Wed, 22 Mar 2006

Prove that you wrote that - ten years ago
In the lab that I work in, I'm supposed to write down everything I do, and everything I think of, and date it, in a big red book. Should there ever be a time where someone else informs me that my idea is not original and they were first to think of that, this book is theoretically going to settle the matter. Of course, I might still be wrong, but I wouldn't be just me saying so. And, of course, it looks better if I've got it in a book and they haven't.

Of course, I'm lazy, I type much faster than I write, and I don't have ideas that can be neatly mapped out on a page. But files - ah, files are untrustworthy. Discs are untrustworthy. You can fiddle with their contents whenever you like. It doesn't take much work to make a file look it was created on the day I was born in 1971 - although going past the Unix epoch (or your local filesystem's equivalent) is a bit more difficult. And since any challenge like this happens over the course of weeks, not in midnight raids, the temptation to fudge things a little to make it look like you came up with that idea for a method of delivering formatted content through the internet two years before Tim Berners-Lee ever thought of HTML.

So what one needs in this situation is a trustworthy repository with an audit trail. It must be a trusted third party, so you can deny any direct involvement. The audit trail must itself be untamperable. The third party has to also prove to you that your files, and their record thereof, hasn't been tampered with - that no-one else has submitted work claiming to be you. And, most importantly, it must use fairly simple mechanisms that can act on a day-to-day (or even more frequent?) basis, so that I don't have to wait until a CD is filled before mailing it off to the escrow agency.

Now, all this isn't too hard. Public Key encryption allows you to sign your work in ways that are provably hard to forge or tamper; it also allows them to sign their logs in such a way that you can verify with their public key that the log is a true and correct account, even if you can't play with it directly. Rsync and other methods provide a simple way to make a copy of your work here to a remote location with a minimal transfer, also using a secure transport (ssh). There are other methods - scp, webdav, version contron systems; I don't think it should need to be one protocol for moving the files to the remote location, just so that you can be confident that it's been received and that no-one else can tamper with your work.

At the remote site, I would imagine a system where every change - and using rsync or diff here would make a lot of sense - would be written to a log. Each entry in that log would be digitally signed by the secret key of the logging system. This then gets written to a CD-R, or some other permanent "can't be changed again" system - stone tablets, for example - stored in enough locations that it's too difficult for an attacker to change or destroy them all. And because your changes were signed with your public key, you can now prove that the online log of your changes agrees with what you say happened.

In fact, if you use the model of open source backups (i.e. "Real men don't make backups, they just upload their work to a public FTP server and call it the Linux Kernel."), you could create a system similar to FreeNet where people hosted small chunks of this growing data corpus, hashed and encrypted and distributed to such an extent that no-one knew what was in the blocks that they held. If you had to do that to access the system, then while you might be saving your own competitors' information, at least you're improving your own security in doing so. And obviating the need for stone tablets is a Good Thing.

Now I just need to invent the system to protect this document, so that in a years' time when someone wants to do this I can say "Ah, but I invented it first! Your solution must be open source and free for everyone!"

posted at: 17:29 | path: /tech/ideas | permanent link to this entry

CLUG Bike Ride - March 2006
This is just a sort of advance notice of my plans for the Linux Bike Ride March 2006 Canberra. Or whatever its title should be.

• Start at the ANU building 108 (map ref G.g/4.2) at 10:30 AM.
• Head up through Turner (following McCaughey, Masson, Frogatt, Tate, Miller, MacArthur, and Dryandra) and along the bike path through the AIS (arriving at the corner of Haydon Drive and Purdie St at around 11:15 AM.
• Head left along Haydon Drive and down Belconnen Way to Eastern Valley Way, and thence North to the edge of Lake Gininderra at around 11:30 AM to 12:00 PM.
• Circle anticlockwise around Lake Ginninderra to get to the western foreshores park to have lunch around 12:30PM (at the shore directly east of where the toilet block is marked).
• Head off again around 2:00PM and continue round Lake Ginninderra ending up at the northern end of Benjamin Way.
• South down Benjamin Way and up through the bike path that runs through Macquarie and Cook, cresting the Cook Ridge by 2:30 PM.
• Down the path beside Bindubi Drive to the shores of Lake Burley Griffin, and eastward from there to end up where we started by around 3:00 PM to 3:30 PM.

posted at: 14:25 | path: /tech/clug | permanent link to this entry

Another Great Leap Forward for Stupidity and Ignorance
Kim Beazley is now proposing to censor all home internet connections unless one specifically opts out, apparently because there are stupid people on the internet that haven't the know-how to set up a firewall and teach their children about responsible internet usage. Because, let's face it: the internet is veritably awash with feelthy, feelthy stuff. You can't go to Wikipedia, Google or Yahoo these days without being bombarded with ads that make goatse look like a model of human interaction.

Yeah, right. The truth is that Beazley, in a desperate bid to find a platform that he can criticise Howard on, is beating the pornography drum good and hard (ooh, the double entendre!). The truth is that it's just as easy to find bad role models in our own homes as it is by being sent links to ghastlyabominations.com or whatever. Tackle the social, moral and ethical issues before you tackle the technology. Most internet filters don't work, most children know how to get around the ones that even pretend to work, and if you're just assuming that this filtering is going to replace a balanced and responsible view on how to treat other people, you're kidding yourself.

I'm not denying that there are people who don't know how to protect their children from internet problems. I set up a computer for a friend in Melbourne that, when I returned in three months, had been comprehensively rooted by her ten-year-old son trying to download all sorts of questionable software from dodgy sites. I installed ZoneAlarm. He found that he could just get what he wanted by clicking 'Allow' on every alert it popped up. I wasn't in a position to either teach him what to trust and what not to, or to just take it all away and say "you only use the internet with me to help you". And his mother, nice though she is, was never going to be able to keep up. So maybe I'm part of the problem and not the solution.

And I am definitely a Labour supporter. I just think they've gone off the rails. Labour in Australia are more Liberal than the Nationals, in Labour's misguided attempt to appeal to the majority of Australians who think that Labour is blue-collar and that they're white collar. To my shame, I know blue-collar people who vote Liberal because they think that Labour isn't offering what they want. Liberal isn't, but because they feel betrayed, they've changed sides. And Howard does have an excellent line in Fear, Uncertainty and Doubt coupled with We Offer What You Want that would make Microsoft proud. It's hard not to buy into the bullshit sometimes.

Enough ranting. On with the working.

posted at: 11:42 | path: /society/tech | permanent link to this entry

All posts licensed under the CC-BY-NC license. Author Paul Wayper.