Older blog entries for cpw (starting at number 18)

How much hacking would it take to run an authentication server for multiple separate Web sites, such that the users and sites can authenticate each other while trusting only the authentication server?

This sounds like Kerberized Web to me, but I'm not positive about that.

1 Jun 2001 (updated 11 Jul 2001 at 07:12 UTC) »

Passport is Microsoft's bid to operate the master password database for every Web site and service. They've got a shot at grabbing a large number of subscribing sites because the current Web authentication solution involves thousands of different password databases to administer and support, and thousands of passwords for a user to remember.

I don't think they can do it right.

  • Those Terms of Service are an abomination
  • Insufficient paranoia is endemic within MS product groups
  • The protocols are closed, resulting in vendor lock-in
  • The protocols are closed, resulting in insufficient peer review of what is potentially the most used crypto since DES.

AOL are their only credible current threat. They have a slightly better security record, but the other problems are much the same.

I don't want to trust either of them. We cannot allow Microsoft or AOL to dominate Web-wide authentication.

Why can't I run a program that grabs a list of security flaws and checks my vulnerability to them automatically?

19 Mar 2001 (updated 26 Mar 2001 at 21:56 UTC) »

Eazel, Ximian and Red Hat to mutually annihilate over system updating tools: film at 11.

No, seriously - isn't a certain amount of backstabbing, intrigue, and collapse inevitable here?

Red Hat Network sucks. Ximian's Red Carpet should suck, being cross-distribution and all, but works pretty well. Haven't tried Eazel's.

I wonder where Gnome dev bucks are coming from these days...

It's been a while. I've been arranging a big move.

Sometimes I wonder if XML is solving the right problems.

16 Sep 2000 (updated 19 Sep 2000 at 10:56 UTC) »

Time to write a tool that greps through the recent diary entries... but someone must have done it already by now.

AltaVistaing through advogato is somewhat unrewarding - it won't follow any of the links. Time to have a look at the HTTP.

15 Sep 2000 (updated 19 Sep 2000 at 10:52 UTC) »
jameson wondered why anyone would want to link against a versioning tool. Um, any application that wanted to provide versioning of its files? A DAV-enabled web server? ARSELOADS of stuff.

Well, maybe not, but the DAV server really screams out for it. The versioning-oriented Wikis would also love such a thing. And the VMS junkies would look up briefly.

The implementation is not really as important as a stable, standard interface - several million programs could use versioning in general.

14 Sep 2000 (updated 14 Sep 2000 at 16:54 UTC) »

In accordance with the Principle of Least WTF?ing, a desktop environment's user interface should name applications in a way that makes some kind of sense. For example, the gnome menu should have something called 'Image file viewer' (appropriately localized), rather than things called EOG and ee. Sure, _you_ know what they are...

Too many bits of paper, filesystems, web sites. Time to write a program that I can type at and then tell what to do with it, so all my textual output is Logged in One Place.

I suppose some would call this Emacs.

Occasionally when people start to think about alternative information paradigms, the 'lifetime stream of data' one pops up. Implementation would require the sort of all-encompassing throw-out-good-working-code event that free software usually tries to avoid. There's a part of me that thinks setting fire to the code base occasionally wouldn't hurt, but I try to appease it by embarking on occasional hard drive cleanups, for That Way Lies Madness.

10 Sep 2000 (updated 14 Sep 2000 at 15:21 UTC) »

I've been thinking about user-space code vs. kernel-space code, and it occurs to me that if you abstracted away the differences between them you could write code that could be compiled for or run in either. And it would be at least as slow as user-space code and would hang the machine in no time flat.

Now, if I only had some decent library access and a clue, I could check this theory against the literature.

Yes, I'm spending my sabbatical navel-gazing. My CS degree has prepared me for this wonderfully.

I've been wondering why Linux distributions all end up being Unix-like, but I suppose it's obvious. Compatibility, and that fortune that goes 'Those who do not understand Unix are compelled to reinvent it... poorly.' And who really understands Unix?

I'm occasionally tempted to implement a distribution which keeps its packages in packages (much like the nextstep/macosx 'bundles') and has a shell that can find stuff in them. It should be easier to deal with upgrades and version skew this way. The problem is that I don't know what bits will be harder this way.

init is another candidate for reworking. It won't start daemons for ordinary users, it spawns some things from inittab and some from the init.d scripts... It's all terribly ad hoc, I feel.

9 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!