Keysigning party – London, 2nd June (by )

I've somehow ended up organising a keysigning party in London on the 2nd of June.

See the page for directions to the venue (it's in South Kensington).

So if you have a PGP keypair (or take part in CACert.org or Thawte's web of trust), come along. If you don't, but are interested in being able to exchange military-grade encrypted or signed messages, then set up GNU Privacy Guard - see their manuals for more details - and create yourself a keypair (your own digital identity) - or several - and bring along your key IDs and fingerprints to have them vouched for and vouch for everyone else's.

I've made myself some MOO cards to hand out my key details on:

Alaric's PGP fingerprint card (front) Alaric's PGP fingerprint card (back)

Interoperability and Demesnes (by )

There are two main kinds of standards involved in interoperability between computers: formats and protocols. Formats range from "file formats" such as JPEG and PNG for images, HTML and CSS for web pages, PDFs, Word documents, and so on, through to much simpler things such as how an integer is represented. Formats specify how information is represented as strings of 1s and 0s, the basic model of information that computers agree on.

Read more »

Social Networking (by )

Although I'm not a big fan of Facebook, I occasionally feel an urge to update my real social network: my FOAF profile at http://www.snell-pym.org.uk/alaric-foaf.rdf. I've not made that link clickable, to save people the horror of having their confused browser show them a pile of raw RDF. This time, since I've been reminded my somebody that my PGP identity has been a bit unmaintained, I've been putting my key out on keyservers, updating the identities attached to it, and putting signatures on my FOAF documents, then linking to them with the Web of Trust ontology so it's all linked properly in RDF. My PGP key ID is 7371086A.

The reason I'm not a big fan of facebook and other social network sites is that they're centralised. I have to give all my data to some third party and rely on them to keep their servers running! It's the same problem that most instant messaging systems, like MSN Messenger or whatever they call it these days (Live Something). I have to rely on the kindness of a third party to keep it going, and I have to trust them with my stuff.

Read more »

Type systems (by )

There are a number of type systems out there in different programming languages. In fact, there's zillions, but they boil down to a few basic approaches.

Read more »

n2n (by )

n2n looks like a lovely piece of technology.

It's basically a VPN system, but quite different from existing VPN technologies. Existing VPNs work by creating a point-to-point link between two systems, usually a personal computer on an untrusted, remote, and often frequently changing network - and a router which then routes or bridges traffic (depending on the layer the VPN operates on) to other VPN clients and/or a physical private network.

The usual configuration is that there's a network with some resources on it that can't be trusted to the open Internet - insecure file sharing or network management services, for example - with an access device connected both to that network and the public Internet, such that remote computers can connect to the access device via the Internet and thus be virtually and securely connected to the private network so they can access the resources therein as if they were physically plugged into it. All over an encrypted link that they need to authenticate to set up, keeping third parties from reading or injecting traffic.

But the conventional VPN approach doesn't work so well for more complex setups. I, for example, have two private networks with various servers and workstations on, an isolated server, and two roaming laptops. It would be nice if I could set up varying levels of trusted connectivity between the three; the isolated server should really appear to be local to the first private network, which could be done with a conventional VPN, except that a permanent connection would require the isolated server to try to set the VPN up on boot and, if it goes down due to network problems or the access server on the private network rebooting, retry the connection automatically. Likewise, I'd like some level of routing between the two private networks, with a bit of packet filtering to tailor the precise trust relationship; I'd have to choose one network's router to be the VPN server and the other the client, set up another auto-reconnecting VPN, and set up routing across it. Then have the laptops also connect to a VPN server on one of the private networks, or perhaps the isolated server, to then use routing across the VPN links between the two private networks in order to reach everything they should be able to.

In practice, I'd probably pick the best connected private network to be the hub, and run a VPN server on it, and have everything else connect to that. Traffic between a laptop and the other private network would go via the hub, causing double bandwidth consumption at the hub and increasing latency. If the hub goes down, the whole network is fragmented.

Plus, mainstream VPN protocols are a pain to configure and use, as they tend to use strange protocols like GRE.

But n2n is much better than all that.

WordPress Themes

Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales
Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales