[9fans] Re: factotum

[9fans] Re: factotum

[Russ Cox]

sah asks:

> About a year ago you gave me a magic incantation
> for cpurc that would set up a key in none's factotum
> so that httpds calls would find it:
>
> 	auth/factotum -s factotum.httpd -n -m /n/kremvax -o none
> 	auth/secretpem /usr/web/lib/key.pem
> 	unmount /n/kremvax

This functionality, which didn't actually work right anyway,
has been replaced by the owner= tag on keys, which works well.
Add the key to your normal factotum key ring, with
the tag owner=none.  Note also that auth/secretpem
is no more (see rsa(8)).

We don't need to run TLS services as bootes anymore.

> I'm getting a usage error from factotum and it appears
> that while the manpage states -o is valid,
> /sys/src/cmd/auth/factotum/fs.c:/ARGBEGIN behaves
> otherwise.

I just fixed the man page.  It already described the
owner= tag but I'd forgotten to remove the -o text.

Re: [9fans] Re: factotum

[Sam]

I'm still trying to figure out how to set
up https on my cpu server using the newer
rsa(8) and factotum.  I'm trying to come
up to speed on the https mechanism, so please
bear with my perhaps misguided questions.

I replaced the prior magic with:

echo `{auth/rsagen -b 1024} 'service=https owner=none' >/mnt/factotum/ctl

which gives me:

echo: write error: unknown proto rsa

Since I don't get the same interaction on the terminal,
I guess my cpu kernel is out of date?  Looking in
/sys/src/9/pc I see there's now a pcauth for CONF.
Which one do I want - pcauth, or pccpu?  Is pccpu
now for non-authenticating cpus?  Why does it matter?

Any tips would be quite appreciated.

Cheers,

Sam

On Fri, 16 May 2003, Russ Cox wrote:

> sah asks:
>
> > About a year ago you gave me a magic incantation
> > for cpurc that would set up a key in none's factotum
> > so that httpds calls would find it:
> >
> > 	auth/factotum -s factotum.httpd -n -m /n/kremvax -o none
> > 	auth/secretpem /usr/web/lib/key.pem
> > 	unmount /n/kremvax
>
> This functionality, which didn't actually work right anyway,
> has been replaced by the owner= tag on keys, which works well.
> Add the key to your normal factotum key ring, with
> the tag owner=none.  Note also that auth/secretpem
> is no more (see rsa(8)).
>
> We don't need to run TLS services as bootes anymore.
>
> > I'm getting a usage error from factotum and it appears
> > that while the manpage states -o is valid,
> > /sys/src/cmd/auth/factotum/fs.c:/ARGBEGIN behaves
> > otherwise.
>
> I just fixed the man page.  It already described the
> owner= tag but I'd forgotten to remove the -o text.
>

Re: [9fans] Re: factotum

[Sam]

Sam,

RTFEFTM. (examples from the manpage)

ok, i figured someone should say it.

Any docs to explain pcauth vs. pccpu?

Sam

Re: [9fans] Re: factotum

[northern snowfall]

>
>
>Any docs to explain pcauth vs. pccpu?
>
No docs needed, really. The only difference
is the kernel configuration file. An auth
server should take its root from a local
drive, helping to solidify its security.
Network protocols should be limited only to
ones needed for incoming auth requests.
Finally, unlike a standard CPU, windowing
functionality is generally allowed, in
order to help the user administrate and
manage accounts, etc.
Aside from the above, there really is
no difference between an auth server and
a cpu server. I always use an old, but
stable, machine with a local disk. I skip
the windowing capability, however, to
minimize CPU/RAM usage.
Don
(drinkin drinks and lookin at a thing in
a /usr/snowfall/bag)

[9fans] Hangar 18 Weekly Social - May 22, 2003

[Jim Choate]

Asymmetric Clustering...

          Distributed Name Space...

                    Global Sign-on...

                              Guerrilla Networking...

                                        Open Source Technology...

Do these words make your heart beat faster and your breath go shallow?
If so then perhaps you should become involved with Hangar 18. We are
a tit-for-tat group of computer hobbyist of a wide range of skills
intent on building the next computing infra-structure using Open Source
technology. We don't focus on any one form of technology but instead
focus on real world applications in grid or large scale distributed
computing.


Time:                May 22, 2003
                     Every Thursday, excluding national holidays
                     7:00 - 9:00 pm (or later)
                     http://open-forge.org

Location:            We'll be meeting this week at the Austin Robot
                     Group again. If you'd like to come then please
                     contact the Robot Group for directions.

                     http://robotgroup.net

                     The location varies from week to week so be sure
                     to check with an active Hangar 18 member (or
                     join the mailing list!) for more information.

Identification:      We'll be the group with the Plan 9 OS box on the
                     table...;)

ps Rob and I had lunch today at the Filling Station and they have ethernet
and possibly wireless (we saw the antenna but nobody there knew where it
went ;) for us to access. So, we'll probably begin to include socials at
this location as well.

pss With regard to Buffalo Billiards, we're looking at having the social
sometime the first half of June. Any objections?


 --
    ____________________________________________________________________

      We are all interested in the future for that is where you and I
      are going to spend the rest of our lives.

                              Criswell, "Plan 9 from Outer Space"

      ravage@ssz.com                            jchoate@open-forge.org
      www.ssz.com                               www.open-forge.org
    --------------------------------------------------------------------

Re: [9fans] Hangar 18 Weekly Social - May 22, 2003

[boyd, rounin]

> I gotta know... what is a "tit-for-tat" computer group.

sounds like they'd like the former but never deliver the latter ...

[9fans] What is TFT? (was: Hangar 18 Weekly Social - May 22, 2003)

[Jim Choate]

On Sun, 18 May 2003, northern snowfall wrote:

> >We are
> >a tit-for-tat group of computer hobbyist of a wide range of skills
> >intent on building the next computing infra-structure using Open Source
> >technology.
> >
> I gotta know... what is a "tit-for-tat" computer group. Not to
> sound potentially condescending, I really want to know.

Tit For Tat (TFT) is a strategy from game theory. It is considered one of
the strongest approaches to resolving situations where two or more parties
must decide via a 'iterated prisoners dilemma' what to do on the next
turn. There are several variants.

In short, it means you get to use my stuff because I get to use your
stuff. You abuse it you get dropped like a hot potato. At least for the SSZ
and Open Forge site we capture all traffic over the network via sniffer
and can review it for any strangeness. Another technique we use is that we
export our namespace resources read only, except in very special cases to
particular individuals or node operators.

We couple this with a 'small worlds' network approach; the number of
connections per node is limited to ln(number of nodes). Which has some
very strong characteristics, though it does have the weakness of getting
it off the ground. It's a network application of the 'Kevin Bacon Game' or
the 'Six Degrees of Seperation' theory. Studies of the Internet indicate
that it's degree of freedom with respect to small world networks is
somewhere between 17 and 21. This means that no two sites are farther away
than that many hops (which takes us into spanning tree theories from
graph theory).

The utility of the small world model with respect to 'next neighbor' in
the network is that you probably know that person as something other than
a stranger. So there is a two fold factor being used: familiarity breeds
trust, and it makes it reasonably easy to back track problems. An
additional feature is that in tests small world networks seem to exhibit
the least amount of congestion under heavy load.

You will find several references on the Hangar 18 website to books that
discuss these topics. A visit to Google will also turn up quite a few hits
on these topics. I can particularly suggest the arXiv repository
(eg xyz.lanl.gov).

I sent out a 'suggested reading' list this morning to several of the lists
and one of these goes into TFT with applications to animal cooperation to
some degree. It's not on the H18 list. The book was,

Cooperation Among Animals - An Evolutionary Approach
L.A. Dugatkin
ISBN 0-19-508621-x

If you want to learn more than get some books on game theory, graph
theory, and network theory. A book on psychology and group cooperation can
be usefull as well.

Ta ta.


 --
    ____________________________________________________________________

      We are all interested in the future for that is where you and I
      are going to spend the rest of our lives.

                              Criswell, "Plan 9 from Outer Space"

      ravage@ssz.com                            jchoate@open-forge.org
      www.ssz.com                               www.open-forge.org
    --------------------------------------------------------------------

[9fans] anybody put nvram onto Sony VAIO memort stick?

[boyd, rounin]

i seem to have 128Mb of the stuff, but the subject says it all.

Re: [9fans] Hangar 18 Weekly Social - May 22, 2003

[northern snowfall]

>
>
>We are
>a tit-for-tat group of computer hobbyist of a wide range of skills
>intent on building the next computing infra-structure using Open Source
>technology.
>
I gotta know... what is a "tit-for-tat" computer group. Not to
sound potentially condescending, I really want to know.