Ben Laurie blathering

31 Dec 2007

Australian Doublespeak

Filed under: Civil Liberties,Digital Rights — Ben @ 15:39

Isn’t it amazing that politicians have so little respect for their electorate that they are quite willing to say things like this?

Telecommunications Minister Stephen Conroy says new measures are being put in place to provide greater protection to children from online pornography and violent websites.

“Labor makes no apologies to those that argue that any regulation of the internet is like going down the Chinese road,” he said.

“If people equate freedom of speech with watching child pornography, then the Rudd-Labor Government is going to disagree.”

I’m sure there’s no need to explain yet again why the Australian idea that they can filter the ‘net is doomed. But what does need some explaining, in my view, is why Conroy thinks he can get away with equating “protecting children from online pornography” and “watching child pornography”? Why have journalists become so passive that they will happily quote such nonsense without any inclination to do some actual analysis of the “news” they so mindlessly quote. It’s no wonder traditional media are in fear of the blogosphere.

24 Dec 2007

Handling Private Data with Capabilities

Filed under: Anonymity/Privacy,Capabilities,Programming,Security — Ben @ 7:10

A possibility I’ve been musing about that Caja enables is to give gadgets capabilities to sensitive (for example, personal) data which are opaque to the gadgets but nevertheless render appropriately when shown to the user.

This gives rise to some interesting, perhaps non-obvious consequences. One is that a sorted list of these opaque capabilities would itself have to be opaque, otherwise the gadget might be able to deduce things from the order. That is, the capabilities held in the sorted list would have to be unlinkable to the original capabilities (I think that’s the minimum requirement). This is because sort order reveals data – say the capabilities represented age or sexual preference and the gadget knows, for some other reason, what that is for one member of the list. It would then be able to deduce information about people above or below that person in the list.

Interestingly, you could allow the gadget to do arbitrary processing on the contents of the opaque capabilities, so long as it gave you (for example) a piece of code that could be confined only to do processing and no communication. Modulo wall-banging, Caja could make that happen. Although it might initially sound a bit pointless, this would allow the gadget to produce output that could be displayed to the user, despite the gadget itself not being allowed to know that output.

Note that because of covert channels, it should not be thought that this prevents the leakage of sensitive data – to do that, you would have to forbid any processing by the gadget of the secret data. But what this does do is prevent inadvertent leakage of data by (relatively) benign gadgets, whilst allowing them a great deal of flexibility in what they do with that data from the user’s point of view.

23 Dec 2007

Spicey Chicken with Orange

Filed under: Recipes — Ben @ 11:02

This is inspired by a Ken Hom recipe for beef and orange, which I often cook to use up leftover roast beef.

Chicken breasts
Spring onion
Dark soy sauce
Groundnut oil
Dried red chillis
Orange zest
Szechuan peppercorns
Rice wine
Sesame oil

Thinly slice the chicken breasts (about 2-3 mm thick, across the grain). Marinade them in dark soy, finely chopped spring onions and slices of ginger (I use a lot of ginger, because I love it) for at least 30 minutes.

Heat some groundnut (or other) oil in a wok over a high heat until it is smoking. Throw in two lightly crushed dried red chillis and stirfry for a few seconds (this will produce smoke that makes everyone cough – this is normal), then add the chicken and stirfry until it is just cooked (should only take a minute or two, depending on quantity and how much heat you can bring to bear). Add finely sliced orange zest, crushed Szechuan peppercorns, more soy, a smidge of rice wine and a little sugar. Stir and fry for another couple of minutes. Take off the heat and stir in a little sesame oil.

Eat with plain boiled white rice and a simple vegetable (I did pak choi with soy last night).

Some notes: dried red chillis, despite being very, very small are really quite hot. Two of them to a pound or so of chicken gives noticeable (but not fire-hydrant-requiring) bite.

Szechuan pepper is not related to pepper at all (I believe it is some kind of ash, in fact) and I know of no substitute. It is vital to the flavour of this dish. For guidance, for a pound of chicken I’ll use about a teaspoon of Szechuan pepper, lightly crushed in a pestle and mortar.

Sesame oil is entirely optional, but I’m a big fan. I’d probably sometimes also add some more spring onion at the same time as the sesame oil, but I didn’t last night, so I am not specifying it. Spring onion that has been wilted by the heat of the dish alone is delicious, IMO.

The secret of tender chicken is to not overcook it, so you really need to stop stir-frying it and add the rest of the ingredients as soon as you can – even a little before all the chicken is thoroughly cooked. Because it is so thin, as soon as the outside looks done (i.e. has changed colour – it gets lighter when it cooks), it is done all the way through. If the chicken does not feel moist and delicate, you overdid it.

16 Dec 2007

Is IdP Discovery The Next Big Thing?

Filed under: Identity Management,Security — Ben @ 18:57

I’ve been thinking. Even though us fans of user-centric identity like to think of it all being in the hands of individual users, it seems to me that in practice many users will delegate management of their identity data to a third party. They’ll do this for a variety of reasons, the main one being convenience, though the need to be always on may be a driver in the end, too.

So this leads to an interesting question: when I first arrive at a site, how does it know who I’ve chosen to be my IdP? When I turn up at Unicorns-R-Us, how do they know that they should go to Amazon to verify that I’m logged in and that I’m the same guy as shopped there last time?

This question is, of course, the question of IdP discovery, and although we’re not worrying about it much right now (at least in the user-centric world – I know Liberty has worried about it forever), I predict that we’ll be worrying about it a lot, Real Soon Now.

But why is it an issue? There seem to be all sorts of obvious options…

1. The OpenID approach: you (the user) give a URL to Unicorns-R-Us, and at that URL can be found further information about your identity. Clunky and weird for the average user.

2. Cookies. The first time you visit Unicorns-R-Us some miracle occurs that informs them I am an Amazon user and they set a cookie so they’ll always know in future. Two problems here, the first being that we still have that first encounter to solve and the second being that this works fine until you switch to my laptop and then you’re screwed.

3. Client-side component. This works well, and solves the first encounter problem, but still suffers from the issue of me switching to a machine without the component installed – or with it installed, but not yet initialised. Will I know how to initialise it, since that’s probably something I’d only do once a year or so? It can’t be too easy, or that’s clearly a security risk.

I’m starting to run out of ideas here, and so far none of them have worked really well. I suspect that in the end we’ll end up with the OpenID approach (“ask the user”) but with something more friendly than a URL and with a flow that often requires no effort on the part of the user. But its an interesting question that I don’t have a good answer to – and a good answer is key to a user-centric identity world.

I predict that figuring out standards and a good user experience around this problem will be one of the major pieces of the user-centric identity puzzle over the next couple of years.

14 Dec 2007

Notification on Personal Data Breaches

Filed under: Anonymity/Privacy,Civil Liberties,Security — Ben @ 14:17

The government waited nearly a month before revealing that they had lost personal data on 25 million UK citizens. Presumably they could have waited forever if they’d thought they’d get away with it.

If you agree that there ought to be a law obliging organisations to reveal such breaches, then the petition for you is right here.

3 Dec 2007

Caja and OpenSocial

Filed under: Capabilities,Open Source,Programming,Security — Ben @ 2:03

An obvious place to use Caja is, of course, in OpenSocial. So, a bunch of us at Google have been experimenting with this use case and the first outcome is an update to the container sample which allows you to try running your gadget Caja-ised (gotta think of a better name for that). We even have instructions on how to Caja-ise your gadget.

We haven’t tried many gadgets yet, but the good news is the example gadgets worked with (almost[1]) no change. It seems clear that more complex gadgets are not likely to survive without at least some change but we don’t yet know how hard that’s going to be. Feedback, as always, welcome! And don’t forget to join the mailing list to discuss it.

[1] Right now, because Caja-ised code gets pushed into its own sandbox, you have to export any functions that need to be visible to the rest of the page (for example functions that get called when you click a button) – right now, you have to explicitly perform that export but we expect to be able to remove that requirement.

Powered by WordPress