igmus logo

www.igmus.org : jeremiahcode : archive : systems :


:: DJB @ Stanford ::

Dan Bernstein will be talking about the evils of DNS to Stanford's CS Security Seminar, 11 Feb. Let me know if you're attending.


The Domain Name System publishes records such as ``www.stanford.edu has IP address'' An attacker can easily forge these records, stealing your incoming and outgoing mail, web connections, etc.

Stopping DNS forgeries is a straightforward application of public-key cryptographic signatures. Or is it? After ten years of effort, the DNSSEC implementors are making comments like ``We're still doing basic research on what kind of data model will work for dns security ... wonder if THIS'll work? ... We're starting from scratch.''

Why is it so hard to protect DNS against forgery? Is DNS security going to remain an abject failure for another ten years? This talk is a case study of the integration of cryptography into the real world.

Link | 04 February 2003 | in Systems | Comments (0)

:: Gentoo among us ::

I've been using the Gentoo distribution for ~5 weeks, on a primary server. My take: it's a contender as leading distribution to developers and admins, if it can iron out bugs and binaries.

Package releases are made quite quickly. Both security and general package improvements flow continuously. Distribution "releases" (1.4 is slated for late December) are cited only in the context of general goals, while the stability horizon marches forward, unrestrained.

Gentoo installs everything from source -- a modern descendant of BSD ports. This custom compilation of packages, under portage, optimized to the limits of your live architecture, is theoretically pleasing, but of dubious practical benefit. And when you have a full day of such compilation (in the case of broad install plus gnome or kde) the benefits fall to zero. (Although I continue to enjoy the compiles rolling by -- I simply can't justify it. :) 1.4 is set to introduce binary package sets, targeted for a few major enviros (p3, p4, sparc4, etc.) This makes sense: a huge, built base, with compilation at the fringe, or as one upgrades.

I chanced installing Gentoo on a deadline; a mistake, of course. The general learning curve (not too bad) and several showstopper bugs (bad) eventually caused me to build several handfuls of packages myself, eliminating the automaintenance benefits.

Interrelationships among packages is the big gotcha, builds fail based on that java rev or this library flag. Packages are moving prematurely out of testing into stable, before widespread testing. One existing relief is used infrequently.

In fact, many build bugs seem to remain dormant in Bugzilla for weeks and months at a time. Further, the choice of bug resolution seems arbitrary to an outsider, but likely makes sense given volunteer resources.

All this is hashed and rehashed on the developers list. No doubt, much a matter of people and time.

I look forward to Gentoo's future.

Link | 16 December 2002 | in Systems | Comments (0)

:: Java on the Desktop ::

Gosling, quoted:

Microsoft provided tools that developers have ended up being forced to use to build desktop software, he said.

"And, for lots of desktop developers [Windows] was the only market that actually mattered," Gosling said. "That is, I think, deeply tragic."

The above conceit is an appropriate one, as long as it remains consigned to Sun's public marketing. James, being a smart fellow, understands the distinction between a Java desktop application and a usable desktop application. But there's no admitting that on stage.

It amuses me to read articles citing Microsoft's destruction of Java. No doubt they have it in for Sun (and often support dubious technologies), but the early MS JVM was the singular reason I could deliver professional Java applications (1997-98) given Sun's original, adolescent runtime and libraries.

Since the appearance of .Net, I've been mourning the loss of Java. It's brilliant for server use, I quite like the language -- and the present broad, industrial-strength API set is an unprecedented joy in the history of code. But if it can't move beyond servers, it will fade to competition. And Sun has been responsible for its failure on both browser and desktop, via petty and (ultimately) self-destructive behavior. Further, Sun has assured the bifurcation of a unifying technology, and rejected technical advances, important enough to real projects, to excite (Mono, dotGNU) the open source crowd.

There is one possibility. IBM wrests away control of Java, open sources their JVM (let the porting begin!) and makes a real push for the efficiencies and rounded APIs required of desktop use. In the same way latest Mozilla might have a fighting chance by virtue of solid implementation of standards, huge platform diversity and malleable component use for other development.

It'll never happen.

Link | 04 October 2002 | in Coding, Systems | Comments (3)

:: Further reading on this article ::

sites & logs

· Astronomy POD
· NY Times Cartoons
· ...

Section links
· Hack the Planet
· Web Voice
· Paul Graham articles
· diveintomark
· Joel on Software
· Long Bets
· Raph Levien
· rebelutionary
· Lambda the Ultimate
· Adam Langley
· sweetcode


· Anders Brownworth
· Ed Homich
· J. Dean Brederson

“The true delight is in the finding out, rather than in the knowing” — Isaac Asimov
· (Citizen Wohl)
· (Colophon)
· (Resume)
· jeremiahcode

· glastree
· triggers
· tess
· dlq
· Short Shorts
· (Short Stories)
· (Essays)
· ........
· ........
· ........
· Volleyball
igmus | My personal site. Some visual, aural and prose expository. Circumnavigate the toadstools; they've only got one leg.

Home | Correspond | San Francisco, CA
© Jeremy Wohl