rullzer

Yesterday evening, at a friend birthdayparty, I had an interesting discussion with some people about GPG keysinging (you know the usual birthday-talk-stuff). And the main questions was `why do we do “official” ID verification for the web of trust?` A GPG key contains too little information to make chekking against a government ID usefull. There are many many people with the same name so the only thing you actually verify is the name on this ID matches the name of the identities that I am signing, but that is not really what you are interested in for the web of trust. Since can’t I be part of the web of trust if I have a nickname listed as my identity? Or what if the name of the identity is Joe but the name of the ID is Joseph? The thing we really want to establish in the web of trust is to know that the key that you sign actually belongs to the person that claims that it is his key.

The solution

The solution we came up with is actually very simple and already possible with GPG anyway. You attach a photo to your public key! This ways if you (in person) claim that the key belongs to you (you say the fingerprint is correct or whatever) the person that wants to sign your key can check (live) to see if the photo attached to the key is really you. Of course this will require yout to update the photo every once in a while. And well since you only have your private key (or at least I hope that is the case) you are the only person that can add (or replace) the photo in your key.

A nice side effect is that you don’t have to show your ID to a lot of people (which could be a problem to some).

Remarks

I can’t really think of any reason (right now) why this would be less secure than checkking an official ID. But maybe someone can?

Over the last week I have been reading up on xmpp, I started out with reading two RFC’s: 3920 and 3921. These gave me a more in depth understanding of xmpp. However I am mostly interested in the publish/subscribe extension for xmpp (XEP-0060).

Publish/subscribe can be used for a lot more (see XEP-0163) but one of the most logical implementations to start with would be publish/subscribe as a rss-polling replacement. Right now a lot of people get updates for a website via an aggregator, this basically works by fetching an rss or atom file on a given interval and then parsing the result. Lets say your interval is 1 hour, then a worst case senario would be that you get the update 59 minutes later than it is published. A “solution” would be to set the interval to 1 minute. However this creates unessesarry bandwidth (and load) to the server.

For all this publish-subscribe seems to be the solution. The best way to see it is as a one-way chat. When a news items (or blog post or whatever) is post an item is published to a node. That node then sends out the notification to all subscribed clients. It is clean and simple (for a more in depth explanation you should read the XEP or google a bit!).

Now it would be awesome to see this implemented in some aggregator (especially Akregator since I am a kde-man), of course that would have to be done in such a way that I can use my existing JID (Jabber-ID) but that it does not appear online or receives other messages.

I think a good way to start is for me just to check-out the sources of Akregator, yet another project

Since my webhost had a php upgrade some the php scripts that generates the bash.org rss feed did not work any more. However after some minor fixes it now works like a charm again!

I was looking around in the world of QR Code today and found that you can share your WiFi (SSID, password and network type) via a QR code! It works flawless on android and probably also on other platforms. Will safe me a lot of time to tell people the password every time!

1. Go to a QR code generator site (I used this one“).
2. Choose “WiFi Network for Android” from the drop down list.
3. Fill in you network details and export (to SVG of course since vector graphics rule!).
4. Print the code and put it on the refrigerator or something .
5. Let your friends scan the code.

Awesome stuff those QR codes!

This year I will be attending FOSDEM! Together with Sander and Daan I will be in Brussel from Saturday morning till Sunday evening! I am very excited and really looking forward to all the talks and discussion with everyone!

Now I finally get to put the famous button on my own website:

See you all at FOSDEM!

Yesterday I found myself with some free time and still no nice bluetooth programs in my kde-4.5.2 setup. And since yesterday bluedevil-1.0 was released it sounded like good time to try it out and fix some ebuilds.

So if you go to the gentoo bugzilla and then navigate to bug #345239 you will find two “quick-and-dirty” ebuilds. But they work

So if you want bluetooth in your kde, check them out and if you have the skills and time improve the ebuilds.

Yesterday my good old HP Deskjet 5440 died on me But after almost 4 years of great service it was his time. I needed to print something so I went and bought a new printer. The shiny HP Deskjet 3050, it is a so called “All-in-one”… which basically means I can copy at home now Now the printer is equipped with wifi ( I did not really care about that but since it has wifi I will of course use it )

Installing the printer on my girlfriends windows machine was relatively straight forward, but I still do not uderstand why I would need a 50mb download for some printer drivers?

Installing on my laptop was also made easy thanks to hplip. However I could not print! My cups log had the following message:

/usr/libexec/cups/backend/hp failed

Which is not that clear at all. Enabling debug loglevel in cups did not make things any clearer. After a lot of googling I found someone suggesting to install avahi. Which indeed is the solution!

So now I am happily printing! And will not try to get scanning up and running

The last couple of days I have done some coding for Android. All my resentment towards java is coming back but getting some cool mobile app requires sacrifices! But I do not want to write about java today.

The problem I encountered when installing the Android SDK is that the some of the programs won’t run on non-multilib AMD64 installations. This is really annoying since I do not want to have 32bit libraries on my system (it is matter of principals!). But linux to the rescue! A simple multilib chroot allows me to compile and deploy my android apps!

Mounting (with bind) the source directory allows me to code in my normal env while compiling in the chroot. Which is not a big thing for me since I code in VIM but for IDE users this might be an advantage!

So for all native AMD64 users there is hope! But it would be better for the Android devs to fix the binaries!

This morning I was up rather early (well not that early but the others were still asleep ). So I decided to do a little coding and came up with a very simple Qt desktop client for facebook. Since it would of course be nice to have client sitting in your task bar showing new notifications, later this can be extended but for now that will do.

All this was created in a about an hour but would not have been possible without qfacebookconnect.

It is far from finished and no notifications are really visible yet but a nice start is made (not bad for 45 minutes coding). See the git repository of qbook if you want to take a peak, all paths are currently hard coded so you will need to do a little hacking, this is mainly because qfacebookconnect is not yet in portage so I can properly link to it.

Maybe next time when I am up early I will first fix an ebuild for that one

This weekend I finally updated the router (Linksys WRT54GL) to OpenWRT-8.09.1. I was running 7.07 so it was about time. This means I moved form a 2.4 kernel to a 2.6 kernel.

It seems there are still some problems with the wifi but we have a dedicated acces point for that. Which means the required software is not even installed on the router. This is a good thing since there is very limit storage on the router.

While I was playing with the router I wanted to, finally, get OpenVPN running on it. Not that I really need the VPN but it is a matter of principles! So I started out with the OpenVPN Howto which guides your pretty much trough the whole setup.

However since room on the openwrt is limited, the easy-rsa (for key generation and signing) is not included. So I used my server to generate the keys and certs.

The ethernet-bridging is not necessary in my scenario but it seems the best way to go, espessialy since I want to implement it for some people that want to browse the samba shares. It is however important to note that you should have different local subnet and remote subnet.

So a productive weekend. It still feels cool that the router (which coasts only 55 euro’s) can be pimped so you can ssh to it, work with IPtables and act as an OpenVPN server! Embedded linux rocks