I attempted to reply to this column by Doc Searls, Linux for Suits - The World Live Web, but the reply appears to have disappeared into the net ether, so I’ll try to restate it here. Searls outlines his conception of a “live web” in the article’s concluding paragraphs. To me, this idea sounds very much like Wiliam Gibson’s vision of a “consensual hallucination” (which is not necessarily a pejorative term — any human constructed social framework could be called a ‘hallucination’ of sorts), for which he coined the term “cyberspace.” I also wish(ed) to point to the concrete need for a juridical construction of a civil society in cyberspace, which I think parallels Searls’ calls for what he terms “identity,” as well as the “right” to “network neutral” access to the internet. I tend to frame these issues, following after Gibson’s realization that the franchise of civil society will move largely into cyberspace, in juridical and civil terms first, and technological terms only incidentally.

First, Searls’ concept of a live web, then my discussion of Gibson’s idea.

Searls:

Is it possible that “live” will join “free” and “open” in our pantheon of adjectives? Possibly. Whether or not it does, I’d like to thank my son Allen for being the first to utter “World Live Web”, providing me with a perspective I never knew I lacked, until I heard it.

His original vision of the World Live Web was a literal one: a Web where anybody could contact anybody else and ask or answer a question in real time. When he first encountered the Web, as a researcher, he saw it as something fundamentally deficient at supporting the most human forms of interaction: the kind where one person increased the knowledge of another directly.

We’ve moved a long way in the live direction since Allen first introduced me to the concept. VoIP alone is a huge live category. Mobile Web progress will all happen along its live branch.

Where it goes exactly is anybody’s guess. All we can say for sure is it’s headed toward the sky.

My discussion (that I attempted to post in reply to Searls’ column):

The “World Live Web” sounds like the conception that William Gibson had of the then germinal internet. He foresaw that it would become a space into which the entire politico/socio franchise of society would move. In Neuromancer, Gibson coined a term for this new “place:” cyberspace.

And quite unlike the many Pollyanna-esque visions of the web that have followed, Gibson’s was dystopian. In the tradition of Jeremy Bentham’s Panopticon, the net can serve as the a tool of “universal surveillance,” to use Michel Foucault’s description of the “dark side of the enlightenment.” It needn’t necessarily be so, but that is up to us, the hopefully vigilant citzenry.

To wit, patents must not be overly broad, and must not apply to ideas (as Thomas Jefferson argued), copyright must guarantee the right of individuals to benefit from their ingenuity within reason (and for a reasonable length of time, not a corporate lifetime, but rather a human person’s lifetime). Citizens must have a right to access civil spaces to express political opinion — whethor those spaces be cyber’d, shopping mall’d, or public square’d. Yes, that means that Comcast, AT&T, Verizon, or whomever, cannot block port 25 or forbid the use of servers. Access to the internet will be instrumental to civil liberty in the future, as were postal service and free libraries in the past

dmiessler.com is a rather excellent web log of an information security consultant. He also has some clearly written, succinct articles, such as a primer on tcpdump, and another on firewalls.

Grimthing.com has one of the best write-ups I’ve seen on the relative merits of Photoshop vs. Gimp. Photoshop still beats Gimp for print-oriented production work, but Gimp already has 95% of Photoshop’s features, outstrips Photoshop in some areas, and is quickly gaining even those print capabilities that it once lacked, such as PANTONE and CMYK color tools.

I often feel less than confident in my ability to know when a server has been compromised. One can have a fairly good knowledge of the architecture of an operating system, but such knowledge is different from a forensic awareness. A forensic sense probably needs to be built by post-mortem examinations, so, to that end, I’ll be looking for reports such as this one from honeynet.org.

From a Linux Journal article, SSHFS: Super Easy File Access over SSH, here’s how to create and install a public/private key pair.

Basically, you generate the key pair, a public key is created for you, and you copy that public key to the remote machine’s ~/.ssh directory and append it to the authorized_keys2 file.

$ cd $HOME
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/matt/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/matt/.ssh/id_rsa.
Your public key has been saved in /home/matt/.ssh/id_rsa.pub.
The key fingerprint is:
fa:e7:7c:e1:cb:7b:66:8b:67:07:05:99:7f:05:b9:4a matt@myworkstation

[ copy the public key, id_rsa.pub to the remote box’s .ssh directory (login and create if needed), then append id_rsa.pub to authorized_keys2 on the remote box ]

$ mkdir .ssh
$ chmod 700 remotebox_home/.ssh
$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys
$ chmod 600 .ssh/authorized_keys

From here, another helpful set of instructions, aimed at setting up rsync via ssh:

A quick how to on rsync over ssh all automated using ssh keys. Authorized_keys2 is ssh 2 specific and newer openssh servers/clients can read both authorized_keys and authorized_keys2 files.

1. Make sure ssh and rsync are installed on both computers.

2. ssh-keygen -t dsa as root.

3. Choose a location other than /root/.ssh/id_dsa (ex. /root/.ssh/remotehost.id_dsa).

4. Enter a BLANK passphrase.

5. Write a file called config inside /root/.ssh/ with options like these:

Host remotehost
User root
Compression yes
Protocol 2
RSAAuthentication yes
StrictHostKeyChecking no
ForwardAgent yes
ForwardX11 yes
IdentityFile /root/.ssh/remotehost.id_dsa

6. Copy the /root/.ssh/remotehost.id_dsa.pub file and paste the file in or at the end of the remotehost’s /root/.ssh/authorized_keys2 file.

7. Test if you can login using ssh remotehost; if you can’t login, add the -v flag and check permissions for /root/.ssh on both computers (should be chmod 700 with the files inside the directory 600). Also, check the sshd_config file to see if root is permitted to login.

8. Now you can rsync a local directory onto the remotehost!

Here’s an example:

/usr/bin/rsync -e ssh -avzp –exclude “*.journal” –exclude “dnscache/” –exclude “dnscachex/” –delete /home remotehost:/var/backups/mycomputer/

… which will archive and mirror /home onto the remotehost’s /var/backups/mycomputer directory and keep all the permissions.

Slashes matter, this works for me though. Note that *.journal are the journal files on ext3 partitions and don’t need to be copied and the –delete flag can be omitted in case you want to keep old file that have been deleted archived on the remotehost side permenently.

9. Place the above command inside a shell script and place in /etc/cron.daily

I keep forgetting this, hence this note:

On my nxserver (openSuSE 10.1), the key that must be copied from the server to a client machine is located on the server in the directory /usr/NX/share/keys and is named server.id_dsa.key.

To add this key to an nxclient, open the nxclient application, click on ‘Configure’, click on ‘Key’, and paste the key.

One other note: the freenx server is not compatible with 2.x nxclients from nomachine, so it was necessary to use a 1.5x client.

Another note, about the above key: this was using nomachine key — custom keys might be stored in a different place.

I found all of this extremely confusing because there appear to be several locations on the server where nx keys are stored, and the client interface gives no indication of where keys might be found. One who sets up an nxserver and then a client is simply confronted with an ‘authentication failure’ message on first use of the client. Then begins a several hour search on the net for the location of the magical keys. Not that I find this frustrating. Nooooo. >**<

I was just subject to a rather thorough — breathtakingly so — round of bureaucratic incompetence by Laney College (Oakland, California). Me to Admissions and Records clerk: “Will I be able to get this today?” “Will it come back up?” “Can you take my payment, then, [and enter the data at a later time, and mail me a copy]?” No, No, No, Sorry.

Wow. What can you do?

But wait, there’s more. Earlier, I had visited the Laney College / Peralta Colleges web site to see if I could get a transcript, online hopefully — after all, I only wanted an unofficial transcript. This Peralta Coleges “Transcript Information” page filled me with hope. Especially the tantalizing “Click here to view your Unofficial Transcript.” Ok, so I click here, which takes me to a page entitled “Grades.” Warmer. But no transcript request form. Hmm. Wait…there is a link Click here for transcript information — so I Click Here once more. I am back where I started. WTF?

And these people have a Computer Science Department. Frightening. Oh, did you think that you might find a curriculum at that link? Let’s just say the Laney College CS web page is … spare. Guess they’re too busy working on their COBOL programs. Think I’m joking? Download the Laney College Catalog — true to form, it’s a very web unfriendly pdf: 2.79 MB.

Alrighty then. Back to our little conundrum. Oh! Stupid me! On that very hope inspiring Transcript Information page there is a link (”Transcript Request Form”) to page entitled “Peralta Colleges Transcript Request“. It’s a data entry form! Oh my, the wonder of the web! But wait: Complete this Transcript Request, print (using your browser), sign, date and mail (US mail) to the address below“.

That’s right: we bought all this fancy computer equipment and hired those $500 an hour web consultants so that we could have you print out the fucking form and snail mail it to us.

To add insult to injury, Laney / Peralta Colleges charges $10 per transcript request — even for unofficial transcripts. Guess they’re still paying off the web consultants.

Thanks to ceej for Fropen (sic) source community demographics, which points to an article entitled Open Source, Cold Shoulder. Ceej’s summary of the article:

As you know, Bob, there aren’t a lot of women writing software. It turns out there are even fewer women working on [open] source projects. The … article discusses this fact and engages in some speculation about why.

Experiences of Using PHP in Large Websites

The conclusion arrived at is that, in some circumstances at least, PHP’s tendency to create more problems than it solves makes it an inappropriate choice. However, we also recognise that there are some situations in which PHP is to be used. For those who find themselves in such situations, we use the experience gained from using PHP in a range of sites (including the geographic search engine Somewherenear.com and a multi-million-dollar e-commerce site in the canning industry) to offer some guidance on how best to deal with PHP’s deficiencies.

Personal computer monitor resolution trends and bandwidth trends. I should note that the site presents a view biased exclusively towards Microsoft products.

I posted on the issue of net neutrality in a classroom forum (for my Network Administration class at CCSF):

Doc Searls of Linux Journal wrote a column, “Saving theNet: How to Keep the Carriers from Flushing the Net Down the Tubes,”about this issue recently.

Searls is a strong advocate of the point of view that the main reasonfor the internet’s extreme malleability and explosive growth has beenthe abstraction of applications from the underlying networkinfrastructure. To use his term, the internet is a “stupid” network: thenetwork says nothing about what applications (the networks “endpoints”)can or should be. In contrast is the PSTN, of Ma Bell fame — thepenultimate example of a circuit switched “smart” network. Searlsargues that the telcos, owners of the PSTN, yearn to exert the kind ofcontrol over the internet that they have over the PSTN, and that theyare moving to reestablish their hegemony by arguing before the USCongress in favor of doing so.

What would this mean in a pratical sense for you and I? It would meanmuch less diversity on the application side, and little or no control,or ability to develop our own solutions. Think cell phones, where it isvirtually impossible — if not illegal — to control the software on thebox. Reverse engineering the software, even if only to build beneficialnew applications, is a violation of an agreement that you entered intoin order to get phone service. This closed, proprietary software worldis a fundamentally different development (and user) environment from theworld of tcp/ip, where standards are published and vetted openly in theform of RFCs.

This is a complicated issue, but it would behoove us not tounderestimate its implications. The outcome of the fight for control ofintellectual “property” in the form of patents and copyright onsoftware, in conjunction with the struggle for control of networkinfrastructure, may very well determine whether the “useful arts”continue to flourish in the U.S., or, conversely, as we’re alreadywitnessing in both the software and telecom world, the US slips intorelative obsolesence.

Another nicely done XML tutorial.

The W3C has a brief page that summarizes XML: XML in 10 Points.

Constructing a Document Type Definition (DTD) for XML looks like it might be a pretty good intro. to building XML DTDs (document type definitions).

AM weblogging:

Doc’s mention of an OPML editor

Wikipedia entry on OPML

XML Unlocks Information: How XML Accommodates Human-Authored Content

Hmmm, I need to find a deadly simple XML/XSL example; say, an address book or something. How about a search in Google using site:.edu xml xsl addressbook example. Ah, better, a few examples to work with.

sysadmin notes

AJFORM is an intriguing introductory toolkit for getting up and running with AJAX. Thanks to Ajax Info for the info.

I’ve been tweaking this page’s css / design a little more. My goal, and the goal of this site, is to learn how to use publishing tools, such as css, php, mysql, apache, linux, w3c standards, etc.

lynda.com seems like a pretty well put together tutorial site.

Hey, this is kind of fun: plumbing my contact sheets for material. I’ve definitely got to break the sidebar on this page out of the blog entry box, because when scaled to 800×600, entries with larger pictures float to beneath the sidebar, leaving a large baffling white space between headline and entry.

But I do like floating entry content. In web browsers one must drop the old rigid, graphic design based mentality in favor of recognizing that users have a great deal more control. ‘Tis fine by me. The trick is to find a balance between the design I’m aiming for, and the flexibility of browsers.

Oh, sorry about the quality of the photos in these test posts: they are from my contact sheet libraries, and have not been post-processed.

The pictures in this entry are from a trip to Huckleberry Botanic Preserve, Oakland, California.

Lorem ipsum et nam pertinax adversarium, suas perpetua no est, te sumo tritani vituperata ius.

Yes, still just messing around with css and layout issues. Lorem ipsem blah blah blah.

Lorem ipsum et nam pertinax adversarium, suas perpetua no est, te sumo tritani vituperata ius.

Best list of network analysis tools out there can be found at Insecure.org’s ‘Top 75 Network Security Tools’ page.

I’ve been exploring nbtscan, ntop, iptraf, tcpdump, ettercap and mrtg.