Ben Laurie blathering

30 Dec 2005

Yet More DRM Stupidity

Filed under: Digital Rights — Ben @ 21:44

Boing Boing reports that Coldplay’s X&Y is thoroughly copy protected. I don’t remember seeing the insert, but it ripped fine for me. Of course, this is not only supposedly impossible (says Virgin) but is also technically unlawful.

Do I care? No. I’ve done no harm to anyone by ripping my copy of their CD for my own enjoyment. So, sue me, Virgin. I dare you.

28 Dec 2005

Money for Spam

Filed under: General — Ben @ 2:10

Amazingly, someone has successfully sued a spammer in the UK.

What I’d like to know is exactly what he did so we can all do it.

Update: I am in contect with Nigel Roberts, and there will be a “how to” soon.

26 Dec 2005

Freedom with Accountability

Filed under: Anonymity/Privacy,Identity Management — Ben @ 15:38

In a comment on an earlier post Stephen Engberg says:

Ben, I think you are missing the main issue here. The clue to online security is not anonymity but the ability to isolate a context. Within the context, you can achive convenience without adding substantially to linkability.

“Freedom with accountability” means that it is ok to be accountable in a context, but not to have all contexts linked. It is a one-way street from context to person without the link from person to context.

In other words, we need to break the illusion that privacy is about non-accountability. It is true in some instances such as the protection of certain rights of minorities. But not in the general term when it comes to commercial or government transactions.

I don’t really understand where this is coming from at all. Firstly, “online security” is way too general for me to have any idea what he really means.

Secondly, I didn’t say that anonymity was required in all circumstances, but unless you have anonymity you cannot achieve unlinkability, so its a requirement that the underlying system supports anonymity. Anonymity is the TCP/IP of Identity Management.

Of course, there are contexts in which transactions are inherently linkable – for example, if I get stuff physically delivered to me, then different deliveries are linkable, at least to my address, if not necessarily to just me. But, if I want any chance of separating contexts, then I have to have access to resources anonymously.

Anonymity, of course, provides non-accountability. So, rather than “need[ing] to break the illusion that privacy is about non-accountability”, we need to do exactly the opposite – make everyone understand that in order to have any privacy at all, we must accept the side-effect of non-accountability.

Big Brother Has Arrived

Filed under: Civil Liberties — Ben @ 15:24

According to The Independent, Big Brother intends to use automatic number plate reading and a massive network of surveillance cameras to record every journey by every vehicle in the UK.

I’m waiting for mandatory forehead barcodes so they can do the same for journeys on foot. You know it makes sense.

13 Dec 2005

Identity, Privacy, and Accountability

Filed under: Anonymity/Privacy,Identity Management — Ben @ 22:42

Bob Aman posted a response to my Laws of Identity. In short, his point is that if someone were to create a completely minimal and unlinkable identity, then no-one would trust them. This is an excellent point, and one I agree with totally – in fact I wrote a paper on privacy for the Security Protocols Workshop a couple of years ago which was all about what a terrible place a world where everyone was absolutely anonymous would be.

However, it doesn’t imply the opposite: that one should therefore abandon all minimality and unlinkablity in order to interact usefully on the ‘net. It seems to me that my laws are all about allowing people to choose what they reveal and when they reveal it; to create multiple personas and not have what one does reflect on the others. It seems to me that this is merely reflecting what people do in meatspace: your colleagues at work don’t need to know what you do in your bedroom, or what you had for dinner. Why should this be any different on the ‘net? It shouldn’t – but the way we’ve set it up means it is. A resourceful gatherer of data can correlate everything I do online. This is bad, not just because I’m a privacy nut, but because it actually affects peoples lives, and not in a positive way: studies have shown that if people believe they are being observed, then they tend to alter their behaviour to match what they think the observer wants to see. I want people to be able to do their thing without fear of consequences from bigots or The Man or even “ordinary people”. None of us are ordinary and the world will be a poorer place if we were made to be.

4 Dec 2005

Capabilities versus Jails

Filed under: Capabilities — Ben @ 15:23

In responses to a post mentioning CaPerl, the relative merits of jails and capabilities are touched upon, prompting my (somewhat tangential, I’ll admit) thought:

Capabilities have at least two obvious superiorities over jails.

The first is that designation is authorisation – that is, I don’t have to first tell the jail what the untrusted code can use, and then tell the code to use it.

The second is that when using capabilities it is easy to restrict resources in custom ways, since a capability is essentially code that wraps the mediated resource.

I will admit, though, that the CaPerl style of capability system can’t (neatly) control CPU usage. For that, you need a capability system that’s built into the operating system.

Since we’re talking about capabilities and Python, I’m reminded that some of the Twisted guys spent some time getting excited about caps with me during, hmm, PyCon, I think – and also wanted to control CPU – must be some kind of Python meme.

Finally, it’s been pointed out to me that Twisted incoporates capabilities somewhere in its guts (look for the Perspective Broker).

3 Dec 2005

LISA and ApacheCon

Filed under: Where I'm At — Ben @ 17:06

I’ll be at LISA, at least for the last day, where I’ll be doing a “Guru is in” session on OpenSSL, Apache and DNSSEC (and, to be honest, anything else anyone wants to talk to me about), then I’ll be at ApacheCon for the duration, hanging out at the Hackathon (where the Apache developers get together over the weekend) and the conference, where I will not be giving a lightning talk, because you just can’t trust Fred and Fitz.

For the impatient, both of these events are in San Diego, next week and the week after.

If anyone wants to meet up, I’d love to hear from them.

2 Dec 2005

Knots Book and a Pretty Picture

Filed under: Knots — Ben @ 14:50

One of my co-authors tells me that “Physical and Numerical Models in Knot Theory” is out. I did the cover, as well as working on chapter 5. Since their picture is rather teensy, you can see the artwork for the cover here.

Powered by WordPress