Account Management / Shared Secret Generator

Michael Titke michael.tiedtke at o2online.de
Sun Jun 14 18:29:41 UTC 2015 

On 14/06/2015 20:02, Matthew Paul Thomas wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael Titke wrote on 14/06/15 15:28:
>> On 14/06/2015 14:55, Matthew Paul Thomas wrote:
>>> ...
>>>
>>> None of this is to put you off, I'm just sketching a map of the
>>> terrain. If all you want to do is integrate your generator with
>>> what Ubuntu has right now, you could port it from Scheme to a
>>> language we ship, and add a new dialog to Seahorse ... but few
>>> people would notice. If you have a more substantial goal -- to
>>> noticeably improve the quality of Ubuntu users' Internet
>>> passwords, say -- the first thing I'd tackle would be the device
>>> syncing problem. That could help people who are using KeePass
>>> right now, as well as influencing the architecture of any parts
>>> of the problem you work on later.
>>>
>>> ...
>> First of all porting the algorithm is not enough because it
>> constitutes some kind of black box test of your deterministic
>> implementation of /random/. Second it's easier to port things to
>> Scheme with Parallel Objects (just try it with Racket for now)
>> than to bump my mind down to C level et al. Third: I'm just
>> throwing the seeds here ...
> I'm not a programmer, and I'm sure Scheme is just lovely, but I can
> see that you're getting a seed from /dev/urandom and mapping it into a
> string of random characters. Doing that in C might be nerve-wracking
> (since it's security-sensitive code), but I doubt more than a few
> hours work.
>
>> If it isn't enough to communicate the idea to the open source
>> world then probably it's not worth changing one dozen toolkits,
>> applications etc.
> Open source is not magic. In open source just as in closed source,
> ideas are cheap, code is expensive, organization is priceless. As I
> outlined, improving the quality of Ubuntu users' passwords would
> require a lot of organization. That doesn't mean it isn't worth doing.

Yep if not that Scheme is cheap code if not for a working scheme to 
implement. ;-)


>> This time there even is a reference implementation but what about
>> your users: IMHO open source means to open a text file to change
>> the behavior of a program (which resembles the descriptions of LISP
>> machines) whereas others think it as "managing" a community to do
>> the work o to not provide easy to compile source packages etc.
> Open source is a license to redistribute, not a license to configure
> or a license to direct other people's work.

In my world licenses are part of a realm (or domain) of elite and 
wannabes who all need to take a break from enforcing and forcing. What 
still does count on the other side anyway is the intention of the 
author. Open Source is reality when I can load a mischiefed library file 
into Dr. Racket - change it, save it and click run to see my program 
work as expected. (Right now I'm still downloading the build 
dependencies of Chromium B.S.U just to fix the frame rate to Hollywood 
standard and enhance it with a god mode. It's a matter of hours and not 
minutes because of compilation and uninstalled sources or build 
dependencies. Just to fix it, recompile it, play it and forget it like 
all the others.)


>> The next step isn't GTK, GNUstep - but it should be something where
>> is system startup boils down to a maximum of 500 lines of System
>> Scheme.
> That depends on your objective. Do you want to provide a password
> generator that a non-trivial number of Ubuntu users will use? Or do
> you want to write an OS in Scheme? Both are fascinating objectives,
> but only one of them is relevant to this mailing list.
>

My objective was to replace some missing piece of my work flow: the 
password generator. And then I wanted to share it - just call it 
marketing which is a little bit like gardening.

There is no plan on my side to write a Scheme Operating System (SOS) 
from scratch like others tried. It's about capturing current practice of 
programming in terse syntax forms to provide System Scheme and Parallel 
Objects. If Ubuntu is not about an OS for human beings anymore (it 
isn't) my gardening work is done here. :-)

More information about the Ubuntu-devel-discuss mailing list