Older blog entries for RyanMuldoon (starting at number 38)

I've started to play some with WebDAV (using Apache and mod_dav). So far, it has been rather impressive. I felt really good about how cool linux is getting today too. I decided to test mod_dav, but I didn't have any of the software to do it on my workstation. So I opened red carpet, went to the redhat 7.2 channel, and downloaded apache, apache's documentation, mod_ssl, and mod_dav. It then downloaded and installed it for me. That entire process took about 3 minutes. Then configuring httpd.conf to do DAV with some auth took about 15 minutes. And I fired up Nautilus, and tested it. Cadaver worked too. Extremely cool. Being able to go from zero to fully functional DAV environment in like 20 minutes is pretty amazing.

The real test is probably going to be how well I can get this to work in an "enterprise" environment. I'm trying to figure out how I can integrate it in with an initial-sign-on system that I'm developing, but that may be impossible, since most DAV clients don't support all of HTTP, like redirects and cookies. At the very least, though, I need to come up with an easy way to add new users and groups, and their associated folders. Also, some quota-like functionality would be very useful. If anyone has ideas on how to do this, please email me. Once I finish, I am going to try and document how I did it, and see if webdav.org wants it as a user resource.

After I solve the enterprise DAV problem, I want to move on to shared tasks/notes. Then slowly the other groupware type features. I basically want to see if I can develop a useful content management system, with groupware type features, using all free software and open protocols. So desktop apps can use it, or users can use a web interface. I am utterly convinced that all (or most) of the pieces are there, and I just need to discover how to put them together in a nice package. And if I get to do some of this research for work, all the better. Lots of architecture work. Hopefully I can come up with a solid plan, and bring some people in on developing it. This would be very useful for higher ed. And in general, I would think. It would be great if small/medium companies could just install an "office server" cd on a computer, and it would set up all of their groupware stuff for them. Then just install "office workstation" cds that can read configuration off of the server, and get up quickly. This stuff is all there - it just needs to be productized and polished.

gregf: Why not just back up session data to a server? That would be pretty cool, actually. The bulk of the work would be to figure out if there is an existing protocol that is good enough, or if you need to design a new one. ACAP or LDAP servers might work for the back-end. For a proof-of-concept, you might want to consider writing a GConf backend that can do network saving. That would be pretty cool.
yakk: unfortunately, it isn't "the will of the people" to just try Osama Bin Laden. I actually have faith that the administration has plenty of evidence that he did it....it is just that people want blood. I wish that we could take the course of action that you suggest, but it will never happen. Bush is being told that he'll lose re-election if he just goes after a single arrest. People want a war, and that's what he'll give them. Unfortunately, people only want war after the media has done an excellent job of building bloodlust (for example, the Discovery channel had a program entitled "Know your enemy" two nights ago....it was about Afghanistan). I want justice, not death. I refer you to chapter 14 of a People's History of The United States - "War is the Health of the State."
Home Entertainment ramblings

Lately, I have decided to marry the two things I spend any money on: home entertainment and computer hardware. I want to upgrade to a (dual?) athlon box in the next couple of months, abandoning my still-capable dual celeron 366 machine. I realized that I'm still going to have a lot of parts left over from that upgrade. I am also moving into a new apartment with my friends, and I will be one of the few people with any money for setting up some kind of home entertainment system. My goal for the year is to get a decent mid-sized tv, and a dvd player. If I'm lucky, I'd like us to also get a receiver and a 5.1 speaker system. The downside to this is that I will only have a DVD player from which to play music. So, I want to take my current computer and turn it into an MP3 jukebox of sorts. The goals/constraints are as follows:

  • Easy for non-computer people to use
  • Network-connected
  • should double as an MP3 server for the house
  • Icecast server?
  • Should plug into the normal A/V system
  • should be easy to make new playlists
  • Ideally, it should have a remote
  • Should be cheap to do

The hard part is going to be how I make it easy to use...I don't want to have to have a monitor. But I *do* have a voodoo3 card with a tv-out. So it could plug into the TV or something. But that still is unappealing. And I don't want a full-size keyboard. Probably the best idea is to have a web-based interface that other computers in the house can access, to build up playlists. Then a remote control to do normal stereo functions. Bonus points would be if it could work from a universal remote. Anyway, that's my little hardware project that I want to undertake in a couple months. If anyone has any ideas on this, I'd be interested in hearing them. ;-)
apw: It seems like you are oversimplifying the problem space to an enormous degree. For instance, if I present you with a valid cert, how do you know that it is actually mine? If we have no pre-defined trust relationship, you can't know. But then let's say we do have a pre-defined trust relationship, and someone identifying themselves as me with my cert tries to make some kind of transaction with you. This requires you to trust me in two very important (but distinct) ways: first, you need to trust that I am technically competent enough to keep my private keys to myself. And second, you need to trust that I am reliable enough a person that I am not going to give someone else my private key. It's not as simple as saying "lets all get smart cards and make browser plugins" - it is a rich and complicated area of research. If it were an easy problem, it would be solved by now. People have been working on this for a couple decades. It's good to think about, but please realize that there is a lot of hard work still to be done. And it isn't all just technological. If you're aiming to have a solution to counter Passport, there are a number of existing projects to look into. I'm involved in the Internet2 web-iso and Shibboleth projects, for example. I know that there are many others. Just some food for thought.

Negative Certs: I have mixed feelings about negative certs. They may not be appropriate for Advogato, but in terms of a trust metric, they do make a lot of sense. Trust is not just measured in positive amounts. There should be a difference between ambivalence (Observer) and active distrust. If I have had a dealing with someone, and they acted in a dishonorable manner somehow, I should be able to publish that fact, to help others judge whether or not that person can be trusted.

As I've said, this probably does not make sense for Advogato. Ambivalence is adequate. Unless you think that someone stole code and published it as their own, and is a no-talent hack that has convinced everyone of their greatness, there is no need for negative certification. But I think that negative certs are extremely useful when transactions come into play. Any time someone actively violates a trust relationship, that should be noted. In the coming future of peer to peer transactions, I want to make sure that I'm only dealing with trustworthy people.

I had a kind of cool thought - combining UDDI with a trust graph, so I always find the best service provider. For that to work, though, negative certs need to be taken into consideration. Once you get to something like this, trust becomes more complicated. You have to consider *how* you trust someone. Trust is not all-encompassing. How we represent that is going to be an interesting policy issue. I could go on, but this is a rant for another day. ;-)

jamesh:The free software CA idea is interesting. I have been thinking about issues surrounding Certificate Authorities a good deal recently. Pretty much all of the projects I am working on at work end up requiring certificates all over the place. Servers need them, but people also need some form of them. Since these are all higher education projects, it seems like a lot of people will be using this stuff once it is finished. The licenses on the projects are all Free, but I'm worried about the tens of thousands of needed certificates. It doesn't seem like that aspect of things scales very well. But I do think that absolute certificates are needed, rather than an advogato-style trust metric, since in this case trust is a binary issue. Trust is a hard problem....you have to implement a system where you can be sure that no untrustorthy people get trust, but it can't be overly hard to use, or cost too much, and ideally no trustworthy person should be denied trust.

School is all done with now, and has been for a few weeks. I am now working for my school's IT department, in the Architecture group. It is turning out to be a pretty cool job. I am working on several Internet2 projects, like MACE-dir, eduPerson, and Shibboleth. The work is really interesting, and I am enjoying the opportunity to do design analysis and such. Also, a very nice aspect of doing work for higher education is that everything I write is Free Software. So it is a pleasant work environment.

I have also just started my DVD collection. I bought Almost Famous, High Fidelity, American Beauty, and Fight Club. Now I am in the process of deciding what other movies I should get, and what versions of those movies are the good ones to get. Beyond the annoyance with CSS and Region Encoding, DVD consumers are really taken for a ride in terms of releasing multiple versions of the same movie. Some movies have a normal version, a collectors edition, and an ultimate edition. I can understand a movie-only cheap version, and a special/collector's edition, but having multiple enhanced version is frustrating. And then you also have to consider quality of transfers, etc. I love the higher quality of DVDs though, and I certainly can't go back to VHS. I intentionally held off on buying movies until I started collecting with DVDs. To make myself feel better about buying DVDs, I am buying used copies off of half.com, so I don't support the MPAA's DVD policies. The flip side is that I am also not supporting the actors or writers, but they get so little anyway, it doesn't make a difference. Too bad I can't decide where my money goes in terms of royalties.

Phoon: Be careful with the line of reasoning that you are using. While, yes, there are some instances where someone is accused of rape without having actually raped someone, I promise you that this is a very, very small percentage of the cases reported - let alone the uncounted numbers of rapes that are never reported. You have to realize that the victim of rape suffers a great deal from just reporting the rape - they don't really want other people to know about it. Bringing charges is not a simple matter, and decisions to are not made flippantly. And, as someone else has said, rape is not about sex. Rape is flat-out violence. Rape is violating someone in the worst way possible. That has nothing at all to do with sex, which is a mutual exchange. I am sure (or, at least I hope) that you are a decent person - just please, I urge you, to carefully think about such things. Hopefully you will come to the conclusion that some things are simply beyond reproach.

Until today, I've stuck to writing diary entries solely about computer-related topics and fairly light conversation. But, I really can't let myself ignore comments like this. I wouldn't feel very good about myself if I did. So, for those of you reading this that find this discussion off-topic, sorry. But, just like RMS says that economics is something to worry about once freedom is assured, the world of computers is something we can worry about once our basic human rights have been assured. I worry that some very smart-seeming people in various online communities are so involved with computers that they fail to see the world around them, and all of the very serious problems that need to be addressed. It is great to have strong ethics with software, but unless you also have strong ethics in the real world, it doesn't matter much.

Phoon: I really hope that you don't believe what you wrote. 90% of rape claims being false? That really disturbed me to read such a thing. If anything, the much more likely scenario is a large percentage of rapes go unreported, because the victim feels that they are somehow responsible, or that they were "asking for it." I'm sure that there are a few reported rape cases that are not true, but that goes for any crime out there. Innocent people are accused sometimes. BUT, I beg of you, don't trivialize something as serious as a rape charge. If anything, we should be working towards creating an environment where it is more ok for a victim to bring charges against a rapist. Rape it pretty much the worst thing that you can do to someone. Even comparing it to something like intellectual property rights is disturbing. If someone takes source code that I license with a less restrictive free software license, like BSD, they are in no way stealing. It was my choice to offer my code that way, and not be in a position to demand contributions. But claiming that this is somehow remotely similar to the trauma one goes through with being raped is just horribly wrong. Computers, and even intellectual property, are a really small part of life. There are many more serious problems in the world. I see too many people in forums like this or slashdot forget that while it is great to notice injustice in the world of intellectual property, we can only do that out of extreme luxury of circumstance. Have some perspective on life.

29 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!