Older blog entries for RyanMuldoon (starting at number 41)

One thing that weblogs really lack is the ability for threaded conversations. I like the way they work for just browsing recent entries, but if there was an interesting conversation that I want to look back on in a year or two for research, it would be a huge pain to reconstruct it. It would be interesting if there were a way for Advogato or other weblog systems to keep track of conversations between people. That's my thought for the day.

atai:I would continue to urge you to think outside of the world of free software for a moment. I am not one of those who claims that RMS is an egotist - I think he is a very intelligent person, and I think he has done a lot of good for free software. He has also been very steadfast in his beliefs, which I would argue is why he has both accomplished so much and caused people to see him as an egotist. I also have written (I think here) on why I would claim that RMS' and the FSF's ideals are basically direct applications of the ideals of Western Liberalism, as described by John Locke and "refined" by Jefferson. He's pretty far from Marx, if we go back to the source materials and compare them. However, I don't think that he's much of a philosopher, nor does he try to be. ESR tries to assert that he is some sort of guru of the free software community's zeitgeist and tries to use philosophy to back himself up, but I don't think he does a good job of it. RMS doesn't try to do this - he just asserts a set of axioms for the conditions of freedom for software. This is pretty far from an ethical framework, if we want to get into real philosophy. You might recall that a couple years ago Advogato had a long discussion on trying to establish an ethical framework to justify free software. It is no easy task. So again, claiming (or even restating Lessig's claim) that RMS may be the philosopher of our age because he has more of a belief system than Linus Torvalds or Eric Raymond is pretty weak - none of these individuals would be near consideration for such a title. Expose yourself to some "real" philosophy, and I think that you will quickly understand what I am trying to say. Again, I think that RMS is a really important part of the free software community, and I have no trouble with GNU, and I gpl everything that I write because I agree with the values of the gpl. RMS is obviously extremely intelligent, otherwise he wouldn't have received a MacArthur fellowship. But he is far more of a mathematician than a philosopher, let alone the greatest philosopher of our age. Feel free to read some of the books by the authors that I mentioned in my previous diary entry....I can also reccomend a number of others. In case you haven't noticed, I take the field philosophy pretty seriously. ;-) As much as I like free software, the world beyond it is a whole lot more significant in our lives.

atai: I certainly would *not* call RMS the "Philosopher of our Age," although I pretty much agree with his stance on software. All he is doing is taking fairly common and expounded upon ethical principles found in lots of philosophical texts and applying them to software. While I admire him for his tenacity and effort and dedication, that does not make him the philosopher of our age. What about Noam Chomsky, who revolutionized our theories of language, as well as writing a great deal on politics. Or Wittgenstein, who is generally considered one of the five best philosophers ever for his work on logic and language. Or Bertrand Russell, who published on pretty much every facet of philosophy. Or Saul Kripke. Or, strictly in the field of ethics, Derek Parfit, who has done (And continues to do) some amazing work in ethics, including in-depth analyses of consequentialism. RMS may have moral convictions, but that does not make him a philosopher, let alone the philosopher of our age. But that is not to say that he isn't a very very smart person who has done an amazing amount for Free Software. So while I encourage you to support and laud those who do good for the community, please respect them and others enough to not go overboard with praise.

I've started to play some with WebDAV (using Apache and mod_dav). So far, it has been rather impressive. I felt really good about how cool linux is getting today too. I decided to test mod_dav, but I didn't have any of the software to do it on my workstation. So I opened red carpet, went to the redhat 7.2 channel, and downloaded apache, apache's documentation, mod_ssl, and mod_dav. It then downloaded and installed it for me. That entire process took about 3 minutes. Then configuring httpd.conf to do DAV with some auth took about 15 minutes. And I fired up Nautilus, and tested it. Cadaver worked too. Extremely cool. Being able to go from zero to fully functional DAV environment in like 20 minutes is pretty amazing.

The real test is probably going to be how well I can get this to work in an "enterprise" environment. I'm trying to figure out how I can integrate it in with an initial-sign-on system that I'm developing, but that may be impossible, since most DAV clients don't support all of HTTP, like redirects and cookies. At the very least, though, I need to come up with an easy way to add new users and groups, and their associated folders. Also, some quota-like functionality would be very useful. If anyone has ideas on how to do this, please email me. Once I finish, I am going to try and document how I did it, and see if webdav.org wants it as a user resource.

After I solve the enterprise DAV problem, I want to move on to shared tasks/notes. Then slowly the other groupware type features. I basically want to see if I can develop a useful content management system, with groupware type features, using all free software and open protocols. So desktop apps can use it, or users can use a web interface. I am utterly convinced that all (or most) of the pieces are there, and I just need to discover how to put them together in a nice package. And if I get to do some of this research for work, all the better. Lots of architecture work. Hopefully I can come up with a solid plan, and bring some people in on developing it. This would be very useful for higher ed. And in general, I would think. It would be great if small/medium companies could just install an "office server" cd on a computer, and it would set up all of their groupware stuff for them. Then just install "office workstation" cds that can read configuration off of the server, and get up quickly. This stuff is all there - it just needs to be productized and polished.

gregf: Why not just back up session data to a server? That would be pretty cool, actually. The bulk of the work would be to figure out if there is an existing protocol that is good enough, or if you need to design a new one. ACAP or LDAP servers might work for the back-end. For a proof-of-concept, you might want to consider writing a GConf backend that can do network saving. That would be pretty cool.

yakk: unfortunately, it isn't "the will of the people" to just try Osama Bin Laden. I actually have faith that the administration has plenty of evidence that he did it....it is just that people want blood. I wish that we could take the course of action that you suggest, but it will never happen. Bush is being told that he'll lose re-election if he just goes after a single arrest. People want a war, and that's what he'll give them. Unfortunately, people only want war after the media has done an excellent job of building bloodlust (for example, the Discovery channel had a program entitled "Know your enemy" two nights ago....it was about Afghanistan). I want justice, not death. I refer you to chapter 14 of a People's History of The United States - "War is the Health of the State."

Home Entertainment ramblings

Lately, I have decided to marry the two things I spend any money on: home entertainment and computer hardware. I want to upgrade to a (dual?) athlon box in the next couple of months, abandoning my still-capable dual celeron 366 machine. I realized that I'm still going to have a lot of parts left over from that upgrade. I am also moving into a new apartment with my friends, and I will be one of the few people with any money for setting up some kind of home entertainment system. My goal for the year is to get a decent mid-sized tv, and a dvd player. If I'm lucky, I'd like us to also get a receiver and a 5.1 speaker system. The downside to this is that I will only have a DVD player from which to play music. So, I want to take my current computer and turn it into an MP3 jukebox of sorts. The goals/constraints are as follows:

• Easy for non-computer people to use
• Network-connected
• should double as an MP3 server for the house
• Icecast server?
• Should plug into the normal A/V system
• should be easy to make new playlists
• Ideally, it should have a remote
• Should be cheap to do

The hard part is going to be how I make it easy to use...I don't want to have to have a monitor. But I *do* have a voodoo3 card with a tv-out. So it could plug into the TV or something. But that still is unappealing. And I don't want a full-size keyboard. Probably the best idea is to have a web-based interface that other computers in the house can access, to build up playlists. Then a remote control to do normal stereo functions. Bonus points would be if it could work from a universal remote. Anyway, that's my little hardware project that I want to undertake in a couple months. If anyone has any ideas on this, I'd be interested in hearing them. ;-)

apw: It seems like you are oversimplifying the problem space to an enormous degree. For instance, if I present you with a valid cert, how do you know that it is actually mine? If we have no pre-defined trust relationship, you can't know. But then let's say we do have a pre-defined trust relationship, and someone identifying themselves as me with my cert tries to make some kind of transaction with you. This requires you to trust me in two very important (but distinct) ways: first, you need to trust that I am technically competent enough to keep my private keys to myself. And second, you need to trust that I am reliable enough a person that I am not going to give someone else my private key. It's not as simple as saying "lets all get smart cards and make browser plugins" - it is a rich and complicated area of research. If it were an easy problem, it would be solved by now. People have been working on this for a couple decades. It's good to think about, but please realize that there is a lot of hard work still to be done. And it isn't all just technological. If you're aiming to have a solution to counter Passport, there are a number of existing projects to look into. I'm involved in the Internet2 web-iso and Shibboleth projects, for example. I know that there are many others. Just some food for thought.

Negative Certs: I have mixed feelings about negative certs. They may not be appropriate for Advogato, but in terms of a trust metric, they do make a lot of sense. Trust is not just measured in positive amounts. There should be a difference between ambivalence (Observer) and active distrust. If I have had a dealing with someone, and they acted in a dishonorable manner somehow, I should be able to publish that fact, to help others judge whether or not that person can be trusted.

As I've said, this probably does not make sense for Advogato. Ambivalence is adequate. Unless you think that someone stole code and published it as their own, and is a no-talent hack that has convinced everyone of their greatness, there is no need for negative certification. But I think that negative certs are extremely useful when transactions come into play. Any time someone actively violates a trust relationship, that should be noted. In the coming future of peer to peer transactions, I want to make sure that I'm only dealing with trustworthy people.

I had a kind of cool thought - combining UDDI with a trust graph, so I always find the best service provider. For that to work, though, negative certs need to be taken into consideration. Once you get to something like this, trust becomes more complicated. You have to consider *how* you trust someone. Trust is not all-encompassing. How we represent that is going to be an interesting policy issue. I could go on, but this is a rant for another day. ;-)

jamesh:The free software CA idea is interesting. I have been thinking about issues surrounding Certificate Authorities a good deal recently. Pretty much all of the projects I am working on at work end up requiring certificates all over the place. Servers need them, but people also need some form of them. Since these are all higher education projects, it seems like a lot of people will be using this stuff once it is finished. The licenses on the projects are all Free, but I'm worried about the tens of thousands of needed certificates. It doesn't seem like that aspect of things scales very well. But I do think that absolute certificates are needed, rather than an advogato-style trust metric, since in this case trust is a binary issue. Trust is a hard problem....you have to implement a system where you can be sure that no untrustorthy people get trust, but it can't be overly hard to use, or cost too much, and ideally no trustworthy person should be denied trust.