Portable and Secure

There are a growing number of projects to provide a relatively secure environment on alien, and possibly untrusted computers. This is unsurprising, given that occasionally even the most technologically advanced of us is likely to need to use an internet cafe at some point. The last one I used reminded me a lot of Mos Eisley – “a more wretched hive of scum and villainy you will not see”, only without the cantina music, and with more spyware, remote control programs and backdoors than you could possibly imagine (and I know you could imagine a lot).

When you’re running on such an untrusted computer, it doesn’t really matter if you load up your personal environment on a virtual machine running off a USB stick, if the host has a keylogger, you’re toast. However, it seems to me that it would be relatively easy to make a small hardware device that the keyboard plugs into which scrambles the keypresses, so to the host Windows, you’re typing complete nonesense, but to the virtual machine, which knows what the game is, the keypresses can be decoded back into what you actually typed.

That is Easy, but It Will Still Take You a Full Week To Do.

I used to program BASIC V on the Archimedes, and you could at any time drop into assembly and out again, within the BASIC program. I want to be able to do the same thing in Eclipse with java.

I should be able to specify @lang for each method/class/package. Ruby, Groovy, Nice, Scheme, Visual Basic, BASIC, Lisp, Prolog, Smalltalk, Ada, Javascript, BeanShell, Python, Assembly are all available in ways that compile to the JVM, so why can’t I say “I want to implement this method in Scheme, and this other method in Nice, and this other method in assembly” within the same class?

This should be transparent, with all code highlighting, refactoring tools, javadoc, etc, available.

When native code has to be called, this is something else that should be straightforward. I should just be able to specifiy language C or C++ in the same way as all these others, and it should do everything it needs to automatically. Why should I have to fiddle with build scripts or header generators? Mindless repetitive tasks are things that computers are supposed to be good at.

During debug, I want to see an object graph of the whole system that I can drill down through and edit the state of (the whole time it’s running, not just at breakpoints), and have a console window, with all scripting languages available to manipulate the system.

Eclipse seems to spend half of the time I use it recompiling projects. Sometimes when it doesn’t need to. It loves to randomly pause in the middle of something and leave me stuck for ages. It’s just way too slow for large projects.

And why, when I create servlets, do I have to edit interminable xml, and wait for hours while simple changes are deployed here and there. The amount of configuration you have to do to create a HelloWorld servlet that talks to a database is utterly crazy. The amount of time I’ve spent waiting for eclipse to redeploy a servlet on every tiny change is bizarre.

It seems that java, with its myriad libraries, and IDEs, makes everything easy, but nothing trivial. No wonder people are jumping ship to more dynamic languages.

Contrast this with Ruby on Rails, or even .Net. Just put [webmethod] in front of your normal c# method declaration and drop the file into the web server, and suddenly you’ve got a SOAP service and a form to test it. It’s so easy.

As I read in a Perl book once, simple things should be simple.

A Genuinely Social Network

Social networking sites should be called “social databasing sites”. They aren’t networks at all, but centrally controlled repositories of as much of their users information as they can get their hands on. Rarely a week goes by that I don’t get 3 or 4 invitiations from various friends to add myself to a social networking site (of course, they all use a different one, and the systems don’t interoperate).

Users want to share their information with each other, professional, personal, photos, etc, and trusting it all to a third party seems the easiest way to do it.

Trusting such personal things to a third party is bad for a lot of different reasons. I won’t argue them here, but let me say : AOL search fiasco, single point of failure, illegal government wiretaps, spammers, indian call centers selling identities, profiling, genocide….

If Knowledge is Power, and Power corrupts and Absolute Power corrupts absolutely, then maybe we should be shying away from providing any third party with absolute knowledge.

I think I started getting a bit concerned about all this when I was about 16 and discovered how easy it can be sometimes to go from knowing next to nothing about someone to knowing their address, what school their children go to, (sometimes their passwords), previous girlfriends, unusual habits, and much more, all with information publicly available on the internet. This was all before Flickr and MySpace and blogging…. Sometimes I do a bit of this as an experiment and every time it disturbs me. If you’re prepared to go a little bit further, I am sure that you can find out much, much more.

All the benefits of social databasing (or building up a complete profile of who a person is, has done and what and whom they know) can be ours without giving up the power over our own destinies.

What we really need is a true social network. Independant nodes, run by diverse organisations and individuals, all talking a common protocol with only a part of the picture. This is the internet way.

The machine that contains all the personal details about yourself can be under your own (or a company representing you as a customer) control. Access to different types of information would be on the level appropriate for your relationship with the person requesting access, with access enforced by public/private key encryption. People contacting you via another, would be able to provide a node address of your common friend, and you could check the recommendation automatically with your friends node.

Your node would also contain authentication mechanisms, a computer readable picture, fingerprint, pin, passwords and phrases, etc. It would provide authentication for a third party if it supported the mechanism, or if they had the appropriate priviledge, provide the data for them to do the authentication. E.g. the airline wants to do a face match. You enter a pin, which allows them access to your standard passport type photo, or their system asks yours if the photo they just took matches.

Each piece of information stored in your node could be certified by another individual/organisations node.

Types of trust network would be available. For example, I trust this man as a host for a good evening out, but not as a business partner. So, I’ve travelled to the other side of the world on business, and would like to meet up with someone in the evening for a chat and drink. I want to search for friends of my friends who are good hosts and friendly, and live in the city I’m visiting. These recommendations are stored on my friends nodes, and I can ask them for info. They will give it if my friends trust me enough, but the matches that my friends give might be completely different if I want to find someone to do business with. What they return from the search would not be any personal information about the target, but a node address within the system. Before a node address is returned, permission to do so would have been requested from that node. My node would contact that node, giving the friends node as a referer, and that node would determine how much information to share based on how much they trust our common friend.

Such a system could also easily incorporate a community credit system.

Routing information would be stored in a distributed hash table, not a central repository, and most people would get two servers providing their information in case of problems with one. This way, you can share your diary with people who should know about your diary, your photos with people you want to know about your photos, your career information, your medical information, your bookmarks. All these social networking sites could continue to exist, and would plug into the same web of personal information, but it would also be easy to run your own, and each social networking site would not actually have all information. The point is that you should have your own control over this data. Ideally, even governments access to your data should be on a need to know basis, and controlled by you.

A Logic / Discussion aid site

” has challenged you to continue this discussion in a more structured environment”

x people agreed with these assumptions / conclusion.

  • Definitions
    • Request clarification of whole definition or of specific words
    • Can be challenged on basis of not sufficiently close to normal usage, alternative suggestion
    • Can be challenged on the basis of creating a tautology.
  • Assumptions,
    • Clarification – Request to create an argument with this as the conclusion
    • Challenge is to create an argument with ¬this as the conclusion
    • Request an assumption addition
    • Claim an assumption is unnecessary
    • Request evidence
  • Conclusion.
    • Specify what logical rule was used
    • Challenge by claiming it is a fallacy – named.