The internet of pwned things

Toaster.“The internet of things” gets all the press now days. If to believe the excited journalists, this is the harbinger of utopia, no less. Even Canonical is looking for some action in this space.

Canonical`s efforts are respectable. But it won`t help. Judging from past experience, it is very likely that we will have an internet of things that will be running obsolete, un-patched, non-repairable, DRM-laden software. It is the natural tendency of vendors that sell things, to prefer selling shiny new things to maintaining old ones. Just take a look at the mobile phone world.

Those buggy things will no doubt be used government agencies, hackers, and marketing companies to erode what little privacy we have left. Will we even be able to take things offline?

The EFF are making a preemptive effort to make things better in this area. I hope they succeed, but I have little faith they will.

My pet peeve with YAML

YAMLYAML is a popular data encoding language. Its data model is similar to JSON‘s data model where data is described in terms of strings, numbers, arrays and hash-maps. In fact, YAML is a super-set of JSON that includes indention-based syntax to make it easier for humans to read and write it.

YAML is very popular. Libraries for reading and writing it had been written for most, if not all, programming languages. It is used as the basis for the configuration DSL of many tools including Ansible, Puppet’s Hiera, and Jenkins Job Builder.

The use YAML as the basis for DSLs in which complex and extensive configuration is written by hand, eventually exposes one to the language’s shortcomings.

Continue reading

DIME: New E-Mail protocol with built in encryption

Email PrivacyDIME is a new set of protocols for sending and receiving E-Mail designed by several prominent E-Mail security experts to include built-in privacy features.

One interesting thing to note about this protocol is that it not only prevents unauthorized parties from reading the content of an E-Mail message, but also makes effort to make entities that take part in the delivery of a message know as little as possible.

For example, the fist server the user delivers a message through, knows only the address of the next server to deliver the message to and not the full address of the message recipient. Similarly, the final destination server, from which the recipient can pull the message, does not know the full address of the sender, which is only revealed to the recipient.

Continue reading

Rundeck: An interesting job scheduling system

Run DeckRundeck is a system for creating, managing, and using IT automation processes. The main selling point of the system, according to its website, is the ability to provide processes in such a way that would allow SysAdmins and DevOps to delegate process execution to other people in the organization.

In order to facilitate process creation and delegation, Rundeck provides a friendly web-based UI as well as the ability to integrate it to various account management systems. Rundeck also allows to automate the registration of hosts for it to run jobs on, by integration with various configuration management and cloud infrastructure systems.

Rundeck`s approach of having a centralized server with a web-based UI provides some advantages over other automation systems such as Fabric and Ansible. The UI allows for easy discovery and use of available jobs as well as creation of new ones. The server model also allow one to fire a job and walk away instead of having to stare at the console until its done.

Continue reading

Open source license satistics: Copyleft/GPL still popular

Open Source software license statistics from Phoronix. GPL is by far the most popular licensePhoronix published an interesting article, where they collected some statistics about the kinds of open source licenses used by projects hosted on various project hosting platforms.

I was under the impression that there is some kind of backlash against the ‘copyleft’ idea, with GPL-style licenses losing grounds to less strict, BSD-style licenses. The statistics seem to indicate this is not the case.

There is not enough data to really answer that question. I would really like to see some analysis done over time to examine that point.

I would also like to see license proliferation analysis with grouping by programming languages, project categories, project ‘age’, and type of organizations involved. Are BSD-type licenses more popular in JavaScript projects as opposed to C/C++ based projects? Are Apache-style licenses more popular in big-data projects? Are GPL licenses more commonly used in projects that have been going on longer? Do projects where the primary driving organization is a start-up company, tend to be more loosely licensed, to allow companies to capitalize on them by closing the source at some point?