Tom Marble's Blog

Check out:

See also all posts, comments and the tag cloud.



Yesterday I had a blast presenting my talk Security not by chance: the AltusMetrum hardware true random number generator at DebConf14.

DebConf 14

USB TRNG is a collaborative effort with AltusMetrum to create a completely open hardware and Free software true random number generator.

In my talk I mention the rationale for gathering more entropy: The Linux urandom boot-time entropy hole as described in the paper Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.

I also mention some of the difficulty in assessing RNG quality for security applications as highlighted by Matthew Green in his blog post How do you know if an RNG is working?.

I've been lucky to work on this design with Bdale Garbee and Keith Packard.

If you'd like to learn more you can...

  • Download the presentation (see below)
  • Check out the web page for USB TRNG
  • Join us on IRC OFTC #altusmetrum
  • Join the trng mailing list

Let me know if you'd like to get involved!


10000 Processes in Om

10,000 Processes in Om

I have just published om-processes which is a port of David Nolen's 10,000 Processes in Clojurescript to Om.

Clojurescript is a port of Clojure to JavaScript which is especially well suited for running in a browser. Just as Clojure offers a pleasant LISP on the JVM Clojurescript offers (nearly the same) LISP in the browser. The performance of Clojurescript is outstanding due to the massive optimizations available from the Google Closure compiler.

JavaScript, however, has some fundamental flaws... Top among these are it is single threaded which leads to an asynchronous callback style of "event programming". Clojure's core.async offers a solution in the form of CSP style programming. Using core.async one can think about coding in a more intuitive way.

In 10,000 Processes Nolen demonstrates using core.async to simulate independent "threads" despite the fact that the underlying platform has no native support for threads.

In Om Nolen leverages Facebook's React to create a high performance, immutable model for client programming.

The technical study om-processes is simply the fusion of all these ideas into one demonstration. Who knew web development could be so much fun!

Is this thing still on

Is this thing still on?

This is just a test of posting to my blog.. it's been too long...

And, since I upgraded my VPS I realize the dates/ordering of posts was lost :(

I'll try to remedy this!

Legal Issues at FOSDEM 2014

Legal Issues at FOSDEM 2014

I'm very pleased to announce the Call For Participation for the FOSDEM 2014 Legal Issues DevRoom.

This is the third year that I've been lucky enough to collaborate with some leading practitioners of Free Software and Open Source licensing and community leadership to organize this intense event on the topic of what makes FLOSS possible and what are the key issues facing FLOSS today. I'm joined by my friends Karen Sandler, Bradley Kuhn, and Richard Fontana.

I have been fascinated by the intersection of law and technology because it is the clever use of copyright that makes Free, Libre and Open Source Software possible. We hope to stimulate discussion on topics such as:

  • Copyleft vs. permissive licensing: What is a policy case for copyleft? If so what form should it take?
  • How is software freedom important in ensuring privacy and security?
  • What defines a Free Software and/or Open Source project?
  • Do traditional Free Software values face some level of cooption from for-profit corporate interest? If so, how?
  • Copyleft licensing models and how they relate to business models. Are there some business models that are license-permissible but bad for community building? On the other side, does your license choice limit or expand your community?
  • Eroding software freedom in the proliferation of closed computing devices such as mobile phones and tablets
  • Copyleft enforcement and compliance planning from a developer perspective. What is the future of GPL enforcement? Is it working?
  • What is its impact on adoption of copyleft?
  • How does the 'so-called' software patent war impact Free Software and Open Source?
  • Copyleft license compatibility. What are the challenges of code base merges when various licenses are in use? How does a compatibility analysis between licenses work?

Please submit your talk idea before December 1st and plan to join us in Brussels on February 1st and 2nd!


ClojureBridge Minnesota

ClojureBridge Minnesota

Of course the weather being what it is -- winter came in with a bang -- our turnout last night at was light....


But we had a small, enthusiastic group that discussed the recent Clojure Conj by editorializing the fine blog bost by Logan Linn.

We also introduced the ClojureBridge effort to the group and everyone sees nice synergy between this and our recent success in November with "beginner's night" (which we plan to repeat every other meeting).

As a software development consultant I often co-work at CoCoMSP -- a melting pot of entrepreneurial energy. I have introduced the idea of hosting ClojureBridge at CoCoMSP with the founders and they are considering it (fingers crossed)!

Now we need to recruit more volunteers to help organize our local ClojureBridge Minnesota workshop next spring!

Ask me how you can help!


You are going to find yourself immersed in legal issues

You are going to find yourself immersed in legal issues

The title of this blog post is a quote from Karen in the most recent Free as in Freedom oggcast

FAIF 0x1E:
Legal issues are an inherent part of Free and open source software generally. If you get passionate about Free and open source software you are going to find yourself immersed in legal issues. It's something I think developers are really aware of... much more so than in other fields.

I consider myself to be very passionate about FLOSS and I care about the it's legal underpinnings because I see the enormous potential good FLOSS can bring to addressing the big challenges facing the planet. Continuing to enjoy the right to engage in FLOSS depends on the legal terrain which makes it possible.

We have seen the excesses of copyright maximalists in Free Culture and the damaging impact they can have. The SOPA (PIPA) debates are simply the latest chapter in that saga. Lessig points out that, at least in the USA, we will never win that war until we win the war against corruption of our Republic. We must strike the root of the problem in addition to the branches. I say we must remain vigilant about the branches as well.

FLOSS is another branch which is as important as Free Culture. Understanding that FLOSS is possible due a hack on copyright underscores how critical it is for developers to be aware of the legal environment in which their creativity can thrive. And the escalating software patent war -- especially in Java and mobile -- has had a chilling effect on innovation.

One the strengths (can we think in terms of countermeasures?) of our community is that we function out of basic principles of transparency and respect. The traditions in FLOSS like the traditions in the early open Internet form a culture of true innovation where working code drives collaboration and makes it possible to "stand on the shoulders of giants". Fontana has talked about this lex mercatoria in Free Software as an essential part of understanding the context of legal issues in FLOSS. I hope he will expand on this in his new blog.

I am optimistic that if we combine our brainpower to protect FLOSS as we do to create awesome software we can enable new kinds of working together which other fields will emulate. I can't wait to explore the frontier of the future possible.

Listen to the oggcast introduction [4:25..12:55] (at least) to hear Karen and Bradley discuss the upcoming Legal Issues DevRoom at FOSDEM 2012. The Legal Issues DevRoom Call For Participation closes on December 30 -- please consider submitting a talk today!

second post

This is the second post to this example blog.

Testing 4 5 6...

Setting Up MediaGoblin

Setting Up MediaGoblin

This is a very quick and dirty post to document my basic MediaGoblin setup. Realize my snapshot of the software is from early September (is in serious need of updating!). This certainly does not represent anything close to MediaGoblin best practice, but I hope it will be useful.

I'm running on Debian Wheezy with Apache2. Here are the critical config files:

Yes, this python virtualenv thing is wonky. I tried to root MediaGoblin at URI underneath / (e.g. without success (MediaGoblin really wants a virtual host, thus I hope to post an update when I've refreshed my MediaGoblin install!

Clojure Designed For Performance

Clojure: Designed for Performance

Yesterday I blogged about my LCA talk Crowdsourcing Upstream Refactoring. Today I gave my a talk on Clojure and performance at Linux Conf Australia 2013.


I mixed giving an overview of why I think Clojure offers the advantages of Common Lisp and Java without the disadvantages of either along with live coding on the REPL. There were several great questions and I am really pleased that many delegates told me that the were going to give Clojure a close look!

Later this evening we have the Emacs BOF and I know I'll find a number of friendly eLisp hackers.

If you have a chance to attend LCA I would highly recommended it... This is among the best organized conferences I've attended and comprises a fantastic group of enthusiastic contributors.

Below you will find links to the presentation. Very soon the video of this talks (and all the talks) will be available.


Two DevRooms for FOSDEM 2012

Two DevRooms for FOSDEM 2012

I am really excited to be part of two DevRooms for FOSDEM 2012: Free Java and Legal Issues.

I first participated in the Free Java DevRoom in 2007 just after Sun announced the liberation of Java. This was an amazing time to be able to represent Sun and meet the developers who had actively sought open source Java for so many years. Just after FOSDEM 2008 I left Sun, but I got involved in the the Free Java DevRoom again last year and had a blast. From the interest so far I suspect we will have even more great speakers this year!

Having been part of Sun's team that navigated tricky copyright, patent and trademark issues in publishing OpenJDK I cultivated an appreciation and fascination for the legal frameworks that make FLOSS possible. The obvious success and growth of software in our everyday lives makes the vitality of software freedom a huge concern. This year "legal geeks" will be thrilled to learn that we have just proposed a new Legal Issues DevRoom for FOSDEM. This is a "Saturday Only" DevRoom which will culminate in a one hour interactive panel with all our speakers.

Of course the big challenge with FOSDEM is there are far too many DevRooms to go to at the same time. I apologize in advance for making your decisions even trickier! I can assure you that the FOSDEM "hallway track" will be better than ever....

So please check out the CFP's for each DevRoom and submit a talk idea or share the pointer with someone who would be a great speaker.



This blog is powered by ikiwiki