Older blog entries for argp (starting at number 10)

7 Feb 2008 (updated 2 Jul 2009 at 11:39 UTC) »

metakall

For the past three months I have been doing part-time research and development work for Metakall, a research commercialization project that was born at the Centre for Telecommunications Value-Chain Research (CTVR). The main idea behind Metakall is that we provide the technology to allow end users to pay wireless hotspot operators small amounts of cash in real-time for network access. Instead of maintaining subscriptions or buying fixed amounts of access, Metakall users dynamically pay just for the network connectivity service they need for a single VoIP call, or to read their email messages. We are currently conducting an internal to CTVR small scale user trial, with a larger scale user trial with external participants planned to follow shortly.

At the moment I cannot discuss the technical details of our solution due to a pending patent application, but I am happy to report that our prototype implementation is fully portable. We currently support most Windows flavors (including Windows Mobile and Windows CE of course), Linux and Mac OS X. Metakall's focus on portability constantly gives me the opportunity to experiment with various Linux-based devices; from the first generation SIP phone Linksys WIP300 that is based on uClinux, to the Nokia 770 Internet Tablet, to the impressive OpenMoko that I have just started exploring. Strictly from a developer's point of view, the Nokia 770 device is currently my favorite platform. However, the completely open nature and the vision behind OpenMoko is something that greatly appeals to me. I eagerly anticipate the second version of the OpenMoko phone (expected this October) that will add a wireless interface, giving us the means to fully deploy the Metakall software on this exciting platform.

25 Jun 2007 (updated 2 Jul 2007 at 12:07 UTC) »

http://www.trustcomp.org/treck/

In direct relation to my previous post; I am involved in the program committee of the ACM SAC 2008 TRECK track - the 4th Trust, Recommendations, Evidence and other Collaboration Know-how (TRECK) track of the 23rd ACM Symposium on Applied Computing. We are interested in original and unpublished research on computational models of trust and online reputation mechanisms. Specifically, the TRECK track's focus is on the set of applications that benefit from the use of such technologies. Therefore, I believe that it is of particular interest to the open source world, both as an application area in itself (trust-enabled distributed SCM systems as alternatives to the strictly centralized models of development would be a very interesting topic of research), and as a highly relevant forum to publish new systems (Konfidi immediately comes to mind as a promising example).

The submission deadline is September 8, 2007, which is more than enough, well, if not more than enough then certainly adequate, and the full information regarding the venue, dates and a suggested list of topics of interest can be found at http://www.trustcomp.org/treck/.

20 Jun 2007 (updated 7 Feb 2008 at 08:58 UTC) »

google as a ``trust authority''

I have recently noticed that I am using Google as a way to avoid phishing websites when I am making online purchases or doing online banking. As an example, to find Bank of Ireland's online banking website I avoid to directly type its URL since I can never remember it and a misspelling would most probably lead me to a fake server. Therefore, I simply google the terms ``365 bank of ireland'' and I am certain that the first result would link to the correct website. Basically, I am using Google as a ``trust authority;'' as an entity that I trust to refer me to the authentic provider I am looking for and not another masquerading as the target provider.

In a traditional PKI setting a Certificate Authority (CA) provides a very similar, in a semantic and not strictly technical sense, service; it gives guarantees to a service consumer that the service provider he is about to disclose sensitive information to is indeed the entity it claims to be. The main difference is that a PKI CA follows a manual way to verify the digital identity of a service provider before it issues an identity certificate (and, as I have previously studied, they cannot really be trusted on this due to mainly cost reasons). On the other hand, Google relies on an automated way to map keywords to service providers. PageRank could be modified, or a similar algorithm could be developed, to associate public keys to identities, and rank them in case more than one keys refer to the same identity based on a variety of factors like the time period the key has been associated with the target identity, eigenvector centrality, as well as others.

Actually, Dimitris Glynos and myself have done some joint research work on the subject and have interesting and encouraging results to share - not to mention a full Python implementation of our proposed scheme that we plan to release as an open source project running on Linux. But this is the topic of another post.

I am not saying that Google should be trusted with even more power. What I am saying is that the PKI trust model doesn't work, particularly as a phishing countermeasure, but also in more general application domains as its limited adoption, among other facts, clearly demonstrates, and that we need to study alternatives.

4 Jun 2007 (updated 8 Feb 2008 at 08:05 UTC) »

listening to research papers

A friend recently gave me the nice idea of listening to, instead of reading, research papers. We both have ``to-read'' piles that are constantly getting bigger, even while following the one-paper-per-day rule. Shortly after she mentioned this to me, I started experimenting with Festival, the excellent open source speech synthesis system. I just needed to emerge festival on my Gentoo Linux to get the main engine and emerge mbrola to install some extra natural-sounding voices. I then run echo "(set! voice_default 'voice_us1_mbrola)" >> ~/.festivalrc to change the default male voice to a female one, and echo "Pizza, pizza. Pizza, pizza." | festival --tts - as an initial test. The output was played at double speed. After googling a bit I found the solution to this problem in the Festival FAQ.

To save the output of Festival to an MP3 file I added the following to my /usr/share/festival/siteinit.scm file:


(Parameter.set 'Audio_Method 'Audio_Command)
(Parameter.set 'Audio_Required_Rate 11025)
(Parameter.set 'Audio_Required_Format 'riff)
(Parameter.set 'Audio_Command "lame --quiet --preset \
voice $FILE - >> $HOME/tmp/output.mp3")

Next, I simply converted some PDF papers into plain text using pdftotext and fed the output to Festival. Although it is true that not all papers can be fully understood simply by listening to them, this is a way to save significant amounts of time when it comes to not particularly important papers that nonetheless have to be read.

search the perl diaspora

Spiros has recently unveiled his latest pet project; a meta search engine for Perl resources. A very helpful and time saving idea (not to mention the cool logo with the slick font).

the cost of authentication

Lately I have focused much of my research efforts on the investigation of incorporating economic considerations into the design of network security technologies, and particularly of authentication mechanisms. As a preliminary result of this work I, along with Robert McAdoo and Professor Donal O'Mahony, have written a paper on comparing the costs of three different public key authentication infrastructures. Our work has been published at the Workshop on the Economics of Securing the Information Infrastructure. The abstract follows (the paper in its entirety is available here):

The holy grail of Internet security still remains a global authentication infrastructure that will be able to provide the basis for secure communications across a wide range of network technologies. The failure of Public Key Infrastructure (PKI) to fulfill this role clearly demonstrates the complexity of the problem and its interdisciplinary nature which transcends technical difficulties and has socioeconomic aspects. In this paper, we focus on the economic dimensions of the problem and perform a comparison of three existing public key authentication infrastructures. Specifically, we present a security assessment of the PKI, Identity-Based Encryption (IBE) and Secure Shell (SSH) authentication systems while modelling the economic value exchanges between the participating actors. Our approach constitutes a step towards the examination of the authentication problem in a wider context than just a technical one. Finally, we show how this study can help in the design of a solution for secure telecommunications.

The feedback from the reviewers was very encouraging and the presentation at the workshop, which was given by Robert since I didn't manage to renew my visa in time, successful. I plan to pursue this research topic further and ultimately develop a framework that can be used to understand the trade-offs between the violation risks and the (not just monetary) costs related to various security technologies.

If you have any thoughts and/or suggestions on the topic I would be happy to hear them.

why I don't like network-layer security systems

A friend pointed me recently to a blog post by Paul Crowley discussing the major popular cryptographic standards and some interesting proposals regarding their possible replacement. At some point the question of whether network-layer or transport-layer security systems are more appropriate was raised. The following is my opinion after almost six years of research on information security and networking (more or less as posted on that blog):

There are many reasons to prefer transport-layer to network-layer security. Network-layer solutions need to be implemented in the operating system kernel making them particularly inconvenient to deploy. Also, IPsec (which for all practical purposes is the only network-layer security protocol we have) has been widely criticized for being exceptionally complex and this fact hinders in depth security evaluations. However, I think that the most important argument against network-layer security is that it violates basic networking stack architecture principles. When you are doing security management at the network layer it usually means that you lose all the reliability and reassembly features provided by the transport layer. To be able to make security decisions (like authentication, authorization, etc.) you need to re-implement many TCP features that allow you to assemble packets at the network layer, thus breaking the purpose behind the separation of functionality into layers.

The flexibility provided by IPsec is not a strong enough advantage to break the abstraction borders between the different stack layers.

28 Apr 2007 (updated 7 Feb 2008 at 08:56 UTC) »

irssi last.fm now playing script

I wrote an irssi script that displays the most recent last.fm audioscrobbled track. You can find it here; it is published under a BSD-style license.

The script polls the specified last.fm profile for the most recent audioscrobbled track every $timeout_seconds (default is 120). The track is displayed only in the channels specified in the @channels array or, if @channels is undefined, in the active window. Be careful if you want to change the value of $timeout_seconds; too aggressive polling may get your IP blacklisted.

Put it in ~/.irssi/scripts/lastfm.pl, load it with /script load lastfm.pl and start a new session with /lastfm start your_lastfm_username. /lastfm help outputs usage details.

Suggestions and bug reports are welcome.

23 Apr 2007 (updated 7 Feb 2008 at 08:55 UTC) »

netris hack

This patch I coded against netris version 0.52 allows you to send junk rows to your opponent. The default key to do this is h and the default number of rows to send is 1. You can change the former by remapping the keys (with the -k switch) and the latter with the new -j switch (see the output of netris -h for more details). Have fun and don't be too mean.

1 older entry...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!