Archive for December, 2006

PKI, Keygen Tag and SPKAC

Posted in Uncategorized on December 27th, 2006 by Bergo

Infocults “And the Web passed by this HTML” article mentioned the website, in particular the little gem Keygen which is an obscure little tag I have used over the years.

What’s this Keygen tag used for?

It generates a Public and Private key to be signed into a digital certificate by a CA (Certificate Authority). This is used with PKI (Public Key Infrastructure deployments).

The keygen tag is used as a form element which is submitted to a server CGI, Servlet etc which should then knows how to process this SPKAC (Signed Public Key And Challenge). This is used in Netscape, Mozilla, Firefox and Lotus Notes browsers. Internet explorer utilises an Active X control to generate a key pair (although it generates a PKCS 10).

OpenSSL have an SPKAC utility , which although I haven’t used would be able to parse the result of the keygen form tag.

Although a comment on the MetaFilter site says that keygen is obsolete, it’s still alive and kicking. I don’t know of any other way through a web page to get Non IE browser (Firefox, Lotus Notes, etc) to generate a key pair. VeriSign use this extensively for non IE browser.

Yes it’s obscure, I have been using Keygen for the last 6.5 years ! It’s just a very specific HTML security function that 99.99% of people would not use.

[Over]Hyping the Web 3.0

Posted in Uncategorized on December 26th, 2006 by Bergo

Web 2.0 is overhyped. But someone else is already exagerating a bad meme. Let’s kill off Web 3.0 as a bad idea before it starts.

Humans create information for consumption (ultimately) by humans.
Often ourselves as an individual, and likely within a community of interest (e.g. work – process and product, hobby – model trains, profession – programmers).

My weekly subscription to the Kurzweil Newsletter contained a The Third-Generation Web is Coming article.

Web 3.0, expected to debut in 2007, will be more connected, open, and intelligent, with semantic Web technologies, distributed databases, natural language processing, machine learning, machine reasoning, and autonomous agents.

The marketing engine has taken a hold again.

For me all the technologies of Web 2.0 had been maturing over time, and weren’t a magic new toolkit. The interactivity from Javascript libraries was around ten years ago (some of it), but now had libraries instead of everyone’s home grown library. Yes the AJAX is useful, but the technology just has a name … those features had been there before, sometimes for years.

So who cares about Web 3.0?

For some reason people want to name things. Our use of the internet and the technologies that provide it are evolving.

I find it interesting that after approximately 37 years of the internet (ARPANet in 1968), 16 years of the web (Tim Berners Lee created HTTP in ~ 1990), apparently Web 2.0 in 1994 someone thinks they are improving things by naming the next wave.

I think the naming in retrospect works best .. that is, name something that people have been doing something for a few years. Even Web 2.0 is a little bit too marketing speak for my liking. Basically some technologies have increased interactivity in websites, and everyone got over static content. So the emerging (perhaps even group learning) has led to explosion of social networking sites and collaborative creations (Linux, Wikipedia, Firefox, et all).

So is it Web 2.0 (or 3.0)? – No, it’s just improved information sharing and collaboration

It’s really about pushing information around, and most of the time the information is consumed by people.

The promise of Strong Artificial Intelligence is still a pipe dream. Any semantic information will still only be an summary of the full piece of information. Will the semantic web actually help? What will machines do with this information?

Clay Shirky has a great piece on Ontoligies are Overrated. This is well worth the read, and I think he nails “IT”. Ideas and Memes emerge over time. From the social bookmarking of information side, if enough people from beginner to expert tag an item over time, we will find a pattern that emerges. This may be what terms are used over time (say a few years) but also synonyms or alternative descriptors. (e.g. Apple, Mac, OS X, etc or Firefox, Browser, Browsing, opensource). This collaborative cataloging will most probably be more effective that single individuals creating ontologies that will quickly become outdated or irrelevant. Perhaps machines can use this tagging information to linguistically analyse the content of the original source.

The problem is this kind of buzz flies around blogs too much and too quickly.

The internet and web is about information sharing and transmission. People are forgetting that the “I” in “IT” is Information. That’s what the web is about, making it easier to share.

This promise of a semantic web pops up now and then, but we need to ask – “Who creates the semantic content?” Algorithms, Humans or both? How is it updated and who’s using the information?

Talking about these terms is meaningless. Do you think art periods had artists saying we’re in an impressionist stage, let’s call next year the revisionists? No.

Those who make a difference focus on task and function – Not on what it’s called.

Ruby and MySQL lost connection weirdness

Posted in Uncategorized on December 21st, 2006 by Bergo

I had a bit of grief with a rails application connecting to a MySQL 4.1 DB.

I shared my insight over at MySQL+Database+access+problem on the Ruby on Rails Wiki.

Here’s what the error was and my solution is.

Lost connection to MySQL server during query was the error I was encountering.

Someone above mentioned passwords, and this was the cause for us.

Our development environment was not using a password to authenticate to a MySQL 4.1 installation. There were many explanations for ”lost connection” on the mysql site, but none that really it came down to passwords as others had mentioned.

In the /etc/my.cnf comment out the old password line:


Then I changed the password again

mysql> set password for ‘bergo’@'localhost’ = password(‘WHATEVER’);

BTW – that’s not really my DB user …

Using the OLD_PASSWORD mysql command did not seem to work either.

Changing the database.yaml to user/password combo and it all worked a treat.

If you need old passwords I’m not sure what the solution is for you.

A little config gotcha .. no reason for us to be worried about old_passwords at all, it was a green fields app, but this is the way it’s installed by default. Strange though, MySQL admin had no trouble connecting under either configuration .. possible it tries both.