Google Talk XMPP Throttle Update Frequencies

The update frequencies for sending XMPP packets into talk.google.com as for Google Talk and AppEngine XMPP applications are determined by a throttle.

As of this writing, maximal message throughput frequency is once in ten seconds. This frequency is determined over ten messages by an averaging calculation.

Exceeding this frequency will result in an XMPP CANCEL error which is not recoverable. The CANCEL event should be followed by a disconnection, and then a fifty second pause before reconnecting.

As XMPP is the continuous stream for AppEngine, it's a nice fit for a number of applications.

Java code signing setup with keytool

Here's a funny little process that needs some code and documentation.

The Certificate Authority (CA) that I like is StartCom. They want a 2048 bit RSA key with SHA1 hashing. The java keytool won't generate such a key, so the following process is necessary to create a code signing key via StartCom.

Create new key

The process

openssl req -newkey rsa:2048 -new -out somename.csr

will create "prikey.pem" and "somename.csr" after asking for X.500 DName info.

Send CSR

Send your CSR to a CA for signing. This process is fairly involved as the CA goes through its identity resolution process for issuing a Code Signing Certificate.

Received Signed

Receive your signed certificate from the CA, for example "signed.pem".

Convert PEM files to DER files

openssl pkcs8 -topk8 -nocrypt -in prikey.pem -out prikey.der
openssl x509 -in singed.pem -out signed.der

These forms depend on the filename extensions "pem" and "der" on these files. Otherwise employ the "-inform pem" and "-outform der" options.

Import Key and Signed

The source file is ImportKey.java, with a binary alongside it at ImportKey.class. Drop the binary into your key processing folder, open a command line terminal, change into that folder, and run

java ImportKey --help

to test your environment.

To perform the import into your key store (for jar signing), run the following in the folder containing all of these files, including ImportKey.class.

java ImportKey -prikey prikey.der -signed signed.der -alias prikey -storepass ${keystorepass}

Refer to the ImportKey "help" for additional options like key pass or store file.

Test Installation

Then to check the code signing operation, create a JAR to sign, then sign and verify.

jarsigner -storepass ${storepass} -keypass ${keypass} test.jar ${alias}
jarsigner -verify -storepass ${storepass} -keypass ${keypass} test.jar 

Caveats

This tool supports JKS key stores. Additional support is easy enough to code in.

Credits

Other articles similar to this one are out and about. I wrote this one because I wanted to import into an existing key store and wanted to be certain of the process (measure twice, cut once).

Information economy in politics

We can make an epistemological approach to politics in the identification of two kinds of political currency: markers and actions. And then we can apply monetary economics to the information that qualifies voting on behalf of political actors.

First we model voting at the legislature as the expenditure of marker or action money. The marker is a cynical vote, and the action is a courageous vote. Cynical is a vote against one's stated principles, and courageous is a vote in favor of one's stated principles.

Given such a model, we can apply essential monetary theory to the two kinds of currency. From the metaphor "bad drives out good" we recall the principal that less valuable money will displace more valuable money in ordinary transaction markets. As the marker currency is valued against an uncertain future (e.g. the actor may never benefit), and the action currency is a foregone conclusion (i.e. historical fact), we can deduce that the marker currency is less valuable than the action currency.

The remaining questions of interest concern the qualifying of voting and the tracking of currency in the real world.

Resolving the model to a practical application may involve conveniences or development. For example, are marker and action transactions at vote casting time both positively signed? Are additional, related transactions necessary to comprehensive information?

An open database of stated positions (courage) is available from Vote Smart.