Zimmermann: More Pie Please
Phil Zimmermann, inventor of PGP and chairman of the OpenPGP Alliance, doesn't play the banjo, as mainstream media has reported. He showed up at the Annual Linux showcase keysigning Birds of a Feather (BoF) to set the record straight about the banjo thing and, more importantly, to talk about keysigning, among other things.
Zimmermann says that the current practice of keysignings, with government-issued identification, recitation of fingerprints and other rituals, is missing the point of helping users get the practical benefits of encrypting their mail. "What did I start? I feel like I've created a monster", he told a crowd of GPG users.
Zimmermann explained alternatives to the keysigning monster in an interview. "A decade ago it made sense to go for maximum security regarding how to trust whether a key is really the right key", he said. "But things can get paralyzed by excessive analness."
"If you're in a situation where your threat model is powerful adversaries who are going to put forth a focused attack, you have to use formal methods. If you impose those same standards on everyone's uses, [however], you end up where we are today, where only a thin slice of the e-mail pie gets encrypted."
Making OpenPGP popular depends on setting novice users free from the burden of understanding certification and trust models, he said.
Zimmermann suggested that one way to get public keys to the senders who need them, without making everyone participate in keysignings, would be to do something like what PayPal does for money transfers. A user would upload a key, and a keyserver would then send mail to the appropriate e-mail address, asking "If this is your key, click here." When the user followed the link, the keyserver would then sign the key to show that it matched the address.
This wouldn't protect everyone from sophisticated attacks, such as a secret police takeover of your ISP, but it would be one way to help spread encrypted mail to more users. (PayPal thinks it's good enough to handle money, after all.) Future mail programs could easily query the keyserver to find a key that corresponded to the destination addresses of outgoing mail.
Of course, anyone who wants to get anal will still be able to do so. An easy step you can take right now is to put your key fingerprint in an e-mail header. It won't sign the mail, but it will get archived when you post to a list, and give people some basis for trusting that key in the future.
Also on Zimmermann's mind is the overall quality of the free software that makes up Linux distributions. OpenBSD conducts ongoing security audits of a very conservative codebase, and Linux should have someone doing the same, he said. "Right now, there shouldn't be buffer overflow attacks", he added.
Finally, Zimmermann is happy to see GnuPG doing well. GPG is more than just the original PGP code; it's an institution, he said at the BoF. "I'm glad to see that there is a free software implementation of PGP" he said.
OpenPGP.org also needs a volunteer webmaster. Come on people, don't make Drew Streib do everything.
XCB, a thin but incompatible C library replacement for Xlib, could help squeeze X onto more embedded systems. Jamey Sharp from the Computer Science Department at Portland State University explained the ideas behind XCB, which is intended to work well with threaded applications and implement just the functionality that modern toolkits need, the way they need it.
"You're building it the way I should have built it", said Xlib developer Jim Gettys from the audience. There are features in Xlib that no X application has ever used, he said. But Gettys is working on reducing the size of Xlib itself, so soon you'll be able to choose XCB for minimum size or Xlib for compatibility. It's wonderful time to be a Linux palm-top developer.
Donald Becker threw down a challenge to the "outdated design concept" of big SMP and ccNUMA systems at his talk, "Home Beowulf Systems". "People used to think that you couldn't do certain kinds of problems on clusters", he said. Now, even a high-end proprietary database, IBM DB2, runs on a cluster. Why not use generic parts and save money the way rocket scientists and render farmers do?
The main part of Becker's talk covered setting up the Scyld Beowulf "label side up" distribution on a home network. Slave nodes can boot from the master over Ethernet or from floppy, then become part of a single system image. Type ps and you get all processes on all nodes. The boot process uses Two Kernel Monte, so you can upgrade the kernel that nodes actually run, without changing all the floppies.
If you've heard a parent explain to a child the need to eat vegetables before dessert, you'll understand the tone of Linus Torvalds when asked about the preemptible kernel patch. Get rid of unnecessarily time-consuming stuff in the kernel, then we can talk preemption.
David Beckemeyer of Earthlink brought the EarthLink SPARK Development Kit to an embedded systems session, and got mobbed with questions and hardware-inquisitive people who want to put Linux boxes in their cars. The best part is that a developer contest in which you can win one is still in progress. (Sign up for the e-mail newsletter on embedded.linuxjournal.com for advance notifications of this and other embedded Linux development contests.)
A Debian BoF produced a lot of suggestions for tools that might be nice to have for manipulating and understanding apt packages. Many of the suggested tools already exist. For example, apt-spy lets you build an /etc/apt/sources.list based on what mirror is quickest for you. Do an apt-cache search apt for some more ideas.
The Atlanta-based organizers showed their experience well, rolling out a very smooth show network including two wireless ESSIDs, along with wired Ethernet and an e-mail garden. A lack of day-to-day volunteers, of which there were plenty in Atlanta, meant random homeless people wandering onto the show floor and no rest for any of the conference organizers, though.
A highlight of the trade show was a pair of nifty inkjet printers from HP, with drivers that do a good job of printing photos from Linux. One model can print, scan, fax, photocopy and even print from Compact Flash or SmartMedia inserted directly into the printer. The printers themselves don't run embedded Linux, though.
Next year in Washington, DC? I don't know...North Carolina hasn't had a Linux conference in a while.
Don Marti is Technical Editor of Linux Journal.
|Designing Electronics with Linux||May 22, 2013|
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
- Linux Systems Administrator
- New Products
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- Designing Electronics with Linux
- Dynamic DNS—an Object Lesson in Problem Solving
- Using Salt Stack and Vagrant for Drupal Development
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Have you tried Boxen? It's a
5 hours 10 min ago
- seo services in india
9 hours 41 min ago
- For KDE install kio-mtp
9 hours 42 min ago
- Evernote is much more...
11 hours 42 min ago
- Reply to comment | Linux Journal
20 hours 27 min ago
- Dynamic DNS
21 hours 1 min ago
- Reply to comment | Linux Journal
22 hours 24 sec ago
- Reply to comment | Linux Journal
22 hours 50 min ago
- Not free anymore
1 day 2 hours ago
1 day 6 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?