Category Archives: political

some political rants. ’nuff said.

A Digital Commons

I was just reading Schneiers latest book “Data and Goliath” and was struck by a concept he mentioned: Commons. In the meaning of a digital commons, open and available for anyone to use; not under the control of any specific entity.
Usenet still exists but most online discussions are carried out on (corporate) entity owned websites and platforms. Entities that can and do exercise editorial control.
Anyone who has spent any time in newsgroups on Usenet know full well that it is the “wild west” out there. To the considerable chagrin of some.
A number of academic publishers have banded together to a repository for academic publications and named it (a) Digital Commons.
Not under any ones control and open to all. This satisfies some characteristics of a Common.
But going beyond publication of static documents, what is there. In a common there were many different activities possible: pasturing animals, gathering firewood and food stuffs. Perhaps a digital commons should allow for something more than making static files available to the public. Something interactive, something with some logic – i.e code.

sailing the data ocean

What if there was a way for access to data could be authorized everywhere. If you were authorized to access a piece of data you could get access to it wherever it happened to be located.

This is not the way things work at the moment for sure, but if it could be made to work in a convenient way, what should it be like ?

When the first web browser arose some 20+ years ago. Static html pages and other media and document files where available by calling a URL over the HTTP protocol. Security was added – at first pretty coarse grained: If you were logged in you could access pretty much anything. It got better.
Comprehensive tools became available to centrally manage all web access to any document, with the finest granularity. The writing of the rules of who should access to do what, when and where, could be delegated out to those who actually were in a position to know.
But crucially, these tools could only manage access to stuff directly under their control. Often operating in a reverse-proxy mode intercepting HTTP traffic. APIs were available through which other applications could tap into them to take advantage of access control rules contained in them, to do their own authorization. In this way the data under the control of a unified set of access control rules could be made corporate wide. Access to all of a data in a corporation being governed by rules maintained in one place. Everyone would play together in the same data security pool.
In practice this never happened. (re-)Writing applications to take advantage of the API of the chosen security software platform , was too expensive. Other tools emerged to export the security rules from one software platform to another, leaving them to do their own enforcement through their own rule infrastructures. This didn’t work very well because it was too complicated. Rules are fundamentally about meaning, and meaning doesn’t translate easily. Never the less this was an attempt to federate authorization.

Data protected by the same access control rule infrastructure is part of the same pool. A database is a single pool. It has its own internal security governing access to individual pieces of data contained in it, but has no reach outside. The database maintains it’s own list of who gets to access which column in what tables.
A server has it’s own internal arrangement for governing access to the data in its own file systems. It may also have access remote file systems. Some remote file systems would be on other servers, which would govern access (NFS, FTP, Samba etc.) and would therefore not be part of the server’s own pool.

If authorizations could be federated between pools all data would exist in one big virtual pool.
A virtual pool made of multiple physical pools; individual databases, file servers etc. At present this is difficult as there may be user federation between some data pools, but each pool has it’s one authorization, it’s own way to enforce access rules. The rules in one are not known, or directly enforceable in another. There is no federated authorization.

Lets further suppose that any piece of data in this virtual data pool, data ocean really, is accessible over TCP with a URI. The URI may have various formats depending on what type of physical pool is being addressed.
For example, this would be the syntax of an URI accessing a directory (LDAP) store


And this to access a individual file, using HTTP(S)


Access to one of the secure web reverse-proxies mention above, would look like this too.

The would be many others. Note that the username and password does not appear. There would not be any prompting for this information either.
Access control would be through PAML tokens, passed in the headers. A SSL handshake would take place to establish the requesting entity’s authorization for the tokens presented.
All physical pools are defined by the entity that control access to it, and all of these entities, be they LDAP server and file/web server in the URI examples above must be equipped to handle PAML tokens to verify the authorization for the request. Through the acceptance of these PAML token the pools together form a virtual data ocean. Any application can call on data anywhere else and present PAML tokens for authorization.

This leave quite a bit of scope for application architecture. The use of a PAML token require access to the private key of the user to which the PAML token was issued. Which means that if a user is engaged in a transaction with an application and this application needs access to data kept somewhere else on behalf of the user, the application can only present its own PAML token, not forward those it has received from the users. The user must at a minimum contact this other data store directly and engage in a SSL handshake. This way the user’s ownership of the public key is established for the benefit of the data store. The application can then pass the PAML token received from the user on to the data store and the store would now know that the PAML tokens are OK to use; or the user could make the data retrieval directly and pass the data to the application that needs it. Sort of like a data federation.

Note that PAML token are tied to data, not any particular host environment. Among other things this means that the requesting client may send the server a considerable number of tokens in order to establish authorization for all required data. The server will grant the union of all these tokens.

another Silk Road takedown

here we go again… The powers that be have take down some evil doers hiding behind TOR. I’m must ask pardon for being a bit jaundiced about the hole thing.
Clearly there are people doing undesirable things taking advantage of the protection offered by TOR. but TOR has a legitimate purpose and the support behind TOR is impeccable. But TOR is not perfect, specifically it is not fool proof. User error compromises it.
But I’m wondering is there is another way for the vendors on Silk Road to conduct their business. Leaving aside the problems of payment for the moment: BitCoin has it’s own weaknesses.
Concentrating merely on how two parties can get in touch with each other. Were A is looking for something that B has to offer, put very generically.

If my understanding of the attack against Silk Road is correct: It is based on having control over a significant portion of the onion routers. Sufficient for being able to establish a pattern of traffic from yourself to a particular .onion address.
Each request packet is routed every which way by the TOR protocol. But with control of enough routing nodes a pattern will never the less emerge since the request packets must eventually end up in the same place: Where the concealed service is hosted.
This last bit is true even without implementation errors. DNS leakage and the like.
What if the hidden service is not hosted in just one particular server, but on many different ones. And using the service will involve traffic to many different locations. Is this possible and whould it make a service concealed behing a onion routing scheme undetectable ?
That depends. If the hidden service is hosted on a fixed set of servers rather than just one, there is no real difference. Just that more traffic now needs to be analysed to be able to pin-point them. This could be counteracted by moving the service often, but that is a defence mechanism independent of how many host the hidden service is using. And controlling more onion routers will help the tracker.

Trusted VPNs is of course an option. Where both the client and the hidden service use VPN to tunnel to some part of the internet. The tracker is then left with finding a proxy rather than the real host. It is still possible that the tracker might use traffic analysis to get from the proxy to the real host. As long as the service stays put long enough.

This suggests a possible course of action. Can the hidden service be dynamically located ? Perhaps even randomly.
I think I’ll work on that. A facinating challenge. Watch this space.

the marble block as a metaphor

Consider the case where the patron has the block already purchased. Perhaps long ago. Trying to find a sculptor willing to undertake the job of making something of it. Clearly the patron would like the largest sculpture possible, using as much of the expensive marble as possible. For marble, read facts. For block, read all the available information and relevant factors.

The marble block can be awkwardly shaped (and facts often are). The larger the sculpture the more or a constraint is the shape of the block. A small paper weight can be freely shaped from a block the size of a car. Any design and shape would be possible of the size if the finished item is much smaller than the starting block. The sculptor is without design constraint if he can chip away as much marble as he likes. (And virtually any position can be defended with impeccable logic if all inconvenient factors can be ignored. )
But if the assignment is for a wild animal perhaps a elephant is a better design choice than a giraffe if the block has the shape of an apple and as much of it as possible should be used. And so the design becomes more constrained.

The David was a masterpiece of making the most of very awkward block of marble – thin and long. Many artists declined to commission when they saw the block the City of Florence had bought for the purpose. Having seen a sketch of it in the Accademia that is easy to understand.

Some time ago I had occasion to read the print version of right-wing online news, debate and discussion forum. The editors had made a selection of the best articles that had appeared on the site. Having never looked at the online version I decided to give them the benefit of the doubt and buy a copy of their “best in show” pieces. It wasn’t bad. The articles I read were well put together and argued. But very narrow. The authors didn’t include much of the “marble”; They had taken David-size blocks of marble and carved beautiful paperweights.

structured debate archtecture – opening statement

For some time it has been clear that online discussion are more laden with personal invective than those that are carried on face-to-face. The causes sited are numerous. A loss of inhibition when not facing the other person; The opportunity to be anonymous and therefore feeling free to went without consequence; Absence of non-verbal communication; More persons not-schooled in the art of the debate entering an arena where before they were excluded by editors.
These all have merit and explanatory power.

But this strand in my blog will not deal with these aspects, but rather consider them as given. Looking for a constructive way forward in the mechanics of the debate itself.

Proposing, designing and building a tool where those participating in the debate themselves execute the steps required to carry on a constructive debate and the tool helps them to do so.

I fully realize that most participants in online debated have no interest in constructive dialog. And indeed may well be incapable of it. For most participants in online discussions the primary purpose is to give them to their feelings with out a second thought, or any thought at all. A cursory examination of any commentary field on any major newspaper will confirm this. Online fora that pretend to seriousness, have been forced to employ editors to curb the worst excesses.

My ambition is that the tool to come of out this design process would make a human editor non-essential. Primarily this will be for the minority who desire to examine an issue constructively and inform themselves of aspects of it they were not already familiar with. Again, learning and trying to both deepen and broaden ones understanding is a minority pursuit. This will be a tool to aid this minority.

Generally speaking

There is no reason to seriously discuss statements that are not true. So determining whether or not they are, is material.

Lots of thing are neither true nor false. Statements about the future for example.
So there is also no reason to seriously discuss something which is not seriously meant. Jokes for example need no serious examination except by scholars, perhaps examining the structure of language.

If a position is seriously meant it has some implications. For one thing the person holding it must have an argument for it. A reason. Really almost anything goes here. Good , bad or indifferent. But there must be something. And it must also be logical. Logic is the foundation of our reality. That and truth; True statements about facts. Some people have chosen to not live in reality and that is their prerogative. That too has implications, for one thing if you abandon truth and logic it allows the rest of us to dismiss your words and opinions as meaningless. This may seem harsh.

The words of a person, however devoid of logic, may accurately represent their understanding of the world. But if the words do not have logic we really don’t know what that understanding might be. A person may feel strongly about something. Which of course anyone is perfectly entitled to. But they will have a tough time accurately communicating that feeling to others. Through empathy we may emulate the feelings of others in our selves. Putting ourselves in someone elses shoes as it were. This is in many ways laudable, indeed it is absolutely essential in a livable society. But it still only guess work on our part. Did we get the feeling right. Is this feeling that we managed to engender in ourselves what they really felt. Maybe. It could be a solid conjecture, but only a conjecture never the less. This is not made easier by lies and insincerity.

Words have largely agreed upon meaning, and if you use words differently from other people they will not be able to understand you. Logic functions analogously. Through it we express our thoughts. There is only one logic. This is why mathematics, being strictly derived through logic, is the only truly universal language. With mathematics anyone can communicate with anyone else. 2 + 2 = 4 is the same everywhere in the universe regardless of the symbols used to express the statement.

Abandoning logic precludes you from making your thoughts accurately understood by others. If someone tells me something they are trying to communicate a thought they have, to me, and I will try to understand it. It they lie to me, abandon logic, selectively apply standards and criteria or cherry pick their facts there is little chance that I will be able to understand what that thought really is. In the “channel” between one mind and another there are many sources of error.

There are venues in life where understanding is not part of the arrangement. Political discourse on TV is a good example. Here the objective is to persuade, not to communicate. Accuracy in the communication channel is not required when one thought is no longer to be transmitted from one person to another.

A cursory examination of the format makes this clear. The communication of optimized for persuasion if that is the goal, or comfort if the idea is to validate what people already believe. In all cases the words are selected to achieve the purpose.

The recipients will have to take their chances as best they can. But there is a downside on the source side. Cognitive Dissonance. Most people do not think of themselves as liars and manipulators. This is solved quite easily by starting to believe in what you say. But if that is sheer nonsense you might put yourself in danger. This is where hypocrisy comes in. It is an essential comping mechanism to help avoid the danger of succumbing to believing in what you say.

Those who make their living in professions where accurate communication is not only not required but possibly grounds for dismissal, should embrace hypocrisy with both arms.

If you are a paid spokesman this is a little easier. Then there would be no suggestion that you personally endorsed, believed in or in anyway adhered to anything you said. In fact the more outrageous the nonsense you manged to utter with a straight face the better. It would show off your abilities as a spokes person and improve your job prospects.
Like actors finding comedy hard work, trying to avoid laughing at their lines. Good one can do it, bad ones not.