Wednesday, November 14, 2007

Moving blogs again

It seems that my email-posting looks shit in everything that's not an RSS
reader, so I'm looking for a new solution. If you would all be kind enough to
add my wordpress account (http://alsuren.wordpress.com) to your feeds, that
would be ever so good.

I will decide which blog to stick with when I've tried out both for a while,
and had some feedback from people saying which is better for
reading/commenting on.

Saturday, November 03, 2007

[Proposal] Debian/Ubuntu "web of trust" packages.

[background] on Linux, sensible people *never* install programs that haven't
been digitally signed. This is how linux users avoid most malware bollocks:
Each time you sign a package, you give your word (generally trackable back to
the name on your passport) that it isn't malicious. Signing a malware
package, as a trusted developer, would get your name pasted all over
slashdot, and you would be flamed about it for years. (and possibly even sent
to prison, like a virus writer would) [/background]

Most of us on debian have (at some point) tried to install something, and it's
not been signed with a trusted key (one used by a trusted person). We then
have to go and get the key from a keyserver, in order to avoid error messages
each time we install a package signed by this person. This is ugly for a few
reasons:

a) How do you know that the key is trusted. You just got it off an arbitrary
webserver. None of your friends told you that it could be trusted.

b) Can anyone *ever* remember the command for importing keys, and telling apt
that they're trusted?

This is also a problem that alexreg and I identified as a requirement for our
windows apt-msi project, if it ever got off the ground. I think I have a
potentially elegant solution to this problem. Read on.

1) Create a package called trust-<name>-<fingerprint>-1.0.deb, which
automatically imports your key.

2) Make all of your packages depend on >=trust-<name>-<fingerprint>-1.0

That way, anyone who installs your package will only get warned once (if they
get warned a second time, then they can start to worry, in the same way that
ssh server keys work). This scheme *should* work without any special support
from apt.

Also, if you know a trusted developer, and they have you on their web of
trust, you can ask them to sign trust-<name>-<fingerprint>, and put it in
their repository. This way, users (or smart package managers) can install the
trust- package first, and proceed without having *any* "unsigned package"
warnings.

One thing that could be a little tricky is trust revocation. It might be
possible to create a package called trust-<name>-2.0 which revokes trust in
the key, but an attacker could create a package called trust-<name>-3.0 that
foils this scheme. On the other hand, getting onto someone's web of trust
generally means that they have seen your passport, so creating a situation
that required a key to be revoked would necessarily involve identity theft.

What do you all think? Could it work?

Friday, November 02, 2007

w00t

*while playing anaconda*

"It would be quite interesting to play this on an infinite plane."

Wednesday, October 31, 2007

Of love, life, and linux.

So I hear w00t about Gill [1] and not being ambiguous and not running away.

It seems that I have been struck by the "more girlfriend implies less
blogging" syndrome. I was thinking I could avoid it, but evidently not. There
has even been loads of stuff that I have thought "I should write about that".
I would also like to spew my feelings on here, but I suspect that some people
might have objections to that.

I really need an economist/machine learning specialist to help me build a
model of love based on utility/expected reward. So far, I have
Utility(him) = Utility_0(him) + love(her) * Utility(her)
Utility(her) = Utility_0(her) + love(him) * Utility(him)

So if love(him) = love(her) = love (a constant) then how large does it need to
be for Utility(him) to double? Also, should there also be a "time spent
together" factor in there, and what form should it take?


I've been stupidly busy recently. Probably my own fault for being so
lazy/distracted on the weekend/before. I'm gonna get screwed tomorrow for not
handing in work, and the next day (though I was able to do surprisingly much
of the risk paper in the half hour I thought I had)


In Linux news, we now have a JCR computer, for use with hermes. If you want an
account for more than that, please put something tasty in my (or Rob's)
pigeonhole. Also, if you know a good method for providing authorization
from /etc/shadow to kerberos or radius, please let us know. It would be good
to let all srcf users have un-restricted access onto the system. We'll see
what happens.


For Kopete users: a nice little hack: in the alias plugin, assign
"idle" to "exec dcop kopete KopeteIface setAutoAway"
Now you can type /idle to immediately go "away" until you next move the mouse.
Useful for adding finality to conversations without fucking up your status
for when you actually return.

[1] wget

http://alsuren.blogspot.com/2007/05/dancingthe-fateful-post.html

-o - |
sed -e s/Jill/Gill/

Friday, October 26, 2007

Organization

It seems I win at failing at organization.

*may have frantically started doing supervision work 10110* minutes before my
risk supervsion.*

*and no, that's not binary.

Tuesday, October 23, 2007

In other news:

Squee: I have my bike back! Fankoo mummum and daddums!

The Cambridge Lindy Exchange was really good, and I am thoroughly shattered.
Also, Cycling back from the speakeasy with just a sweaty t-shirt on is
probably not wise. I will go to the shops at some point and get lots of fruit
to ward off the customary "I've just been dancing with half of about 80
people from around the world" pestilence.

Sucks to be Stu, who managed to get diseased before they even *arrived*.

Reliable contact methods.

It would appear that email is the best way to contact me. My phone was having
a strop from about sunday morning until now, so attempts to organise meetings
etc. may have failed. *blush*

To contrast, I have checked my email about 10 times in that period, and my
computer has checked many more times, just to make sure that nothing was
missed, and so that it could quickly give me an error message if the system
failed for any reason.

Thursday, October 11, 2007

Performance Dancing

When I was in London, Sally asked me whether I would join a performance
troupe, so when I came back to cambs, I told the guys about it, and asked
them (very vaguely) whether it was a good idea. They said yeah...

Then on [last] wed, I went to the intermediates, and was completely dead. I
wasn't leading properly, and I was thinking way too much. Katherine also
reminded me that I was still yanking rather than body leading swing-outs.
Also, I should probably make the effort to get the breaks/half-breaks in the
shimsham. All in all, I really don't feel ready for performance dancing.

On the other hand, There are so many things that I keep getting told that I'm
doing badly, and I see really obviously when I see pictures of myself
dancing. Maybe joining a dance troupe would would provide the explicit
invitation for people to try to help me sort out those things. I think I
would also benefit from seeing a video of myself, and correcting my own
mistakes.

I think I will try to get at least one private lesson before the end of term.
I should ask Matt and Lotte about what's possible though.

I will tag the relevant people in the facebook copy of this when the lindy
exchange is over, and they're a little less busy. I would like to see
people's comments on this. What should I do?