Ben Laurie blathering

24 Nov 2006

Knots in Second Life

Filed under: Knots — Ben @ 18:02

I’ve been working with Matt Biddulph of Second Nature to render ideal knots in Second Life. Here’s an image of one being fabricated.

A Knot. Being Fabbed.

A bit ropey currently, but we’re getting there.

21 Nov 2006

Fantastic Quote

Filed under: Civil Liberties — Ben @ 15:06

I spoke at an ID card event the other day. Dave Birch also spoke and had this fantastic quote on one of his slides. I liked it so much I had to blog about it, even though I don’t really have anything to link it to (other than the crazed attitude of the current government, that is):

They constantly try to escape
From the darkness outside and within
By dreaming of systems so perfect
that no one will need to be good.

T.S. Eliot
The Rock (1934)

17 Nov 2006

Second Nature

Filed under: Open Source,Sex,Toys — Ben @ 13:30

I had a lot of fun at the Open Source Jam last night, even if I couldn’t drink because I was on my motorbike. The lightning talks were more lightning than I’ve ever seen before – even though we limited people to three minutes, most people were done in just one – a quick introduction to their project de jour and then on to the next one.
One project that really grabbed my interest was by Nature: Second Nature, an area in Second Life where science stuff meets VR. Or perhaps, given that another thing we discussed was the control of teledildonics via Second Life, where science meets sex.

14 Nov 2006

Government Spending Transparency

Filed under: General — Ben @ 11:49

According to the Telegraph, the Tories will introduce a Government Spending Transparency Bill, which will put all spending over £25,000 online. Except “where related to national security” – expect the sudden discovery that almost everything is related to national security.

If it gets through, I think this will lead to some absolutely fascinating mashups.

13 Nov 2006

Open Source Jam

Filed under: Where I'm At — Ben @ 12:11

Google are having an open source get together next Thursday. I’ll be there.

9 Nov 2006

Cypherpunks: Its A Word

Filed under: General — Ben @ 15:02

The Oxford English Dictionary has added cypherpunk. Along with bling, Disneyfied and hard-ass.

Release The Music: Copyright Term Extension

Filed under: Digital Rights — Ben @ 9:31

The Open Rights Group has a petition against copyright term extension, and a public debate on it, too, on Monday November 13th, at the Conway Hall in Holborn.

8 Nov 2006

If You Have Laws, Are You A Politician?

Filed under: Anonymity/Privacy,Crypto,Identity Management — Ben @ 12:14

A while back, I posted about Ontario’s love affair with Cardspace (I notice, btw, that Ann Cavoukian is so hip to this ‘net thing that she’s broken the link to her white paper, which is now here – confidence inspiring). In that post, I said that there was a false claim that the laws were “developed through an open consensus process”.

Kim, being a smart guy, responded thusly

there were many people who interacted with me when I was articulating the laws. I listed them all in the laws – and no one asked not to be mentioned, so far! I’ve actually been under the impression that there is general consensus that the laws move us forward. EVen you seem to agree.

So I don’t get your point. You don’t want people like Anne Cavoukian to get involved? You don’t think the laws are a good handle for doing so? You don’t think the laws have had a defining role in the emergence of user centric approaches? Or are you arguing that there is no consensus because we didn’t take a formal vote?

I actually thought the laws were a good way for the privacy community to hook up with those of us doing identity.

This strikes me as a politician’s response. I didn’t say there wasn’t a consensus that the laws move us forward. I didn’t say I disagreed with them. I didn’t say Anne Cavoukian should not get involved. I didn’t say the laws were a bad handle for involvement. I didn’t say that the laws have not had a defining role. I didn’t say there was no consensus because we didn’t vote.

What I did say is that the laws were not evolved through an open consensus process. Kim wrote them down. Many people said they were cool, including me. Kim may have made minor changes in response to discussion, but they are not the result of some kind of groupthink.

For example, I have often pointed out that the laws do not include the requirement for unlinkability but they have not been updated to include it (presumably either because Kim doesn’t think its a requirement, or, perhaps more realistically, because Cardspace does not support unlinkability). I and others have pointed out that law 4 is practically unreadable on its own – what are “omnidirectional” and “unidirectional” identifiers? Indeed, what are “public” and “private” entities – now I think about it, this law needs serious redrafting to make any sense.

Kim also says I should read Cavoukian’s version of the laws, and he’s right. She’s redrafted law 4 rather well:

A universal identity metasystem must be capable of supporting a range of identifiers with varying degrees of observability and privacy. Unidirectional identifiers are used by the user exclusively for the other party, and support an individual’s right to minimize data linkage across different sites. This is consistent with privacy principles that place limitations on the use and disclosure of one’s personal information. At the same time, users must also be able make use of omnidirectional identifiers provided by public entities in order to confirm who they are dealing with online and, thereby ensure that that their personal information is being disclosed appropriately. To further promote openness and accountability in business practices, other types of identifiers may be necessary to allow for appropriate oversight through the creation of audit trails.

I’m particularly interested by “unidirectional identifiers are used by the user exclusively for the other party, and support an individual’s right to minimize data linkage across different sites” – in other words, she recognizes the need for unlinkability. And its true that unidirectional identifiers support the right to minimize data linkage – but they don’t achieve it on their own, and this is where Cardspace currently falls down – unidirectional credentials are issued through a process that is entirely linkable. Unlinkability is achieved only if everyone agrees not to link.

Kim also says that no-one has asked to be removed from his list of “contributors”. This is totally unsurprising – many of them have a vested interest in staying friendly with Microsoft – but I know from private communications that not all of them actually agree that they have contributed.

Kim could easily refute my claim with facts rather than rhetoric. All he needs to do is point to the “wide-ranging conversation documented at” and show how his laws evolved through that conversation. I’ve looked – indeed, I’ve followed the discussion – and I haven’t found any evidence at all that supports this claim, let alone contributions by each of the listed people.

Incidentally, I notice that Kim links to practically every blog out there that talks about identity – but not mine. Is that because he doesn’t want to link to anyone that’s not 100% positive about Cardspace?

Germany Is Good For Privacy

Filed under: Anonymity/Privacy,Civil Liberties — Ben @ 5:03

A German court has ruled that ISPs have no right to store IP logs. You have to complain in order to get them erased, but that’s still way better than the usual situation.

Now all we need is the same ruling in the UK.

7 Nov 2006

Blogosphere Statistics Porn

Filed under: General — Ben @ 16:56

Technorati release a quarterly report with all sorts of interesting statistics. This quarter’s is out. Long tailers will probably be disappointed, but there’s interesting stuff there anyway.

A Surveillance Society

Filed under: Anonymity/Privacy,Civil Liberties,Security — Ben @ 10:32

Not exactly news, but apparently our Information Commissioner, Richard Thomas, has realised that we now live in a surveillance society. Apparently he’d like us to talk about what’s OK and what’s not. As if we hadn’t been.

As ever-more information is collected, shared and used, it intrudes into our private
space and leads to decisions which directly influence people’s lives. Mistakes can
also easily be made with serious consequences – false matches and other cases of
mistaken identity, inaccurate facts or inferences, suspicions taken as reality, and
breaches of security. I am keen to start a debate about where the lines should be
drawn. What is acceptable and what is not?

I suppose its progress, even if of a rather 20th century kind.

The report itself has some sensible things to say

A third concern regard technologies is that many argue (mistakenly, as
we shall see) that anxieties about surveillance society may be allayed by
technical means. Certainly, some so-called privacy-enhancing technologies
serve well to curb the growth of technological surveillance (PETs) and their use
should be encouraged where appropriate. But these are at best only ever part of
the answer. We are correct to be wary of any offers to fix what are taken to be
technical problems with technical solutions. As we shall see, the real world of
surveillance society is far to complex for such superficial responses.

I often get the impression that people think I believe I can fix the world by providing cunning crypto. As they say above, its not the whole answer, but I do believe its vital to start from a position of anonymity or you can’t choose what you do reveal about yourself.

5 Nov 2006

MD5 Attacks on Arbitrary Messages

Filed under: Crypto,Security — Ben @ 19:21

I’m somewhat behind the curve on this, this was announced a couple of weeks ago. But its an important result.

Stevens, Lenstra and de Weger have shown a collision between two chosen X.509 certificates. The exact method used to construct this collision is not yet documented, it seems, but I believe them – and they do provide an outline.

This is significant because previous attacks on MD5 gave essentially no control over the content of the colliding messages (that is, you can choose a common initial string, and then you get no control over the parts that differ between the two messages), whereas this one allows you to construct two completely different first parts and then append stuff that causes a collision.

Because its generally possible to find parts of a message that can be freely chosen (the field they use in the X.509 certificate is the modulus of the public key – another example they give is a word document with embedded graphics near the end) this gives a far more potent attack than previously available. Note that because the method is insensitive to intial hash values there\’s no requirement that the two initial parts match in any way at all – they can be different lengths and different content. Clearly there are some constraints due to block alignment – but I\’ll bet even those could be removed. So, in short, you can get pretty much anything to collide.

4 Nov 2006


Filed under: Open Source — Ben @ 12:03

I was talking to FreeBSD’s Robert Watson the other day about version control and FreeBSD’s requirements. Two things emerged that I found quite fascinating.

The first is that FreeBSD has long used Perforce (a commercial version control system) as its “main” version control system – CVS is slaved to it. Of course, FreeBSD is a free software project, so that choice of VCS is interesting. Apparently the core reason is branch management. Firstly, if you try to branch the FreeBSD tree (which is, of course, huge) in CVS, then your machine goes away for a couple of months. Literally. Secondly, CVS doesn’t really understand branches. You can’t continuously merge branch A into branch B – which you can in Perforce. Back when Perforce was selected to replace CVS, there weren’t really any other free VCSes, btw.

Secondly, FreeBSD, being right-thinking people, are thinking about moving back to an open source VCS, now that so many are available. I was interested to discover that a key stumbling block is “obliteration”: when someone commits something they shouldn’t have to the tree often it is good enough to later delete it. But sometimes there is an insistence that the offending material should not just be removed from the head of the tree, but should be completely obliterated from the repository – preventing its recovery from the VCS at all. Not surprisingly, many VCSes do not support obliteration, since the concept is diametrically opposed to a core requirement for version control, namely that I should always be able to recover the tree as it appeared at any point in the past. Perforce, I am told, supports obliteration, and CVS can be persuaded to do it (anyone who’s run a CVS repo will know you can do this by blowing away the corresponding file in the repo itself: ugly, but it works).

Its interesting to think through what obliteration does to a version control system. One obvious consequence is that if you try to retrieve the tree at any point in the period spanned by the obliteration, then you will not get a complete tree back. In a perfect VCS, what would one do about this? I guess you’d have to allow editing of history to permit the tree to be put back “the way it should have been”.

Sometimes its architecturally difficult for the VCS to accomodate obliteration, too. Monotone, for example, expects to always be able to reconstruct a hash chain back to the beginning of time. If you obliterate a file, its ability to construct that chain has gone. Of course, workarounds for this are easy to think of: one could, for instance, include a proxy for the obliterated file which just said what its hash used to be (note that if we ever lose preimage resistance for hash functions this could prove to be a conundrum!).

3 Nov 2006

All Your Data Are Belong To NHS

Filed under: Anonymity/Privacy,Civil Liberties,Security — Ben @ 11:15

The disaster in waiting that is the NHS’ Spine has been well known to privacy zealots for quite some time, but I’m glad to see that its not just us that are worried.

The Guardian has an article all about it.

Patients will have data uploaded … Patients do not have the right to say the information cannot be held.

But that’s OK, because

Once uploading has taken place, a government PR blitz will follow. This will be said to bring about “implied consent” to allow others view the data. Those objecting will be told that their medical care could suffer.

I’m so relieved. I don’t even have to think about whether I agree with the government anymore. They can figure out what I think just by advertising! Isn’t that great? Perhaps we should replace those pesky elections with advertising, life would be so much easier. I’m sure we’re all happy with giving our “implied consent” to Blair as dictator-for-life, aren’t we?

Powered by WordPress