Older blog entries for cpw (starting at number 19)

The FSF have put forward dotgnu.org as a contender to fit the Passport-shaped gap in Ximian's Mono initiative. I'm initially unconvinced. Their project is too unfocused - it portrays itself as a total .NET replacement - and too religious to gather enough mindshare to succeed.

>What do you guys think of Microsoft's .Net and Hailstorm efforts?

>Dangerous stuff. It is often said that the price of freedom is eternal vigilance. Unless we counter them, Microsoft's efforts are not only a threat to Free Software, they are also extremely dangerous tools in the hands of any Evil Government that wants to make their citizens unfree.

These are not the words of a project with its eye on the ball - producing a working, reliable, secure authentication service for a hostile Net and a license-apathetic gaggle of web hackers.

How much hacking would it take to run an authentication server for multiple separate Web sites, such that the users and sites can authenticate each other while trusting only the authentication server?

This sounds like Kerberized Web to me, but I'm not positive about that.

Passport is Microsoft's bid to operate the master password database for every Web site and service. They've got a shot at grabbing a large number of subscribing sites because the current Web authentication solution involves thousands of different password databases to administer and support, and thousands of passwords for a user to remember.

I don't think they can do it right.

• Those Terms of Service are an abomination
• Insufficient paranoia is endemic within MS product groups
• The protocols are closed, resulting in vendor lock-in
• The protocols are closed, resulting in insufficient peer review of what is potentially the most used crypto since DES.

AOL are their only credible current threat. They have a slightly better security record, but the other problems are much the same.

I don't want to trust either of them. We cannot allow Microsoft or AOL to dominate Web-wide authentication.

Why can't I run a program that grabs a list of security flaws and checks my vulnerability to them automatically?

Eazel, Ximian and Red Hat to mutually annihilate over system updating tools: film at 11.

No, seriously - isn't a certain amount of backstabbing, intrigue, and collapse inevitable here?

Red Hat Network sucks. Ximian's Red Carpet should suck, being cross-distribution and all, but works pretty well. Haven't tried Eazel's.

I wonder where Gnome dev bucks are coming from these days...

It's been a while. I've been arranging a big move.

Sometimes I wonder if XML is solving the right problems.

Time to write a tool that greps through the recent diary entries... but someone must have done it already by now.

AltaVistaing through advogato is somewhat unrewarding - it won't follow any of the links. Time to have a look at the HTTP.

jameson wondered why anyone would want to link against a versioning tool. Um, any application that wanted to provide versioning of its files? A DAV-enabled web server? ARSELOADS of stuff.

Well, maybe not, but the DAV server really screams out for it. The versioning-oriented Wikis would also love such a thing. And the VMS junkies would look up briefly.

The implementation is not really as important as a stable, standard interface - several million programs could use versioning in general.

In accordance with the Principle of Least WTF?ing, a desktop environment's user interface should name applications in a way that makes some kind of sense. For example, the gnome menu should have something called 'Image file viewer' (appropriately localized), rather than things called EOG and ee. Sure, _you_ know what they are...

Too many bits of paper, filesystems, web sites. Time to write a program that I can type at and then tell what to do with it, so all my textual output is Logged in One Place.

I suppose some would call this Emacs.

Occasionally when people start to think about alternative information paradigms, the 'lifetime stream of data' one pops up. Implementation would require the sort of all-encompassing throw-out-good-working-code event that free software usually tries to avoid. There's a part of me that thinks setting fire to the code base occasionally wouldn't hurt, but I try to appease it by embarking on occasional hard drive cleanups, for That Way Lies Madness.

I've been thinking about user-space code vs. kernel-space code, and it occurs to me that if you abstracted away the differences between them you could write code that could be compiled for or run in either. And it would be at least as slow as user-space code and would hang the machine in no time flat.

Now, if I only had some decent library access and a clue, I could check this theory against the literature.

Yes, I'm spending my sabbatical navel-gazing. My CS degree has prepared me for this wonderfully.