Older blog entries for dkg (starting at number 16)

Leslie Pack Kaelbling for Ada Lovelace Day

So i'm a couple hours late for Ada Lovelace Day (in my time zone at least), but i wanted to mention Leslie Pack Kaelbling, an excellent technologist who has also had a significant impact on my life.

Her extremely short biography says (in full):

Leslie Pack Kaelbling is Professor of Computer Science and Engineering at the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology. Her research focuses on decision-making under uncertainty, learning, and sensing with applications to robotics.

She is also the founder and co-editor-in-chief of the Journal of Machine Learning Research, an active open-access academic collection which encourages the development of open source software for the field of machine learning. Cool stuff!

lpk was my professor when i was an undergraduate (before she went to MIT), and she opened my mind to a lot of great ideas about artificial intelligence, machine learning, robotics, and computation in general. Beyond the specifics that she taught, though, she also demonstrated what it means to be a spirited and engaged academic, both in research and in teaching. I think i first read Stanslaw Lem in one of her robotics classes (it was one of the stories from The Cyberiad), where she encouraged us to think not just about the technical possibilities of machinery, but also about the social possibilities. And it wasn't just theorizing: I also had the chance to do significant work with robotics hardware (both real and emulated) in a lab under her friendly and open supervision.

She developed a new introductory series of two classes for the school's Computer Science department, which i was unfortunately too late to take. They're designed to reach students who were discouraged by the traditional programming-heavy approach, and focus instead on the issues of theory, abstraction, and collaboration, with programming taking a subordinate place to understanding the nature of computation itself. Later in my scholastic career, I had the privilege of helping her out as a teaching assistant, working with her on various robotics projects, advising a handful of younger students with her, and having her advise my final-year project, where i tested and evaluated variants of the boosting machine-learning algorithm. Throughout all of this, and despite my typical collegiate distractions, Leslie helped me understand technical details and nuance about the possibilities that we have with these incredible machines, and how they might be made to interact with the real world with all of its contradictory input and uncertainty.

So here's to Leslie Pack Kaelbling: thank you for all your amazing contributions to our field, and for the things you taught me and the opportunities you shared!

Tags: adalovelaceday09

Syndicated 2009-03-25 06:27:00 from Weblogs for dkg

Publicly-funded knowledge should be public

I live in the USA. Our government issues many grants to scientists for research via the National Institute of Health. I recently found out about the NIH's recent requirement that publicly-funded research must be published freely online within 12 months. As you can imagine, i think this is a remarkably Good Thing (though 12 months seems a little bit long for fast-moving fields).

Apparently, John Conyers and several co-sponsors have introduced HR 801, which appears intended to overturn this remarkable policy, primarily for the benefit of the companies that publish scientific journals.

This bill is a shame, and i had hoped for better from Rep. Conyers, who otherwise has a remarkably positive record as a legislator advocating for government transparency and the public good. Sadly, his stance on so-called "Intellectual Property" seems characterized by heavy-handed legislation designed to benefit the parties already heavily favored by the current imbalanced copyright situation.

If you live in the US (and especially if you live in Conyers' district in Michigan), please send him e-mail or get in touch by phone and tell him to drop the bill. You might also check the list of cosponsors to see if one of them is more local to you.

If you want to read more, Lawrence Lessig has written about this issue, addressing Congressman Conyers directly in the Huffington Post. Curiously, Rep. Conyers' web site contains no mention of HR 801.

Tags: policy

Syndicated 2009-03-17 18:18:00 from Weblogs for dkg

redundant DHCP service for a sprawling LAN?

I'm supporting a medium-sized (~70 regular clients and a half-dozen servers) LAN. It's a single logical ethernet segment, but it's built as a tree of cascaded switches. DHCP service is provided by a single host running ISC's DHCPD (via dhcp3-server).

DHCP itself is one of the single points of failure in the network layout. i'd really like to make this DHCP server redundant (so that i can take that host down for service if needed and leave the rest of the network intact). However, reading dhcpd.conf(5) makes me pretty worried that the failover stuff is not well-tested or widely deployed.

I've read Paul Heinlein's Failover with ISC DHCP, which makes it look not unreasonable, but i was wondering if people have other preferred mechanisms for providing DHCP redundancy. Do you have failover DHCP set up for any LAN that you manage? If so, what do you use? Are there any gotchas to watch out for?

I'm also concerned about the security implications. On a network that's not using IPSEC, i don't see any mechanism for the two DHCP servers to properly mutually authenticate. Is it really just by IP address? Could someone spoofing the IP address of one host corrupt the state of the other DHCP server? (i'm less concerned about them keeping network traffic private, since most of what they communicate is likely to go out in the clear on the wire anyway). Am i missing some clever authentication technique?

From a security point of view, i understand that there are more severe security problems with DHCP itself, of course (the protocol requires that the client trust the (unauthenticated) server), but that doesn't seem likes a good reason to introduce an opportunity to compromise any given server directly.

Your thoughts on DHCP redundancy?

Tags: dhcp, failover, redundancy

Syndicated 2009-02-27 19:44:00 from Weblogs for dkg

Stricter GnuTLS rejects outmoded X.509 certs

Recently, several people noticed that GnuTLS behavior did not match its documentation with respect to two significant security concerns, both regarding X.509 certificate validation:

GnuTLS has been fixed upstream, and a fix to at least the latter problem has already propagated into etch via a security upload. The lenny packages should already behave as documented (no MD5 digests accepted in cert validation, v1 certificates not explicitly acceptable as authorities).

However, this means that if you use GnuTLS-linked tools to connect to systems whose certificate chains rely on either MD5 digests (in anything but the root certificate) or on v1 certificates for any of the certificate authorities, your connections may fail due to this stricter validation.

There are already several bug reports about broken LDAP connections and broken mail connections due to these problems, and there have been reasonable concerns raised on debian-release about this.

So what can you do to make sure that the infrastructure you rely on or maintain does not depend on these outmoded and insecure features of X.509? Read on for concrete steps for administrators, developers/maintainers, and end users...

This entry has been truncated read the full entry.

Syndicated 2009-02-15 17:20:00 from Weblogs for dkg

Python editor/IDE for new (high school) coders?

I'm supporting a class of high school students who are new to programming, and will be learning some python. Most of these students are comfortable with computers, but not hacker types, and few if any of them have written code before.

I'm looking for an editor or an Integrated Development Environment (IDE) that won't be too scary for them, and will help them get used to the novel idea of writing code without simultaneously having to get used to the novel idea of an unfamiliar user interface.

So i can't expect them to pick up my beloved emacs, for example. But on the other end of the spectrum, i'd hate for them to try to write python in an word processor (i've seen people do it!). Here's what i think i'm looking for:

  • comfortable graphical interface -- these students have not used the command line before, and while they'll be introduced to the python shell, they should be able to write code and browse for files, etc. in the "normal" (sigh) way. This means, for instance, that tk-based interfaces are less good because they don't integrate with the common GTK-based UI.
  • syntax highlighting -- the students will need to figure out what's a variable, what's a function name, what's an operator, what's a reserved word, etc. Visual indications like font-lock-mode from emacs would be really useful.
  • whitespace management -- since python has syntactic whitespace, it would be great if there were convenient/intuitive ways for students to adjust the whitespace in their programs. Of course, it's hard to say what's going to be intuitive for other people. I like tab-cycling whitespace myself; are there other approaches i should be proposing?
Do you have suggestions for tools that work well for the above needs? Favorites? Are there features other than the "top three" i listed above that you think i should pay attention to?

FWIW, they'll be working in a labful of machines running Ubuntu Hardy for the most part, but i'm willing to port and deploy programs (particularly ones that feel like a perfect fit) if they're not available in hardy.

Syndicated 2009-02-04 19:56:00 from Weblogs for dkg

target disk mode (sbp-2 mass storage host mode?)

One very convenient feature of Apple's hardware is the ability for their workstations to enter target disk mode. This effectively transforms the machine into a glorified ieee1394 (firewire) block device, which can then be manipulated from outside the machine using the standard SBP-2 protocol.

Is there a way to provide this same functionality from a running GNU/Linux machine? For example, i have a GNU/Linux system with a block device attached to it. I would prefer if the block device was available to a neighboring machine, but (for whatever reason) i'm unable to physically move it. However, i'm able to link the two machines via a simple ieee1394 connection. A "virtual target disk mode" server (or would it be better to say "an SBP-2 mass storage target service over an ieee1394 link"?) would be really useful.

One thing that occurs to me is that i could do some sort of networking abstraction over the link (using eth1394?), and then use something like vblade (an ATA-over-Ethernet target service) to provide a virtual block device to the remote host. However, this requires the remote host to run an operating system capable of dealing with these (more obscure) protocols, and i'd like this to work for any remote machine that knows how to deal with generic SBP-2 ieee1394 mass storage.

I know that in general GNU/Linux is at least as powerful and capable as the firmware that Apple ships ;) But it's possible that our community just hasn't gotten around to implementing something like this. Is this the case? My attempts to search for it haven't turned up anything, but it's entirely possible that i'm reading the wrong docs (or reading the docs wrong). Any pointers?

Tags: firewire, ieee1394, sbp2, vblade

Syndicated 2009-01-23 19:24:00 from Weblogs for dkg

Trancendental Nonsense and the Functional Approach

Poking around the web site for Law in Contemporary Society, a class taught this semester by Eben Moglen, (who is counsel for the Free Software Foundation and founder of the Software Freedom Law Center), i found Felix Cohen's Trancendental Nonsense and the Functional Approach, which (according to wikipedia) is one of "the most-cited law review articles ever written".

I haven't read the whole thing yet (and i'm neither a lawyer nor a philosopher) but it's fascinating reading. And from what i've read so far, it's a strong push toward directly addressing the values that lie hidden beneath our technical or mechanical decisions, and to avoid mistaking technical success or skill with a worthwhile outcome and clear goals at a societal level. This is something we software developers and system administrators struggle with as well (or at least i think we should). It's neat to get my head around these concepts from a different intellectual sphere, and a different era (74 years ago!) when the technical and mechanical tools i work with didn't exist in anything like their present form.

This kind of reading makes me wonder what works from Computer Science or Systems Engineering or Information Technology will have this kind of exhortative power and social relevance so far into the future. Do you have a favorite (or abhorred?) text from the field that offers the kind of moral and technical challenges that Cohen's work does?

Syndicated 2009-01-22 05:32:00 from Weblogs for dkg

sysadvent -- 25 days of systems administration

I just ran across Jordan Sissel's sysadvent project, where he posted one article about systems administration each day from the 1st of December to the 25th.

Jordan has been a great communicator when we've exchanged mail (he's the author of xdotool, which i maintain for debian). Unsurprisingly, his posts in sysadvent are also excellent. He has a broad knowledge of what tools are available, clever insights in how to connect them together, an engaging and clear writing style, and sharp sense of what really should matter to a systems administrator. Definitely worth reading!

Syndicated 2008-12-31 23:56:00 from Weblogs for dkg

wireless hardware switches (pciehp is your friend)

I've been playing around with an eeePC 900, which is very well-supported by debian. Kudos to the eeepc team!

I had one problem with it, after upgrading eeepc-acpi-scripts from version 1.0.4 to 1.0.9: with 1.0.4, i was able to use an ACPI hotkey to disable and re-enable the wireless. With 1.0.9, the device did not come back up for me after a toggle. The problem was resolved for me with:

echo pciehp >> /etc/modules
which i figured out from reading a brief post on the very-informative debian-eeepc-devel mailing list. The rest of this post explores why that was the answer for me.

This entry has been truncated read the full entry.

Tags: eeepc, wlan

Syndicated 2008-10-16 17:43:00 from Weblogs for dkg

Monkeysphere: an OpenPGP-based PKI for SSH

Ever thought that there should be an automated way to handle ssh keys? Do you know the administrators of your servers, and wish that SSH could verify new host keys from them automatically, based on your personal connections to the web-of-trust? Do you wish you could revoke and/or rotate your old SSH authentication keys without having to log into every single machine you have an account on?

Do you administer servers, and wish you could re-key them without sowing massive confusion among your users (or worse, encouraging bad security habits among them)? Do you wish you could grant access to your users by name, instead of by opaque string? Do you wish you could rapidly revoke access to a user (or compromised key) across a group of machines by disabling authentication for that user?

A group of us have been working on a public key infrastructure for SSH. Monkeysphere makes use of the existing OpenPGP web-of-trust to fetch and cryptographically validate (and revoke!) keys. This works in both direction: authorized_keys and known_hosts are handled. Monkeysphere gives users and admins tools to deal with SSH keys by thinking about the people and machines to whom the keys belong, instead of requiring humans to do tedious (and error-prone) manual key verification.

We have debian packages available which should install against lenny (for i386, amd64, powerpc, and arm architectures at the moment), a mailing list, and open ears for good questions, suggestions and criticism.

If you have a chance to give it a try (as a user or as an admin), it would be great to get feedback.

Tags: gpg, monkeysphere, openpgp, openssh, pgp, ssh

Syndicated 2008-09-04 07:13:00 from Weblogs for dkg

7 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!