Older blog entries for dnm (starting at number 10)

26 May 2001 (updated 26 May 2001 at 02:58 UTC) »

Just checked email. Oh well, never mind. I'll just try to do it at Defcon.

26 May 2001 (updated 26 May 2001 at 02:42 UTC) »

Oh, I almost forgot:

I submitted a abstract, outline, and bio to Jeff Moss, organizer of The Blackhat Briefings and Defcon for a presentation I'd like to deliver at this year's Blackhat: Las Vegas in July. It's titled "The Impact of P2P on Security in the Enterprise" and will attack the hard questions facing P2P and decentralized applications inside the space of a secure enterprise network. I think there's way too little of this sort of discourse going on in either the P2P community (where I see mostly a lot of talk of ad hoc NAT tunneling, among other worrying trends) or in the security community (where the bulk of P2P seems to be about Napster and how to stop it from raping all your bandwidth). This is dangerous. It's also dumb. I'm proposing to talk about these issues not only to the people developing the systems, but also to the security administrators whose job it is to make sure their networks stay secure. Hopefully this presentation will get the ball rolling.

If you think this sounds like a worthwhile presentation, and you will be attending Blackhat in Vegas this year, please mail Jeff and ask him to consider the presentation for inclusion into the schedule. I'm working on the PowerPoint that will be shown at the conference right up to the June 1st deadline. If you have comments or suggestions, please mail me.

Brief credentials: I work as a Research Scientist for OpenCola and also serve as the Chief Security Architect. OpenCola is a pre-IPO startup company working to provide distributed computing infrastructure (DCI) solutions to the marketplace (as in P2P and decentralized apps). Previous to OpenCola, I worked in Research for Viasec Limited, a crypto software development firm based in Ireland (now out of business).

Enough self-promotion. Sorry about that.

26 May 2001 (updated 26 May 2001 at 03:00 UTC) »
Swarmcast launched earlier this week. I suppose I've got some tangential job pride, even if I'm not directly related to the project. Swarmcast being released is good. I like to see the company do good by the community, and after all, it means my stock options are all that more likely to be worth something. And it forces us to respond to the real world demands of users, which we really need, and hopefully, will benefit from.

With the exception of the language structure and other related bits, most of the really snazzy features in Self are in Squeak these days (like Morphic). And Self on Mac OS is noticably unoptimized.

I want to do more with our software, but I keep getting penned in. I joined Research so that wouldn't happen. Obvious lesson: there is no such thing as research in startups. Not pure basic research anyway. Although, I'm not sure why I expected it -- the last startup I worked for was the same (and worse in other ways). Perhaps I thought it was a fluke and I ought to give it a second try. Fair enough.

I do, however, really treasure my work environment. It's amazingly flexable and I'm provided with ample resources. No complaints there. The work just isn't very interesting to me at the moment, although it's a field I have experience in. I think I was looking to diversify more and haven't yet been able to. On the other hand, if I do my bit to make the company successful, then I could presumably do cool stuff later when we have a stable base to develop on. I'm too impatient a lot of the time.

Still playing with Ruby. Still hacking Common Lisp. Still fiddling with lots of other toys. demoncrat is right: I need to release source code.

Picked up the PickAxeBook today.

stevej was right, I am a language nerd.

So, I'm working/playing with Common Lisp, Scheme, Python, Smalltalk, Java (rarely now, though), and E. I've toyed with Rebol (REBOL?), Haskell, Objective-C (wouldn't mind doing more, because I actually know it moderately well, but I was using it for Mac OS X stuff that's currently on hold), and (eek) REALbasic.

Oh, and Self. Just noticed there's a Mac OS environment for it.

More to come...

Roar. Growl.

I feel torn. I'd prefer to be writing everything in Lisp or Scheme, but I feel the need to do things in Java, Python, Objective-C, and the like. Why? Modern support, peer pressure, availability of free development toolkits on multiple platforms, API support, etc, etc. Some days, I just can't bring myself to look at anything that does variable assignment.

Recently got a Mac OS X box up and running using the stock CD copy of Public Beta. Not bad. The Aqua look and feel was novel for about an hour before it started hurting my eyes and distracting from the the general "use" experience. I like that I can forget about the UI in Mac OS 9 and just do work. Honestly, as nice as it is in some ways to be back in a NeXTSTEP/OpenStep-ish environment with Mach and Objective- C (I was a big NeXTSTEP/OpenStep fan and developer), there are lots of things I could do either without or with a lot of improvement in Mac OS X. But overall, I think it's a win, so long as they include more optional functionality (like a native Mac OS 9 UI option [I can't shade windows in Mac OS X -- it minimizes them in an agonizingly slow fashion to that horror that is the Dock]) in the upcoming public release. Oh, and it needs to be a lot faster. I have it on a G4 with 192 MB of RAM and it redraws real slow. I wonder if they're using Altivec functionality in the Public Beta. I think not. They better in the release version. More native apps would be nice too, but that'll come with time.

Intertwingle plods along. I have a bare-bones API (if you can call it an API) in Scheme that I'm busy turning into working CL code. I'm still debating doing it in Java too, if only because of rich class library support and public attention.

Need to find some time to get my head around turning E into JVM bytecode for the first E compiler (which I'm dubbing Eco).

My end of Vapour has stagnated, I need to get back on top of that too. And CLAS. And R6RS. And I want to help out/pick up some new projects too, especially something on SourceXchange. And I want to get my personal domains set up and running. All of this, plus work, love, and the rest of life. Something tells me that I either need to moderate my expectations or get real good at time management. Probably both.

Insert obligatory groan about not posting to Advogato more often here. See my LiveJournal for corresponding irony on previous statement.

Doing more with E in all sorts of ways. openCOLA has agreed to take me at my word that E is the way to proceed with our DRM strategy and especially for Smart Contracts, the true killer app of distributed capabilities. oC has hired markm on contract and I'm being given the go-ahead to hire stevej as one of two full-timers for E/DRM implementation. I just announced today on the e-lang that I'll be starting work on an E to JVM bytecode compiler. All sorts of hackery abound.

I have other projects I need to devote some more time to, especially Lispy stuff, speaking of which, the LispM has arrived (pictures forthcoming).

I haven't posted in ages, apologies for that.

Work has been fun, and I'm back in Toronto, crunching down on getting the digital rights management (DRM) overview and execution plans done/revised (living document land). Lots of stuff needed for investor presentations, etc. Spent a week+ in California with Steve and Gurjeet. Got to visit Cyan as well ("Hi!" to all you people).

Recent technical playgrounds include Haskell (interesting lambda calculus ideas in a language that's not Lispy! Neat!) and some more Java (I've bought a number of Java books, somewhat in the hopes that their wanting stares from the bookcase will compulse me to at least give Java the benefit of the doubt, and to dabble in it). And Csound! Csound rocks, but this is going to be a steep learning curve. However, I've wanted some more practical reasons to break into DSP stuff anyway, and learning Csound will be excellent for that, plus it'll provide a creative outlet. Somedays I suspect that I'll only do hardcore technical stuff of the nature I'm currently doing for three more years max, before I decide to take up artistic pursuits full time (music, mostly). We'll see.

Things are progressing nicely with the E project. I find my main task now is bringing other non-project people up to speed with E and it's basic concepts, and why they're different (and in some circumstances, better) than what people know about. I have to flesh out some more material on the E Documentation Project I proposed to markm a while back.

I've been wasting way too much time at WikiWikiWeb.

Oh, and most recently, a new laptop. The Dell Inspiron 3800 I had started having issues. Ironically, although not altogether unexpectedly, the most severe issue becoming a problem after it was fixed for a completely different issue (this also happend to a co-worker here). All of the Dell laptops we've had in the company have had a problem of some major nature now, except for one. I'm now using a Toshiba Satellite Pro 4300 series (with DVD!), and I like it, although the Inspiron had an arguably better video card.

14 Oct 2000 (updated 14 Oct 2000 at 18:18 UTC) »

I'm begining to come to the conclusion that understanding Java's learning curve is about 40% of understanding Sun's ontology of confusion on what exactly Java is. Yes, it's a language, but it's also a class library, and a security concept, and a virtual machine. But it goes well beyond even that if you start to deal with anything other than the J2SE. For me, I deal with the J2SE, the J2ME (which encompases the KVM, usually paired with the CDLC, which I'll use with the MDIP in some cases, but not in others). Some of the more interesting non-Sun Java related projects like E and Waba seem a lot more conceptually complete. The constant renaming Sun does to Java seems to be a half-hearted attempt to provide a complete solution to everything using an (IMHO) okay (and saying "okay" is generous coming from me when talking about Java, most days) language/VM/security model/library/rubber duck. And I'm sure it'll only get more interesting when C# and .NET hits the mainstream (MSDN developers already have some iteration of it).

I wouldn't mind having a CommonLisp.NET, necessarily. We'll see.

I'm not particularly looking forward to getting down and dirty with Java anyway, but I'll do it. I think I'll still like it more than C++ or Perl. Perhaps I'll like it more than C (which wouldn't be too hard). The scary thing is that I know enough Java to be dangerous from an architect standpoint yet I don't know if I want to know enough to be dangerous from a builder standpoint.

It doesn't need to be said, but I would so much use Common Lisp, a decent Scheme, or Smalltalk over Java any day, if only I could do with them what I can do with Java (if the hype is to be believed) -- put it on mobile phones, PDAs, etc. Technically, it's all doable, but none of those have Sun rallying behind them as team cheerleader, and others like IBM with pom-poms firmly held high.

I've been playing more with Xanadu and Udanax toys. Picked up where I left off on jwz's Intertwingle too. Current milestones are to hack together a basic Intertwingle implementation in Smalltalk or Lisp (I'm partial to Smalltalk for this for the easy GUI bit). Yet more reasons to work on that Lisp to Smalltalk/Smalltalk to Lisp tool. On a more mundane level, I think you can build a decent Intertwingle out of some common Emacs tools, namely BBDB, VM, and Gnus -- modulo some modifications and hackery to each.

The next bit is to coax secrets out of the Udanax Gold code, which is all currently couched in a particularly twisted, heavily modified ParcPlace Smalltalk and special Smalltalk subset. And there's a C++ translator in there somewhere too.

Flying up to Toronto on Sunday. Planning to kill time with co-workers and launch new and exciting (read: sketchy and dangerous) research proposals. The basic R&D squad is actually coming together quite well, this round of talks should help cement some questions I still have.

Well, the Rijndael code mentioned below will have to wait, at least for now.

Spent most of Saturday playing with various XEmacs betas. I think I'm going to really like the 21.2 chain coming up, I just hope it shows up on Windows sooner rather than later and minus some particularly in-your-face bugs I had to deal with in the two betas I tried. As it turned out, I grabbed 21.1.12 source today and compiled using Visual Studio. Some small build related bugs, but nothing requiring source modifications. I'm grabbing packages as we speak (err, as I write).

Need to spend more time reading. Also, hopefully by the beginning of this week coming up, I'll know where the LispM I bought is being shipped to and can plan accordingly for my next move, which I have a feeling will be San Francisco.

Vapour now has a SourceForge presence. When I manage to get myself back to Boston, I'll tidy up the SPARC code that I've hacked so far and put it up on the CVS repository. Also have some directional documents for the project floating in my head I should formalize and publish on the list. All in due time...

R6RS and CLAS haven't attracted much attention from anyone here yet, but that's probably due to having a lack of motivating material available. Something else to focus on. I think all of these projects will be much easier for me to handle once I can aggregate all of my stuff, especially my library, in one semi-permanent spot.

raph, site suggestion: how about a <project> shortcut tag, a la <person>?

3 Oct 2000 (updated 3 Oct 2000 at 12:35 UTC) »

I've been toying some more with Smalltalk v. Lisp for some projects. I'm not really sold on the "object-oriented programming works for everything" idea (although as far as I'm concerned, Smalltalk does have the best embodiment of a true OO environment), but for rapidly prototyping some stuff in which I want visual control and feedback, it's hard to beat Squeak. Besides, I like Smalltalk, even if I like Lisp more. I blame it all my exposure to NeXT boxen (which was after my exposure to Symbolics boxen). ;]

I'd like to keep the finished product (as well as the code releases up till then) in Lisp though, so that I can back out and jump to a higher, more generic abstraction layer. I was writing in my personal catalog of ideas a while back about the potential of a Smalltalk to CLOS/CLOS to Smalltalk translator. Perhaps this would be a good time to rehash that.

Hacking together more of Clever (my openCOLA clerver in Scheme) as well. Turns out I need to implement XPath tools in Scheme (I haven't found them anywhere yet). I'll give the code away to PLT and anyone else who wants it. Yes, I am a member of the Underground.

Since I may be dabbling in Smalltalk anyway, can I recreate E's basic model in Smalltalk? Would it be of any practical use? I think it may, but there are probably issues with being sequential. I should ask markm before doing any of this, he's probably already done it.

If I get really organized today, I'll put together those implementations of Rijndael in Scheme and Smalltalk I was thinking about earlier today -- more for just kicks than anything else. I wouldn't be surprised if I could get really well performing code out of a Scheme version compiled with Stalin, though.

I'm so glad Rijndael won. Makes me feel as though the papers I submitted to the AES during the public commentary (and other phases) paid off.

1 older entry...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!