5.2 Basic Support Tasks

In section I have illustrated the basic activities of the development work of OSPs: work, coordination, communication, documentation and decision-making. Since helping the project to succeed is the primary goal of the technical support system, the support of the given activities is a major task. Besides, there is an additional activity emerging out of the technical environment: protection.

The presented activities (as action categories) give a good overview about the actual job of the technical support system, but when looking at concrete technical issues a sharp division is not useful anymore as the abstract tasks only appear in combination. For example, coordination is impossible without communication and version management covers more or less all six categories. Therefore I will not consider these categories in the following, but concentrate on presented problems to provide another view of the subject.

5.2.1 Protection of Stored Data and Performed Actions

Computer systems control a lot of valuable information, many expensive devices and several charged services. As most people do not like losing valuable goods, they prefer to protected these things against any damage or misuse, if possible. This issue becomes even more important for computer systems connected to the Internet because it allows any other person linked with this computer network at the same time to interact with the system. Although many obstacles have to be removed before someone gains control over your system via the Internet, it is a possible threat as recent attacks like the I-love-you-virus have shown. This protection is the task of system security⁵. There are several different threats that have to be faced:

System Failures

Today, most computer systems contain bugs of some kind and many of them result in data loss or other unpredictable harmful behavior. Although most people do not care about technical perfection, they care a lot about their data and the time they have spent to generate them. Security could mean the absence of any system failures which is a state most computer users and software vendors would prefer, but it seems to be unreachable in the near future. However, accepting the insufficiency of current computer systems gives us the opportunity to work on strategies to reduce the caused damage to a minimum. The most simple example is a frequent system backup or journalizing file systems.

Bad Operation

Since the short description of certain tasks is sometimes hard to understand, users might command the execution of jobs, they would have never allowed if they knew what they actually mean. The average user normally does not really know what he is doing, but hopes it is the right thing: the good, old try-and-error method. Still, it is often the user's own fault as they do not read all available documentation. However, it is an understandable behavior as they do not turn the computer on to read manuals for hours, but to get their job done. Therefore it would be best to get computer systems intuitive and foolproof by default and allow the corresponding experts to get round the security mechanisms by special access (e.g. Unix root account).

Insufficient Feedback

Any kind of actions a computer system is commanded to perform could fail for various reasons, e.g. no floppy disc in the drive while saving. This alone has to be accepted because it is sometimes the user's problem (he forgot to put the floppy in the drive), but to get no reply or a confirmation of the execution (e.g. 'OK') is a bad security policy. Any failure should be corrected or reported reliably to the responsible user.

Unauthorized Retrieval

So far, we have investigated incidents that are not caused on purpose. Nobody actually wanted to produce any damage, but there are also some 'bad guys' out there, maybe only your little brother who is curious about the last email you have written to your girl-friend. Although the open source movement is based on information exchange, even the developers want to keep some information confidential, e.g. passwords, credit card numbers or some parts of their private life. Therefore it is important to secure a certain level of privacy if demanded and make sure that nobody could obtain the protected data.

Data Manipulation

Another kind of attack is the manipulation of stored information like removal or modification. Most computer viruses belong to this group as they modify certain system components and thereby cause some malfunction and/or data loss. Breaking into a computer system and erasing all or some stored files is another example. One of the most harmful actions is the secret modification of some frequently used components, e.g. a standard library, as these could produce a lot of damage before detection⁶.

The given problems are general computer problems, but they are also essential for the technical support of OSPs. The systems are connected to the Internet which increases security risks dramatically because they get more complex (system failures, etc.) and can be much more easily attacked.

5.2.2 Observation of Actions

There are different strategies to make sure that nobody inside a technical support system is causing damage to the project. For instance the software could monitor all performed actions and enforce their correctness according to the policy rules by refusing forbidden ones. Another possibility is to leave the executive part to a human being and inform someone about undesired activities. However, it is often difficult to give generally valid rules of what the different participants are allowed to do and of what the software should refuse to process. By Being on the safe side security is increased, but developers' freedom is reduced and it would chase them away from this 'paranoid' project. Therefore observation (e.g. by logging performed actions) is sometimes the most reasonable procedure, although it takes away a lot of privacy from the participants.

Anyway, the usual situation is a responsible-minded developer who does not need to be controlled by a Big Brother and does not like to be. Still, there might be a few black sheep who can mess up everything and only a little bit of observation of the system could stop them ...

It is the job of each project to find their own balance between privacy and security and the corresponding technical support should be prepared to enforce the agreed policy.

5.2.3 Version Management of Stored Data

The task of version management is to record any modification to the project data and by request recover it to any state that could be specified accurately. There are many good reasons for the usage of version management systems in OSPs. I just want to give some examples:

1. When a chosen strategy to implement a feature or solve a problem turns out to be the wrong one, it is much easier to get the entire source code back in the previous state.
2. version management systems normally provide a version history and the opportunity to store log messages. These features can be used as a documentation for the development process. This kind of documentation can be useful for various things.
3. Concurrent revision control systems like the famous CVS⁷ help a lot to coordinate and merge distributed work. The administration of the various received results would be impossible for many projects without them.

5.2.4 Online-Offline Management

Large parts of the support system are not situated on the local computer system, the different computers are not permanently connected to each other and developers might work on various systems (e.g. office and home), but they always use and modify the same project's data. However, the version management is responsible for handling conflicts that could emerge from concurrent work on the same data and security has to make sure the distributed system itself is protected, but the distributed support system must allow users to attach and detach from it without difficulties. The work of the participant should be possible in both states, in particular without a connection as many users have to pay for their connection to the Internet or use a voice phone line.

Everything that is caused by the frequent disconnection belongs to this tasks. Some examples:

1. Data synchronization: Each time a developers goes online the local and remote data is updated and thereby synchronized again.
2. Notification about the presence of participants for real-time communication.

5.2.5 Distribution of New Information

Information in its various forms (software, documents, URLs, etc.) is the most important resource for OSPs. Every day the knowledge available online grows and a certain part of it is useful for certain projects. As soon as one participant recovers some useful information he can share it with others. However, the distribution raises several problems:

1. Which members are interested in the discovered resource?
2. What is the best way to notify interested persons?
3. How should this source of information be archived for later retrieval?
4. How do we prevent communication channels to get flooded with such hints, considering there are thousands of developers searching the Internet and talking about what they find?

5.2.6 Communication between Participants

The Internet itself provides several means of communications like email, newsgroups and Internet relay chat, but they are insufficient as an easy, efficient communication system. I think, it would help OSPs a lot if they find better ways to communicate. However, using something more complex than the basic Internet infrastructure also introduces problems: For instance, all developers must install the extra software everywhere from where they want to communicate with the project; email is available everywhere.

To illustrate what I mean, I will give some additional features for a theoretical replacement of a regular mailing list:

1. The opportunity to check if your message entered successfully the communication system
2. To be able to count how many persons actually read your message (at least looked at)
3. To join/leave single discussion threads instead of entire mailing lists
4. To open/close discussions
5. Notification about new discussion issues (instead of all posted messages)
6. The possibility to view all open discussions
7. Intelligent automatic system to 'invite' all affected participants to a discussion (maybe together with information distribution?)
8. Preparation for an easy retrieval from an archive

Of course, there are many means of communication, but mailing lists seems to be the most important ones. For the creation of a better communication system all others should be examined as well.

5.2.7 Issue Administration

Issues⁸ are basically ideas that require some work to be done. They play an essential role in OSPs as they are the major instrument for coordination. It is a simple, but efficient procedure to give their activities a direction, get an overview of what has to be done in the future and of what is going on in a project. Therefore it is important to find a good way to handle and administrate issues as it helps to reduce work and increases efficiency. Technical support should help to make things transparent. Some examples:

1. who works on which problem
2. which group requires some help
3. what depends on a certain issue
4. who is familiar with this topic
5. where can I find more information
6. provide a place to comment
7. what progress has been made
8. when was the last modification (is the issue dead?)

5.2.8 Automation of Frequent Processes

Most tasks mentioned above could be considered a special case of this category, but they are too important to be covered in this way.

There is a lot of boring work in a project that has to be done frequently without anyone being interested in anything else than the result. This stuff could often be processed automatically by some technical support software, e.g. setting and checking all access permissions correctly. However, it is important to watch each of these tasks closely while transferring them to system control as automation that first seems to be comfortable often becomes annoying and disturbing in the long term. Automation should support and help the participants and not hinder them. Therefore it is normally the best solution to leave the decision whether they want to use a specific tool to the individual project members instead of activating it for the entire project, but the simple provision of an option for additional technical support is generally a good thing.

  Contents

Footnotes

... security⁵

security (noun): ``the state of being free from danger or threat'' [Oxford98]

... detection⁶

I have heard about an incident where someone modified nothing else than the system constant slightly without detection in a research institution that had to do a lot of calculations. So, all calculations based on where inaccurate until the problem was discovered after several years. Although I cannot prove the truthfulness of this story, the possibility demonstrates the potential danger.

... CVS⁷

CVS stands for 'Concurrent Versioning System'. See http://www.cvs.org for details.

...Issues⁸

The various functions of issues in OSPs have been described in section .