rullzer

Yesterday evening, at a friend birthdayparty, I had an interesting discussion with some people about GPG keysinging (you know the usual birthday-talk-stuff). And the main questions was `why do we do “official” ID verification for the web of trust?` A GPG key contains too little information to make chekking against a government ID usefull. There are many many people with the same name so the only thing you actually verify is the name on this ID matches the name of the identities that I am signing, but that is not really what you are interested in for the web of trust. Since can’t I be part of the web of trust if I have a nickname listed as my identity? Or what if the name of the identity is Joe but the name of the ID is Joseph? The thing we really want to establish in the web of trust is to know that the key that you sign actually belongs to the person that claims that it is his key.

The solution

The solution we came up with is actually very simple and already possible with GPG anyway. You attach a photo to your public key! This ways if you (in person) claim that the key belongs to you (you say the fingerprint is correct or whatever) the person that wants to sign your key can check (live) to see if the photo attached to the key is really you. Of course this will require yout to update the photo every once in a while. And well since you only have your private key (or at least I hope that is the case) you are the only person that can add (or replace) the photo in your key.

A nice side effect is that you don’t have to show your ID to a lot of people (which could be a problem to some).

Remarks

I can’t really think of any reason (right now) why this would be less secure than checkking an official ID. But maybe someone can?

Over the last week I have been reading up on xmpp, I started out with reading two RFC’s: 3920 and 3921. These gave me a more in depth understanding of xmpp. However I am mostly interested in the publish/subscribe extension for xmpp (XEP-0060).

Publish/subscribe can be used for a lot more (see XEP-0163) but one of the most logical implementations to start with would be publish/subscribe as a rss-polling replacement. Right now a lot of people get updates for a website via an aggregator, this basically works by fetching an rss or atom file on a given interval and then parsing the result. Lets say your interval is 1 hour, then a worst case senario would be that you get the update 59 minutes later than it is published. A “solution” would be to set the interval to 1 minute. However this creates unessesarry bandwidth (and load) to the server.

For all this publish-subscribe seems to be the solution. The best way to see it is as a one-way chat. When a news items (or blog post or whatever) is post an item is published to a node. That node then sends out the notification to all subscribed clients. It is clean and simple (for a more in depth explanation you should read the XEP or google a bit!).

Now it would be awesome to see this implemented in some aggregator (especially Akregator since I am a kde-man), of course that would have to be done in such a way that I can use my existing JID (Jabber-ID) but that it does not appear online or receives other messages.

I think a good way to start is for me just to check-out the sources of Akregator, yet another project

Since my webhost had a php upgrade some the php scripts that generates the bash.org rss feed did not work any more. However after some minor fixes it now works like a charm again!

The last couple of days I have done some coding for Android. All my resentment towards java is coming back but getting some cool mobile app requires sacrifices! But I do not want to write about java today.

The problem I encountered when installing the Android SDK is that the some of the programs won’t run on non-multilib AMD64 installations. This is really annoying since I do not want to have 32bit libraries on my system (it is matter of principals!). But linux to the rescue! A simple multilib chroot allows me to compile and deploy my android apps!

Mounting (with bind) the source directory allows me to code in my normal env while compiling in the chroot. Which is not a big thing for me since I code in VIM but for IDE users this might be an advantage!

So for all native AMD64 users there is hope! But it would be better for the Android devs to fix the binaries!

This morning I was up rather early (well not that early but the others were still asleep ). So I decided to do a little coding and came up with a very simple Qt desktop client for facebook. Since it would of course be nice to have client sitting in your task bar showing new notifications, later this can be extended but for now that will do.

All this was created in a about an hour but would not have been possible without qfacebookconnect.

It is far from finished and no notifications are really visible yet but a nice start is made (not bad for 45 minutes coding). See the git repository of qbook if you want to take a peak, all paths are currently hard coded so you will need to do a little hacking, this is mainly because qfacebookconnect is not yet in portage so I can properly link to it.

Maybe next time when I am up early I will first fix an ebuild for that one

So after upgrading my sabnzbd installation to version 0.4.11, which I by the way the way should create a better ebuild for and do some dependency cleaning but that is a different story.

Like I was saying after upgrading to version 0.4.11 I decided I wanted to close port 8080 (the one sabnzbd is using) to the outside word. Now I know apache has some nice proxy functions so it should be easy.

Make sure apache is compiled with the following modules: apache2_modules_proxy apache2_modules_proxy_http apache2_modules_proxy_balancer

That was the hard part. Now just add a vhost:


ServerName yourserver.com

order deny,allow
deny from all
allow from all
ProxyPass http://localhost:8080/sabnzbd/
ProxyPassReverse http://localhost:8080/sabnzbd/a

ErrorLog /var/log/apache2/error.sabnzb.log
LogLevel warn
CustomLog /var/log/apache2/access.sabnzb.log combined



This assumes that you have sabnzbd listening on localhost:8080. Now you probably do not want the whole world watching your downloads (or deleting them or whatever). So we just add some basic apache authentication, use htpasswd2 to create a file with authorized users and add the following lines into the location block.


AuthName "Login Required"
AuthType Basic
AuthUserFile <>
require valid-user


That is all.
Happy downloading!

I have been playing the idea to control my PC with a WiiMote for some time now. But this week I decided to actually write it.

It is a very simple program using bluez for the bluetooth connection with the WiiMote (which we need, obviously) and XTestFakeKeyEvent. This has as a side effect that it will only work with X running. But that should not be a problem since well. Who would want to control his terminal with a WiiMote?

The very very basics is done. The D-Pad on the WiiMote generates up/down/left/right-keyevents. I just need to find a use full meaning for the other buttons. But maybe a control file in which the user can specify all is a better solution.

Currently it is not published on-line (yet) since I need to clean the code a little.

I am aware some other programs can do what I want but after checking out the sources they just seem to complex. I want it all simple, clean and small..

Sander and I are thinking about adding last.fm support to QtMPC. This since the interface for requesting album covers, artist/album info is so much easier then the amazon-api.

For this we found a nice library: libmaia. Beside a small bug I found (which reminds me I have to report it upstream). This works very well. I browsed a little trough the source and it is pure Qt so it won’t limit the platforms QtMPC can run on.

Now of course last.fm support does not limit us to retrieving album covers. We can also submit the played songs to last.fm so the users can keep scrobbling. Now the only thing I could not figure out if submitting played songs can also be done trough XML-RPC? Is there anyone with experience in this are that can tell me if it is possible?

Other than this we are waiting for MPD 0.14, which will include idle (event) support, before go coding like crazy on QtMPC again. This since events will require a change in QtMPC. Good change which will allow QtMPC to have much less wake ups. Which is generally a good thing.

Of course we still do bug fixes.

It has been long since my last post. Too long. I won’t fill you up on all the things I have done. Or maybe I will in other posts. But today I want to talk about openstreetmap.

As you might (or might not) know openstreetmap aims to provide a free (as in speech) map of the world. You can help by adding or editing the map. This is what I have been doing the last couple of months. Mostly fixing roads or adding new cycleways. Now of course cycling is good exercise. And it feels good to contribute to a free world map. However the real kick is seeing your changes of your work!

This can be seen on the main website. However that is only updated once a week. There are several other tile servers that serve a part of the map. These servers are generally updated more often. However when you use a tile server you are can’t change the rendering. So how great would it be to create your own rendering?

Check out my wiki entry. Of course it is a wiki so add all improvement you can think of.

After going trough my /usr/portage/distfiles/ I found a lot of tarballs that belong to versions of packages that are no longer in portage. Now these tarballs take up a lot of space. Doing a nice rm -rf * will ofcource take care of the problem but then all the tarballs that are still in portage will have to be downloaded again if once of the gentoo boxes in the network needs it (currently 4). Now it is not that I have a datalimit but it is a matter of principle.

So there must be an easier solution. I’ll try to look into it but python is writen in portage so maybe I can just include it and check for all packages and versions and remove the tarballs that have no corresponding ebuild. This script doesn’t have to run every day since it would take some time I guess but once a week or so just to keep the system clean.

Please let me know if anybody is interested in such an app or knows if it already exists…