The city’s central computer told you? R2D2, you know better than to trust a strange computer! – C-3PO

A thorough paper on Secure String Interpolation in Javascript.

The complexity and cost that is Windows Vista content protection. I am stunned at the complexity, and the fact that Microsoft can turn off drivers worldwide as needed.

I usually don’t pay much heed to the such-and-such-sucks threads, but I’ve seen a lot about Ruby is rotting and Php security sucks (because some guru left) this week. Oddly, both languages still seem to work for me. I think the blogsphere is way too caffeinated.

Today’s daily tinfoil, How NSA Access Was Built Into Windows. Do people really need a reason to switch?

Richard Stallman Gets in Trouble with UN Security for Wearing a Tin-Foil Hat, right from the mouth of Bruce Perens.

The Costco Challenge: An Alternative to Wal-Martization?
“When companies like Wal-Mart are setting the standard, we have to ask: Do we want to live in a country where the largest employer pays below poverty-level wages, whose workers cannot afford health care?” says Paul Blank, chief spokesperson of Wake Up Wal-Mart, the United Food and Commercial Workers’ new campaign to change the company’s practices. “Or do we want Americans to enjoy a decent income and a sense of security in return for their work?”

I’ve been struggling with how to approach authentication for bender’s interface. The main problem is that the agents use transports that aren’t condusive to authentication (like IRC). As well, the eventing back-end doesn’t really allow for a coupled authenticated/encrypted layer (like SSH), as the framework doesn’t easily allow for session management.

As with any feature, it is worth understaning why it is needed. What is the underlying purpose of authentication? It’s funny what happens when you slice and dice requirements, the process tends to simplify and clarify.

How is authentication useful for a blogging system?

• Prevent graffiti or garbage content from being posted to the system.
• Prevent users from posting content posing as other users of the system.
• Prevent real damage to other users’ systems, or the hosting systems by disallowing any sort of viral or trojan code from being passed through the system.
• Prevent database damage to the hosting system(s) by disallowing most users from access to administrative tools or exploits that would allow damage to be done.

The only scenario that requires any authentication-based security is the administrative functionality, which simplifies the problem greatly. Now, the user-agents can be designed for ease-of-use (and not session management).

Based on this line of thought, the agents will accept content from users without challanging for credentials. The back-end will apply heuristics to validate the content and user, similar to bayesian filtering as used in Mozilla mail. The posted content will be further scrutinized to filter known server/browser exploits. All that remains is to authenticate sessions for access to the administrative tools, a subset of the overall functionality.

The really nice thing about understanding how and where security is needed is that it allows the user-interactions to be improved. Now users of the bender-blogging system will not have to login to submit posts. A simple optimisation, but one that has proved (so far) to be an incredible improvement in usability.

My time away from this blasted machine has been a good thing. While it has only been a few days, it reminded me that there is more to life than pointless surfing and sarcastic banter. I spent the down-time relaxing, reading, and remembering how much practice it takes to become good at anything.

Speaking of real life, I prepared several dozen linocut printing plates on the weekend. The preparation is a zen-like activity, not really a means to an end. You can buy art-grade stuff to avoid the grunt-work, but I actually enjoy the process. And, ages ago I bought a roll (3 meters) of real-live linoleum flooring at an auction, which means I’ll use it even if it kills me. The commercial art stuff, in comparison, is thicker, softer, and is backed with burlap to hold it together (read: easier to use). I prefer the less-traveled road, though, as the trip is really what it’s about.

The preparation is simple: flatten and back the linoleum with something washable. For the backing, I’ve been using old T-shirts and contact cement (three of my fingers are glued together as I type). To flatten, I prefer gravity, time, and mass (5 kilos of popcorn seeds today).

There is really nothing like preparing every aspect of something. It’s like writing your own software libraries — you get exacltly what you want — it just takes longer. The activity of preparing the groundwork provides a sense of ownership and security — and complete customization. Plus, there is much to be learned from the effort. And, learning is good.

Print-making is really my favorite form of artistic expression. It’s organic, entertaining, and something that I don’t butcher every time I attempt it. It takes long enough that I have to think out the design before committing to a plate. The process is tedious enough that I am forced to work at a zen-like speed — as there is no sense in rushing knife work. And, the effort gets more interesting in the second stage, when I can start playing with inking and printing. I spend as much time messing around in the print stage as I do carving the plates — which makes it twice the fun. It is like generic programming, where the big win is in the re-use.

I also spent some time reminding myself how watercolours work. I failed at in my first few attempts — so I resorted to practicing basic skills. It seems that I forgot that black has to be watered down many times more than most colours. Failing to remember this left my paintings with a sad, whore-like quality. I later found a few mild successes, like the foliage on the left … but I really have a long ways to go. I’ll take a few small victories when I can get them though — and will practice regularly over the next several months. Perhaps I’ll attempt painting something larger than my thumb when I know it won’t suck ;-)

I’ve been pondering what I’ll carve for my next set of plates. I was considering a multi-plate nature thing, for the colour possibilities … but my sketches were frustrating (painting them failed). I played around with a few pattern sketches instead (right) — something I fall back on when nothing real is working. The patterns hold a lot of promise actually. I might try a 2 colour set of pattern plates — and attempt some colour variations (to learn from). If nothing else, a complex pattern will be challenging to carve.

The real world is too much fun.