yonkeltron

Well, I’m sort of stuck right now seeing as how, after being bumped, I missed my connection and I’m holed up in the Hilton at ORD.
My flight leaves tomorrow morning and I should be back on campus by
tomorrow afternoon. Unfortunately, in addition to being a major hassle,
I’ll be missing the first day of classes. Bummer.

In other news, I’ve been trying to keep myself amused and make use
of the complimentary WiFi and testing out a Firefox extension called ScribeFire which functions as a very nice blogging client. Naturally, it’s compatible with Wordpress. It hasn’t crashed anything yet so we’ll see how it goes…

Also, a great post about KDE 4 by aseigo.

Had a great rest of the trip to Israel. I’ve flown back and am safely at home. Rather than doing something useful, I’ve taken to playing this cool real-time strategy game called Warzone 2100. It was released in 1999 and open-sourced in 2004.  Anyway, it’s 3D and loads of fun.

Well, it would seem that getting over the cold faster than expected sort of put a damper on my great-symptom-tracking experiment. To be honest, although I had worked out an elaborate scheme involving Post-It notes and thick books, it would have been pretty difficult to record things over the Sabbath. In any case, I did have a lot of fun tinkering with Kexi and I advise you to take a peek over at the Kexi Screencasts Page to check out tutorials. Personally, I like the one that shows you how to build a photo database in about 10 minutes. Brilliant stuff if you ever need a database application.

I have been keeping a little list of good ideas which are either ideas which I would like to point out or ideas which I would like to see implemented/used more often. It has always been interesting to watch the development of the world around me and from this I have gained an appreciation for good ideas and generally neato stuff.

• Metalink - Have you ever tried to download a large file which is available from multiple locations and may even be retrievable using a variety of methods? Well, I have and I know it’s a real frustration that I can’t get the file faster by leveraging all of my potential options. Enter Metalink! Metalink is an open standard which provides a specification for a little XML file that lists all of the ways one can retrieve a file. For example, for a file available from multiple mirrors the Metalink file would list the available mirrors. If the file was additionally made available through rsync or BitTorrent, it would make note of that as well. This file can then be parsed by a Metalink-aware download client which will seek to initiate a download by grabbing chunks for the various sources and then piecing them together. Apparently (according to the Wikipedia article), the Metalinks spec allows for enumerating a multitude of download sources including HTTP, FTP, rsync, BitTorrent, ed2k and magnet links. I’d like to see this used by more distributors of large files and supported by more download clients (though I heard KGet supports Metalink beginning in KDE4…wahoo KDE4!).
• Eee PC -As everything seems to be moving to web-based apps these days, it often seems silly for a person to be lugging around an expensive and overpowered computing device which they’ll generally only use to surf the web. In fact, it makes sense that many desktop users are most likely spending too much money for a computer with capabilities they’ll never use! In any case, for those looking for a lighter and cheaper alternative for network-centric computing on the go, check out the Eee PC by Acer. Runs a customized simple-GUI with Linux under the hood though I’ve heard it also comes in a less-good Windows variant. It’s light, small and cheap.
• Jabber - I’ve said for ages now that more people should be looking to Jabber-based technologies for instant messaging and more. Having one Jabber account on one server allows me to communicate with any user on any Jabber server out there. It also allows me to use any service being offered by any Jabber server. These services could be everything from conferences and data services to gateway transports to other chat networks. It gets even better! Once an organization or community has a Jabber deployment running, the door is open to use that as connective tissue for other services and individuals to connect. This is especially true given the availability of solid XMPP (Jabber’s underlying protocol) libraries for every language you’d want to use.
• Using Java-the-platform without Java-the-language. Now, it’s been ages since jwz published his famous “java sucks” essay, but I firmly believe that non-client Java (save neat stuff like Web Start) can be a very powerful platform. Much of the server-side Java scene is not so bad. For example, JSP is a very cool templating language which also allows for convenient development using MVC (the Right Thing™). The real pain seems to be in developing the back-end stuff in Java-the-language. Now, thanks to projects like Jython and, more notably, JRuby, things are getting better. I’ve heard about people developing whole servlets and other web-apps in Ruby and then compiling them to Java classes and deploying them as they please. The power of Java without the Java!

I’ve been hearing about Google Gears for awhile now and decided to give it a test drive with my new favorite web application, Google Reader. Basically, Google Gears is a framework for using web applications offline by providing a storage system (seems to be an SQLite database) which is integrated into the web browser. Installation was as simple as installing a Firefox extension (because it’s  actually packaged as an extension). Then, web apps which support GG integration have an option to go to “offline mode”. When using Google Reader, it goes ahead to populate the local cache with those headlines available at the time of mode change. Then, you can read the stories in the absence of an internet connection. Later, when you have regained connectivity, switching to online mode causes GG to re-sync everything (such as which headlines you read or which links you did something interesting with) bringing you back into step with the web.

I conducted a trial use of GG with reader to allow me to read my favorite news items and articles during my plane ride back to school earlier this week. It worked wonderfully and I have only one criticism of it. When going offline, Google Reader has to download a fairly huge amount of stories (often above 1500 items) and it takes forever. Other than that, I really liked having the functionality available to me.

I advise people to try both Google Reader and it’s integration with Google Gears because it’s really a winning combination. You can give it a spin for yourself by going to the Google Reader site and signing in with your Google account. Let’s face it, everyone should be using GMail unless you are super-happy with your current email setup for some reason (like running your own server or having a serious love affair with some one-of-a-kind feature).

Now, I just wish that more apps would use GG or have equivalent functionality…cough, GMail, Google Calendar and Wordpress, cough.

If you’ve been following along with me, I’ve been doing my best to test out SELinux in it’s various forms. To sum up, I have installed Debian Etch into a virtual machine (VM) along with X and the XFCE4 desktop (due to limited RAM). Immediately following this, I began following the Debain SELinux howtos and successfully got the “targeted” SELinux policy installed and enforced without incident.

Now, I’ve migrated to the “strict” policy and, much to my surprise, nothing has broken. I figure, this can mean one of two things…Either SELinux is so well implemented that it knows how to interfere only when appropriate or I’ve done something wrong and haven’t yet realized it yet. In fear of the latter option, I’ve been desperately searching for an error but have found none thus far. Which, is very promising considering that security *should not* be so difficult that no one will attempt to improve or implement it.

On the topic of easier security integration, I have been working on an idea involving better SELinux policy management in Linux distros such as Debian. What if every package could somehow contain the relevant policy information files which could then be copied to the SELinux policy source directory. The idea is that when a machine is being setup, the policy files would be automagically added to the source tree. Then when the configuration is complete, the policy could be compiled and loaded. Any subsequent changes would, naturally, alter the source tree and require a recompile. However, because SELinux policies are versioned by default, changes should be easy to track.

I’m still on the fence about whether the policy files should be self contained within a package or whether they should be included by some sort of conditional dependency mechanism in the package tree itself. For example, the apache-selinux package is only required if both the apache and selinux packages are both installed. Although, this might not be possible; apparently, software dependency resolution is an NP-hard problem (go figure).

Amongst all my dabbling with Ruby, I have taken some time to compare the Ruby on Rails MVC stuff with the original Smalltalk implementation found in the Squeak VM. Now, I’m really not familiar enough with the Squeak MVC stuff to comment, but I did stumble across this well-though-out blog post entitled, “My Full-Circle Journey Back to Smalltalk“. In this post, the author (Ken Treis) tells the story of his experimentation with the many languages of web development and (as the title implies) his eventual return to the world of Smalltalk. He goes on to identify eights places where he feels that Ruby missed the boat. While all of these are really interesting points for consideration and discussion, the sixth point talks about how, in terms of live interaction, nothing beats Smalltalk workspaces.

Beyond the shadow of a doubt, I agree with that. I learned early-on with Python that it’s nice to have an interactive interpreter, but irb doesn’t provide anything near the features of workspaces. With a workspace, you can highlight any code fragment, snippet or statement and have it evaluated. Also, because the entire environment is Smalltalk-powered the code can meaningfully interact with anything and everything. Want details on a given object? Pop up a menu and the “inspect” option pulls up an object inspection window that lets you take a direct peek at the object’s internals. Need a different perspective? A browser offers an ideal way to take a more structured look at the environment and it’s contents (notice the similarity to RDoc generated documentation). Workspaces even integrate with the Refactoring Browser to help clean up your code!

In fact, I can’t think of any editing environment that offers the same level of flexibility as workspaces save for one editor: Emacs. Now, before I get flamed, I am a pretty big Emacs fan. Except for when I’m hacking with KDevelop, it’s really my default editor. That being said, I want to make a point by drawing a parallel: While the base of Emacs is written in C, eveything about the editing environment is written in Emacs Lisp. As a result Emacs is the best editor for Lisp and Lisp-like languages. The similarity I’m trying to point out is that the best development environments are those which are expressly aware of the language being developed within them. The easiest and best way to achieve such integration is to implement the environment in the language itself (i.e. Squeak in Smalltalk and Emacs in Lisp).

I imagine a new development environment, which I will refer to as “Rumble”. Rumble should be written entirely in Ruby and it should borrow the best elements in both design and features from Smalltalk workspaces. I imagine that the Rumble environment provide both the educational and exploratory opportunities that exist within the Squeak world. This way, just like extensions to Emacs are written in elisp, extensions and improvements to Rumble could be written in Ruby. If we had such a development environment, I feel that it would add tremendously to the appeal of Ruby as it makes it an even more compelling platform. Who’s with me?

Well, I set out to test Zimbra and a Desktop environment in conjunction with SELinux, and I had a few surprises along the way. First, it turns out that the open source edition of Zimbra is a giant, self-contained, beast of a product. Try as I did, I was unable to get it to install no matter how many libraries it asked me to install.

The other experiment, the XFCE desktop, did just fine. You can check out a screenshot of me downloading the Zimbra package here. Anyway, I did follow the excellent setup instructions on the Debian wiki and I successfully got the targeted refpolicy installed and working. The result? No real noticeable change. So, my next step will be to install the strict policy and see if things start to break…

UPDATE: Also, I settled on KVM because it can use the VT bit. The performance increase is really cool.

So, as part of this quarter’s work, I am learning about SELinux. It really is very interesting to take an in-depth look at some of the finer points of Linux security as well as security in general.

Now, it’s no secret that I’m a touch paranoid. As such, I’ve always taken a more-than-cursory interest in security topics. I compulsively patch those computers which I administer as well as keep on top of basic security enhancements like running Bastille to harden my systems. Recently, I have even taken interest in trying to lock things down within my own system exploring techniques such as access control lists (ACL) and maybe even an intrusion detection system (IDS).

While the layered security model of the Unix-paradigm does a fairly good job of enforcing the principle of least privilege, there is certainly enough rope left over to hang yourself with. For example, if you are silly enough to execute some little script that contains malicious code, try as it may to frag your system, it will only be able to perform those actions that your user account is authorized to perform. Fortunately, this means that it can’t break your entire system but you can still munge everything in your home directory. If you ask me, that’s still unacceptable.

In certain ways, it surprises me that security, while (usually) functioning exactly as intended, is less than it could be. After all, the Orange Book standards (now deprecated) were published in 1985 and compared to Windows and (to a lesser degree) Mac OSX, a properly configured Linux box is one of the most secure computing platforms in existence. However, in other ways, it’s not inconceivable that the security research in the lab would have a tough time making it into mainstream OS designs. Like anything else in the computing world, it’s all give and take.

Still, I think that SELinux might be a good solution to some of the problems still facing us today. Only one question really remains: If SELinux is so good, why isn’t it more widely deployed and used?

***Sorry fur der krossenposten***

Ein bin der Ahprul, 2007

Mayn Enschteemede Kolligeners und Freindenpeeple,

Das is en zerplashure mit cheekenblushen, zat ich bin anouncen ein tidnewzenbite. Der Advansener Opratin Systemer Laborworkenrum Vissnschaftlekher Institut (OSLab) ist bin movenlokashon a der undergroundenbazmant fun Lab I. Der laberworkenrum ist en der 060. Der OSLab bist a vissnschaftlekher istitut fun der explorenlearnen a der machine kontrol. Vus ist der machine kontrol? Das machine kontrol ist der softenwarez mit der nomen “opratin systemer” (OS). Der OSLab always bin superbusyworken mit der projekten fun der komputer blinkenlights. Ussen bin doin der workenlearnin mit der followen subjectntopiks:

• Der explorenlearnen a der machine kontrollen opratin systemers: Linux, Minix, Planen Neiner, Gettunveryhotten (Inferno), und der famelie fun mikrokernelen und der distributed machine kontrollen.
• Der experimentin mit der komputenmachinen fun mediaworxen; mediaworxen mit der spitzensparkin und der elektrolichten.
• Der makhen der softenwarez fun der Worldenwiden Netwurken Intarwebzen (Internet).
• Der brokhen der altenolder komputer springerwork mit der bigschteelhammerzen.
• Torchenflamin der Makintosch und der Vindowz OSen.

Kum und visten ourden laborworkenrum mit der turenlooken! Lookenfinden der rumplacken sayen das:

Der Advansener Opratin Systemer Laborworkenrum Vissnschaftlekher Institut (OSLab) - Laborworkenrum 060 Lab I.

Mit happifacen und thumpinbumpinmusik,

Jonathan E. Magen
Jonah Berquist
Der Uber OSLab Experten der Technischeners

http://www2.evergreen.edu/oslab