introduction |
current events |
projects |
stuff
For my current web log entries, click on the "current events" hyperlink above.
For other archives:
All hyperlinks which lead to a different web site are in this pretty green color
Happy Holidays!
We're off to visit family. We may have unreliable net access during the trip. We return 2004-01-04.
Irby's Joke of the Day:
I told Irby that we were going to go down to the laundry room (which we share with the other residents of this house) and put laundry in the washing machine. "But the washing machine is already going!", he said. He has the useful ability to detect the washing machine running by hearing noises that travel through the heating vents. "Oh!", I said, "The washing machine is already running? You can hear it?". "Yes.", he replied. "OK,", I said, "I guess Rejane is doing her laundry and we'll have to wait til it is finished.". Then he came up with his joke: "I think her laundry is saying to our laundry 'You'll have to wait til we're clean!'! HAHA!".
Blog?
Blog blog blog?
Phew, it's been almost a month. I have rarely even thought about my blog during this time. My perennial huge list of things to do includes "get my digital camera fixed".
Irby is growing up. "Growing like a weed!", as they used to say back home.
Obesity is already the biggest health problem in the developed world, and it promises to get dramatically worse in the coming years, since people have been getting increasingly obese for the last several years, and there is a lag of several years between becoming obese and suffering the negative health effects. It is a big factor -- possibly the most important factor -- in heart disease, which was the leading cause of death in the U.S. in 2002, responsible for 30% of all deaths. Obesity might also contribute to some kinds of the second leading cause of death, cancer (23% of deaths). It definitely contributes to the third leading cause of death, stroke (7%) and the 6th-leading cause of death, diabetes (2.9%).
Incidence of diabetes increased by a surprising 27% from 1997 to 2002, especially among people in their 30's. Experts warn that the problem might be even larger than that, as it takes an average of twelve years between acquiring diabetes and being diagnosed with diabetes. Increased obesity, lack of exercise, and sugar intake in the developed world is likely to make diabetes into a major public health crisis in the next decade.
I just looked at the CDC's Final 2000 Mortality Statistics (the most recent statistics that are available as far as I can tell). For white males age 25-34 years (that's me), the leading causes of death were:
It doesn't say here, but I assume that the biggest category of fatal accidents is automobile accidents. Those things are dangerous.
I've decided to unsubscribe from Iraqi blogs and spend the time in the morning writing, instead. Iraq is just going to have to get along without me for a while.
Goodbye to the following web sites:
Iraqis (at least one expatriate, I think)
visitors to Iraq
news and analysis
If any of the authors of these sites should read this note for some reason, I wish you the best. I'm sure I'll check up on you again in a few months.
It's been a whole week since I updated this page! How time flies. I've had mail trouble. If you didn't receive your FREE and HIGH QUALITY e-mail message from me in the past week, please contact me and ask me to resend it. Thanks!
Irby likes to tell jokes. He invents jokes by mixing and matching previously known jokes, words or sentences. For example, he takes a sentence that someone has recently said, replaces one of the words with the word "Mama", then announces it with a big smile and sees if anyone laughs. If that doesn't work, then he tries again with a different word.
I have a scratchy beard nowadays, so when I asked Irby to give me a goodbye kiss when I dropped him off a preschool this morning, he kissed the palm of my hand.
This morning Irby offered some (imaginary) ice cream to his parents. I requested ladybug-flavored ice cream, so he asked me if I wanted it in a cup or a cone. I chose a cone. Then Amber asked for kiss-flavoured ice cream and made a big deal about how tasty is was. So I asked for some tickle-flavored ice cream and giggled every time I licked it. Then Irby offered me some pickle-flavored ice cream, so I had one imaginary ice cream cone in each hand.
Amber was helping Irby work in a coloring book. "Ohh!" she said approvingly, "You're colouring inside the lines. That's a very important skill. That's what makes colouring outside the lines meaningful!"
I'm suddenly inundated with job offers. I think this means the economy is on a dramatic upswing, at least in some small niche. I haven't been actively looking for jobs; people have just been contacting me out of the blue.
One year ago today, Irby was capable of using only a few words. This is incredible to me. How could he have been prelingual only a year ago? It seems like he has been talking forever.
My contribution to the "What's Your Threat Model" discussion took the form of an extended quote from Bruce Schneier's book Secrets and Lies. Here is the quote that I posted to the mailing list, from Secrets and Lies, chapter 15 "Certificates and Credentials", section "PKIs On The Internet", page 238:
PKIS ON THE INTERNET
Most people's only interaction with a PKI is using SSL. SSL secures web transactions, and sometimes PKI vendors point to it as enabling technology for electronic commerce. This argument is disingenuous; no one is turned away at an online merchant for not using SSL.
SSL does encrypt credit card transactions on the Internet, but it is not the source of security for the participants. That security comes from credit card company procedures, allowing a consumer to repudiate any line item charge before paying the bill. SSL protects the consumer from eavesdroppers, it does not protect against someone breaking into the Web site and stealing a file full of credit card numbers, nor does it protect against a rogue employee at the merchant harvesting credit card numbers. Credit card company procedures protest against those threats.
PKIs are supposed to provide authentication, but they don't even do that.
Example one: the company F-Secure (formerly Data Fellows) sells software from its Web site at www.datafellows.com. If you click to buy software, you are redirected to the Web site www.netsales.net, which makes an SSL connection with you. The SSL certificate was issued to "NetSales, Inc., Software Review LLC" in Kansas. F-Secure is headquartered in Helsinki and San Jose. By any PKI rules, no one should do business with this site. The certificate received is not from the same company that sells the software. This is exactly what a man-in-the-middle attack looks like, and exactly what PKI is supposed to prevent.
Example two: I visited www.palm.com to purchase something for my PalmPilot. When I went to the online checkout, I was redirected to https://palmorder.modusmedia.com/asp/store.asp. The SSL certificate was registered to Modus Media International; clearly a flagrant attempt to defraud Web customers, which I deftly uncovered because I carefully checked the SSL certificate. Not.
Has anyone ever sounded the alarm in these cases? Has anyone not bought online products because the name of the certificate didn't match the name on the Web site? Has anyone but me even noticed?
I doubt it. It's true that VeriSign has certified this man-in-the-middle attack, but no one cares. I made my purchases anyway, because the security comes from credit card rules, not from the SSL. My maximum liability from a stolen card is $50, and I can repudiate a transaction if a fraudulent merchant tries to cheat me. As it is used, with the average user not bothering to verify the certificates exchanged and no revocation mechanism, SSL is just simply a (very slow) Diffie-Hellman key-exchange method. Digital certificates provide no actual security for electronic commerce; it's a complete sham.
Note: I did not write the above. It is a quote from a book by Bruce Schneier, which book is an excellent book for people who need to understand the big picture of computer security and Internet security without understanding the technical details. The book neatly demolishes half a dozen widespread security myths with a combination of anecdote, argument, and Schneier's own authority as the world's most widely acknowledged expert in computer security.
Réjane just told me this anecdote from Wednesday, when she babysat Irby as I went to class.
They were playing with cars, and Irby likes to make them crash. Réjane said "Uh-oh, we have to call the ambulance.". Irby replied "The ambulance is for people, silly! We have to call the tow truck.".
Irby anecdote: He was playing with cars on a "highway" -- a piece of cardboard with road markings that Rejane helped him make. He was quite intent on it. I got his attention and told him I was about to go do laundry (a favorite activity of his) and invited him to come along. He put the cars down, stood up and trotted over, announcing "I paused my game!".
Danny O'Brien has written a very good article about the three spheres of conversation: public, private, and secret. His article is amusing and thought-provoking. It starts in the context of current gossip in a certain social circle, involving a person named "Orlowski" and an event named "Friends of O'Reilly", but you can just infer the meaning of those things from Danny's article and still enjoy it.
Ian Grigg wrote a really good rant about "The Internet Threat Model". As in all rants, and as in Danny O'Brien's article above, the author overstates his case after he gets himself worked up about it.
It reminds me that I really want a private blog.
One year ago Joey and Paul came over to visit the Pape PigPen. Two years ago I stopped reading slashdot and Irby pulled himself up to standing position.
Blog blog blog. Must... Update... Regularly! Blog blog blog.
I got a calendar! I'm so excited. It hangs on the wall of my office behind my computer. Now I will be super organized! If my digital camera worked, I would post a photo of my wonderful calendar.
Hello! I'm alive! Sorry for the extended absence.
Amber's working hard on her graduate studies. Irby is miraculous as always (he's learning to read!). I'm alternating between paying work (which happens to be interesting work) and Mnet. Also I'm taking a course on Querying P2P Databases at U. of Toronto.
One year ago, Irby could feed himself beans. (This is probably the cutest Irby video/photo from that era.)
Irby says a lot of funny things, and I think I should preserve them, but it often seems like a written version wouldn't have the same appeal. Much of the value is in his timing and his voice. Too bad my digital camera is broken!
I'm back! We had a great time visiting Amber's family in Nova Scotia. I taught Doug and Luke how to play "Tactical Magic". I've spent a great deal of time over the last couple of weeks playing a game on my new laptop.
I posted some comments about a new emergent networking paper on my reading.html page.
We're going to Nova Scotia tomorrow to visit family. We return on the 8th. I might have e-mail access occasionally.
Irby was sitting at the picnic table on the back porch as we set the table. There were plates, salt and pepper, and a huge silver salad bowl full of salad sitting in front of him. Amber called from the kitchen: "Irby, I'm going to fix myself a bowl of salad. Would you like a bowl of salad?". "No," he called back, "I already have a bowl of salad.".
Irby was lying sleepily in bed listening to bed time stories. "I'm sleepy.", he said, rubbing his eyes. "Well why don't you close your eyes for a while?" his parents suggested. "I can't," he said, demonstrating, "They just pop open again.".
As I was updating my reading.html page again, it occurred to me that maybe there are some people in Toronto who want to all read papers and then meet regularly to talk about them. If you can manage to be physically present in Toronto once a month or so, and want to talk about crypto, access control, emergent networks, or something, then please e-mail me.
This idea wouldn't really substitute for the proposed Toronto hackers meeting though, as there are probably plenty of hackers who would like to discuss new ideas, demo code, and so forth but who wouldn't like to read an academic paper before showing up. I'm thinking of checkout out local Internet cafes as venues for such a meeting, which I assume would attract 5 to 15 people.
Irby was picking up The Dutch Chess Set and putting it away. He started to put a die into the bead bag. "It's okay to put the die in there," I said, "but if I were you I would put it into this bag.". "You're me!" he said, puting the die into the dice bag.
I'm updating my reading.html page. I do wish someone would write to me about this stuff. Maybe I'll post the latest URL, e.g. reading.html#notes_GNUnet_ExcessBased_Economics to an appropriate mailing list...
I happened upon an e-mail I wrote to myself last year. It's sitting in my inbox, with two thousand, seven hundred and eighty-three other messages that I may or may not have already read. This one says:
Date: Mon, 11 Nov 2002 22:40:31 EST To: zooko@zooko.com, amber@cs.toronto.edu From: Zooko <zooko@zooko.com> Subject: notes to self (and wife) * Interlock for cycles of length > 2 * Bloom filter with per-bit counter
I was startled to realize that I had completely forgotten about the idea of using the Interlock Protocol for cycles of length greater than two. It's potentially a good idea, and I don't want it to be lost, so I'm posting it, in brief, here.
Rivest and Shamir's Interlock Protocol works when there are two players, Alice and Bob, each of whom have a message for the other. Each one sends a cryptographic commitment to his or her message, then after receiving the commitment from the other, each sends his or her message. With appropriate crypto primitives added, this is a way to exchange messages that is resistant to Man-In-The-Middle attacks.
My idea is that this can be generalized to longer cycles. Suppose Alice has a message for Bob, Bob has a message for Carl, and Carl has a message for Alice. The Interlock Protocol could be applied there, as well.
This is potentially interesting because cycles of length two are quite rare in practice -- how many times a day do you send an e-mail to a friend at the exact same time that he is sending an e-mail to you? -- but longer cycles might be common in some applications.
The Bloom filter with counter idea isn't so interesting.
Irby and I played pathological. He can understand the goal -- color sorting -- but not yet all the constraints. However, with me driving and solving most of the constraints for him, it works well. Hopefully he'll stay interested. We already hacked it to multiply all time limits and number-of-balls-in-flight by 100. Maybe we'll do some more substantial hacking later...
Here is my current reading list of bloggers in or around Iraq:
U.S. military personnel:
Iraqis
If you see Eric Hughes, please tell him Zooko is looking for him.
Update 2004-03-19 found him! Thanks.
googlism says:
eric hughes
eric hughes is the founder of simple access
eric hughes is one of the best young coaches in the country
eric hughes is working on will be of use here
eric hughes is not a member of the eff board of directors
eric hughes is briefly quoted
eric hughes is our newest officemate
eric hughes is leaving st helens at the end of the season after three and a half years as football operations manager
eric hughes is also included for further enlightenment into the realm of cypherpunk
eric hughes is co
eric hughes is lead and they are charged with developing water quality performance measures
eric hughes is a bit
eric hughes is a bit different from the freedom conferred upon users by
eric hughes is the same
eric hughes is off doing
eric hughes is a cryptographer and an expert on payment systems and commercial interaction
eric hughes is a traitor to the cypherpunk cause
eric hughes is adamant that they have got their man
eric hughes is a computer researcher who works for digi
eric hughes is doing
eric hughes is also charged with one count of possession with intent to distribute crack cocaine
I've noticed that I am more and more reticent to write about Irby on this page. I think that as he develops, he is more and more individual, rather than a generically cute and adorable baby. This makes me more concerned for his privacy. It is analogous to the way that I hardly ever mention Amber on this page, even though she is (along with Irby) the most important thing in my life and the most beloved.
I'm torn between privacy and openness -- I want friends and strangers ! -- to know us and to communicate with us, but I don't want bad people learning about us, and I don't want databases collecting information about us which will be permanently stored and increasingly "data-mined" as automation advances.
I think the solution is to start a private, password-protected blog, and then give a password to anyone who asks nicely and promises that they aren't a bad person and they won't copy the information into a database. Even that will exclude many people. I have enjoyed getting to personally know some people after they started anonymously browsing my blog. I just don't know what to do. It's hard to predict what will be done with these stories by automated computer systems twenty years from now. Irby will be twenty-two years old then, and I don't want my carelessness now to negatively impact his life then, at that critical age in his development.
I'm back! Thanks to icepick and the mysterious sysadmin known only as "steve", zooko.com is back on the air.
Learn YAML in Five Minutes. It took me 3m20s. YAML seems very nice!
Chief Wiggles has moved to Baghdad, and higher up in the administration of Iraq. I hope that his blog doesn't get cancelled because of this -- I would really like to have another view on Baghdad.
I've been warned of deadly hardware trouble on the server that hosts my web site and e-mail. If you send e-mail to me, please keep a copy so that you can resend it if I never reply.
Phewf! I've finally finished the core task of my current consulting contract. The project is more than a week late now, and although such an overrun is entirely normal for this type of work, I've been increasingly unhappy about it. The project itself is not finished, but as of today, the core function worked for the first time.
I corresponded with Chief Wiggles's web master. Among other things, I learned that Chief is a Mormon.
I did a bit of reading of crypto papers, and updated my reading.html page accordingly. I do hope someone who reads this can answer my question about CTR-mode being a tweakable block cipher (mode). Maybe there's a paper in it? Whether or no, it's also that I'm using CTR-mode in Mnet, and I'd like to know how its security fits into these new formalisms.
I've been reading all I can find of web diaries (a.k.a. "web logs") written by people who actually live in Iraq (or in the U.S. military establishment in Kuwait which is supporting the U.S. army in Iraq). I've been careful to keep an open mind -- reading the whole text of what these people have written and trying to understand what they are thinking, instead of just scanning through looking for factoids and phrases that reinforce my own political prejudice.
For the most part, I've done a good job of empathizing with the various diarists, even when they express beliefs and opinions wildly divergent from mine (and from each other's).
But this diary entry from Chief Wiggles, I am sad to say, has triggered my knee-jerk reactions. I really hate to disrespect the man, but that's just creepy. You might have to have some background about Chief Wiggles (read a few of the older diary entries) to appreciate it. By the way, I skipped through the first third or so of this new diary entry because I was impatient with the rambling. (So much for reading everything, eh?)
I'm not going to comment on why I found it creepy, in order to allow you the opportunity to read it without first reading a bunch of my opinions about it. I'd be happy to discuss it afterwards. (Especially at a coffeeshop in Toronto in the warm summer evening. But e-mail will work, too.)
I wouldn't be surprised if Chief Wiggles's diary gets pulled off the air since it displays information about potentially sensitive things (the interrogations of Iraqi POW's, some of them high-ranking officers in the old Iraqi army).
I'm thinking of organizing a monthly gathering of hackers in Toronto. Things I'm interested in hearing about include decentralization, cryptography, capability-based security, emergent networks (a.k.a. "peer-to-peer"), programming languages. Two specific projects that are going on in Toronto that I am interested in are Graydon Hoare's monotone and Paul and Joey's Peek-A-Booty (note: NOT PORNOGRAPHY).
I think I might enjoy something along the lines of the famous cypherpunks Thai brunch (which I never attended). That is: Sunday morning/noon, featuring interesting food, rather than a weekday evening featuring a projector screen.
I'm not sure exactly what I would hope to gain from such meetings. Really it is just an excuse to socialize, like most things are.
Err, waitasecond -- I think the news article at theinquirer.net is wrong. Please suspend judgment for now.
Update: well, it was all a false alarm, due to some sloppy reporting from theinquirer.net, followed by some sloppy reporting on my part -- picking up theinquirer's story without checking it out first. My apologies. I've updated the License Quick Ref to give my own succinct and human-readable interpretation of Section 6 of the LGPL. Reminder: I'm not a lawyer, but I refuse to be silenced by the threat of being punished for speaking publically on a legal topic.
The remainder of this entry is what I wrote before I realized that theinquirer's story was a false alarm:
I've updated the Quick Reference Guide to Choosing a Software License to reflect the new (to me) fact that some people (namely the FSF) say that Java class-loading is different from C dynamic-linking with regard to the LGPL's rules. This eliminates LGPL from the niche in which it was formerly the front-runner. (The niche of having "all 'Y'" in my license quick ref table.)
There are two leading contenders to replace LGPL in that niche: 1. Mozilla Public License v1.1-plus-GPL-allowed-amendment, 2. IBM's Common Public License.
The former has the obvious drawback that it isn't standardized -- you have to edit it (to add GPL-allowance) before using it. The latter seems pretty good. The only part of it that I personally found questionable was this funny "patent litigation poison pill" clause, which means you can't safely use Application X (e.g. Eclipse), under the CPL in your company if you think your company might ever sue another company for patent infringement, and that other company has ever contributed to Application X.
Perhaps a good standardized technique for this purpose would be multi-licensing. The source code of the Mozilla project is triple-licensed under the MPL1.1, LGPL and GPL licenses. This fulfills the goal of having all "Y"'s in my table, but it does seem an awfully complicated way to do it!
Now here's a web log from a real ground-pounder -- a U.S. military Non-Commissioned Officer in Iraq. Interestingly, he lists Salam Pax and G. in Baghdad as the first two blogs in his blogrool.
U.S. military personnel:
Here are some web logs from Iraq. Actually some or all of the U.S. military folks are currently in Kuwait. I think they are all "REMFs" -- pencil pushers -- rather than "self-propelled sandbags".
U.S. military personnel:
Iraqis
I wonder if these folks read each other's blogs.
Paul and Joey came over for dinner. Paul had an idea for how to use Identity Based Encryption to solve a core issue in Peek-A-Booty (note: THAT LINK DOES NOT LEAD TO A PORN SITE).
We argued a lot about what Identity Based Encryption could be used for in this context, and in the process we both got a much clearer idea of what IBE is. I'm particularly fascinated by the fact that the Peek-A-Booty desideratum that IBE-plus-secret-sharing can offer and that normal public key cryptography can't is almost do-able with normal old symmetric key encryption-plus-secret-sharing! There's something mysterious and wonderful about the architectural consequences of these different kinds of cryptography, and I wish I got paid to sit around and think about it all day.
Click on the image to see a gallery of photos. You can't really tell from the photos, but in between each snapshot we were bent over with laughter. I don't remember what, exactly, was so funny.
I'm doing Test-Driven Development on my work project. Before I add a feature or fix a bug, I first write a unit test which, when run, shows that the program is failing. Then I add the feature or fix the bug, and run the unit test again. When the test shows that the program is now passing the test, I'm done with that feature or bugfix.
It feels great! I get a nice concrete reward whenever I finish something, and it helps me keep perspective on where I'm going and how fast I'm progressing.
I also have a nice feeling of safety about the whole process -- whenever I change anything, I run the entire unit test suite before and after the change, so I have confidence that my change hasn't broken any of the other features that I've already completed. (Non-programmers probably can't appreciate this, but it is a huge relief to have confidence that the improvement that you just added didn't just silently destroy the improvements that you added last week.)
Peter Hansen has said that if he starts writing code without having first written a unit test, he gets the same feeling of wrongness as when he starts driving a car without first having put on his seatbelt.
To dip my toe into a long-standing "religious war" among hackers: unit tests give you this feeling of safety that you haven't broken something. Static type-checking doesn't. Just admit it: when you've changed a bunch of code, and the current version compiles and passes the static type checker, you still have the gnawing fear that you just introduced a whole bunch of bugs in the features that you didn't have time to test by hand. With automated unit tests you don't have that gnawing fear.
Hopefully my client will also be happy to receive the unit test suite along with the deliverable. A test suite wasn't specified in the contract -- I'm doing it solely in order to facilitate my work on the actual deliverable.
I wrote a big message about reason that the Mnet project should consider using DARCS instead of Subversion for revision control.
I'm spending most of my time working and Irbysitting, so there are no web log updates. Here is an off-the-cuff idea: seven layers of a revision control system:
They all can, and I think should be separated, at least for analysis if not for actual deployment. Unfortunately, to date the only one that has been separately pluggable has been UI. Security/authority/access control has often been integrated with transport/storage and delegated to the operating system. The standard diff/patch utility can be used separately from CVS, but I doubt that CVS could be used with a different diff/patch algorithm.
The only one that I don't entirely grok yet is "branching/smart merge". For a good example of how it is possible to have substantial new features over current RCS's, see this mailing list article on what DARCS can do that arch can't.
See also the current version of revision_control_quick_ref.html.
I have a contract job. It's fun! It's one of those rare jobs which is in the security industry (the actual for-profit security industry) but is neither snake-oil nor automated oppression. This revives my interest in the security industry.
I moved my table comparing revision control systems to http://zooko.com/revision_control_quick_ref.html. I also added a couple more tools and updated some of the data.
Whoo-hoo! I've been promoted to Master status on advogato.org. Unfortunately I've lost my password to log-in to advogato so I can't post revision_control_quick_ref.html there in order to solicit feedback.
I moved this document to its own page: http://zooko.com/revision_control_quick_ref.html.
Steve Jenson's girlfriend has been quoted as saying "When not writing code, Steve likes to... write code.". I think the same is true of me.
I felt sick today, and was having trouble concentrating on work, and was unable to nap due to a certain toddler's anti-nap techniques, so I decided to relax by playing lbreakout2. Irby asked if he could play, but it was way too difficult for him. So I patched the source so that the paddle would be very large, the ball very slow, and only bonuses (no maluses) would emit from broken bricks. Unfortunately by the time I had done all this it was past Irby's bed-time and he was asleep. Maybe he'll want to play tomorrow.
tacmage-v0.2.6.tar.bz2 features wizard death.
New ChangeLog entries:
v0.1.12 + reduced size of leather and sword images v0.2.0 * bumping minor version number in honor of the fact that we can walk around and whack each other + random item placement + fix div-by-zero when attacking naked creature v0.2.1 + background images for hexes + indicate whose turn it is with color highlighting of the stats box + refactor all [c, r] coords to be passed as a constlist instead of as two parameters + refactor wizard motion, fetching, attacking to be in wizard.emaker instead of board.emaker + refactor new paintable object + refactor some of the hex math into hexmath.emaker + ALT-NUMBERKEY enters drop mode - drop mode is incomplete and immediately throws an exception v0.2.3 + refactor type hierarchy, painting of pieces, addition of pieces and paintables to board + add dropTargetGlyph + drop mode now creates a translucent dropTargetGlyph - drop mode doesn't do anything else v0.2.4 + drop mode works! Whoo-HOO! v0.2.5 + drop mode now works for armor in addition to weapons! v0.2.6 + when you reach 0 hit points, you disappear, leaving behind one random item
I recently read The Sandman: Preludes and Nocturnes by Neil Gaiman. At the end, it included this poem, accompanied by drawings of Death incarnated as a young goth woman:
"Death is before me today: Like the recovery of a sick man, Like going forth into a garden after sickness. Death is before me today: Like the odor of myrrh, Like sitting under a sail in a good wind. Death is before me today: Like the course of a stream, Like the return of a man from the war-galley to his house. Death is before me today: Like the home that a man longs to see, After years spent as a captive."
Then I read Something Wicked This Way Comes by Ray Bradbury. Toward the end, it included this dialog in Bradbury's poetic voice:
"Is ... is it ... Death?"
"The carnival?" The old man lit his pipe, blew smoke, seriously studied the patterns. "No. But I think it uses Death as a threat. Death doesn't exist. It never did, it never will. But we've drawn so many pictures of it, so many years, trying to pin it down, comprehend it, we've got to thinking of it as an entity, strangely alive and greedy. All it is, however, is a stopped watch, a loss, an end, a darkness. Nothing."
Sunah requested a screenshot.
tacmage-v0.1.11.tar.bz2 features the ability to make your friend lose hitpoints.
New ChangeLog entries:
v0.1.9 + each wizard has a stats box that displays what armor he is wearing v0.1.10 + you can pick up swords, until your hands are full v0.1.11 + you can whack your friend with a sword, thus reducing his hp
In tacmage-v0.1.6.tar.bz2, you and a friend can each drive a purple wizard around a hex board!
Also try inserting new version numbers in the above link. The current version is v0.1.8. Here is the ChangeLog:
v0.1.0 + displays a hex grid in a Canvas widget + receives key events + has the ability to hot-reload code - doesn't do anything else - the hot-reloading stuff messifies all the code v0.1.1 + displays leather armor if the leather piece is present in the hex + activates the hot-reload feature when the "r" key is pressed v0.1.2 * THIS IS THE LAST VERSION WITH HOT-RELOADING CAPABILITY + displays wizard + wizard has code that should move it from hex to hex on key press - that code doesn't work v0.1.3 + fix missing file and typo from v0.1.2 tarball v0.1.4 + removed hotloader, thus cleaning up the code significantly v0.1.5 + wizard moves around, refuses to walk off the edge of the board or onto occupied hexes - wizard refuses to enter hex occupied by leather, where in future versions he will enter the hex and don the armor + graphics get redrawn whenever wizard moves - whole board is redrawn, where in future versions only the areas that have changed will be redrawn v0.1.6 * removed the art source images from the distribution to make it nice and small + two wizards walk around, in response to separate sets of keys v0.1.7 + wizard can pick up armor, if he isn't already wearing armor v0.1.8 + tweaked art -- wizards are separate colors + fixed collision of wizard-with-wizard
Bruce Eckel is the author of best-selling books Thinking in C++ and Thinking in Java. A couple of years ago I noticed that he was talking about how he liked a language he had recently learned: Python. Now he gave an interview in which he reveals just how much he likes Python:
I feel Python was designed for the person who is actually doing the programming, to maximize their productivity. And that just makes me feel warm and fuzzy all over. I feel nobody is going to be telling me, "Oh yeah, you have to jump through all these hoops for one reason or another." When you have the experience of really being able to be as productive as possible, then you start to get pissed off at other languages. You think, "Gee, I've been wasting my time with these other languages."
This sounds much like my experience, and that of many other programmers I've talked to. If I were going to invent a new language right now (I'm not -- just daydreaming) its raison d'etre would be to take the best from two languages: Python and E. From the latter, I would take integrated capability security, remote invocation, and mobile code. From the former I would take the philosophy and the syntax.
In other news, Mom and my brothers are here to visit. What a pleasure!
Irby has long since stopped using ASL signs to communicate with us -- once he gained the ability to communicate in English, he quickly switched over to using English exclusively. This was sad to me, as I thought that our opportunity to become really fluent in it while he was a child was passing. However, Amber and I have continued to work on it a little bit every now and then.
I've just had the pleasing realization that Irby is actually more able to learn signs now than he was a year ago. If something comes up in conversation, like the color red, I show him the sign RED and ask him to repeat it, and he does so, very accurately, often on the first try. He can even do more complex signs such as GREEN, which requires a funny finger position combined with hand movement! This is a big contrast to a year ago when he didn't have the manual dexterity to express complex signs, and required lots of practice before he could do even the simple ones. I'm also very pleased that when I quizzed him: "Show me the sign for 'again'.", which he probably hasn't performed or witnessed in at least six months, he remembered it!
I've had great fun chatting on the cap-talk mailing list today. Yesterday I had great fun learning E, and chatting about it on the e-lang mailing list.
Oh yeah, and I just wrote a brief note about how Koorde works. Koorde is the most elegant emergent network ever!
Amber is off to a conference for a few days so it is just Irby and me. I have a huge list of Things To Do. Way more than I am going to be able to accomplish before Amber returns. I'm reluctant to spend time on the higher-priority chores (clean, pay bills, clean some more, clean even more, negotiate the maze of twisty little passages that is the University of Colorado bureaucracy) over the lower-priority pleasures (write notes about Koorde, study capabilities, take Irby to the playground, write a hot-code-reloader in preparation for the Summer 2003 Brothers Wilcox Game).
By the way, I've been reading a lot, and I've been updating my reading.html page pretty regularly.
I fixed the links for movies 2 and 3 from yesterday. The first one is around 80 seconds long, the second around 20, the last around 10.
This is a really good movie. Here are parts 2 and 3. Unclespell is a game that Irby's UnkaNathan originally wrote. I have since modified it a few times to make the letters bigger and so on. Here's the source code to Unclespell. If you want to contribute to it, the first thing I would recommend is sound effects! That would be the biggest increase in fun for the effort I think. Another idea is to add playing of speech files (encoded in speex, perhaps). That would be more effort, but would yield the biggest increase in educational value. Irby is aware of the relationship between the sequences of letters, and the spoken words, but he isn't focussed on that part of it, and speech files to show how the words are phonically constructed would be wonderful.
I updated my Things I'm Reading page.
It sounds like the U.S. Government has it in for the theocracy of Iran. Regime change would be good for iraniangirl and her friends, I think -- at least for the ones that weren't shredded by shrapnel or killed by dysentery in the process. (Warning: that link takes you to a photograph of an Iraqi girl who was shredded by shrapnel.)
It seems like the best way to undermine and destabilize the theocracy of Iran is to restore drinkable water, food, and security to the people of Iraq, ASAP. It's surprising to me that the war against Saddam was executed so deftly and the reconstruction so clumsily. (I'm not sure which of those two is the strange one.)
"The United States never lost a war or won a peace." -- paraphrase of quip by Will Rogers
"1. Sun Tzu said: In the practical art of war, the best thing of all is to take the enemy's country whole and intact; to shatter and destroy it is not so good. So, too, it is better to recapture an army entire than to destroy it, to capture a regiment, a detachment or a company entire than to destroy them.
2. Hence to fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy's resistance without fighting.
-- from Sun Tzu's Art of War, chapter 3
I updated my Things I'm Reading page.
I hate living in the high latitudes during the winter, but at this time of year it is idyllic. The pleasant time of evening-and-twilight, when the temperature is just right and the sunlight is soft and clear, seems to last forever. One drawback is that Irby has a hard time going to sleep when there is still soft, clear sunlight shining in his window an hour past bedtime. We're going to have to get some blinds for his room.
Stefan Reich was reading old archives of the e-lang discussion list and he used quotes from a post I wrote in a talk he presented at his university. I didn't know about it until after it had happened. I like the way that the Internet facilitates this sort of casual sharing of information, so that I didn't give my permission or even know about it. I also like the slides from his speech. By excerpting my mailing list article he eliminated the explanations and asides that I indulge in, thus emphasizing the main point.
One thing I don't like is that "Bryce Wilcox-O'Hearn, developer of Mojo Nation" might be interpreted as giving me more credit than I am due for Mojo Nation's successes and failures. The inventors of Mojo Nation were Jim McCoy and Doug Barnes. The first developer they hired was Greg Smith. Months later, when they were ready to ramp up the software development effort, they offered to hire Bram Cohen and me. Bram accepted immediately, and I delayed a bit while investigating a job at Zero Knowledge, which failed to materialize in a funny way. I was originally hired to be the senior developer of the three, but when Doug Barnes left the company I wasn't able to handle that position without his support, so we switched to a "one leader leading (Jim), three hackers hacking" model. (Shortly thereafter I moved to Nova Scotia to take care of my pregnant fiancée, and continued to work remotely as a Mojo Nation developer up until the end.)
Here is the first E code written for the Summer 2003 Brothers Wilcox Game Project:
def dm(print):any {
def makeDwarf():any {
var legs := 1; # one-legged dwarf
def dwarf {
to jump(){
print("Wh");
for i in 1..legs {
print("e")
}
print("!\n");
legs+=1;
}
}
}
}
The actual game is hopefully going to be a multiplayer, hotseat implementation of Tactical Magic (the Newtonmas 2002 Brothers Wilcox Game), and will not actually have any jumping, leg-sprouting dwarfs in it. Unless it does.
Two new studies have been performed comparing low-carb and low-fat diets. These are the first studies to be good enough to get published in a prestigious journal (The New England Journal of Medicine). The results are that as far as the short term goes (six months), the low-carbers were right all along, and the low-fatters (most prominently The American Heart Association) were wrong. In particular, the American Heart Association was wrong in its claim that the improved cardiovascular profile of low-carb dieters was due solely to the weight loss. The studies show that low-carb diets improve the levels of cholesterol in your blood more than a low-fat diet does, even if you lose the same amount of weight on both diets. (Improving your cholesterol levels is, of course, very helpful in reducing your risk of heart disease.) Mainstream scientists keep being quoted in newspapers saying that they are surprised at these results, even though the low-carb books have been saying all along that this would be the case. It seems that whatever theory the low-carb people are using has better predictive power about this issue than the American Heart Association's theory does.
The longer-term (up to one year) results are less promising -- both the low-carb and low-fat groups had a lot of people who gave up on their diet, and both had people who gained some but not all of the weight back. The low-carb dieters were still slimmer than the low-fat dieters after one year, but these results are not statistically meaningful, since so many people dropped out, and since there was greater variance. I was disappointed to read that the low-carb diets didn't have better retention rates than low-fat diets -- low-carb advocates claim that their diet is easier to stick with, and certainly one of the major problems with today's diets is that they are hard to stick with.
I'm disappointed that I keep letting the web log lapse for days at a time. I figure that people will read it if either (a) it gets updated frequently so that every day when they check it they get positive reinforcement, or (b) it generates RSS announcements and they use an RSS listener thingie, or (c) they really really like me.
We've made a lot of progress on the newfangled emergent network in Mnet.
Sunah has departed. Next week Amber goes away for a conference and Irby and I will be alone for five whole days. I think we will miss her. When she returns, my two brothers and my mother will come to visit! Very exciting. It's going to be crazy with five adults and a toddler in this teeny little apartment.
I'm excited about implementing a computer game with my brothers. This is our traditional form of entertainment when we get together. Over the next two weeks, when I have hack time (for example, when Irby naps), I will have to decide between finishing the new network for Mnet versus starting the May 2003 Brothers Wilcox game.
Sorry for dead air space there. I'm happy. Sunah is visiting us for a few days. Irby has gotten over his "Terrible Twos" (which began at 22 months) and is back to being the most polite and agreeable child ever. Amber is out of classes and doing actual research all day. She's much less stressed and much happier. The Mnet Hackers have gotten a newfangled emergent network running! (It's based on Kademlia, which is based on Pastry.)
I just received this e-mail:
Dear Zooko, Mr. Dumon Yaradua. I am the personal attorney to Mr. Mark Zooko, a national of your country, who used to work with Shell Development Company in Nigeria and as [...] After these several unsuccessful attempts, I decided to trace his last name over the Internet, to locate any member of his family hence I contacted you. [...] [...] has issued me a notice to provide the next of kin or have the account confisicated within the next ten official working days.
I like the urgent time limit part.
Last night Amber baked chocolate muffins for me.
Amber found some old coffee beans in a plastic bag in the pantry. So she made some low-carb chocolate-covered coffee beans for me! What a great wife I have.
As I walked home after taking Irby to preschool, I decided to take a short-cut through an alleyway. It was a normal Toronto alleyway for the first couple of blocks -- tall wooden fences and blank garage doors -- but as I walked on, passing no exits that would take me to a street, I passed more gates that were left open, exposing rich gardens and well-maintained yards. The fences became lower and more decorative, turning into mere boundary markers instead of barriers. The edge of the alley in which I walked was now soil and grass instead of asphalt bounded by wooden walls.
Soon I found out why: the alleyway dead-ended into a set of garages and gates, with no exit to the street.
As I walked back along the alley, I passed a young man coming out of his gate to walk his dog (off-leash). I said "It must be nice having an alley that dead-ends!". He repied "Yeah, it's kind of an extra place to hang out.".
It only takes a couple of blocks of relative seclusion to bring out the sense of community that evolution has hard-wired into human brains. I want to have a community when I grow up.
Scientists announced today that they have taken a big step forward in the quest to understand how and why living organisms age. From sciencedaily.com: Gene That Extends Lifespan In Yeast Points To Paradigm Shift In Longevity Research; May Explain Life Extension Via Calorie Restriction. One of the interesting details is that some variants of the common vitamin supplement B3 might (notice I said might) cause you to age faster. Amusingly, when you view the sciencedaily article (the above link) which suggests that these supplements might cause you to age faster, the right-hand column of the screen is a series of advertisements from different retailers selling these supplements.
Paul Graham's latest essay is destined to be a classic: Hackers and Painters. If you read other hacker web logs, you've already seen it recommended to you in almost every one. If you don't, but you read mine (perhaps because you are a not a computer geek, but an Irby-fan -- for example: my mom), then I still recommend it to you! Every now and then there is a paragraph that contains some jargon you won't know, but you can skip to the next paragraph, and you'll want to keep reading. It is an eloquent appeal for understanding about what hacking really is and what it means to its practitioners.
More backyard movies. The would-be gardener is Helen, our upstairs neighbor.
Adam Langley helps me with my homework. Thanks a lot Adam!
It greatly pleases me whenever someone writes to me about something I've written here. Which reminds me that I never properly thanked Paul Crowley for sending private e-mail to help me over my confusion about repeated-square-and-multiply.
It's been too long since I posted any Irby footage. Here is a short but sweet Irby movie, that we made outside in the backyard today, entitled What happened to the dirt?. Click on the image to get the movie.
I've put up a page of things I'm reading. The goals for this page include: 1. keeping track of what I'm reading, 2. storing reviews/notes for myself and others to consult, 3. encouraging people to read something that I'm reading so that we can talk about it.
Lucas Gonze wrote about decentralized, secure, memorable names.
Adam Langley cleaned up and edited my defense against man-in-the-middle paper, resulting in this version (scroll down to "Defence Against Middleperson Attacks").
We've moved almost all of our stuff into NewHouse (as yet unnamed). The big improvement today was books on shelves and computers on desks.
An airline named Jetsgo is offering free flights to Toronto. Everyone sign up! Actually, Chez O'Whielacronx is booked from the 3rd to the 17th of June, so sign up for some other interval.
Maxo arrives today! And many other relatives and friends have offered to visit over the course of the summer. This makes me happy. Come visit me!
I'm also reading Structure and Interpretation of Computer Programs (for the third time, and this time I'm doing all the exercises so that I'll really understand it) and The Codebreakers.
Due to popular demand I've posted my Names: Decentralized, Secure, Human-Meaningful: Choose Two web page again. There are lots of unfinished ideas in this essay, but I've learned not to delay things until I've perfected them. For one thing, the word "secure" is used without a concrete definition -- just "some universal policy of name ownership". If you define a suitably lenient policy (for example, one that allows name collisions, i.e. names can't be exclusively owned), then you can have all three properties, since the "secure" property becomes vacuous. (Thanks for Mark Miller for pointing this out.) Anyway, people were using old snapshots of the essay from web archives, and I would rather they see the latest version, even if it is imperfect.
We'll go off-net any day now and then back on-net an unknown number of business days later. I've been off-net at home for more than a week now -- I have to go to "the office" (our old apartment that we are moving out of) to get Net. This has been good for my reading.
While you're waiting for this journal to return, instead of just hitting reload and reading one year ago today back issues, you could go read some things that I am reading, so we'll have something to talk about.
One year ago today I was distressed, because I still hadn't gotten around to implementing an idea that I had advocated one year before that. Sheesh. This one-year-ago today stuff is really teaching me something about the passage of time.
This morning I read Sloppy hashing and self-organizing clusters by Michael Freedman and David Mazières. I will post my notes about it here when I get time. Meanwhile, please read it and let me know what you think.
Each morning we get up and have breakfast, then Irby and I march over to the Old House, read e-mail, play with toys, and collect enough stuff to fill one big blue backpack and one half-size shopping cart. (On Tuesday, Thursday, and Friday, Irby gets dropped off at Moe's Preschool on the way to the Old House.) Then we go shopping for groceries, cart the stuff and groceries back to the New House, and have nap starting somewhere between 14:00 and 15:00. (If Irby went to preschool, I pick him up at 13:15.) Then we cook dinner, eat dinner, and have family time, then to bed and to start all over again.
Too busy moving to update web page.
Today we're moving some things into our new house.
Irby and I took two hours to walk home from preschool today because it was warm and there were a lot of puddles that needed to be stomped. Also rocks to inspect, handfuls of dirty snow to redistribute, and grassy slopes to trample.
I'm reading Capability Myths Demolished carefully and taking notes which I intend to send to the cap-talk mailing list.
We're moving, and I'm going to change our DSL provider from Bell Canada to someone else. Here is a database of ISP's and ratings that I'm using to find a new one.
One year ago today: "Peek-a-MojoBooty-Nation". We were about to decide to move to Toronto. Has it been less than a year? Time and memory often surprise me.
I've been using the HTML validator to fix up typos and bugs in these web log pages.
Professor Marbach keeps inviting very interesting speakers to give presentations at Univ. of Toronto. This week's is Dr. Tim Roughgarden's presentation on Selfish Routing and the Price of Anarchy.
Chris Allbritton trekked into Iraq through the mountains at the Turkish border. It's a good story! I expect more good stories to come. Visit back-to-iraq.com to see his latest posts.
Raph Levien wrote about the DRM issue on his blog. I completely agree with him that the difference between "technically possible" and "convenient" is very important. I'm also intrigued by his suggestion that the same all-important issue of convenience could be a big advantage for free software over Digital Restrictions Management. Please also read Wes Felter's insightful comment about DRM.
Raph also alluded to a common belief with which I disagree: that "real DRM is technologically impossible, at least without huge improvements in the ability to produce bug-free software".
It helps to know the context here. It's an interesting story! The Xbox is a normal PC with added hardware to prevent you from booting an alternative operating system on it. The operating system that it comes with will only load and run Microsoft-approved programs. Microsoft shipped the first Xbox in 2001. Microsoft sells the Xbox below cost. It costs around $450 per unit to put the thing together, and Microsoft sells them for about $300 per unit. Launching the Xbox project was (and is still) a risky strategic move on Microsoft's part, in which Microsoft spends a lot of money in order to gain the strategic position of having a captive computer in every home. In the most recent SEC filing, Microsoft stated that in the three months leading up to December 2002 they lost $348 million on the Xbox project (that is: they made $1.28 billion revenue by selling Xboxes, but it cost them $1.63 billion to produce them).
In July 2002 around 7 million Xboxes had been shipped. That month, an anonymous donor announced that he would give $200,000 to the hackers who devised a simple and completely legal way to boot Linux on an Xbox. The prize was split into two parts: $100,000 to the first hackers who "port" Linux to Xbox -- altering Linux so that it knows how to control Xbox hardware and to load and run on an Xbox any program that the user chooses to run. The other $100,000 to the first hackers who devise a way to bypass the hardware protection and boot Linux on an Xbox.
(It was later revealed that the anonymous donor was none other than Michael Robertson, CEO first of mp3.com and then of Lindows, Inc., which sells a version of Linux.)
The first $100,000 was claimed quickly, and this recent crack should earn the second $100,000. This crack works by exploiting a bug in the "save game" function of the "James Bond 007" game to take over the whole machine.
Okay, that's the background, now the technical argument I wish to make is this: security by bug-fixing is not possible. Fortunately, it isn't necessary either.
The current mainstream of computer security is "security by bug-fixing". A lot of people work hard to find and fix bugs that crackers could exploit to take over other people's machines. Open source programmers, Microsoft programmers, and lots of others spend a lot of time to find and fix these bugs, then (sometimes) they announce to the world that a bug has been fixed and everyone ought to upgrade to the fixed version. They seem to think that this is the way to achieve security. Unfortunately, it isn't possible to achieve security this way, at least not for large systems containing millions of lines of code, such as your PC.
Ross Anderson explained why this can't work in a paper entitled Why Information Security is Hard -- An Economic Perspective:
[...] let us suppose a large, complex product such as Windows 2000 has 1,000,000 bugs, each with a MTBF of 1,000,000 hours. Suppose the Paddy works for the Irish Republican Army, and his job is to break into the British Army's computer to get the list of informers in Belfast; while Brian is the army assurance guy whose job it is to stop Paddy. So he must learn of the bugs before Paddy does.
Paddy has a day job so he can only do 1000 hours of testing a year. Brian has full Windows source code, dozens of PhDs, control of the commercial evaluation labs, an inside track at CERT, an information sharing deal with other UKUSA member states -- and he also runs the government's scheme to send round consultants to critical industries such as power and telecomms to advise them how to protect their systems. Suppose the Brian benefits from 10,000,000 hours a year worth of testing.
After a year, Paddy finds a bug, while Brian has found 100,000. But the probability that Brian has found Paddy's bug is only 10%. After ten years he will find it -- but by then Paddy will have found more, and it's unlikely Brian will know all of them. Worse, Brian's bug reports will have become such a firehose that Microsoft will have killfiled him.
In other words, Paddy has thermodynamics on his side. Even a moderately resourced attacker can break anything that's at all large and complex.
I think that capability-based security might solve the problem without requiring bug-free software, because of the "defense in depth" nature of capability systems. Current non-capability-based PC operating systems have a single line of defense -- once Paddy finds and exploits a single bug, he is "on the inside" and he can take over the entire system. (Actually, "multi-user" PC operating systems such as Windows XP and Linux have two lines of defense -- "user" and "system". This sometimes succeeds at increasing the number of bugs that Paddy must find from one to two.) Capability-based operating systems are built of thousands or even millions of compartments such that each one is separately defended. If Xbox had been designed as a capability system, exploiting a bug in the "save game" feature of "James Bond 007" would give the attacker the ability to screw around with his saved James Bond 007 games, but it wouldn't give him the ability to take over the whole machine.
(For techies in the audience, I say "thousands or even millions of compartments" because I am envisioning a system such as the E system where every object is a separate protection domain.)
Actually, I don't really know that capabilities would make it possible for end users to run net-connected PCs safely. Maybe Paddy can still find enough bugs to break through enough compartments to get the list of informers. It's hard to predict the evolution of complex, emergent systems like the computer networks (not to mention the society of human programmers and users). But I think that capabilities can make the situation qualitatively better. I'm pretty sure that fighting against thermodynamics in the current paradigm of "security through bug-fixing" won't work.
(To be fair, Raph Levien didn't say "... without manually fixing a whole bunch of bugs", but "... without huge improvements in the ability to produce bug-free software". Still, I'd like to convince him that making millions of lines of code perfectly bug-free is not necessary for security.)
Hm, I just realized I haven't done my 15-minute writing exercises for a few days. Maxo and Witbee have been here, and I was sick, and I spent a few days doing nothing but playing with magic cards and posting to mailing lists.
Some people might think that I was playing some kind of weird April Fools joke in my April 1 entry, but I wasn't! I really did post a picture of my cat to my blog! The thing is, the new kitten has the ability to turn invisible. If you look very closely at the picture, you can see the insides of his ears, and his claws.
The recent software-only crack of Xbox has prompted a few hackers of my acquaintance to repeat their reassuring mantra that true Digital Restrictions Management, which prevents the owner of a computer from doing unapproved things with it, is technically impossible. This is a long-standing and pernicious myth in the cypherpunk community: that the laws of mathematics are on the side of the good guys, and we will inevitably have freedom from control because of basic mathematics. I believe that this myth has caused many (myself included) to focus too little energy on the problem of actually making sure that our freedom is safe.
It's not true.
It's not true that computers which limit what their owners are allowed to do are technically impossible.
A frustrating thing about this myth is that it has been conclusively proven to be untrue, on a huge scale, by the Great Enemy of freedom-loving hackers, Microsoft. But the freedom-loving hackers haven't noticed, because they focus on specific technical details rather than the big picture.
There are around 9 million Microsoft Xboxes in consumers' homes now. Of these 9 million consumers, only a tiny handful will ever succeed at running a program on their Xbox which isn't a Microsoft-approved program. Yet freedom-loving hackers point to the tiny handful and crow "See? It can never work!".
The next version of Xbox will probably be adopted into tens of millions of homes. It will offer those people the ability to correspond with their family and friends through e-mail, the ability to access their bank accounts on-line, and more. It will not run any software which isn't Microsoft-approved, and it will restrict access to web sites and on-line services that aren't Microsoft-approved. Even fewer users will succeed at breaking out of the built-in control in order to do unapproved things.
And yet, I'm afraid freedom-loving hackers will just point to that tiny fraction that breaks free and say "See? It's impossible to control the user!".
Like Xbox, Windows XP is already an existence proof that centralized control over millions of users is possible. Windows XP already implements various kinds of control and surveillance over its users, and it accounts for around a third of all Internet-connected desktop computers in the world.
Hello, folks! Wake up. The bad guys are winning.
We're moving stuff into our new flat. I've been playing with Magic: the Gathering cards rather obsessively for the last few days. Also doing some impulsive Mnet hacking (implementing Kademlia for Mnet).
One year ago today I wrote a proposal for the MixMinion project -- a crypto trick so that MixMinion can process a message without being able to tell whether the message is recipient-anonymous or sender-anonymous. My proposal wasn't efficient enough for the other MixMinion folks, but it helped George Danezis to invent a more efficient technique, which is now the core of MixMinion.
Shortly thereafter Amber and Irby and I travelled to Toronto to explore and to decide if we wanted to live there (now, we do).
Witbee just came in and announced that "It's past your night time!". Then she said "You should be tired anyway. You've been playing on that computer for DAYS!".
Here's my reply to the aforementioned pride-stinging note from Ping. It is my hope that some Python people will get little light bulbs over their heads when the read this letter.
I realize I have been remiss in my duties as a blogger -- I haven't posted any pictures of my cat! So I acquired a kitten. Here is a picture. Isn't he cute?
I wrote a note for the cap-talk list entitled an access control matrix model of capabilities. I would like for the idea therein to become a technical paper (assuming it holds up), but it overlaps with a paper that Ping Yee and Mark Miller have already written: Capability Myths Demolished. MarkM, with whom I figured out a key detail yesterday in a phone conversation, has promised to include this detail in a new revision of Demolished.
I also wrote a follow-up to the python-dev list, in which I realize that <allusion source="Monty Python">"We already got one!"</allusion>.
Ugh. I just went shopping, and my brain was all foggy from my cold. I would look at the next item at the shopping list, take two steps, and I would have forgotten what it was and would have to look at the list again. I think this shows that I shouldn't post anything else to python-dev today. (I've composed a follow-up to a post from Ping that stung my pride, and I've sent it to Ping, but I haven't posted it yet. Now that I've returned from the shopping trip, I know that I oughtn't post it until tomorrow at the earliest!)
I don't really like April Fool's Day very much. The jokes that flow over the Internet usually aren't funny. But my niece Witbee really likes it. She has put a great deal of energy into fooling people today, and then singing "Aaaapril Foools!".
It's wonderful to have a playmate for Irby. (For one thing, this means he doesn't need a parent to play with him all the time.) Irby and Witbee play with the car ramp (big file). I'm already sad that Maxo and Witbee's visit will end.
For today's writing exercises, I sent an essay to the python-dev list about capabilities. This is sort of cheating -- writing exercises are really supposed to be a stand-alone document that will evolve into a technical paper, but I'm too sick to do more right at the moment.
I had a wonderful phone chat with Mark Miller in which we both came to understand more thoroughly the technical difference between ACLs and caps. (Summary: in caps, to update a given element of the access control matrix, you require both permission to update that column and permission to update that row.)
Whoops! I missed a day. I've also missed a several days of 15 minute writing exercises.
I just posted a note to the p2p-hackers mailing list about an idea Brandon Wiley put into my head: "Sloppy Chord".
Heh -- I just looked at my "one year ago today" and I see that I was playing a lot of Magic: the Gathering against myself then, too.
Irby's Mama's Mama and Cousin Witbee arrive any minute. Irby has been excited about it for days.
There is now a second web log describing the war in Iraq from a first-hand perspective. Christopher Allbritton has travelled to Turkey and is now talking to his friends there and making plans to get into northern Iraq (a.k.a. Kurdistan) in the next few days. The other individual web log I know of is Where is Raed?, which has only been updated once since the heavy bombing of Baghdad began.
Aaahhhh -- another sunny, warm day. This kind of thing is important to Torontonians.
I did 15 minutes of writing today (and then another 15 minutes, and then another and another). Today it was a new secure comms protocol, "EGTPv2". I decided to start working out concrete implementation details instead of continuing to scratch my head over how it relates to other such protocols, what the necessary and sufficient conditions are for certain cryptographic guarantees, and so forth. I made much better progress this way. No notes to post yet -- just chicken-scratchings on paper.
I'm disappointed nobody has commented on defense against middleperson yet...
It's very sunny outside, and 9 degrees Centigrade. I took Irby over to the laundromat to do the laundry. He is so good at doing laundry now that I actually sat down and read a book while he laboriously transferred all the wet clothes from the laundry basket into the dryer.
I finished Interface by "Stephen Bury", which is a nom de plume for Neal Stephenson co-writing with his uncle. It was given to me as a present from an Mnet hacker friend. This book, along with all three of the Neal Stephenson books that I've read, triggers one of my strongest prejudices: I hate books (and movies) where the author doesn't seem to take the work seriously. Where the author is sloppy, or doesn't respect the characters or the genre. Stephenson does this in spades. The prose in this book is classic Stephenson: off-the-wall exaggeration, clowning around, spending sentence after sentence on things that have nothing to do with the story, but are purely for stimulation value. I hate it! The characterization is even worse. Most of the characters are cartoon cliches who mouth ridiculous monologues which nobody would ever say and only Neal Stephenson would ever write. A few of them go above and beyond this -- they are blood-spattered hyperkinetic supervillains. At the same time, some of the characters are real flesh-and-blood people whose motivations and decisions you can empathize with, and I enjoyed parts featuring them the most.
The worst failure of the characterization is that most of the characters who are developed in the first half of the book simply disappear at the half-way point and never reappear! The scene never switches back to them, and the plot just wanders away without ever mentioning them again. This happens even to characters that we have spent whole chapters getting to know and getting interested in. Most, but not all, of these abandoned characters get a single sentence of resolution during the last couple of pages of the book.
So as a novel, as science fiction, as a spy/conspiracy thriller or an adventure story, this book is a failure. However, as a satire it is a memorable success. Interface gleefully excoriates the political system in which the most powerful office in the world (President of the U.S.A.) is controlled by the people that manipulate the images on T.V.. Satire is not the desire for amusement, it is moral outrage guided by a sharp mind. The satirical plot of the book, interlarded with copious historical fact and propelled by "Stephen Bury"'s vicious prose, has left an impression on my brain that feels like it might be permanent. If so, this will be the third time that Neal Stephenson has left such a lasting impression on my philosophies of life.
I've started Coraline by Neil Gaiman which was an un-birthday present from a different Mnet hacker friend. So far it is quite engaging! I'm only on Chapter 2, but already I'm wishing that Amber could read it with me. I'm also looking forward to Irby being big enough to enjoy it. It is written in a simple and fast-paced style, so I guess a 10 year old could understand and remain interested, although it might be too gruesome and scary for some.
I was unmotivated this morning, and got nothing done except for playtesting magic cards decks. (I now have a deck which appears to be competitive against some of the current leading decks. Unfortunately it depends on creature enchantments, and is thus very vulnerable to both of the biggest archetypes currently: Green/Red with burn and Astral Slide.)
Here is a very short Irby movie about 2 seconds long. Irby is drawing with colored chalk on the sidewalk at Moe's house.
Whoops -- never got around to the 15 minute writing exercises yesterday.
This morning I helped the Mnet hackers. Icepick has implemented the "store a file" side of the new decentralized filestore format. We've fixed a bug in v0.6.1-STABLE so I'm building new Debian and RedHat packages for the download page.
It's a grey morning, but birds are twittering. Amber and Irby are still asleep. Unfortunately, I'm feeling guilty and conflicted about what to do with the hour or so before they wake. I should do some work for an employer. I should contribute to the "capabilities for Python" discussion and related PEP. I should update my web log (oh wait -- that one is taken care of). I should spend 15 minutes working on a paper. I should work on Mnet (new transport protocol, ZNFF testing and integration, v0.6.1 bug fixes, incentive engineering).
I should stop thinking like this "I should, I should". I think it's bad for me.
Capability Myths Demolished demolished!
Last Tuesday I decided to spend 15 minutes each day writing down thoughts which will hopefully develop into a publishable paper. The first installment was an incomplete outline of Defense Against Middleperson Attacks. My highest hopes for that paper are that it would (a) explicate a novel and practical method of preventing the Chess Grandmaster attack, (b) distinguish the Chess Grandmaster attack from the general Middleperson Attack and raise the question of what other sorts of attacks are currently being clumped together, (c) survey the several defenses that are currently extant in the literature and show how each one has different limitations, (d) raise the question of how to generally characterize the kinds of defense that are possible against the kinds of middleperson attacks. You won't find any of that in the link above though, unless I've updated it quite a bit since I wrote this!
The next installment was a digital camera snapshot of a notebook in which I had written an outline of Deterring Delegation. My highest hopes for that paper are that it would (a) demonstrate that capabilities can deter delegation just as well as access control lists can (thus reversing the current scientific consensus), (b) demonstrate that capabilites can deter delegation better than access control lists can (thus contributing a novel tool for access control). Again, if you look at that digital camera snapshot, you will see only chicken-scratchings.
For todays 15 minutes, I updated Defense Against Middleperson Attacks. It now lays out the actual proposed defense against Chess Grandmaster attack, which may be of interest to some readers.
Didn't do the 15 minute writing exercises today. Here's a short Irby movie. It's short enough that it might even be downloadable via Irby's Mama's Mama's slow modem connection. 2003-03-21-Irby plays with cars and sings.avi
Icepick is implementing ZNFF and in talking about it with him I realized that it was cryptographically fragile -- if the user used the same key to store two different files, or stored the same file with two different erasure code parameters, then the (XOR of the) plaintext of the two files would be visible! Icepick also suggested a nice fix for this problem, which I've just committed to the aforecited "ZNFF" doc.
I did my 15 minutes writing exercises yesterday and today, but the results (see photo) are not in computer-readable text form. It's just as well... I have a lot to learn about access control and delegation before I will have written this paper (working title: "Deterring Delegation"). Writing exercises are very good at making me learn.
Read Where is Raed?. Worked on a letter for python-dev about secure import of modules (not yet finished).
This anecdote illustrates how competent at English Irby has become.
It is warm here. Yesterday I took Irby's new tricycle with me to pick him up from preschool. He had a lot of fun pushing it -- standing behind it and pushing on the back of the seat. He didn't like sitting on the seat and trying to pedal though; I think his legs are a little too short to reach the pedals.
Thirty minutes later we were shopping for groceries and I had the tricycle balanced on my shoulder while I manipulated groceries and money with my hands. Irby wanted to see what was going on with the grocer that I was talking to on the other side of the counter, so he said "Pick me up, please!". I said "I can't pick you up right now, I have a tricycle balanced on my shoulder! That makes things a bit awkward.". I went back to purchasing a half-pound of freshly ground Greek coffee. After a minute Irby said "Put the tricycle down, please!". I looked at him amusedly: "Why do you want me to put the tricycle down, Irby?". "Put the tricycle down and you pick me up!".
I've been participating on the Python mailing list, advocating Capability-secure Python. The possibilities are quite exciting. For example, if the core Python language, or the Chandler project, were to employ capability security, then Chandler could have scripting integrated with its messaging/calendaring and so forth which was both virus-free and extensible! This would be a first for any end-user application, and a dramatic advantage of Chandler over MS Outlook.
Likewise, a Capability-Python plugin for a web browser would allow applets that could actually do useful things, like store state on your hard drive, connect to other computers through the Net, read and write your files, integrate with other applications on your computer, and so forth, while at the same time being safe and virus-free. This was the original promise of Java way back in 1995. Java applets failed, perhaps in part because the "sandbox" security model meant that you could have either safety or usefulness but not both. Capability-Python would offer both.
Thanks to Paul Baranowski for fantasizing with me about the wonderful world of a capability-secure web.
Amber and I have decided to spend 15 minutes a day writing in order to make progress toward our respective goals. Hers is a PhD thesis. Mine is a paper describing some security ideas I have. Today was the first day of the 15-minute "writing exercises".
I've also decided to post my ideas, in incomplete form, to my web log. Pros: 1. gives me more incentive to keep working at it and to think carefully about what I write, 2. gives web log readers indication of what I'm up to, 3. might stimulate someone to talk to me about it and help me understand it better and come up with new related ideas. Cons: 1. the content is unformed, hardly readable, probably wrong, and should not be viewed as something that I would "publish" and sign my name to. 2. someone could steal the ideas and claim credit.
I'm not too worried about that last one. If the ideas were good enough to be worth stealing, that would be great! (Although actual theft wouldn't.)
So anyway, here's the results of the first 15 minutes of typing on Defense Against Middleperson Attacks.
A couple of days ago I discovered the blog of an Iraqi living in Baghdad. I am delighted to have the opportunity to read the personal thoughts of someone who lives so very far away from me, geographically and socially. Today I followed some of the "other blog" links on his page and am now browsing lots of English-language blogs Muslim people from around the world. This kind of thing excites me about blogs (really, about the Internet). Blog popularity contests, blog superstars, and whatnot don't.
I've revived my projects page and I'll (probably) update it whenever I touch anything from now on.
I've gotten several nice notes from people in reply to my plea for phatic feedback. Maxo wanted to know if "phatic" is related to "emphatic" or to "fatuous". I think she may have inquired in order to make a sly joke, but I looked up the answer anyway in Amber's Big Dictionary. "Phatic" is from Greek "phatos" -- "spoken". It's related to "aphasia". "Emphatic" is from Greek "emphatikos" (by way of Latin) -- "to exhibit, display". "Fatuous" is from Latin "fatuus" for which no gloss is offered by Amber's Big Dictionary.
It sort of seems like Irby grew up in the one month outage of journal updates. Now he talks pretty confidently in meaningful sentences. I frequently think "I should write an anecdote about what he just did." or "I should run and get my digital camera before he stops.". That latter one never works though, if I go off to fetch my digital camera every time I'll miss whatever amusing thing he is doing and it'll be over (or at least completely different) by the time I get back.
He helps us cook, standing on a chair at the counter. The noise of the electric mixer frightens him, so when Amber is about to start using it she offers to hold his hand. He takes her hand and holds on to it as long as the mixer is on. This is sufficient to make him feel safe, even though the beaters are whizzing around in the bowl right in front of his face. It's nice to see how much faith he has in Mama's protective powers. This reminds me of how all but the worst pains are instantly cured by a kiss from a parent. He'll fall and bonk his noggin, sit up and start crying, and then the moment the magical kiss is applied he'll sniffle and stop crying.
This has been a week of grad school emergency. Amber had a midterm, a take-home midterm, and a 5-week long assignment was due. At the same time, it is "March Break" for Irby's preschool so there hasn't been anyone other than us taking care of him this week.
Now reading: Remote timing attacks are practical by D. Boneh and D. Brumley. (Thanks to Arma for giving me the URL.)
I wish I had someone to study with. I'm trying to grok why the "repeated-square-and-multiply" algorithm successfully computes exponents. Does it work only in a finite ring?
Actually Amber would be a perfect person to learn this with except (a) she's busy with her own studies which are in emergency mode and (b) she's asleep at this moment.
I think I'll just post my ramblings to this web page. This will force me to make my thoughts clearer and more concrete, or face even greater embarassment. (I've already in the past posted a few such notes on my crypto notes page. I vacillate between posting them to that separate log or posting them to this one.)
That reminds me, during the one-month long zooko.com outage I was surprised at how many people that I knew (or just knew of) noticed its absence. It would be nice if there were a way to see when people read your web log. I've actually considered switching to a mailing list or a password-protected web site as a way to force people to let me know that they read it. Anyway, if you are reading this, please send me a note that says "Hi, I read this.". Phatic communication is very important. That's the kind of communication where you say "Hi there! Nice day isn't it?", not because you want the other person to notice the weather, but because you want them to know that you are aware of them and feel friendly toward them. It's very important, and it's hard to convey through the Net.
Oh, duh! See, this is the kind of education-enhancing embarassment that I was talking about. Repeated-square-and-multiply works quite obviously (and not just in a ring). For example x^18 is equal to ((x^2)^2)^2 * x * x. In my defense I hadn't drunk enough coffee when I wrote that. My primary text is M.O.V. (I have the dead-tree edition). It's an excellent manual, written with rigor and depth, but it isn't a tutorial, and it spares minimal words for explaining things that it has already specified in mathematical symbols.
Irby says whole sentences now. Yesterday he said "No, that car goes THERE.". He still pronounces the word "THERE" as "ADEE", and I still don't know why.
He is also good at being polite -- asking for things in a nice voice and saying "please". Today he was eager to have nurse-and-nap time, and Amber said he needed a fresh diaper first. He said "No dydo!" and started crying, then caught his breath, used his nice voice, and said "No dydos please!". We let him have his nap with no fresh diaper.
A couple of days ago Amber was reading a book about dinosaurs to him. "This one," she said, "is called APATOSAURUS.". He reached out and gently patted the picture of the dinosaur, saying "pat pat!".
Irby has entered the so-called "Terrible Twos" age, where he resists and refuses. It's wonderful to see how he has his own mind and his own preferences and so forth, and is not completely subject to our preferences.
He is also camera-conscious now. Here is a picture of him smiling for the camera.
I'm sorry, oh devoted readers, I haven't been updating regularly. Irby is doing great. Today he correctly answered "What does this word 'd', 'o', 'g' spell?", and "What does this word 'd', 'o' spell?". He loves preschool and as soon as we arrive, while we are trying to get his outdoor clothes off of him, he starts trying to run off to the playroom to play. He always runs back to give us bye-bye kisses when we leave. It is REALLY cold outside. The weather report says that it is "high of -13 degrees celsius", but it doesn't mention that some days there is a wind blowing which really pushes that chill through your clothes and deep into your flesh.
I had a great two hour talk with Peter Marbach about emergent networks. I've been wanting to write up all of my notes from that talk for this journal, but I've been wanting to play with Magic Cards even more, so I haven't gotten around to it yet. I've decided to post right now the single most important realization that I had in that talk:
A network is defined on top of an underlying network. The first emergent networks (Chord), assumed that the underlying network was (a) fully connected and (b) homogeneous in the sense that any hop was considered to be just as expensive as any other hop. The most important contribution of Pastry (and then of Kademlia) is to treat the underlying network as heterogeneous, in the sense that some hops are considered more expensive that others. For Pastry, they chose to make these costs reflect network performance (i.e. latency or throughput) so that Pastry would optimize for faster routing (e.g. don't send packets through Japan when they are on their way from Canada to USA). For Kademlia, they chose to make these costs reflect uptime of peers in order to optimize for stability. (Actually maybe these two choices were not exactly parallel, but nevermind for now...). So my big realization is:
Trust (or vulnerability, or exposure) can also be modelled in the same way, as costs on the links of the underlying network.
In addition, the underlying network may be incompletely connected, either because of (a) trust disconnects, (b) firewalls, NATs, censorship, terrorism, (c) the underlying network doesn't have complete routing e.g. wireless ad hoc networks.
This encourages me a lot: the fact that mainstream emergent network researchers like Project IRIS might develop techniques for overlay networks to work on more general underlying networks (especially non-fully-connected), and that these techniques can then be applied to trust networks.
Now, if any emergent network gurus are reading this, I want to know if you already knew this (it was obvious to you) or not, and if you agree that network locality, connectivity, reliability, and trust can all be modelled in the same graph theoretic way and then solved with the same techniques.
AccordionGuy's web log is about an advertisement personality named "Jared", who is apparently widely hated because he is irritating and over exposed. AccordionGuy writes "He is almost impossible to avoid...". Like Area Man from The Onion, I don't own a television and so I'm pleased to report that I've never been irritated by Jared. Oh wait -- now I have been.
Today Irby's preschool teacher was sick and cancelled preschool so he stayed home all day. I was tired because I stayed up too late last night trying to finish the release of v0.6 of Mnet. Fortunately, Irby is the most good-natured child in the world, and he happily entertained himself with building blocks, cars, and dinosaurs whenever I became too lethargic to play with him.
Tomorrow I am seeing a talk by M. Frans Kaashoek about "Is p2p a passing fad?". You can expect Prof. Kaashoek's answer to be "No.", as he and a bunch of other big-brained scientists just got a 12 million dollar grant from the NSF to develop a new Internet-scale p2p network.
I haven't been updating this web log regularly, but I have been enjoying my family, my Mnet project, some self-directed study in the field of cryptography, and, uh, well that's about it, really. "Family" encompasses a great many things, including household chores and finances, both of which I am enjoying as if they were challenging games.
We've returned from visiting Colorado.