Older blog entries for ajt (starting at number 3)

I suppose every now and then I should post a diary entry rather than just lurking and reading everyone else's.

So, what's been happening? March 8 until the 22nd we were of in LA and Orlando preparing and competing in the ACM World Finals. Our team did pretty poorly, really: we got stumped by the "How many animals did Moses take on the Arc?"-esque trickiness of the questions (at our regionals, they tend to be fairly obvious with the questions; at the finals, they're a lot more subtle), and got somewhat stumped on the fabled question-with-the-wrong-test-data. Ah well, it was great overall. IBM were great sponsors. And (a) at least Melbourne did well enough to not leave the South Pacific region cringing in shame, and (b) at least we beat New Zealand. Ha!

After that, anything else is pretty much hardly worth mentioning by comparison. Ummm, there was an interesting thread on debian-devel about signing Packages.gz files versus signing actual .debs, that should hopefully help make Debian be a little more secure. Not with a whimper, but a bang, so to speak. And I think I've come up with an elegant way of replacing:

  • PPP providor scripts
  • PCMCIA schemes (as related to networking, anyway)
  • Network autodetection (via hwaddr / detection of who else is on the network segment)

...in ifupdown. So a new version should appear somewhere soonish. Oh, and Advogato's been invaded by Debianers too. See what happens when you don't keep your mouth shut on IRC?

Still on the whole trust metric thing, I wonder if another interesting application could be for network games like QuakeWorld.

For those who haven't been following, in the ideal case, network servers would never tell a client anything they couldn't be trusted to know. But for efficiency, they'll *actually* tell you lots of stuff, like where the other players are, when bullets are coming from behind you and whatever else, so that if you turn around, there's no lag while the client fills in the blanks: it already just knows. This means people with no skills at playing the game can write clever clients that let them dodge bullets, and see behind them and generally just plain cheat. Which isn't good.

There are at least two possible solutions. The usual solution is obfustication. Release binary only clients, keep the servers to yourself, make the on-the-wire protocol compressed and encrypted, and generally strange, and just generally hope no one can be bothered working out how to break the system. The nice theoretical one is as described above: just treat the client as completely untrustworthy, and only tell it things the human that's using it is allowed to know.

I wonder, though, if the trust metric here could be useful. If instead of certifying free-software gurus, you certify something more akin to `honesty' or so.

Once you've got a bunch of people certified, rather than trying to certify binaries, you can establish trust pretty easily. After all, no person has to give their secret identification stuff to anyone else (thanks to the wonders of digital signatures and public key cryptography) unlike binaries whose "secret" identification stuff has to be available to everyone who has a copy of that binary.

Possibly linear growth (size of attack versus number of clueless certifiers) is still too troublesome though. Some method of negative feedback may be necessary here, which in turn would probably require more granularity than just `Honest' and `Not honest'. Still, it could be a novel solution to a fairly tricky issue as far as free games go.

Well, I'm a Journeyer now. Neat.

It seems a bit weird to be able to just say `Yeah, I'm this free software guy from www.foo.org, and I'm cool, and yeah, it's really me, let me post articles, d00d' and get to, well, post articles.

So, in the interests of strengthening trust and stuff, here's some evidence that I'm really who I say I am. This'd be better inlined, but I don't even want to think about trying to do up a PGP signature in HTML without the <pre> tag. The key itself is in the Debian keyring, and probably on some keyservers out there somewhere too.

Voila. An Avocato page.

I don't get these weblog things. The web wasn't made for interactivity, and forms really don't cut it as an emacs replacement. Trying to keep your train of thought while peppering every sentence with the obligatory random links is a bitch too. (Don't ask me what the deal with the last one is, but it was google's first hit)

Still, you can't bitch about something properly until you try it.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!