I met Gary Kramlich a few years ago at the CypherCon security conference and we now chat on signal about open source things. When I started Open Source Security I knew he was one of the people I wanted to talk to about what it looks like to keep a project, codebase, and community alive for more than a decade.
Gary is the lead developer of the Pidgin chat program. You can find him at reaperworld.com
Many of us remember the GAIM and Pidgin messengers from some years back. There used to be a something called AOL Instant Messenger, it was of course proprietary. The open source solution was to reverse engineer the protocol and build an open source messenger. That was (and still is) Pidgin!
Even though the world of messaging has been through a number of iterations, the Pidgin project is still around and doing their thing. The work they’re doing now is probably more important than it’s ever been, I mean, have you payed attention to literally anything in the last few years?
Evolution of the tech
During the chat with Gary we cover a ton of ground. That’s not a huge surprise when you consider how long Pidgin has been around and how much they’ve seen in the messaging universe. They started with the C89 standard (we’re on C23 now), old versions of the GTK toolkit (they started on version 2, we’re on version 4 now), and even moving from oldschool cmake builds into using Meson for builds now.
No doubt the devil is in the details when it comes to keeping any codebase working for more than a short period of time. Very few open source projects start with a vision of what a release might look like in the distant future. We can’t possibly image what things will look like in one or two years from now, much less five or ten years.
The lesson I saw here wasn’t even how to make some of these things happen, goodness knows how Pidgin pulled this off won’t work for anyone else. The lesson is really one of doing the work. Migrating to new libraries and build systems isn’t super exciting work that’s going to get you attention, but it is work that’s important for the future of a project.
The Rust question
I of course had to ask Gary the rather tongue-in-cheek question about rewriting Pidgin in Rust. This is a favorite anytime you have a chat with a C programmer. The answer Gary gave really just boiled down to he knows C, he doesn’t know Rust.
It’s no secret that Rust solves many memory safety problems in an application, but if your team doesn’t know Rust, by definition, you’re not going to have a successful rewrite in the language.
One surprise that came as part of this answer was how the new versions of GLib can give you additional language bindings basically for free if you use their APIs. That’s a pretty cool feature and I had no idea.
Wrapping it up
It was a lot of fun to catch up with Gary. He has moother re interesting topics we will explore in the future. Everything from funding and sustaining a project to handling malware in a public plugin repository. I’m pretty excited to have him back on sometime in the future.