Older blog entries for ajt (starting at number 5)

Well, ifupdown should now be able to do network autodetection, at least as soon as I write some scripts that can autodetect stuff. Neato.

As it stands, it's probably also enough to do PCMCIA-esque schemes, but it turns out fitting PPP stuff into the metaphor well is non-trivial. Oh well, phase one is mostly done (tidying up code, changing command line syntax, and fixing the manpages is about all that's left), phase two should be easy, and phase three at least seems doable now.

Meta stuff.

I think there's a fundamental problem with using a /.-style presentation for discussion. Basically, it gives a completely illegitimate bias towards whoever says things first. Everyone reads the article. Most people read the responses made in the first few hours. After that, you'll get read by a few diehards and that's about it --- the only way people are going to even know that there's been a response is to specifically note that the `x replies' was `x-1 replies' yesterday. Ugh.

Advogato's diaries get around this problem: no diary entry is particularly more likely to be read than any other; and when it is more likely, well, that's only because one person is generally more interesting than another. That's not too unfair. Unfortunately, it makes it hard to follow cross diary discussion, and if you're not paying attention, you might miss it.

Something that might be interesting, hypothetically, might be a way of threading individual diary entires that are on similar topics, and a way of promoting a thread of diary entries to an article, after the fact. Or, maybe not.

Oh, and insert random support for what jennv and dan had to say about the ``You're a woman, so you wouldn't understand'' flamewar, or whatever it was trying to be. I mean, yeesh.

Oh, and while I'm on meta stuff, I think GalaxyQuest would've been better grounds for analogy than R and J. I mean, can't you just see it? The heroic BSD software engineer falling for a cute Linux chick who then grows purple tentacles, while another BSDer in the background says "Oh, that's just not right." in a worried tone as they embrace. Doesn't it just fit?

I suppose every now and then I should post a diary entry rather than just lurking and reading everyone else's.

So, what's been happening? March 8 until the 22nd we were of in LA and Orlando preparing and competing in the ACM World Finals. Our team did pretty poorly, really: we got stumped by the "How many animals did Moses take on the Arc?"-esque trickiness of the questions (at our regionals, they tend to be fairly obvious with the questions; at the finals, they're a lot more subtle), and got somewhat stumped on the fabled question-with-the-wrong-test-data. Ah well, it was great overall. IBM were great sponsors. And (a) at least Melbourne did well enough to not leave the South Pacific region cringing in shame, and (b) at least we beat New Zealand. Ha!

After that, anything else is pretty much hardly worth mentioning by comparison. Ummm, there was an interesting thread on debian-devel about signing Packages.gz files versus signing actual .debs, that should hopefully help make Debian be a little more secure. Not with a whimper, but a bang, so to speak. And I think I've come up with an elegant way of replacing:

  • PPP providor scripts
  • PCMCIA schemes (as related to networking, anyway)
  • Network autodetection (via hwaddr / detection of who else is on the network segment)

...in ifupdown. So a new version should appear somewhere soonish. Oh, and Advogato's been invaded by Debianers too. See what happens when you don't keep your mouth shut on IRC?

Still on the whole trust metric thing, I wonder if another interesting application could be for network games like QuakeWorld.

For those who haven't been following, in the ideal case, network servers would never tell a client anything they couldn't be trusted to know. But for efficiency, they'll *actually* tell you lots of stuff, like where the other players are, when bullets are coming from behind you and whatever else, so that if you turn around, there's no lag while the client fills in the blanks: it already just knows. This means people with no skills at playing the game can write clever clients that let them dodge bullets, and see behind them and generally just plain cheat. Which isn't good.

There are at least two possible solutions. The usual solution is obfustication. Release binary only clients, keep the servers to yourself, make the on-the-wire protocol compressed and encrypted, and generally strange, and just generally hope no one can be bothered working out how to break the system. The nice theoretical one is as described above: just treat the client as completely untrustworthy, and only tell it things the human that's using it is allowed to know.

I wonder, though, if the trust metric here could be useful. If instead of certifying free-software gurus, you certify something more akin to `honesty' or so.

Once you've got a bunch of people certified, rather than trying to certify binaries, you can establish trust pretty easily. After all, no person has to give their secret identification stuff to anyone else (thanks to the wonders of digital signatures and public key cryptography) unlike binaries whose "secret" identification stuff has to be available to everyone who has a copy of that binary.

Possibly linear growth (size of attack versus number of clueless certifiers) is still too troublesome though. Some method of negative feedback may be necessary here, which in turn would probably require more granularity than just `Honest' and `Not honest'. Still, it could be a novel solution to a fairly tricky issue as far as free games go.

Well, I'm a Journeyer now. Neat.

It seems a bit weird to be able to just say `Yeah, I'm this free software guy from www.foo.org, and I'm cool, and yeah, it's really me, let me post articles, d00d' and get to, well, post articles.

So, in the interests of strengthening trust and stuff, here's some evidence that I'm really who I say I am. This'd be better inlined, but I don't even want to think about trying to do up a PGP signature in HTML without the <pre> tag. The key itself is in the Debian keyring, and probably on some keyservers out there somewhere too.

Voila. An Avocato page.

I don't get these weblog things. The web wasn't made for interactivity, and forms really don't cut it as an emacs replacement. Trying to keep your train of thought while peppering every sentence with the obligatory random links is a bitch too. (Don't ask me what the deal with the last one is, but it was google's first hit)

Still, you can't bitch about something properly until you try it.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!