my pseudoblog: a blog-like page by carl mackey
updates
i haven't posted anything in a while. so, some things should appear soon.
after various issues with ubuntu and enlightenment, i have switched to gentoo and openbox. ubuntu, and maybe this is a debian thing in general, is very integrated with its package manager; the package manager also manages configuration, and this makes things weird when you need to change things. with ubuntu, i've had issues with many of its automatic things. in the case of enlightenment, i had issue with its ubuntu packaging; the package manager did a poor job of things, in that whoever it is decided to upgrade the core...without updating the themes. this, unfortunately, meant that it wouldn't work. well, i jumped ship and am pretty happy with gentoo and openbox. openbox is very bare-bones, but it works, and is very customizable without needing to use an application to customize it (one may edit text files). i'm using pypanel for my panel, which is working out fine. gentoo is very nice, as after the initial issues installing, there aren't many problems that the package manager puts your system into; if something bad would have happened, it doesn't let it happen. it was kind of annoying to wait for complilation to finish at first, but eventually i got used to it, and just sometimes would leave things running overnight. the use-flags thing is very handy. now that most things are compiled for my architecture and i actually use a somewhat customized kernel, everything is surprisingly faster.
also, i've been using emacs rather than cream, which is kind of nice once you get used to some of the commands. another neat thing is zsh, which is slower than bash but nicer overall, i think.
i also have my home directory encrypted using truecrypt; i edited a local startup script to mount shortly after booting, requesting the password, but before i log in. i am going to build a storage server, so i think that i will have a very small truecrypt file which contains keyfiles for a large truecrypt volume per hard disk, each with a nominal password. the resulting virtual devices will then be raided (possibly with zfs-fuse :).
more bananas
the more i think about anonymity on the internet, the more agonizing it is... and what appears to be a lack of literature isn't helping. there's a lot of literature on cryptography, but hardly anything, it seems, on anonymity systems like freenet, tor, i2p. the agonizing part is that there are so many attacks that could occur. the systems that currently exist are all quite attackable; the attacks are simply very impractical. however, in computer security it's been proven time and time again that impractical attacks are far from impossible -- and far from improbable.
as the attack model i wished to use for banana is one where it is possible for all untrusted nodes to be compromised by the attacker as well as the attacker being able to watch any traffic on the internet, there are a number of attacks under which existing systems fail miserably at being anonymous. tor, for example, involves bouncing connections over three servers; for one thing, if those three servers aren't experiencing much load, it would be possible to watch the amount of data each receives from other servers and thus notice the patterns of data going to or from the originator to a website. there is, of course, the issue of using untrusted machines to bounce connections off of; it would not be exceptionally expensive for some evilish organization to simply set up a few hundred systems donating time to tor. as the number of existing tor servers with any serious bandwidth numbers in the mere hundreds, a well funded attacker would have no problem setting up enough servers to get a decent chance of someone using three of them at a time.
for banana, i am thinking i shall have to rely on 'friend' connections, where a node should only consider another a 'friend' if its operator/user/whatever knows personally and trusts the other node's operator in terms of both security-mindfulness as well as general trustworthiness. what we could do is make sure that any transaction that we originate or end (basically, a 'selfish' action, like downloading a chunk of a file) be accompanied by sending that amount of chaff to a friend or requesting that amount from them. in the case of protocols that leave traces, we could also mimic those: for e2e, we could give distance vector information; for swarming we could literally give the chunk to the friend; an attacker who queries that friend regarding whether he has it in cache would thus find it to be there. the purpose of this is to make it look like the action was requested by the friend, as most actions in banana are designed to be propagated from node to node. another option is to send this over the crowd-esque friend-to-friend tunnels; since it would be normal to use a tunnel to perform actions, it would be ambiguous whether one was actually performing the actions or simply being a good neighbor. the downside, and it's a big downside, is that we'd have to waste a ton of bandwidth with these possibly naive solutions... i'm sure i'll think of a way to do something better, like in stead of using chaff or general waste for this, i might try to think of ways to fit other communications in... for example, using other selfish output that we'd have been doing anyway. the difficulty there though is that we have to make sure that the inputs and outputs match up plausibly.
basically, i don't want to have to rely on the assumption that there will be enough traffic going through each node that the path of some data will be obfuscated -- an assumtion made by nearly all existing anonymizing protocols -- and not have to enforce constant speed connections, where regardless of there being any useful data on a connection one sends at a constant speed (and even that isn't a guarantee of security in our structure).
on a mostly unrelated side note, i found out via wikipedia that doom communicated using udp on port 666. hehe.
discussions
in the various forms of online discussion, we have various commonalities between protocols. there are listservs, there are blogs, there are forums, and in all cases there is a common theme; there are posts which are original, and there are posts that are in response to that.
consider having a database with as one table, we have posts, and as another we have parent-child relationships between them. we simply abstract away the details of the protocol (we could simply put this in the post table describing an entry), and put each post in the post table, with their relationships in the other. to create a subboard or topic or blog entry, one adds the entry to the post table and adds a parent-child relationship to the relationship table.
for a typical forum or bulletin board, there would be a root node which represents the forum. it would have as children either subboards or topics. a subboard would be equivalent in nature to the parent itself. a topic would be a post generated by a human, with all its replies as children. displaying a forum would consist of listing all its children, sorted into groups whether they are a subboard or topic. displaying a topic would consist of listing the topic and its children in chronological order.
a discussion would appear as a large number of posts by two parties to a node representing the conversation or chat room.
for email, the concept of replying is obvious.
for a blog, one could either set up a blog node entry and attach posts to it (which could then of course be replied to), or simply keep track of original posts one has made on their own site.
one interesting side effect of this system, which is possibly quite beneficial, is that people could make a post be a reply to more than one other posts.
a possible addition to the system would be an 'ancestry' table, which would be used in addition to the relationship table for situations where one would like to have quick access to knowledge whether a great[...]grandchild has had a child. this could be helpful in creating a listserv with a digest mode, for example. another possibility is of course to have the relationship table simply support more than the one kind of relationship.
one rather awkward downside of this idea is that relationships would sort of have to be run on one database... which wouldn't grow so well. another option is to have the relationship table include as part of the identifying information what domain name the posts are hosted at, and ensure that both parent and child, if on different servers, have a copy of the relationship entry in their respective server's table. still, this would be awkward for deeply nested structures, as one would have to hop from server to server to read it all. sounds like a job for xlink's embed :)
crypto, banana
purchased crypto books, applied cryptography and practical cryptography. very interesting stuff. also been doing some thinking on the subject... anyway banana is sort of starting to take more shape and things are becoming more well defined. i also recently switched (surprisingly painlessly) to bazaar. stwingers who want to take a look can check it out. i hope that reilly gets sysadmin access soon, so that it can be put in /projects, but whatever.
bzr branch sftp://username@stwing.org/home5/cjmackey/banana
fyi, it's very nonfunctional and very skeletal and i've been trying to keep things documented but i don't know how well that's going. i'd appreciate opinions, or even better, some help (though i don't know how well that'd go down with senior design folks).
job
i got a job. it's a little internship working for a professor bhaskar krishnamachari in his research on wireless routing, and maybe some other stuff too. first project is to simulate some wireless routing technique, which i wrote something in python to do. unfortunately, it runs in, for more or less practical purposes, O(n^2) time. my poor laptop...
grr. haircut
microkernel/modular government
so after various discussion with reilly and some wikipedia research, i thought a bit about the concepts of a microkernel (a very simple kernel who primarily manages processes and communication between them) in the context of government.
specifically, there would be an organization that establishes a very very few core ideas and governs contracts between people and/or organizations. other parts of government would consist of organizations that have a large contract between themselves and their citizens. the kernel would judge purely on the contracts and not make human judgement calls.
unfortunately, the term 'microgovernment' has been taken: it refers to a government that legislates by making many small decisions; it is a somewhat derogatory term referring to how in america (and many other countries) judges can make decisions on disputes which are then used as guidance for later decisions. incidentally this is completely contrary to the concept of a judge in the kernel described above.
this would allow virtually any kind of government to be implemented on top of this; for example, different governments, or even different laws within them, might have different definitions of property, or wealth, or murder, or trade. the judges would be acting ideally purely on logic so they should not decide on the differences between manslaughter and murder, rather basing their choice on
this allows one to think about what might be placed in the public sector; for example, we could have private control of currencies (ie, more things like the linden dollar, but as real currencies), where individual currencies are kept honest by competition and interest rates and inflation kept similar by arbitrage.
bodies acting in governmental roles would be treated by the kernel just as they would a non-government, much as a microkernel treats its servers.
now, in the case of the us government, we have a system of checks and balances where we have a judicial branch that does something vaguely similar to the kernel; in that it judges on whether actions by the other two branches are constitutional. well, personally i think that it's more like a monolithic kernel, or perhaps hybrid kernel, in that supreme court justices are able to make decisions that are based on information not explicitly stated in the constitution or laws, so that the judicial system is not a very simple thing; furthermore, the us government has the microgovernment problem, where a judge can rule something that may seem nonsensical but it is difficult to repeal and affects later cases (the kernel would be based on logic, and so a repeal should occur in the case of a fallacy).
ok, maybe more later. i'll think about this more after my exam tomorrow morning.
schneier
bruce schneier comments on the economics and trends of security devices, or things in general where the seller knows more than the buyer, to gravitate towards lower quality but cheaper to make things.
this was in response to a recent report by a group that demonstrated the low quality of security of secustick
just further demonstration that bruce schneier is the chuck norris of computers (sorry reilly)
