Roy's Techblog

I’ve been contemplating creating a hallway dashboard to replace the paper calendar and birthday list that hangs in the hallway. My wife’s not too thrilled by the idea, so I’ve got to make it look good, work well and be useful to be able to convince her it should get installed on the wall.

As one of its main functions will be as a Calendar and Events listing, I thought it would make sense to investigate the iCal server. It turns out that the underlying server is based on an open source project at Apple by the name of Darwin Calendar Server.

It has a fair number of dependencies… But they all looked pretty reasonable, so I decided to try it out on my household FreeBSD 6.0 server.

The requirements to make it run are:

1. Python 2.4
2. Zope Interface 3.1.0c1
3. PyXML 0.8.4
4. pyOpenSSL 0.6
5. python-dateutil-1.0
6. xattr 0.2 (Bob Ippolito’s implementation)
7. pysqlite 2.2.2
8. Twisted
9. vObject
10. PyKerberos
11. PyOpenDirectory

Many of these are already available as ports:

1. /usr/ports/lang/python
2. /usr/ports/www/zope3
3. /usr/ports/textproc/py-xml
4. /usr/ports/security/py-openssl
5. /usr/ports/devel/py-dateutil
6. Needs to be built manually. It also depends on a version of setuptools that is higher than the current port. Get and install setuptools 0.6c6. Once you’ve installed those, get and install xattr-0.4.
7. /usr/ports/databases/py-pysqlite22
8. /usr/ports/devel/py-twisted
9. /usr/ports/desktuil/py-vobject

The final two in the dependency list are available via the MacOS forge SVN server for Darwin Calendar Server. PyKerberos requires you have kerberos installed, but don’t need to have it configured. To get kerberos libraries on your FreeBSD system, install /usr/ports/security/krb5.

Next, create a directory to check out the calendar server into then:

svn co http://svn.calendarserver.org/repository/calendarserver/CalendarServer/trunk CalendarServer

You’re also going to need PyKerberos, but it won’t work as-is on FreeBSD. First we’ll fetch it to the current working directory:

svn co http://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk PyKerberos

Next you’re going to need to modify setup.py in PyKerberos slightly as well as fix the include path that is used for Python.h. First we’ll fix all the references:

perl -spi -e ’s{<Python/}{<};’ src/*

Next, add these two lines to setup.py just after the sources block:

library_dirs=['/usr/local/lib'],
include_dirs=['/usr/local/include'],

You’ll end up with a setup.py like this:

##

1. Copyright© 2006-2007 Apple Inc. All rights reserved. #
2. Licensed under the Apache License, Version 2.0 (the “License”);
3. you may not use this file except in compliance with the License.
4. You may obtain a copy of the License at #
5. http://www.apache.org/licenses/LICENSE-2.0 #
6. Unless required by applicable law or agreed to in writing, software
7. distributed under the License is distributed on an “AS IS” BASIS,
8. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9. See the License for the specific language governing permissions and
10. limitations under the License. #
11. DRI: Cyrus Daboo, cdaboo@apple.com ##

from distutils.core import setup, Extension
import sys
import commands

setup (
    name = "kerberos",
    version = "1.0",
    description = "Kerberos high-level interface",
    ext_modules = [
        Extension(
            "kerberos",
            extra_link_args = commands.getoutput("krb5-config --libs gssapi").split(),
            extra_compile_args = commands.getoutput("krb5-config --cflags gssapi").split(),
            sources = [
                "src/kerberos.c",
                "src/kerberosbasic.c",
                "src/kerberosgss.c",
                "src/base64.c" 
            ],
            library_dirs=['/usr/local/lib'],
            include_dirs=['/usr/local/include'],
        ),
    ],
)

Finally, we’re ready to attempt to fire up the server for the first time, as per the instructions on the quickstart page.

Here too, unfortunately, we run into portability problems. The run script uses /bin/bash. You’ll need to install the bash port if you haven’t already, and then either modify the run script, or fire it up manually:

bash ./run -s

This will build the kerberos library we modified in the previous steps, among other things.

Once the above works (no output), you’re ready to configure things. Before you can launch the server, though, you’ll need to fix:

CalendarServer/bin/caldavd
CalendarServer/run

to use /usr/local/bin/bash

Enjoy.

MVC here, MVC there, MVC everywhere.

MVC is all the rage lately. There are dozens of toolkits for PHP that implement MVC (and a ton of other stuff too).

I tried to try out two of them. The examples went awry early on in one way or another for the two I tried. So I started to wonder if I should bother with MVC.

This got me to reading a series of articles or blog posts:

• http://phplens.com/phpeverywhere/?q=node/view/143
• http://www.procata.com/blog/archives/2004/11/28/the-value-of-mvc/
• http://www.phpwact.org/pattern/model_view_controller
• http://www.askderekscruggs.com/mvc-and-php-fusebox.html etc.

The general feeling I’m getting from trying to try the PHP MVC Frameworks and from these articles is: PHP Frameworks implementing MVC are not mature yet. This lack of maturity is a concern for writing production grade code, especially where security is a major factor.

I’m going to try one more of these toolkits out, but for quality code, I think its probably best to avoid any extra baggage that these PHP toolkits provide: until it is mature, well tested, and secure.

The last few days at work, I’ve been investigating web templating systems and web application development frameworks.

My searching for solutions ran me across quite a number of possibilities for both of these, too many to list really. Instead, I’ll just refer you to this list of MVC frameworks for PHP. Perl has just as many, the foremost being Catalyst.

I still haven’t picked one. I’m going to map our typical application out a bit before I decide if an MVC model suits us. It probably does, but anything we use needs to be:

• simple
• maintainable / easily understood
• effective
• fast to code with

Because I’m not the only one touching the code here, the 1st two points are key to us.

Moving on to templates. There’s even more choices here than for frameworks! I’ve classified them into 3 groups:

1. embedded native code (eg Savant)
2. non-html markup (eg Smarty)
3. XHTML Markup (eg TAL such as ZPT or Petal or PHPTAL)

Right now, TAL looks the most promising because it looks like we can use it from PHP or Perl with the same template file. It also renders in the browser for testing, so creating them with any WYSIWG editor should work fine.

One of the things on my plate at work right now is our upcoming AGM and board of directors election. We’re going to redo the election software. One of the things I’d like to try to do while doing it is to create a level of user confidence in the system for those that care to be able to validate the results, somehow.

I have a number of ideas that will help with it, and some goals that we’d like to achieve, either this year or next year.

Firstly, there’s the matter of protecting the election results until the election is complete such that even the developers and system administrators cannot retreive the results, even under pressure to do so from superiors.

Secondly, I’d like to see it possible to validate that my vote is actually contained in the results, without the result data needing to be revealed.

Thirdly, I’d like to ultimately be able to seperate the voter identity from the voter. This isn’t likely to be something that we can do right away as there are circumstances in an electronic election that mandate the discarding of invalid votes by invalid voters. Nevertheless, I think this data can be protected using techniques to address the first issue.

So how do I propose dealing with each of these? For the first issue – encrypting data, I’m looking into some form of encryption scheme that follows these rules:

• The software may encrypt the data without the need to know the secrets to decrypt it (Asymmetric encryption).
• In order to decrypt the data, T of N people would need to provide their keys to the system, where T is less than or equal to N, but greater than 1 person. For example, 2 of 5 or 3 of 5 keys. The requirement that this not be all T keys is that people will forget keys, passwords, or both. In fact, passwording these key chunks is scary in and of itself if T is a significant portion of N.

Because of the nature of our election process, I forsee that each person will actually need to carry several keys for different pieces of data that need opening at different times. For simplicty for the user, I imagine the software will bundle these into a single unit containing all their keys, protected by a single password.

Right now, the most likely candidate for this T of N decryption key system is secret sharing, specifically ssss.

For the second issue – I haven’t yet reseached techniques to do this. What I have in mind is some form of digital signature and/or fingerprint system. The idea being that when you cast your ballot, you get back a fingerprint or signature. When the election is completed, a routine is performed (after decryption is performed by having sufficient keys provided) which counts the ballots and generates a signature or fingerprint which is published. This fingerprint or signature would have several purposes:

1. to verify the nulber of ballots cast and the number of votes for each candidate, without actually having the results file posted.
2. to verify that an individual ballot is contained in the results.

I believe that such a signature along with a published algorithm should be satisfactory, especially if the signature or fingerprint provided for their results can be used against the election results signature or fingerprint to verify it contains their ballot’s signature.

And finally, for the last issue – seperating, or at least protecting voter identity data… This one is trickier. I’m imagining a mechanism whereby the vote is stored in one “ballot box” (encrypted) along with a vote id, and then the voter identity and vote id are stored in another “ballot box” encrpyted with a different key (which is then shared). Although this doesn’t make the election anonymous, it does make it so the Returning Officer can remove voters if necessary.

Ideally, I’d like to see voters validate before an election, and then given a ballot with an identifier on it, like we do here for elections - but have the ballot’s identifier torn off just prior to storage in the ballot box. The identifier is kept seperately to confirm the vote happened, but the two are never stored together. Electronically, I can see this working if you have two seperate systems in place - voter identification and ballot casting. The only communication between the two would be from the voting system to verify if a ballot id is valid.

Anyhow, time to do some research into the signatures issue.