Older blog entries for mca (starting at number 8)

I'm scared.

Hashcash hits Slashdot

The Hashcash for mail filtering project is posted to Slashdot. I have to post some replies of course, so I expect 128k upstream bandwidth won't be enough for my website.

This too shall pass.

MS Palladium FAQ on crit.org

Well, sort of.

If you have something to say, get over to the CritLinked version of Ross Anderson's TCPA FAQ.

Why am I worried? Well I have the cached copy of MS's FAQ because crit.org doesn't work directly on their site.

nb. Notes applied to pages don't seem to be noticed until after they've been fetched through crit.org and the target page has been refreshed. I imagine this is a bug.

I can't say I would have planned for these two to arrive at the same time, but never mind.

Stylesheets. You would think the novelty had worn off by now, wouldn't you?

I got nothing useful done over the weekend (surprise!). I wanted to write code, but I ended up farting about instead. Stupid me.

19 Aug 2002 (updated 1 Sep 2002 at 18:14 UTC) »

"Forgotten password"

OK, I'm back. I had lost the authentication cookie that let me be "logged in".

I hunted around for my password, but I can't find it in the usual places - I probably didn't record it. With hindsight I see that this is not so clever, but most sites like this have an "email me my password" button, so it didn't seem necessary.

I recovered a copy of the cookie from a backup and appended it to my cookie file (the one that says "Do not edit!"), so I can post stuff until that expires. I can't do the XMLRPC thing though, I don't think. No big deal.

Next, I Used the Source. AFAICS the cookie I recovered was generated randomly when I created the account. The copy in the browser is supposed to expire in May 2003 (so if I go quiet about that time, you'll know what happened). The code doesn't seem to put an expiry time on the cookie in the Advogato database, so maybe I can just change the browser's expiry date?

If I ever hit the Logout link, it'll be Game Over.

Whining about the lack of "email me a password"

No, sir!

I can't be @rsed to code it myself. I don't see why anyone else should do it for me.

It would be much easier to make another account, or just leave the site. I'm sure it will cope without me. 8-)

I have other things to do. Always other things.

So you see, this is "Open Source in-action". Boom boom.

I'm not alone

While Reading The Fine Web, I found three other Advo users have also lost this passwords in some way, and found some route back in to the system. (One each, IIRC, of: finding the password, finding the auth cookie and pestering the admin for a change)

So, there's obviously a need for an "Advogato forgotten password FAQ" of some sort. This diary entry would serve, I suppose, as the other three entries served me. The problem is that AFAICS they expire to a dark place where Google refuses to look.

The two solutions that spring to mind are for me to post back-issues of my diary on my own website, or to post this drivel to the front page.

For now, I'll do neither. Maybe I'll get around to "backing up" my diary to my website once something important falls off the bottom.

(Update: Argh. I only wanted to edit a couple of typos, but it wants to put <p> in front of everything. The formatting was fine to start with.)

Argh, please don't hit the emacs wordwrap key in Netscape, Matthew. And take two:

Ideas, storage and retrieval of:

Someone somewhere (probably at the Cavendish) has gone to a certain amount of trouble to teach me that it's more important to know of some thing than to know about it in detail. This is very handy for someone who dabbles in problems from many areas, but I fear I'm taking it too far.

The plan is to remember enough of an idea to know where to look it up, and this is where I'm going wrong. Did I just re-invent Merkle Authentication Trees? More likely the idea has been lurking in my head from when I read it somewhere. I had no idea what to call the system (although "tree" and "digest" would feature somewhere). Thanks to Adam for putting me on to the original.

I bet there's a word for doing this. I wonder where I could look it up? It's probably beyond the scope of a thesaurus, and I'm too lazy to bother finding out the hard way.

Ideas, the quest for a more effective butterfly net:

While reading stuff just before my previous diary entry (yes, the confused one below) I had several ideas which, at the time, seemed really good.

I need to learn how to stop treating ideas like those dialog boxes that pop up, to be dismissed just before you realise you needed to write down the details of the error message.

Why would I want an authentication tree anyway?

Imagine you want to prove that you checked this bit of code in to CVS three years ago. You could show the (court) the timestamp that CVS put on the file, and they might believe you if someone doesn't point out that these things are very easy to forge.

So my aim is to write a program which checks for changes in a tree of files, and keeps a fairly lightweight but solid proof of age for your stuff. For an earlier program that exists, and was written for an entirely different purpose, go find paramd5s. Oh, it's not published yet .. well, I wrote it ages ago, honest!

Keywords: prior art.

Probably a bit late for many things, but TTWTCC.

leibnitz27:

Please don't be grumpy for the Apprenticisation I gave you. I concede that getting ppmtowinicon shipped on my box as standard is pretty cool, but I can't find any of your recent work. 9-)

I should remap that key, shouldn't I? Next time.

Today is paradox day. (Oh look, I mean yesterday. Again.)

The silly thing is, I don't know how to explain why.

Things that brought me to this conclusion,

  • I think I can have SAUCE or TLS with my exim, but not both. I'm not sure about this yet though.
    (Yes I know TLS is no substitute for end-to-end.)
  • Public information is private if you can't find the thing you would have wanted to know (this is a poor way of phrasing it)
    (This posting in this thread on ukcrypto.)
  • Elitzur-Vaidman Bomb Testing [1993, 1997]
    You've got this bomb, and you want to see whether it works. So you test it!
  • Even if I want privacy of my traffic data (who I talk to, how often and how much data), I can talk to my friends with impunity provided I encrypt some of the data.
    I can't talk to strangers though.
  • On the camram-spam list, we're discussing another set of ways of cutting down on UCE or spam.
    I've got so many mails from this I don't know where to start with them, or where to put the ideas and suggestions.
  • I'm tempted to snip this text and replace with "avoided submitting drivel to diary", but that would be more pointless than not posting, so I'll just crash Netscape again and lose it instead...
    This isn't paradox. This is just bedtime, slightly overdue.

Hmm, wonder what happens if you test the bomb, it would absorb the photon but doesn't, you think it's good, but then it doesn't go off anyway? So, the test only weeds out a certain type of dud.

(This, like yesterday's diary, is yesterdays. There should be a checkbox for "it's just gone midnight", and there should be <small> tags for silly comments. Unfortunately today I seem to be about to have a little rant.)

I'm a "software engineer" not a wheel builder, FFS. It's a very nice wheel (28 DBSS spokes, Ultegra hub, Mavic CXP33 aero rim (-8). But it isn't round, flat or in the middle of the bike.

Long story involving dented rim (how? FIIK), shot hub and "please wait two weeks for the hub" - thanks Craig for the lend of the crusty bike!
I built it,
trued it,
rode it,
and almost all of the spokes went slack after about 20 miles.

So I cleaned the grease off (yes I know that now), applied some blue nut locking compound and trued it again. Of course that takes me about two hours, so the nutlock has long set and isn't terribly effective.

Apparently I didn't do a very good job of cleaning the grease off either, 'cos it's gone slack again.

Bike shop couldn't do it today. I tightened it to wobble less and rode to work... it remains to be seen whether I woos out and get someone else to do it, or strip the whole thing down and start again again again.

...makes me wonder what's in store for the front wheel I did a couple of months ago. That has done many miles already and only needed the tiniest tweak after settling. The benefit of radial spoking, perhaps? Black art, this.

Wrote a bit of perl CGI for ESJ in the hope that he can use it to demo Hashcash, for the purpose of spam reduction.

I write lots of perl CGI. Why is this tiny little script so pants, and why did it take so long?

Need to start on the Java side PDQ. Never mind start, I need to think about what it should do. I'll think out loud, so you can help. (Very kind of you to list... oh, see ya later)

  • HTML fires up the applet, either just because it can or (more likely, and the purpose) to calculate a partial hash collision on a bit of data.
  • Well it should probably be threaded, so..
  • ..one thread to sit there and churn numbers. It should probably update a variable and notify the other thread, when it finds a collision bigger than what it had a moment ago.
  • ..the other thread to look at how fast things are going and update the GUI to estimate how long it will take. I suspect a progress bar would be depressing to watch. Also misleading since it could go to 1000% if you're unlucky.
    Maybe a Windows-style "5 seconds left!". "Oh, hang on .. no, it'll be about 2 minutes". Five minutes later...
    Abort button? Well you could send an inadequate hashcash token. I've been starting to think about this. I think it should be valid to say "I think that talking to you is only worth 10 seconds CPU time, so if you want to sit there and demand 2 hours then tough".
  • ..network access will be pretty simple. The only important bit is sending the completed collision back to the webserver (POST request, I should think) so it can validate it and then email it to someone. (Webserver sends the email so I don't have to fart about with a "secure" applet.)
  • There may be some merit in requesting some tiny bit of data of the webserver just to obtain a cookie saying how fast your processor is, so that the HTML can tell you how long things will take next time you visit.

Of course, I say "start". Lapo Luchini's GPL code will do all the hard work for me. Oh yeah, I should drop him a line if I'm going to start hacking about, shouldn't I? I'm so rude. 8-(

Am I scared that lots of stupid emails will be leaving my computer, destined for random people? Well all I have to do is up the minimum collision threshold to 25 bits and it will go very very quiet. 8-)

I'm tired of having domains that don't do anything useful.

I have a DNS server which is up ~98%. All I really want is enough secondaries to make it reliable, but the problem is my primary is on dynamic IP.

I've written some software which allows updates over SSH to a DJBDNS zone file, which would allow someone to provide the service I require... but who can you phone at 4am? (No it isn't urgent, but then it has been "not urgent" for the last six months)

So I've cheated and used xtremeweb.de for full primary. It seems very slick.

Meanwhile I'll poke about on ns2exchange.com.

OK, I exist. I've been meaning to exist for a long time, but never got around to it.

I'm not claiming that existing is useful to anyone, but one day I'll finish "getting organised" and contribute something.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!