rmathew is currently certified at Master level.

Name: Ranjit Mathew
Member since: 2005-06-24 06:12:02
Last Login: 2013-01-11 04:08:54

FOAF RDF Share This

Homepage: http://rmathew.com/


I am a hacker from Bangalore (India).

Email: rmathew AT gmail DOT com

Google+ Profile

NOTE: I now use rmathew.com for blogging.

Recent blog entries by rmathew

Syndication: RSS 2.0
I am now moving to rmathew.blogspot.com for blogging. I find Advogato a bit painful to use for blogging. I also do not want to be restricted to only talking about hacking on Free Software.
Google and Maths
"Fuzzy Maths", an article on Google in the latest edition of The Economist, contains this interesting bit:
Google constantly leaves numerical puns and riddles for those who care to look in the right places. When it filed the regulatory documents for its stockmarket listing in 2004, it said that it planned to raise $2,718,281,828, which is $e billion to the nearest dollar. A year later, it filed again to sell another batch of shares -- precisely 14,159,265, which represents the first eight digits after the decimal in the number pi (3.14159265).
Their famous recruitment campaign and their very name further reinforce the impression of their obsession with Mathematics.
10 May 2006 (updated 10 May 2006 at 08:14 UTC) »
Security: The 3 As and the 3 Rs
(I am just collecting my thoughts here; I do not require anything like this right away.)

A useful framework for security should provide:

  • Authentication - verifying that the user is indeed who he claims to be.

  • Authorisation - verifying that the user is indeed allowed to do what he wants to do.

  • Auditing - recording the attempt to do the intended action, its outcome and whether the action was indeed done.

The authentication framework should be able to able to plug into various authentication mechanisms (OS-based, LDAP-based, etc.), be flexible enough to accept various types of credentials (username/password, PKI certificate, etc.) and reliably establish the "Identity" of the user.

The authorisation framework should allow the specification of:

  • Rights - what is allowed.

  • Roles - who is allowed to do it.

  • Realms - where are they allowed to do it.

Role-based authorisation allows for the maximum flexibility compared to the direct checking of the Rights of the given Identity. An Identity could be associated with multiple Roles. Realms establish domains of privileges - for example, a person has administrator privileges on his desktop PC but is just an ordinary user on the LAN. Rights could be positively stated ("Allow Foo") or negatively stated ("Disallow Bar"). Authorisation could be inclusive (at least one Role associated with the Identity has the Right) or exclusive (no Role associated with the Identity should be denied the Right). I personally favour positively stated Rights and inclusive authorisation.

The auditing framework would be used for non-repudiation, so it should have integrity (only the auditing framework could have written out a given audit record) and an almost transactional association with the respective action (record an action if and only if it was actually done).

Of course, in real "enterprise" software we end up with various degrees of compromise on each of these aspects.

Peer to Patent
The US Patents and Trademarks Office will soon try out Peer to Patent as a pilot project. This is great news. It is really important for silly patents to get rejected upfront than be granted and then used to bully everyone into either paying up an extortion fee or engaging in costly lawsuits. Unfortunately, there is still the problem of lots of such silly patents having already been granted and used for corporate "defence funds" (an equivalent of the "Mutual Assured Destruction" strategy) or towards unscrupulous ends.

The Economist has a nice set of balanced articles on patents and other IP-related topics.

Faster Logging
When you have an application that must log information (for auditing, debugging, etc.) but still run as fast as possible, it is rather wasteful to always dump fully-formatted human-readable trace records. It's far better to dump a short binary record indicating the message identifier, parameters for the message (if any), timestamp, process/thread identifier, etc. that can be processed later for human consumption using a separate "trace formatter" tool. This way you save on processing time and disc space but make it slightly inconvenient to view the log files.

On UNIX-like systems, utmp and wtmp records are created and processed this way. I have also seen this kind of logging in IBM's AIX operating system and its CICS transaction processing monitor. Why then do several modern "high-performance" applications still insist on using the slower and more bloated method?

Planet GCC

There is now a Planet GCC aggregating the feeds from Planet Classpath and the blogs of a bunch of GCC hackers. If you know of a blog of a GCC hacker that is not directly or indirectly aggregated here, please let Dan know. Thanks to Dan for this initiative.

165 older entries...


rmathew certified others as follows:

  • rmathew certified aph as Master
  • rmathew certified tromey as Master
  • rmathew certified jao as Master
  • rmathew certified saju as Apprentice
  • rmathew certified Anthony as Journeyer
  • rmathew certified rth as Master
  • rmathew certified mjw as Journeyer
  • rmathew certified jpick as Journeyer
  • rmathew certified robilad as Journeyer
  • rmathew certified rms as Master
  • rmathew certified aoliva as Master
  • rmathew certified zw as Journeyer

Others have certified rmathew as follows:

  • jserv certified rmathew as Master
  • bonzini certified rmathew as Journeyer
  • tan certified rmathew as Master
  • sqlguru certified rmathew as Master
  • jnewbigin certified rmathew as Master
  • juancpaz certified rmathew as Journeyer
  • mjw certified rmathew as Journeyer
  • polak certified rmathew as Journeyer
  • lerdsuwa certified rmathew as Journeyer
  • pvanhoof certified rmathew as Journeyer
  • e8johan certified rmathew as Journeyer
  • robilad certified rmathew as Journeyer
  • fxn certified rmathew as Journeyer
  • mpr certified rmathew as Journeyer

[ Certification disabled because you're not logged in. ]

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Share this page