Status FileSender 1.5, 30 Sept 2011

In the previous FileSender 1.5 status update we wrote the end of September as our target for the first beta release of FileSender.  It is now 30 september, there is no beta package announced so obviously something did not go as targeted.

What happened?

With 1.5 we moved from Flash and JSON to HTML(5) and JavaScript for the UI and data exchange with the server.  In addition we added the database abstraction layer. As a result of this the input/output pathways and their behaviour have changed.  To give an example, output sanitisation (when data is displayed to a user again) becomes more important once Flash no longer does that job for us.

Checking the input/output pathways and ensuring proper sanitisation and validation is put in exactly the right places, and all the right places, takes us more time then anticipated.

Had it been any other issue causing a delay we could have lived with a known deficiency in the beta.  Input/output validation and sanitisation however needs to be done right to prevent security issues.

As a result of all this the code is likely to change subtly in various places which again means the time is not right for putting in the testing and packaging effort of a beta release.  Next week we plan to push ahead with the validation/sanitisation problem, an update on the 1.5 status can be expected at the end of the week.

To close this 1.5 status update I’d like to mention that we’ve pencilled in an external code security audit by Pine Security in the 3rd week of October.

Meanwhile for those of you who are interested, you can already install and test the 1.5  code from SVN with little effort and nearly all of it works, and usually stays working after SVN commits.  Check the notes for installing 1.5 development code for details.  The current FileSender 1.5 bug list will tell you what remains to be fixed.

FileSender 1.0.1 Fall Special with HTML5

After all the leasons learned from developing the HTML5 parts of FileSender 1.5 Chris was curious to see whether he could get the current 1.0.1 code to support HTML5 uploads, with little effort.  Leveraging the similarity between Gears calls and HTML5 FileAPI calls he managed to backport the HTML5 functionality to the current 1.0.1 code 🙂

The trunk now contains 1.0.1 HTML5 patch that replaces Gears with HTML5, adds one crucial little detail to the uploads page and removes the Mac “uploads > 2GB are not supported” message.  There is one minor issue with progress bars overlapping, other then that it appears to work just fine.

We now have an opportunity to use Chris’s 1.0.1 HTML5 patch for creating an interim release based on the stable and well tested 1.0.1 code that supports >2GB uploads without Gears.  Barring service affecting issues popping up during the quality assurance process such a release should be ready in about two weeks.

Given that FileSender 1.5 will go through a quality assurance cycle before releasing, a fully tested production release of 1.5 will not be available before December.

We feel offering production sites the option to run a FileSender service without the Gears dependency is important enough to to test and package the HTMl5 patch into a “FileSender 1.0.1 Fall 2011 Special” release.  This special release will be packaged and distributed under a separate
name (filesender-html5) and will have the same version number (1.0.1) as the current production release.  We estimate this to take about 4 weeks of lead time.  The testing, packaging and release process of the Fall 2011 Special will not involve our developers, they will continue to focus on the 1.5 release.

Why not a “FileSender 1.1” you might wonder?  One of our guiding principles is POLA, the Principle Of Least Astonishment.  We’d hate to create unexpected surprises for production sites when releasing.  A FileSender 1.1 release would trigger a near-automatic upgrade for those of you using the Debian or RPM package.  For reasons of your own you might not want to upgrade, you might be happy with 1.0.1 as is.  By releasing a one-off special package you have the choice.

The extra support load of having two 1.0.1 releases to support is pretty minimal: we only fix crucial service-affecting bugs in 1.0.1 (none have surfaced so far) and thought the release package will take some months to ship the 1.5 release is in its last stages of development.

Summary

To sum up, under the assumption that thorough testing won’t reveal any service affecting issues, we’ll have a FileSender 1.0.1 release without Gears dependency in about 4 weeks.  This special release will be packaged and distributed under a separate name (filesender-html5) and will have the same version number (1.0.1) as the current production release.

It won’t be perfect, but it’ll do the job.