Drab as a fool, aloof as a bard

I am always a little shocked to hear people defend the level of control that the American government has over the Internet through its influence of ICANN, and just as shocked to hear people’s paranoid ranting that having a UN body take on America’s role would somehow lead to massive censorship and spying taking place, as if that’s never been possible in America, and as if UN technical bodies have any history of doing that. It would be understandable if people were falling into the logical fallacy of argumentum ad ignorantiam, with an “if it ain’t broke don’t fix it” attitude, but even if we don’t know what a future UN solution might look like, we do know what American’s record of managing ICANN is, and it is not something about which you can say “it ain’t broke”. A friend of mine said that it was too stressful talking about these complicated technical and political matters early in the morning while I was driving us to catch a train, but hopefully none of my readers will be browsing my blog in that sort of situation. Anyway, below I will list some past actions of ICANN that are causes for concern, and explain why they were the result of American governmental influence.

Imagine you want to criticise a political institution but it’s too difficult to find any examples of bad things that institution is responsible for. One thing you might do, if you were intellectually dishonest, is imagine a make-believe future where that institution does all the things you are afraid it might do, and then imagine terrible outcomes caused by these actions. If you are not limited by reality, it can be very easy to construct nightmare scenarios that everyone can agree would be bad, and you can pin the blame on anyone or anything you like in your scenario. If you don’t like being disagreed with then this method of arguing has the added advantage that it is impossible to rebut, as your opponent would have to state what is really going to happen in the future. I am not the first person to realise that it is unfair to argue against a position using an imaginary future, in fact this has a name: the straw man fallacy. Unfortunately no one has told the TaxPayers’ Alliance this, or if someone did, they didn’t listen. Instead, the TPA have produced a series of “arguments” against the EU based on a future, fictional EU and how bad it is, and a future, fictional UK that leaves the EU and how good it is. I normally like to deal in facts, but it’s difficult to argue directly against a straw man with facts, so I thought I’d present an opposing straw man, with my own view of what the EU, and the UK outside of it, could look like in the future.

Every now and then I find my mind gets caught on some seemingly trivial observation, and I end up following a chain of thought tangential to the one I was originally on, until I arrive at somewhere quite unexpected. Whereas people in former times may have been unable to travel too far down these intellectual rabbit holes, we now live in a world where Google and Wikipedia have made us seemingly omniscient, and hypertext in particular allows us to jump from one idea to the next, wherever our curiosity takes us. The secondary limit, I suppose, would be the ability to process all of this information that we amass while browsing the Web. As a programmer, though, there are certain options for information processing which are open to me but would not be readily available to non-programmers, and even if what I do with the processed information isn’t particularly ground-breaking, it can at least be the subject of a new blog post. As the title of this post suggests, my most recent such endeavour involved looking at Linux application names, and dictionary words, and below I explain what I found and how I found it.

Most professional programmers have probably found themselves considering or accepting a job where the employment contract specifies the extent to which the employee can retain ownership of the things they create. It is natural that a company would want to claim the maximum amount of ownership over what the employee creates while on “company time”, but it is also quite common for companies to claim more than this. If you are working in a “salaried” position, your company may think that they own you from the moment you sign the contract until the moment they stop paying you (and to some extent even longer). From this point of view, a company would think that any software you write, even while at home, or on the weekend, or on holiday, should belong to them. Depending on the wording, a contract can potentially lead to all sorts of strange situations, and put unreasonable burdens on the employee, but I have thought about the different problems that contracts might present and come up with some alternative wordings which could act as a compromise between the desires of companies and the freedoms of their employees. If you are an employee faced with signing a contract that you think demands too much, maybe some of the ideas below could help you get your view across or get a fairer deal.

There is a lot of talk about supporting interfaces across many devices, so I did a bit of research about where the industry sees itself going over the next few years. In terms of cross-platform programming languages, the main contenders are JavaScript (used with the W3C approved languages that it integrates well with), ActionScript (used with Flash) and Java. While Java is a wonderful language, it is not suited to the client side of the modern web, and it is the web paradigm that I am really considering here, so I will discount Java from this discussion. That just leaves Flash versus Open Web technologies, which I had increasingly thought was a battle that had been decided in the Open Web’s favour, but occasionally people get the impression that Flash will be a viable technology into the foreseeable future, and that it is preferable to using Open Web technology. It is the relative position and future of these two platforms that I have investigated, and I detail my findings below.

Sometimes something unusual can happen in Debian’s archive which can stop you from installing the packages you’d like. The most likely reason is that you want to install a package you shouldn’t, but Debian is about Freedom, even the Freedom to do something stupid. I found myself in a situation where I wanted to install the Ubuntu package plasma-widget-adjustableclock which depended on a package which wasn’t in Debian (kdebase-workspace-libs4+5), or rather, existed in Debian but under a different name (libkworkspace4). To make the installation possible I ended up creating a dummy package for kdebase-workspace-libs4+5 and installing that, then trying the clock package again. Here I will explain the steps I took to solve the problem, and any issues I encountered along the way.

Signing people’s keys is one problem, but when people sign your key that requires its own procedure with its own set of potential issues. You will likely receive several emails, one from each person with whom you exchanged keyslips, and these emails will each include an attachment or message body that contains encrypted data for you to decrypt. The plaintext you get from decrypting should be a copy of your public key that has been signed by someone’s private key. It is this signature that you’re looking for, and GPG can extract it and add it to your key. Once you have collected the signatures, you can upload your key to a keyserver where the information about who has signed your key can be publicly stored. That’s the principle, but the steps to do all this can be quite cumbersome, so I used some console one-liners to speed some of the steps up, and I include them below with an explanation of what they do.

It is often assumed that key signing parties make certain attacks against cryptographic identities harder, but do people who participate in those parties really understand what those attacks are and why they are made harder? For instance, some groups require that government-issued ID is used, whereas others think this is unnecessary. Or if you check someone’s ID and they give you a keyslip with someone else’s email address on (but they can intercept emails to that person), then why bother encrypting the signature on that key when you send it to them? Alternatively, if they can’t read that person’s emails, then what is the danger in sending the message unencrypted? I don’t claim to have perfect answers for these questions, but I have been thinking about them and come up with some little scenarios which I find useful for comparing the relative strength of various systems. By presenting and discussing these scenarios below, then, I may at least provide a starting point for people to develop these ideas further.

Cryptography is hard to do right, and even if it is implemented correctly, the user is often required to perform some complicated operations to make use of it. One area of cryptography which involves a great deal of activity from the user is the signing of public keys used in public key cryptography. Not only does it usually require users actually meet each other and do some sort of identity verification, it then requires quite an involved process at the computer involving retrieving keys, checking signatures, and sending emails. To automate this as much as possible, I have come up with a little script which helps me perform some GPG and email operations quickly and simply, without, I hope, reducing my security.

When writing code, it is good to be consistent about how you use whitespace. When collaborating with others, it can actually be detrimental to your group’s productivity if there is a mix of systems, so the sensible thing is to pick a standard early on and stick with it (even if that standard only defines the on-disk format, and individual programmers use editors which present the code to them in the way that works best for them). The policies that people choose may be partly a matter of taste, but there can still be logical reasons for preferring one system over another. Even though everyone weighs different pieces of evidence differently, I am going to state the whitespace system I use for my personal projects and list its good points. Maybe it will inspire someone into agreeing with me, or at least help them to be clearer about which system they prefer and why.