It seems that some people (well, at least one) think that I have a Avi (from Cryptonomicon) style obsession with WW2. I guess that comes from the picture and quote above. So just to prove that I don't really, and there's nothing WW2 about IV's other content, try it in:
Maybe I should do a few more and have it rotate each day 
Today has ben an utterly fucking shit day; worst day I've had in over a year. So, if you'll excuse me I just need to..
AAAAAAAAAAAAAAAAAAAGGGGGGGGGGHHHHHHHHHH!!!!!!!!!!!!!!!!
Right. Here's hoping tomorrow is better.
The management apologise for that brief interruption.
A couple of recent patches:
The deptment has a list of projects that people want doing. Sometimes they are specific and sometimes more in the form of "I wonder...". Here's the text of an I wonder project that I did in a loose hour today. Might be interresting for some people.
Detection of User Location
--------------------------
Adam Langley, agl@imperialviolet.org
Problem:
"How can we reliably identify whether users are physically located in
any particular region when they access our systems across the LAN/WAN
(so that we can control what data access that have given different
secrecy constraints)."[0]
Since the system is to be accessed across a network the only proof of
location we can offer is information. Since the server's view of the
world is limited to the data that passes through its network card it
must trust another device to tell it the location of a user requesting
some service.
Having the server trust some special code is trivially vulnerable to a
replay attack. Thus, in order for the server to know the location of a
user, a challenge-response protocol must be used, and the challenges
must timeout.
The obvious answer to the problem of a trusted device to handle location
is a system based around a GPS receiver that the user possesses. The
problems with this are threefold:
Firstly, in order for the server to trust the device it must be
tamper-resistant. The level of tamper-resistance required varies with
the security needs of the server, but if a location based security
policy is even being considered then it's reasonable to expect that the
server has some pretty impressive security needs and, correspondingly,
that the device needs to be highly temper-resistant.
Unfortunately, strong tamper-resistance is a difficult problem.
Companies such as Cambridge Aero Instruments[1] manufacture
tamper-resistant GPS systems for applications such as gliding
competitions (so that the contestants can prove that they reached the
checkpoints). However, such a GPS system would have to be integrated
into a package that also contains enough processing power to perform
public-key cryptography (such as an IBM 4758). This is likely to be
prohibitively expensive.
Secondly, the GPS system[2] has no authentication built in. Even if the
device were perfectly tamperproof there would be nothing preventing an
attacker putting it in a Faraday cage and faking the GPS signals.
Thirdly, GPS jamming is reasonably simple[3]. A DoS attack could be
launched against a secure installation (where these devices are used) by
jamming GPS signals.
These aforementioned problems with GPS suggests that a trusted device
know its location be other means, such as its immobility. Assuming that
areas that are considered secure locations (by this system) are
physically controlled then it would be reasonable to use much less
tamper-resistance as the equipment and time available to an attacker
would be limited[4]. Thus the reduced tamper-resistance required makes
the cost viable. The method of keeping it in place remains to be decided
The interface of such a device deserves some consideration. A user must
present a server generated challenge and pass the reply back to the
server within the time limit. Since a strong connection to physical
location must be preserved, a physical interface is appropriate; a
keyboard for input and a till printer for output. The output could be a
monitor, but since the replies are going to be quite complex (say, 160
bits base64 encoded) then the users are going to write them down anyway
so a till printer will save them the time and effort. Postit notes and a
pen should be provided by the terminals for the same reason.
The challenges are not sensitive and the replies are only valid for a
short time (to be determined) and only on a single terminal. (It goes
without saying that man-in-the-middle attacks against the terminals must
be prevented by the cryptographic protocol). Also, it must be considered
that this location authentication is a hassel for the user and (with the
security requirements in mind) the number of authentications in a given
time should be less than for other schemes (such as passwords).
Conclusions
-----------
A location authentication system is certainly possible given a number of
assumptions:
* that locations considered secure by the system are physically
secure against people bring in certain equipment (such as
X-ray machines[4] and shaped charges[5]) and spending long
amounts of time physically attacking the trusted location box
* that the terminals are trusted not to leak the information
once accessed, or to allow a man-in-the-middle attack And at
certain costs:
* Inconvenience for the user User training A trusted location
* box per location
Much remains unconsidered:
* The details of cryptographic chal-rep protocol The design and
* cost of the trusted location box The method of keeping the
* trusted location box in place The human factors, such as the
* presentation of the data and
the length of the timeout
[0] http://www.doc.ic.ac.uk/%7Esjn5/docpp/cgi-bin/
display_project.cgi?project=709
[1] http://www.cambridge-aero.com/
[2] http://www.phrack.com/phrack/55/P55-14
[3] http://www.phrack.org/phrack/60/p60-0x0d.txt
[4] Security Engineering, Ross Anderson, Chapter 14
[5] Chapter 11, Section 5
Opps. Looks like I missed actually uploading the tarball for bttrackd. I wonder how long that's been broken - months I guess.
This came up on slashdot today. It's an attempt to replace standard filesystems with a string-string metadata based system and categorisation. The metadata is pretty standard and the categorisation is hierarchical. Read the page, it's pretty neat and, above all, it's real code.
Now, this kind of thing is one of my pet subjects so I have a couple of criticisms. Firstly, string-string metadata looses some useful functionality of string-object systems. If the author of a document is "John Smith" then I cannot simply ask for the author's email address because the string "John Smith" is only loosely coupled to the object (if it exists) that describes that person. Also, this system doesn't try to extend this system very far. He see it as a way of filing documents (which is all well and good), but this is far short of what vaporware like IronDoc and landscape try to do. Then again, worse is sometimes better and he has code behind him.
First blog of the new year! (of course, being in the UK, I get a 5-8 hour advantage over most people).
A new article from Paul Graham predicting the end of spam. Nice to hear after the year of doom mongers predicting the end of email because of spam and, in terms of who I'd side with in an argument, Paul Graham rates just a little higher.
Book reviews today...
(Peter F. Hamilton, 0-330-48006-5)
I've always really enjoyed Hamilton's books; every single one of them. Night's Dawn is an incredible epic and I highly recommend it if you're ever suck on a dessert island for a few weeks.
Fallen Dragon is set in a different universe to his other books, thou there are many similar ideas (like genetic enhancement and neural interfaces). I've never felt that Hamilton wrote very deep sci-fi like Baxter or Egan, but he tells a fantastic story.
This particular fantastic story is totally centered about one person and it's told from two different points in time at once. Each chapter alternates between this guy's childhood and a point much further on in his life. As you read about the earlier experiences, the later ones start to make more sense and by the end of the book the early thread is upto where the later one started.
The ending I won't talk much about because it will spoil the book. It's a good ending (which is foreshadowed, but I didn't make the connection till afterwards), but I can't help but feel it raises more questions than it answers.
Anyway; if you see it, consider buying; you'll enjoy it
(Michael Crichton, 0066214122)
Well, it's another Crichton. Never deep, but a couple of neat ideas. If you have read Timeline then you know the style. I get the feeling it was written with a film in mind. It's not long (I finished it in a night), nor taxing. I wouldn't buy it, but don't run screaming if it drops on your doorstep either.
(Ayn Rand, 0-451-19114-5)
Zooko persuaded me to read this huge book, and I'm quite glad that I did (thanks Zooko). It really is long (and I must admit that I skipped most of the Galt monologue) but it's quite enjoyable.
It doesn't change my view of the issues she covers one little bit thou. It's pretty much the minarchist capitalist manifesto, which is nice because I quite like minarchist capitalism. Rand is a little more minarchist than I am, but that's ok.
Interestingly enough she doesn't cover environmental issues at all (despite dealing with railroads and steel mills) which is a shame because that's one of the main arguments people beat anarchists/extra-minarchists with. But then, being American, the thought might never have had occurred to her.
In the end, I don't really like arguing about exactly what form of government would be best in a world where they are rapidly going in totally the wrong direction. It just seems a little pointless.
It's a decent book; maybe a little too long. One might want to try The Moon is a Harsh Mistress for something smaller.
Back in London. I was only loafing about at home, so I might as well loaf about someplace with a better connection. I'm sure the monkey running the ticket till over charged me (23.50 for a single to London) but the pricing structure for the railways is so damm complex you can't tell. Also, the train didn't even advertise that it was stopping where I wanted it to. I just got on and hoped that that Railtrack wasn't fibbing to me (they weren't, but it's still crappy).
I've just rsync'ed Gentoo - crap there's a lot of new stuff. I wish Gentoo had a way of only upgrading stuff which has jumped in upstream release number.
Over the Xmas break I've had a cluster of P4's in the Imperial labs generating keys for coderman who (I guess) wants them to test this idea. By the last count he had 150000 keys and was winding up, so I'm giving the lab computers a break now. A couple of things that I'll probably end up looking up later:
if I laugh in a nihilistic euphoria any harder I am going to burst a spleen
a spleen? You have a backup?
So, the US wants to monitor all it's net traffic? (NYT link: user/passwd = strsnyt). Well, the UK has had that for years, but here the "early warning centre" is called the GTAC (Govt Technical Advisory Centre, or something). And the US pretends that it leads the world in technical matters...
After reading Aaron's Creative Commons launch talk I emailed him to ask exactly when some cool semantic webby stuff was going to happen. (I've ranted about this before). Well, quoting private emails is a little rude but he didn't seem to hold much hope of it happening anytime soon, which is a great shame. Unfortunately, I can't see any good way of solving this. Specs for a Person class, a Blog class and all manner of stuff could be constructed, but I don't know how we would persude anyone to use it:
And so we're stuck. So does anyone have a SemWeb killer app to bootstrap everything?
Mixminion 0.0.1 has been released, and the first Mixminion anonymous message was posted to the mailing list. Congrats to the whole team.
Also, the new edition of Unix Power Tools (O'Reilly) is out. I was a technical reviewer on this and it's everything you would expect from O'Reilly (even if UPT would be preaching to the converted for most of IV's readership). There is one chapter about which they seem to have ignored my comments. But then my comments were something along the lines of "This is rubbish, put this in instead ..." followed by the whole chapter rewritten. I'll let you see if you can guess which chapter.
The whole concept of phoning someone is a little broken. I want to be able to attach a priority to calls. If I need something now - it's a high priority call, if I just want to chat - it's low priority, and it's a persistent thing. When I get in from doing something (a high priority only state) I can drop to a low priority state and take all the low priority calls (so long as the people calling me are still in a low priority state). I'm sure you get the idea.
(I'm at home, in Chelt, for christmas)
I had hoped to have IV hosted (web and email at least) on Imperial servers by now. Unfortunately, one of the Dept of Computing webservers was rooted on Thursday which ment that people were a little too busy to get round to it. I'm going to see metis (the current server) tomorrow with a new power supply anyway.
And in answer to coderman's question: see this, this and this for an example of what crewing an event means. We started rigging that at 9am, people came in at 8pm, left at 2am (the following day) and we had cleared up by 4:30am (after which we went to the bar). This was taken about 5 in the morning (I'm the one on the far left).
It's been a Bad Server Weekend (tm).
Firstly, hawk's outgoing SMTP relay started refusing to relay because hawk got listed as a dialup IP and the relay has spam blacklisting. (hawk is Freenet's server for stuff like mailing lists). Now, I'm not going to rant about spam blacklisting here because I'm not going to change anyone's mind about it. I can only suggest you look at alternatives like SpamAssassin and the new breed of Bayesian filters.
Anyway, as a bodge I just set hawk to send email directly which worked for some people until Ian found another relay. However, since some of the lists which were blacklisting hawk gave contact details I tried emailing them:
It's our understanding that all of 4.46.0.0 - 4.46.119.255 is dynamic IP Verizon DSL. As dynamic IP space, it's appropriate for it to be in our list. BTW...the addition of this space was prompted by abuse of this IP space by a professional spammer that has been spamming from a Verizon DSL account with dynamic IPs moving around this range for the past few months.
I emailed back and the guy basically refused. But from a difference blacklist admin...
Fixed in the next update. Thanks.
So they aren't all bad.
And once hawk was running again ... metis (this server) promptly died. I still don't know what happened as I haven't phoned since it came back online. It wasn't a power cut (the UPS didn't kick in if it was) and I hope it wasn't another rat pissing in the power supply. Anyway, it's running again but I really am going to move it to IC soon.
And I was this close to 100 days uptime. (it was about 98 days when it died).
Mozilla 1.2 really works well. It doesn't crash. It's pretty fast. Copy and paste has started working again after 1.0. Nice.
Also, Straw is a good GTK feedreader. I'm using it for the moment.
Last night I went to see Mark Thomas at the SoHo theatre last night. For those who don't know of him (most of you) he's sort of a stand up comedian with a strong political bent. Basically, he makes you laugh talking about stuff like campaigning against the War on Iraq. If you ever get the chance to see him I strongly suggest you jump at it like a rabid ferret.
As a side note, he's in court today trying to get an order to prevent the government going to war with Iraq without a new UN resolution. I donated to the legal fees and here's hoping he wins.
A quick lesson in the wonders of how Java and GCC work together.
For quite a while now, the GCJ project has been adding Java support to GCC. It isn't perfect and building your big, using every API Java app with it could be a real pain. But it is getting better. Anyway, this is about working together.
Java has always had JNI for interfacing with other languages (generally C/C++). It works, but it's not exactly clean. GCJ, however, has the CNI which works much more nicely. A small example:
Make up a Java class and have some methods marked as public:
class CNITest {
public static native int native_call (String a);
public static void main (String[] args) {
native_call ("testing");
}
}
Build a class file and generate the header from it
gcj -C CNITest.java gcjh CNITest
Write the native methods in whatever language you like (given that GCC and compile and link it with Java). In this case C++:
#include "CNITest.h
jint CNITest::native_call (jint a)
{
return a + 1;
}
Now build it all:
gcj --main=CNITest -o cni CNITest.java cni.cpp
and it all works. Woo!
Went to listen to Stallman speaking on software patents at LSE today. He managed to panic the organiser when he didn't show, but after about 20 minutes someone said he had been spotted outside the tube station. Quite how he had been `spotted' I'm not sure, but he turned up 5 minutes later and things got underway.
The venue was quite small and there were about 50 people there. For some reason the room (The Hong Kong theater) reminded me of Korea in the way that it looked like someone gave the architect a picture of an old church room and said "build it like this", but the architect didn't quite get it right.
Anyway, a lot of people critise RMS for, basically, loosing his rag when he speaks but I guess he must have this speech pretty well practiced. In fact, maybe if he had lost his rag, I wouldn't have fallen asleep during it . It's not that it was boring, I was just pretty tired and it's almost instinctive when sitting in a lecture now.
There's little point in repeating what RMS said as I would just be preaching to the converted. See this if you don't know it all already and RMS really is Quite A Nice Guy in person.
Ok, it's a little early but I'm looking about for summer jobs anyway. I have an interview tomorrow for a job doing door-to-door book selling in Nashville (weird, but what the hell). I'd quite like to work for O'Reilly in Boston, but they aren't really in a place to start employing people at the moment. So, if you want to offer me a job, you know where the email address is .
Rumors are abound that Longhorn will have a new database file system. Of course, since it's Windows, nobody really cares because M$ have been talking about this since before 95 came out and we are still waiting. In fact, Ted Nelson[1][2] was talking about the same kind of ideas long before most of the people reading this were born.
Ted Nelson's ideas about this were known as Xanadu and Zigzag (a specific implementation). Basically all data was contained in cells and cells could be linked along axis. The GZZ project (formally known as GZigZag) has a good document about these ideas.
But, at it's simplest level it's about linking and it's about exposing. Now the classic system for this is the UNIX device system which exposes hard drives and other IO stuff pretty well. However, UNIX devices aren't exactly perfect. See this document about Plan9 for an example of the device model taken to a more useful level.
But even in Plan9, data is still locked away in odd file formats and that means a lack of linkability and exposure.
Take my mailbox, there's a huge amount of data in there locked away. I can't get a list of all the mail sent to me by a single person without a lot of work (see interwingle). Now you are free to say that it's a facet of how I store my mail (mbox format). But when I want to follow a link from an email, to it's sender, to his/her phone number (in another database) it ceases to be a problem limited to my MUA. If certain things were exposed better I should be able to to that, and follow links to anything else related I have about a person. This has harmonies with Semantic Web ideas, but this is about a human web of information - not a machine understandable one.
Hans Reiser articulates similar ideas (possibly better than I do) in his whitepaper. Now, Hans sets down a lot more detail than I'm doing here, and I don't necessarily agree with all the detail (which you can skip anyway).
Now, I've talked about this before and there is a strong link between the language parts of that rant and the ideas here, but I'm not going to go into that now.
more to follow...
It seems that along with Referer spamming, SMB spamming, and all the old fashioned manifestations of this vile practice, we now have blogdex spamming. It looks like it's something akin to google bombing.
The blogdex front page currently contains many entries like PremiumDomains - www.pornovideo.bz - DOMAINS FOR SALE and so on. Looking at the track page it seems that 8 sites in the ubiquitous.nu domain have been registered with blogdex and are successfully bombing it. Raph is going to have a field day
Zooko wrote me a email about the merits and demerits of Altas Shrugged and I decided to try and read it. I can't help but wonder if the loan length is ment to tell me something. A different book I got out today has to be back by 5/12, but Atlas Shrugged is due back 29/4/03
| / | Root |
| Alternate | The Weird and Wonderful |
| Backlinks | What are backlinks |
| John Gilmore | What's Wrong with Copy Protection |
| Archives | Blog Archives |
| One | Archive 1 |
| Two | Archive 2 |
| Three | Archive 3 |
| Four | Archive 4 |
| Five | Archive 5 |
| Six | Archive 6 |
| Seven | Archive 7 |
| Eight | Archive 8 |
| Nine | Archive 9 |
| Ten | Archive 10 |
| Eleven | Archive 11 |
| Twelve | Archive 12 |
| Thirteen | Archive 13 |
| Fourteen | Archive 14 |
| Fifteen | Archive 15 |
| Sixteen | Archive 16 |
| Seventeen | Archive 17 |
| Eighteen | Archive 18 |
| Nineteen | Archive 19 |
| Twenty | Archive 20 |
| Twenty One | Archive 21 |
| Twenty Two | Archive 22 |
| Twenty Three | Archive 23 |
| Twenty Four | Archive 24 |
| Twenty Five | Archive 25 |
| Twenty Six | Archive 26 |
| Twenty Seven | Archive 27 |
| Twenty Eight | Archive 28 |
| Twenty Nine | Archive 29 |
| Thirty | Archive 30 |
| Thirty One | Archive 31 |
| Photos | Poor People Caught on Film |
| Jack and the Beanstalk | Jack and the Beanstalk |
| RIP Scan | Results of a Stage Scan Fire |
| Yosemite | Yosemite National Park |
| Projects | Incomplete things from the lab |
| Seagull's Bane | Linux Automounter |
| bttrackd | BitTorrent Tracker |
| CAPTCHA | CAPTCHA CGI script |
| Conserv | Console Serving |
| Deerpark | Using Tor with Firefox/1.1 (Deerpark) |
| DNSFix | Fixing DNS |
| Xovers | XTA Crossover Control |
| IAFS | Archive Org Storage |
| JBIG2 | JBIG2 Encoder |
| Verify | PGP Key Verifier |
| MaxFlow | Maximal Flow in Python |
| PyBloom | Bloom Filters in Python |
| pyGnuTLS | Python wrapping of GnuTLS |
| Sxmap | Apache SuEXEC Map |
| Hellard | Union Server Notes |
| Recordings | Free recordings |
| ICSM Choir | St Paul's Church |
| School | Ancient School Stuff |
| Writings | Who knows |
| Cap Systems | Capability Systems |
| Intro | Introduction to me |
| Suprema | JMC2 Group Project |
| MP Letters | Letters I've written to my MP |
| Sound | Sound With Dramsoc |
| SyncThreading | The wonders of user-land threads |