time before being committed.

I’m sorry to be uncharitable here but this is a shame. Bugs happen but there are layers they should have to go through before reaching stable repo.

Now those FreePBX systems with auto-updates turned on have received this and the admins need to deal with it, not because they have chosen the bleeding-edge path, but because they have chosen the stable path. It was released to PBXact too!

This community has a developer forum. I would like to see the developers participating here and have changelogs posted here, especially for changes that are not associated with publicly-viewable tickets. It would be great too if there could be notices posted when a release is moving from edge to stable. At least there would be one last chance for someone who is interested to try out some code and raise a flag if something is wrong.

7 Likes

I watched almost a decade of policy and process changes summarily thrown out while being cheered on by the community so I am a bit jaded and will keep my commentary to myself beyond the people got what they wanted.

No, I would like to hear more about this. A lot could be (probably incorrectly) assumed.

I will assert that there is no “the people” on this project. There are a lot of different people, and I’m sure that’s part of what makes development complicated.

I’ll clarify a little on my post. I’m not asking for the moon.

  1. Define the process and timeline of moving code from edge to stable. If there’s an exception and something is going to be fasttracked, post here about it.
  2. Developers, use the forum for discussion of changes to the open source parts of the project. Not necessarily every trivial change, but changes to the way things work, logic changes, etc.

That’s it… I couldn’t even come up with a third item for my wish list.

2 Likes

I went from an open source developer and community manager to a bottom line first task processor with a single aquisition. It drained a lot of the fun out of things and took a job I loved and made it an actual job. I had limited or no social media and no public opinions because of investor opinions. I understood it so I towed the line because some of my peers were family. I left when those peers left because they were the only highlight of my job. Essentially sangoma is a machine who’s only goal is profit. As a shareholder which I am that is awesome. As an employee unless you get some form of bonus through profit sharing it is awful. As an open source user it is hit and miss. Without corporate sponsorship open source projects tend to die so it is a double edge sword.

My bills are now paid by proprietary software but I have full freedom in my open source participation and I am now allowed to have opinions again.

So to the point. There is a competing commercial project which unlike pbxact doesn’t require any focus on FreePBX. It provides the saas and residual income that makes shareholders happy. If pbxact and FreePBX are trash they can sell you on the much more profitable switchvox.

FreePBX was very much a hobby level project that needed help. All of us at schmooze made a living from things like training and commercial modules. It was paramount that we improved FreePBX to improve sales and keep food on our tables. It needed to become a product that was SMB and enterprise level.

  1. We added dedicated QA people. Their only job was to beat up the developers and make sure we didn’t break things. We implemented coding and ui uniformity standards they would review.
  2. We did a lot of dogfooding so our sales team and everyone in the company would be affected by our decisions.
  3. We would have someone non technical follow through our documentation to make sure it was ready for humans.
  4. We added the edge repository to allow others to do testing prior to general availability.
    We added required metrics for things to leave that edge state. This includes actual QA approval, a certain number of downloads and a period of time.
  5. We always considered community feedback first. We would debate and make people work for things sometimes but ideas that benefited the masses almost always made it.

These are things I feel have all gone away in the last several years.

There are some smoke and mirror token actions that do nothing but look good on paper. The actual investment in open source is a lot less than it has ever been. The last OG developer was recently released and even he wasn’t involved in much of the open source development. He was pulled in to touch some old code that revolved around commercial licencing but was otherwise always on something non open source.

There is ZERO open source culture on the sangoma side with one exception. I will let everyone think that it is them I am talking about.

The folks who came in with digium still have some open source folks but I see their souls getting tired too so the clock is counting down.

These are all just my observations, opinions and conspiracy Theories and should be taken as nothing more.

1 Like

@billsimon Has a very valid point that nothing is done here anymore with any kind of testing or care. Yes, @jfinstrom, your comments are likely good reasons, but I’m not sure if this thread is right for that conversation. The community will never have any kind of real proof. It is they say, you say.

All of that aside, it is 100% true that bad processes are the only way crap like this can be happening.

Sangoma: I don’t care if you hire the cheapest developers you can find on Fiver. Eventually, enough monkeys will someday bang out Shakespeare. But we don’t need Shakespeare, we need phone systems that do not shit the bed on a minor update.

@lgaetz This forum and the support queue are going to be crazy stupid with people complaining about this cron error when they see their notifications on Monday morning. There is zero reason for this to have ever happened in the first place, but it did, fine. It should have been fixed 2 days ago when it was reported, prior to everyone’s system auto updating on Saturday (default day).
Instead it was fixed late on Sunday, and only for FreePBX 15.

@mikewhite You want to increase sales of FreePBX commercial modules and/or PBXact? Well, this is not how it gets done.

I didn’t say “nothing.” Just that there is need for clarity and improvement.

I did. I thought I was clear that I was not quoting on that statement, but reading it now, nope… that is what I get for posting at 2:30am.

This is why I typically stay quiet when it comes to these subjects. I was going to stay mostly quiet on this one too, but I was asked to expand. While I feel that I might have overshared My thoughts without context didn’t make sense to me.

While I am not a fan of Sangoma management, I do still call many of their employees. Friends and I have a shareholder. So as a company I want them to succeed. I just don’t think that their management is doing what needs to be done for that to happen. Unfortunately, there is a proxy game that happens every year where certain people do mass campaigns to get enough proxy votes that they can do anything they want and there’s not enough shareholders that care to come to the annual meeting to change up the structure. This is probably true with most public companies.

I think that’s why we are all here - no question about it. Let’s keep this thread as constructive criticism which was the intended purpose (sorry if I was too harsh in my first post).

So we now have a serious vulnerability in the RestApps module and from what it looks like, it is the same or very similar to the one from March in 2020.

  1. Why should Commercial Modules like this, iotserver, PMS and many closed source modules that is not important for a standard PBX?
  2. Isn’t is part the standard QA process to test against previous security issues? (Unit testing?)
1 Like

The commercial modules all get installed by default even if you haven’t licensed them.

I suppose that is so that the admin will see them on the menu, click, and be enticed to buy. Like how my cable TV box shows me a list of all the channels to which I am not subscribed. However, for the sake of reducing attack surface:

for x in $( fwconsole ma list | grep Commercial | awk '{print $2}' ); do fwconsole ma delete $x; done

repeat until nothing left, and then fwconsole r

grep -v versionupgrade perhaps ?

and sysadmin, so that you can keep sysadmin and firewall.

I don’t argue this logic. The only purpose of a business is to make a profit, and this is generally not super intrusive.

For that reason, on every new install I remove all commercial modules except sysadmin by default, as well as less commonly used open source modules. Upgrade everything, then I install what is needed.

That is true for common used modules: EPM, Sysadmin etc.

I don’t think any person with common sense would purchase VQplus, PMS or any module that they can’t really make use of it, just because it is already installed.

I understand that everything is about money. But I think that reputation is important too.

Here’s a fresh sample

that’s… what the issue tracker is for.
if you want to talk about an ongoing development, or care about whats being worked on, head over to the Board and see commentary / discussion, and participate.

I’m jaded on this, but think that EVERYTHING related to a ticket/backlog item should be in that task/backlog item, not a complete decoupled forum post somewhere.

Are there epic tickets there where design discussions are happening? All I really see are task tickets. The FREEPBX project in JIRA is largely bug reports and fixes.

I suspect that the “good stuff” is happening in FREEI to which we don’t have access.

I prefer the forum. But, wherever the team is willing to actually openly discuss development and design is fine.

@kgupta could you chime in here and help us understand the best place for the open-source community to join FreePBX design and development discussion?

entirely fair.

i was going to make an argument that FREEI is filed under “Nunya” as its internal, and the community developers should be discussing stuff, but you make a decent point.