November 8th, 2003


Secure discovery of community intersections

It's too late, so my mind is only halfway putting this all together...

Say I'm a member of LiveJournal, and I'm also a member of secret community foo. Now, "foo" may be a community on LJ or any other site, or maybe not even a site at all. Maybe it's the KKK or drug smuggling ring. Whatever. Foo's a secret. But for simplicity at the moment, let's assume foo has a server that will play along with us.

The question is: how do I, as a member of two communites, discover people that are also in those two communities, without either community publishing their user registries, without letting either site have the full list of each other's users, and without the mechanism revealing any information to 3rd parties? (that is, people not a member of both communities)

Both sites can cooperate in the scheme, use crypto, etc. Also assume users want to be discovered. Or they could opt-in/-out of the discovery process. Also assume at least one of the communities has a relatively high barrier-to-entry, so you don't have to worry about people joining communities just to gain access, then leaving immediately.

I'm not looking for an answer that returns the results in one fell-swoop. Instead, imagine interating over your LJ friends and for each, asking foo's server (or the user's server/public file) whether LJ friend is in foo. Foo might then contact LJ, asking if Foo has permission to answer user's request, validating that user is in fact part of LJ as well. Servers should validate each other. Servers should validate users. Users can use the same unique identifer (email, public key) on both sites, OR supply the other sites with the identifier they used for other communities, ideally encrypted in a form unuseable by each other. (that is, LJ would have user bob's foo identifer, but encrypted... only foo could recognize it or query for it.)


No to Belkin

Holy crap:

And yeah, I know this has been linked elsewhere, but I must do my part in spreading this news so nobody buys any more Belkin products.

We need open-source hardware designs. Then some manufacturers who just sell nice plastic cases for things.... "kits". Or pre-constructed kits with manuals, too. With Linux running on tons of little inexpensive FPGAs and stuff, it seems plausible at least.

But I guess the market should adjust too, right? I mean, people are dumb and tolerant, but only to a certain extent. It should bite Belkin in the ass. One would hope. There should always be a cool company out there, not doing the jack-ass thing... ?

Socket 462 vs. Socket 370

I ordered a Socket 370 heatsink and received a Socket 462 model.

Are the form factors the same?

The vendor's website says it works with both, and I received the correct part number, but the packaging only lists 462, not 370.