How To Safely Store a Password
February 16, 2010
Some coverage of the recent announcement: Nokia, Intel merge Maemo, Moblin into Meego on Slashdot, Moblin and Maemo to merge on LWN, Maemo + Moblin = MeeGo = Failure on Planet Debian. Some quotes:
A stupid name is a prerequisite for being a successful FOSS product. Nokia and Intel have clearly done their homework.
Also indicating huge potential, MeeGo has already ignited a flamewar between RPM and DEB supporters. Welcome to the community!
—EvilTNUser (here)
And:
Today, Nokia and Intel announced the merge of Maemo and Moblin into the MeeGo project. This is sad, because it will end the era of the Debian-based mobile operating system Maemo and replace it with a system using RPM and probably some other evil stuff as well. In fact, dpkg & apt-get where two of my main reasons to buy the N900.
And another question is why yet another name. Moblin was already a well-known name and they shouldn’t have changed the name just because they switch the servers and add some Nokia developers.
Furthermore, does this all mean that there will be no Maemo 6? What will happen to the Maemo users on the N900, will it be possible for them to use MeeGo?
I recently bought an N900 (very recently — like, using it four three or four days now. Review forthcoming) and I have to admit to a few moments of shock and terror. But having thought things over, I’m giving in to "cautious optimism". Here’s my take on it:
Like Julian Klode, my getting an N900 was prompted by my extremely positive experience on the Nokia N810. And it’s true that part of that experience was the discovery you can apt-get pretty much anything in the Debian repository. But the mechanism whereby this occurs is a little subtle: although apt-get is the application-installation mechanism for Maemo apps, the Maemo repositories aren’t really compatible with Debian. You can’t just open a terminal and sudo apt-get install emacs. Cross-compiling Debian packages is possible but (in my experience) a really bad idea; I broke APT on my N810 this way.
The preferred mechanism for getting access to the Debian repository is a package, installable by default, called easy-deb-chroot. As you might guess, what this does is to set up a Debian chroot, wherein you have free range of whatever you want to do. In other words — the mechanism by which applications are installed by default on the device is completely independent of having access to the Debian universe. This is important: it means they can switch to RPM for installing packages, and still give us our easy-deb-chroot, which is what we really want anyhow.
Nokia is the only hardware company in the mobile space that I think really "gets it" (some examples occur to me). Intel has been making strides towards getting it. And best of all, there are no telecoms involved in MeeGo yet. For these reasons, I’m going to take a wait-and-see approach. After all: there’s lots of work ahead of us if we’re going to build a better mobile stack than Google and Apple.
I was browsing this thread on Slashdot and came across a really interesting meme:
I bought an iPhone this year. This is one asset that is so important that I just want it to WORK. I don’t want to worry about viruses, or ongoing maintenance. This is my ONLY TELEPHONE LINE, and so I finally do approve of somebody keeping it locked down and pristine.
The lockdown here is on two devices. You want a laptop or desktop you can do whatever you want with? There’s the macbook, imac and mac pro for that. Want an expandable handheld appliance with a limited (albeit ever-expanding) functionality that’ll have no hidden surprises? There’s your iPad and iPhone.
You may as well criticise arcade machine makers for vetting all the roms you can put in their hardware. Or any of the console makers for vetting what’s available for theirs. Or that kindle can’t do anything but display books. Experience has shown them all, time and time again that as soon as you open up a platform to anyone and everyone, quality and reliability take a hit, not to mention susceptibility to attack. It’s a specific product for a specific market and like the iPhone, will be hated by geeks everywhere, but loved by everyone else who want something that just works. Apple will likely do little to stop people jailbreaking these things, they’ll just make it difficult enough that only determined people do it.
—CrazyBusError (emphasis mine)
First, the FSF needs to convince us average users need to have control. Why should average users have control over their computer? Isn’t this what got us the virus nightmare in Windows?
The idea that most people don’t want control over their computers, and that having them be locked down offers tangible benefits, is new to me. In particular, a locked down device obviates the need to perform "good houskeeping" sorts of system maintenance. Some commentators respond that you can have a good design that eliminates housekeeping without control, but by definition if a user has the potential to do whatever they want with a device, it’s just a matter of social engineering to turn their computer into a spambot.
Seen on LWN: a fascinating article about static analysis done using GCC plugins.
There are a few interesting plugins in the works. One of them is the LLVM compiler, which can be plugged in to perform the back-end functions for GCC. Another is milepost, which uses a brute-force approach to figure out the optimal settings of the command-line flags for a specific body of code. Then, there are "the hydras," which are Taras’s work. These plugins take an interesting approach, in that the actual analysis work is done in JavaScript scripts. The idea was originally seen as amusing – "wouldn’t it be fun to put Spidermonkey into GCC?" – but it has actually worked out well. JavaScript is a relatively nice, concise language which makes it easy to implement the needed capabilities.
Seen on LWN: a look at a Linux-based guitar.
OK, so not only am I suffering from a terrible case of gadget lust, but I find fascinating some of the comments like this one:
actually all it does is make it easier for talentless people to claim how good they are at playing guitar, when they aren’t playing at all. get a real guitar if you’re serious or go back to the guitar hero b/s.
I think it’s an interesting idea that because an instrument isn’t "real" guitar, then it doesn’t count. Clearly a game like Guitar Hero is different from a real guitar — the Rock Band instruments are all simplified versions of the real thing. But the idea that you don’t have any skill as a musician because your instrument is in a nontraditional form seems a little untenable..
Seen on LWN, a review of Childsplay.
After I finished my recent articles on Teaching with Tux and Learning with Gcompris, I received a couple of suggestions from readers that I take a look at Childsplay. I spent some time looking at Childsplay and if you have small children, I think you should too. As soon as I started the program, it started to play it’s theme song and my 18 month old son came running, and he still comes running every time he hears that music. For most parents and educators, my review of this program could end right here, but I suspect that I should probably write a bit more.
Lately there’s been some fuss about Google’s new privacy policy, with this post by Joey Hess (on Planet Debian) and Slashdot’s article about Google’s new opt-out policy.
Joey Hess writes:
With the decade over, and Google rolling out all manner of tracking cookies and javascript, it’s time to move on. Just keeping on top of the torrent of privacy-affecting changes Google is making, and trying to parse the real meaning in the chirpy googlespeak announcements has become more work than the value their search engine adds. (This was the last straw.)
At least for now, I’ll be using Duck Duck Go for search. It’s small, quirky, has features the big competition lacks, and works well enough for my mostly moderate and occasionally intense needs. Sorta like Google in 1999.
While I am in favor of privacy, have not been thrilled with Google’s behavior, and have come to resent the attitude of Google employees and officers, I have to say Duck Duck Go does not meet my search needs. Neither does Bing. Neither does Google, when it comes right down to it. Search is hard, and there are a lot of tricky bits. (Try searching for the Haskell type signature "Int#". For a while it was nearly impossible to find the emacs package "magit", as all you could get were results for "magic".)
So for the time being I’m still using Google Search. With luck, in time everything will just magically get better..
Yes, yes, a bit late. But: Mark Pilgrim’s excellent Dive Into Python has been adapted to Python 3, and is now available under CC-A-SA license (seen on LWN).
Case Study: Porting chardet to Python 3 documents my (ultimately successful) effort to port a non-trivial library from Python 2 to Python 3. It may help you; it may not. There’s a fairly steep learning curve, since you need to kind of understand the library first, so you can understand why it broke and how I fixed it. A lot of the breakage centers around strings.
No idea where I came across this, but it’s an interesting read: building an automatic tagger in 200 lines with BOSS.
Here’s another way to use it:
tagger viksi$ python classify.py apple microsoft bill gates steve ballmer windows vista xp microsoft tagger viksi$ python classify.py apple microsoft steve jobs ipod iphone macbook appleclassify combines the above steps into an application that, given two tags and some text, will return which tag more likely describes the text. Or, in command line form, ‘python classify.py [tag1] [tag2] [some free text]‘ => ‘tag1′ or ‘tag2′
Machine learning has only caught on a little bit in the personal computing space, and only in web-based services like Google Search and Amazon/Netflix-style "you might also like" features. Is that about to change? I’m skeptical..
Seen on Planet Debian: Joey Hess, author of ikiwiki, takes a look at couchdb. As ikiwiki is the inspiration for one of my side projects, it’s important to me what he has to say on the subject of backends.
Couchdb is very unlike a distributed VCS, and yet it’s moved from traditional database country much closer to VCS land. It’s document oriented, not normalized; the data stored in it has significant structure, but is also in a sense freeform. It doesn’t necessarily preserve all history, but it does support multiple branches, merging, and conflict resolution.
I’m still not sure that Couchdb is good for the sort of things I want a backend for — history-aware computing still seems to me to need complete history, and for that you need a VCS (or build your own). Still, interesting times..