The Sun BabelFish Blog

Nobody is responsible

Peter Sloterdijk animates a program on the major German Television Station ZDF, entitled the Philosophical Quartet. The latest program of his, which could be translated as Risk and Responsibility: the art of being Nobody is very much worth watching (if you speak german). Sloterdijk starts off the program by reminding us of the ancient story of Ulysses and the Cyclops. In order to free himself from the blood thirsty monster, Ulysses boldly plunged a red hot stake into the sleeping monsters only eye who screaming in pain and rage asked who it was who had done that. Ulyses answered that his name was "Nobody". As the cyclops friends then arrived alerted by the screams of their fellow, and asked him who had done this deed to him, that they could avenge him, they received the answer Nobody. Thinking therefore that the Gods had done that to him, and that he was thus responsible for his deeds, they left him to die in his pain.

This story is used as a spring board by the quartet - the 2 philosohpers and 2 guests: Beatrice Weder Di Mauro swiss economist member of the German 5 wise men board of economic affairs, and novelist Bodo Kirchhoff - to look into the question that nobody seems to be to blame, or accepts the blame, for the massive financial meltdown that saw more money evaporate in a year than all the biggest robberies of all time piled one next to the other over the whole course of humanities history. Clearly something went wrong. Something needs to change, some things need to stop, some to die... The point is well made that the bankers that gave themselves such huge salaries on account that they were responsible for the huge benefits they made, seem to have lost all sense of responsibilty in the crisis. What then is it that needs changing? What criteria should be set in to avoid such errors in the future? One proposal - perhaps a very harsh one for all attempts at mergers - is that you should never allow a system to grow to such a level that it cannot fail, or better: never allow a system to grow so that when it is time to ask for responsibility for a crisis, the only answer can be Nobody.

Posted at 06:03PM Jun 19, 2009 [permalink/trackback] by Henry Story in Philosophy  |  Comments[1]

Peter Sloterdijk, radical cure to twitter

Do you feel like you are in a binary discussion on some topic, that goes back and forth with no apparent progress? Do you feel you have gotten so involved in a micro topic, that you feel that you may be missing the big picture? Is perhaps the phantasy of such a big picture you have taken as your background, itself the cause of the problem you are dealing with? Do you find yourself preaching that God is dead, or not? Are you preaching? Why?

Peter Sloterdijk, one of the most famous contemporary German philosopher, is known to write very large books that span over all domains of human activity from philosophy to history, to technology, aesthetics, biology, religion and economics, in a passionate, often humorous, sometimes jolting way, linking these in a fluid narrative that flows healthily through the barriers of all academic disciplines. Sloterdijk diffuses dualisms through fluid depth of analysis, carefully linking both sides of a debate in such a way that they can be seen to be part of the same surface reflecting a third party that had not yet been seen, the real topic of the discussion perhaps, of which he goes on to draw the history and evolution.

So in his latest book "Du mußt dein Leben ändern" ("You must change your life"), which I have nearly finished reading here in Vienna, Sloterdijk starts off with the a beautiful poem by Rilke of the same title (english translation with german original here ) where Rilke describes what could be called a religious call for transformation whilst looking at an ancient Greek stone torso of Apollo he had come across in the Louvre museum in Paris. The undeniable reality of this upward sentiment of transformation, is what Sloterdijk then goes on to describe the history of throughout his book, linking it to the exercises that Olympic athletes of our times to always further push back the boundaries of what humanity is capable of, which he then traces back to the budhist philosophers and their spiritual exercises, the ancient greek schools of thought, and the exercises the early Christians followed to break through the barriers of death, by for example entering the Roman circus' to be devoured calmly by Lions. This pursuit of transcendental improvement can then be found to have moved from the monasteries of the middle ages into the artisans workshops where the practices of meditation were put to use in the building of the Protestant work ethic...

For those who speak German here is a very interesting interview of him in October of last year on a Swiss television channel talking about the financial meltdown that occurred.

(Thanks to Michael Zeltner for the link on his very interesting blog. More parts here).

And here, for the French speaking of you here is an interview with Elisabeth Levy where they discuss modern media, rumours, and more.

For english speakers here is a talk on Reality Peter Sloterdijk gave a last year before the opening of the large swiss nuclear collider, which I think made the news. (The sounds is not very good, but the points he makes are serious and funny simultaneously):

Posted at 12:45PM Jun 19, 2009 [permalink/trackback] by Henry Story in Philosophy  |  Comments[0]

The foaf+ssl world tour

As you can see from the map here I have been cycling from Fontainebleau to Vienna (covering close to 1000km of road), and now around Cyprus in my spare time. On different occasions along my journey I had the occasion to present foaf+ssl and combine it with a hands on session, where members of the audience were encouraged to create their own foaf file and certificates, and also start looking into what it takes to develop foaf+ssl enabled services. This seems like a very good way to proceed: it helps people get some hands on experience which they can then hopefully pass on to others, it helps me prioritize what need to be done next, and should also lead to the development of foaf+ssl services that will increase the network value of the community, creating I hope a viral effect.

I started this cycle tour in order to loose some weight. I still have 10kg to loose or so, which at the rate of 3kg per 1000km will require me to cycle another 3000km. So that should enable me to visit quite a few places yet. I will be flying back to Vienna where I will stay 10 days or so, after which I will cycle to Prague for a Kiwi meeting on the 3rd of July. After that I could cycle on to Berlin. But really it's up to you to decide. If you know a good hacker group that I can present to and cycle to, let me know, and I'll see how I can fit it into my timetable. So please get in contact! :-)

Posted at 12:21PM Jun 11, 2009 [permalink/trackback] by Henry Story in travel  |  Comments[5]

Link Roundup for Friday 29 May 2009

Linked Data is getting a lot of press:

• Linking Data and Semantics at O’Reilly is a very interesting article that shows how some developers at O'Reilly Media, the famous computer book publisher, moved from ad hoc XML formats published with complex scripts to RESTful publication, and then found themselves unable but to start using the benefits brought by linked data and the semantic web, thereby simplifying a lot of their data issues. Great progress.
• Price Waterhouse Coopers just published a bullish 58 page Technology forecast for the Semantic Web containing a lot of very good articles. download for free here

On a the Social Web front:

• I added 5 simple use cases for the Social Web, which foaf+ssl can take care of on the Social Web XG wiki.
• Bruno Harbulot tagged release 0.3.1 for the FOAF+SSL java libraries and release maven jars for them, as explained in his e-mail to the list

There is a new project called Interactive Knowledge Stack (IKS), which is a Semantics Based Open Source platform for Small to Medium CMS Providers.

Posted at 08:33PM May 29, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[2]

Identity in the Age of Cloud Computing

The Aspen Institute published a 90 page round table report in April entitled "Identity in the Age of Cloud Computing: The next-generation Internet's impact on business, governance and social interaction" under a generous Creative Commons License. I read the freely available pdf over the last week with interest, as it covers a lot of the topics I am talking on this blog, and gives a good introduction into cloud computing (of which I have not yet written).

The paper is a report by J.D. Lasica of a round table discussion with a number of very experienced people that occurred just before the 2008 presidential election. It included people such as Rod Beckstrom, Director of the National Cyber Security Center of the United States Department of Homeland Security, David Kirkpatrick Senior Editor of Internet and Technology at Forune Magazine, Professor Paul M Romer of Stanford University, known for his work on New Growth Theory, Hal Varian, chief ecoomist at Google, and many more...

The discussion around the table must have been very stimulating. Here is my take on the paper.

Identity

Identity turned out to be the core of the discussion. The abstract summarized this best:

Throughout the sessions personal identity arose as a significant issue. Get it right and many services are enabled and enhanced. The group tended to agree that a user-centric open identity network system is the right approach at this point. It could give everyone the opportunity to manage their own identity, customize it for particular purposes, (i.e., give only so much information to an outsider as is necessary for them to transact with you in the way you need), and make it scalable across the Net. Other ways of looking at it include scaling the social web by allowing the individual to have identity as a kind of service rather than, as Lasica writes, "something done to you by outside interests."

The Cloud

The cloud is a way to abstract everything in the connected web space. It is the way the user thinks of the net. It is nebulous. Where information and services are is not important. This is the experience people have when they read their mail on gmail. They can read their mail from their computer, or from their cell phone, or from their hotel, or from their friends computer. The mail and the web, and their flickr photos, and their delicious bookmarks are all there.

The cloud from the developer's point of view is very similar. He buys computing power or storage on Amazon, Google, GoGrid or the upcoming Sun Cloud. Where exactly the computer is located is not important. If demand for the service he develops grows, he can increase the number of machines to serve that demand. This of course is a great way to quickly and lightly get startups going - no need to get huge financing for a very large number of servers to deal with a hypothetical peak load.

The Social Networks on the cloud also allow people to link up and form virtual and short lived organizations for a task at hand. This again reduces costs enabling the companies to get started for very little money, very quickly, try out an idea. The paper does not say this: venture capital is no longer needed -- good thing too, as it has been serverely reduced by the current recession.

The Cloud and Identity

The cloud is the abstraction where the physical location of things becomes unimportant. What operating systems run the software we use, what computers they run on, where these computers are, all that is abstracted away, virtualized into a puff of smoke.

What is of course still needed is a way to name things and locate them in the cloud. What is needed is a global namespace, and global identifiers. These are indeed known as a Universal Resource Locator (URL). Since everything else is abstracted away, URLs are the only consistent abstraction left to identify resources.

It is therefore just one small step for the panelists to agree that something like foaf+ssl is the solution to identity on the cloud. It is user centric, distributed, permits global social networks, and allows for people to have multiple personalities... Foaf+ssl provides exactly what the panelists are looking for:

open identity would provide the foundation for people to invent and discover a new generation of social signals, advice services, affinity groups, organizations and eventually institutions. Because the identity layer is grounded on the principles of openness and equality, anyone would be able to create social networks, tagging systems, repu- tation systems or identity authentication systems.

Posted at 08:30PM May 21, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[0]

You are a Terrorist!

Every country in Europe seems to be on the verge of introducing extremely powerful legislation for state monitoring of the internet, bringing us a lot closer to the dystopia described in George Orwell's novel Nineteen Eighty Four. Under the guise of laws to help combat terrorism or pedophilia - emotional subjects that immediately get everybody's unthinking assent - massive powers are to be given to the state, which could very easily be misused. As internauts we all need to make it our duty to follow very closely these debates, and participate actively in them, if we do not want to find ourselves waking up one morning in a world that is the exact opposite of what we have been dreaming of.

Germany

In Germany a new Data Retention law passed already it seems in 2008, allows the state (quote)

to trace who has contacted whom via telephone, mobile phone or e-mail for a period of six months. In the case of mobile calls or text messages via mobile phone, the user's location is also logged. Anonymising services will be prohibited as of 2009.

Du bist Terrorist (You are a Terrorist) english subtitles from lexela on Vimeo.

France

The passage of the hadopi law in France, will create a strong incentive for citizens to place state built snooper software on each their computers in order to make it possible to defend themselves against accusations of copyright infringement. But that is nothing compared to the incredibly broad powers the state wishes to give itself with Loppsi 2 law (detailed article in Le Monde, and Ars Technica) which would give the president the power to insert spyware onto users computers (which could record anything being done of course), create a very large database of people's activities, help link information from various databases, and much more... The recent case of the sacking of the web site director of the once national, now private, TF1 television channel for having communicated his doubts on Hadopi privately to his Member of Parliament - as reported on Slashdot recently - does not give one much faith in the way privacy is being handled currently by the government.

The United Kingdom

In the UK the Home Secretary Jaqui Smith had proposed to create a database dubbed Big Brother to log every single activity of every one of it's citizens - in order of course to root out the very 21 century crimes of pedophilia and terrorism (did the IRA not operate before the internet? Are pedophile rings something that only emerged with the internet, or is it that they just became more visible?). She had to pull back somewhat from the initial proposal, and now wishes all that information still to be tracked, but only to be kept on the service provider's databases as reported by the Daily Mail, The Telegraph, The Independent...

Conclusion

So are we now all suspected terrorists, pornographers, pedophiles, murderers, subversives, ... that the governments must know all about us? We may have voted for the current government and have complete faith in their use of these tools. But what when the opposition comes in, and takes hold of those same powers? Will we be as comfortable then? The excellent 2006 film The Lives of Others shows just how intrusive the East German state was on its own citizens during the cold war - and that with the very limited tools they had available. With modern computing tools, that type of spy operation could be done at much much lower cost and so perhaps even be viable for the state.

If you feel things just can't go this wrong, then I would also recommend watching Julie Taymor's adaptation of Shakespear's Titus Andronicus. It really is important to realize that things can go badly, very very badly wrong. Ignoring a problem, not taking responsibilities in fighting them will lead to disaster, as the current economic crisis - predicted years before it occurred, but without any action being taken - should have amply proven by now. Sadly for people who predict danger, if people do act on the danger and avoid it, nobody may even notice how close to danger they really were. So our actions may remain unsung. But at least we may put some chances on our side not to wake up in a new form of dictatorship, worse than any ever dreamed of by our those who helped forge our democracies.

Posted at 09:39AM May 20, 2009 [permalink/trackback] by Henry Story in Art  |  Comments[0]

FOAF+SSL: RESTful Authentication for the Social Web

The European Semantic Web Conference (ESWC) will be held in Heraklion on the Island of Crete in Greece from 31 May to 4 June. I will be presenting the paper "FOAF+SSL: RESTful Authentication for the Social Web" which I co-authored with Bruno Harbulot, Ian Jacobi and Mike Jones. Here is the abstract:

We describe a simple protocol for RESTful authentication, using widely deployed technologies such as HTTP, SSL/TLS and Semantic Web vocabularies. This protocol can be used for one-click sign-on to web sites using existing browsers — requiring the user to enter neither an identifier nor a password. Upon this, distributed, open yet secure social networks and applications can be built. After summarizing each of these technologies and how they come together in FOAF+SSL, we describe declaratively the reasoning of a server in its authentication decision. Finally, we compare this protocol to others in the same space.

The paper was accepted by the Trust and Privacy on the Social and Semantic Web track of the ESWC. There are quite a number of interesting papers there.

I have never been to Greece, so I have a feeling I will really enjoy this trip. Hope to see many of you there.

Posted at 11:54PM May 14, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[4]

Some Feedback on the Garmin Edge 705 cycle GPS

After close to 500km of cycling with my new Garmin Edge 705 I think I have enough experience to be able to bring the community some valuable feedback on this device.

Improvements since previous model

Compared to my old Garmin Etrex Legend, which I blogged about in July 2005, the Edge is a huge improvement.

• The old Etrex had a ridiculous limitation of 24MB of memory, which was ok for loading up maps for a circumference of 100km of your neighborhood, but not enough for cycling long distance across Europe. The Edge 705 can take 2GB extension memory cards and is able to load the road maps of all of Europe. That is great: It means I don't have to carry a computer everywhere I go - even though I do currently - and I don't have to load up maps onto the Edge once every day.
• The price has fallen dramatically. The GPS + the maps of Europe came to €400, half the price nearly of the previous model.
• The Edge can better calculate cycle roads. I noticed this last Friday when having carefully used my laptop to draw out the road from Troyes to my destination I found myself on a two way road which would have been very pleasant had it not been for the 20 ton trucks passing me every minute in both directions. I stopped, asked the Edge 705 to calculte the road free of any of my interferences, and it immediately found a little dirt track to get me off that road (even though I had specified that I'd rather wish to avoid dirt tracks). The dirt track punctured my tire, which I found then was in a pretty bad state anyway. But rather have the tire punctured, than my head...
• The Edge 705 comes with a heart rate monitor
• It knows the elevation one is at, and the rate at which one is climbing
• It can calculate the calories spent: it added no calories when I was zooming downhill without pedaling

Compared to Cell Phones

Before buying my Etrex I had inquired into whether a cell phone could have done the job. I did the same this time, and I have to say that it very nearly did. I found quite a number of iPhone add ons for cycling (listed on my delicious account) and I think for something close to the same price as the Garmin Edge, I could have put something together. It would have required

• an extra battery pack (or two) to extend the battery life (perhaps Mophie's Juice pack Air
• a cycle mount (such as this one perhaps)
• some protection against rain. The Otterbox iPhone armor series would have been nice, but is no longer produced it seems. But perhaps Mophie's juice back with a waterproof bag would have been enough.
• a heart monitor which is really important when out for some serious exercise. such as smhearlink perhaps?
• Some turn by turn navigation software. Google Maps is really amazingly good, much better and faster than Garmin's software available on PCs amazingly enough. It has a pedestrian and a car mode, but not a cycle mode which is a pity. Still this would need to be tied up with the heart rate monitor, some visualization tool to tell you how fast you are going, some way of giving you directions, etc... This may come with a release of the next version of the iPhone, and I have seen some impressive demos of software called xGPS that provides turns by turn navigation on a jail broken iPhone.

All of this was perilously close to being possible. With a bit of energy I could have gotten all of this to work. What stopped me, was the data costs in Europe. I was going to leave France, go to Germany, Austria, the Czech republic, and Greece at the very least. And of course as soon as you leave your country of origin, data rates are simply not affordable: 9€ a Mega Byte. So that was clearly not an option. So the Garmin by allowing me to carry all the maps on the device and not requiring any internet connection is just the only solution for the international cyclist.

The bad

The Garmin software is also meant to work on OSX now, which it did not a few years ago. But it still does not work very well. I expressed my annoyance publicly after spending 8 hours trying to install the maps on the 2GB SIM card, and failing to. I had to do it from Windows in the end. That is a very very bad initial experience. It was a sunny day, and instead of being out on the road, I spent it trying to install and re-install software. I very nearly gave it all back there and then.

The Garmin software for OSX and PCs is dead slow. Google whose servers are on the other side of the world, has much faster responses. My feeling is that Garmin, being an MS-DOS company, does everything through disk access, because I could swear that it is not much faster on my dual 2.33Ghz Intel than it was on my 1.3Ghz Power Book.

Also the Garmin software does not have a cycle route calculation mode. It is only designed for cars. So you can't really sit down on your PC and calculate your route in advance there, because it won't be the same as what your GPS comes up with.

The cycle calculation mode on the Edge could do with a lot of improvements:

• Cycles are not cars. You can do a U-turn on a bicycle in an instant - you don't have to find the next intersection to make a turn. If on a cycle I don't turn after being warned, it is probably because I don't want to turn.
• In Germany and Austria, I noticed that Garmin does not seem to have such a good idea of where the cycle paths are. It would be really helpful to the GPS to know those.
• The Garmin path calculation algorithm is very slow. I think it recalculates the whole route whenever one makes a wrong turn. It should really just make a quick adaptation, and find the shortest smallest change required to stay on the same route.
• I am just about to check, but one very important list of shops the Garmin Edge should have are the cycle shops.

Conclusion

The Garmin Edge holds a good advantage over the onslaught of cell phone options, but if I were them I'd be watching the cell phones very carefully. They are not at all far from being able to offer some very decent, or equivalent solutions. (How far that is depends on your ideas of how quickly roaming rates will fall in Europe)

Posted at 08:34PM May 12, 2009 [permalink/trackback] by Henry Story in travel  |  Comments[7]

A Simple foaf+ssl Identity Provider (IdP)

In order to help people get started with foaf+ssl, we have put together a very simple Identity Provider service (IdP). This removes the need for web services to have to deal with setting up https certificates and changing much to their current web setup. With a few lines of server side code any server can now easily find the WebId of a user, and try out some interesting ideas at little cost. If the experiment is useful, for extra security and reliablitiy a business case can then be made for integrating a full foaf+ssl stack.

The protocol is very much as we outlined in a earlier post entitled "Sketch of a foaf+ssl+openid service". The details of the API are listed directly on the root of the first foaf+ssl IdP serviced, available here: https://foafssl.org/srv/idp. All the Service Provider - that is the consumer of the IdP - needs to do is to add a login button or link to his web page that points to the above IdP with a authreqissuer=$url parameter that points back to a CGI controlled by the Service Provicer that can parse the redirect containing the user's WebId. That url comes with a timestamp to avoid replay attacks, and is signed to assure authenticity.

Bruno Harbulot wrote the code and published it under a BSD licence by the University of Manchester where he studies. The code is available on the So(m)mer Subversion repository. You can download it with:

$ svn checkout https://sommer.dev.java.net/svn/sommer/foafssl/trunk foafssl --username guest

Posted at 12:56PM May 12, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[0]

why I bought the Michelin Guide

As the issue of copyrights and intellectual property are moving up the public agenda (see this Economist article for example), I thought I'd write a few posts on what I do buy and work out why I did buy it, rather than say pirate it, to use the emotional term of the day. Let me start here with the Michelin Guide for the iPhone.

The Guide Michelin, as it is known in France, is famous world wide as a very professional database, sold until recently as a book, of the best restaurants in Europe. The Michelin Guide sends highly qualified inspectors anonymously to restaurants to evaluate the quality of their cuisine. They also check the cleaniliness of the kitchens, evaluate the service, the decor, and much more. The result is a reliable guide to restaurant quality.

So why did I spend €10 for the iPhone application for the database of French Restaurants? A search on the internet gives a lot of free restaurant evaluation services. I could have used those instead, right?

It's really all about dating. When you are out with a sophisticated girlfriend, or even on a business lunch, it just won't do to pull out your notebook, and spend 10 to 20 minutes searching on Google through reviews of restaurants, that might have closed a few months ago. It takes a lot of time to sift through open reviews simply because tastes differ massively. To be able to evaluate the quality of a restaurant through online reviews requires assesing the taste of the reviewer from the very limited information available to you from the text -- reviews that could furthermore easily have been faked or sponsored somehow by the owner of the restaurant himself. So when you are on a date or with your wife and she wants a good quality restaurant close to where you happen to be right now, you don't have more than 3 minutes to come up with an answer. You are going to spend easily €30 to €100 on the meal. And a bad meal can spoil a day or a business meeting. So compared to that, what is €10 for the Guide Michelin?

What is important here is that you want quality information here and now. The quality is provided by the inspectors of the Michelin Guide, and the system they put in place to do the tests and verifications. It is confidence in their methodology that gives confidence in their results. Perhaps something similar could be done using crowd sourcing, but I have not yet found such a site, and my guess is that this could be very difficult to put together (not impossible mind you: it is up to Michelin, to keep the cost of their information low enough that building up a parallel database remains uninteresting).

So here are a few reasons I can think of for paying Michelin directly for the information:

• The information from old guides has no more value. The latest information is what I am paying for
• by not giving money to the source I'd be reducing my chances of having good information in the future
• if I got information from someone who did not claim to be using the info from the Guide even though they were, I'd have a lot less reason to believe their results
• if they did use the info from the guide but sold it to me as a copy that was not respecting the policy of the guide, I'd have reason to doubt the honesty of the company giving me the info, and so of the quality of the information itself - trust is an essential ingredient in an information economy
• The time it would take me to find a pirated version of the guide, and the nuisance of constantly finding updated versions, would be worth a lot more that €10 of my time.

An analogy with medicine is illuminating here. You can read up in libraries all about a physical problem you may have. But it could take you months to read up about it, and a lot more to get to the point where you felt that you were knowledgeable about the subject: ie that you could diagnose sympotms correctly and prescribe the best medicines for it. If the disease was about to kill you in a few months then you just clearly won't have time to learn. This is how we get scarcity in an information/knowledge economy. The information may be free to reproduce, but tracking the truthfulness of the information is very costly. Learning it takes time. Perhaps we need to replace the notion of the price of a good depending on the offer and the demand for it, with one of the price of a good being related to the accessibility of the good and the need of it. Learning is the procedure to aquire a knowledge resource. Learning takes time, and that has a cost: in other options that are no longer available, for example. Using the knowledge of others is a short cut to having to learn, and the value of this is reflected in its price.

Posted at 10:38PM May 10, 2009 [permalink/trackback] by Henry Story in Philosophy  |  Comments[3]

JVoteContreHadopi

Pour que les députes Francais entendent les voix des internautes il faut se faire entendre. Je suggere ici une facon trés simple de le faire, qui utilise l'internet a son avantage, et qui de plus est tres distribuée. Simplement ecrivez un blog (ou un tweet) contenant la chaine de characteres "JVoteContreHadopi". Vous pouvez aussi expliquer vos raison pour votre vote en détail. (Moi je l'ai fait ici). Nous pourrons aprés utiliser Google pour compter les votes en utilisant cette requete. Ca peut prendre un peut de temps pour que Google index votre blog - si vous avez des trucs pour que ca ce fasse plus vite, ajoutez les dans les commentaires en bas. Vous aurez une partie des réponses, mais vous les aurez plus rapidement en cherchant sur twitter search.

Certains internautes utilisent le service twitition. Mais je n'aime pas l'idée qu'il faille leur donner mon password.

Nous avons fait quelque chose de similaire pour un vote beaucoup moins important portant sur Java 6 et OSX leopard.

Posted at 06:22PM Apr 30, 2009 [permalink/trackback] by Henry Story in Art  |  Comments[1]

The anti-privacy/liberty law named Hadopi

The Hadopi law(en) being voted now in France, constitutes an incredible attack on Freedom of expression and Privacy. It is fascinating to see how a law that gives the state an easy route to invade people's every digital thought is being pushed through, and will very likely be accepted by the French parliament on Monday May 4, 2009.

Parliamentary Maneuverings

The maneuvers of the French parliament here take some work to understand. A few weeks ago Hadopi was rejected in the Assembly by 21 votes against, 15 for. For an Assembly containing well over 300 deputies, and for a law of such importance, it may seem odd that so few people were part of the discussion. The best understanding I have of this is that President Sarkozy, has made this a very personal issue, having promised to a lot of big media friends, with which he is very close, to put in place a system to break the problem of "piracy" on the internet. Anyone in the majority who may have been tepidly against the law, may not have wished making such a powerful enemy. Others may have thought the law was a done deal given the backing. And sadly I think most of the deputies don't really understand the issue at all, as reveled by this video asking deputies what p2p is.

The Anti-Piracy law

Having lost the first vote, Sarkozi ordered his troops together to make his majority in parliament felt by having them massively vote for the law. The problem is that the majority voting now have very little understanding of the technical issues in front of them. Their view of the issue is the one a large part of the French population have: this is simply an issue of being for or against the Pirates; being for or against the artists. "Piracy is theft" is the simplifying drumbeat which organises their thoughts.

Coming to the defence of artists is of course a very noble thing to do. I myself try to stay as clean as possible in that regard, favoring works that are clearly licensed openly. Most work I publish under very free licences, that make it close to impossible to pirate my work. This article for example is published under a Creativce Commons attribution licence. In any case I find it much easier to buy or rent DVDs than to search for content that may be broken on some other p2p network.

What the best way to defend artists is, and how to find ways of rewarding their work is a complex issue. For the past 50 years people have mostly accepted electronic work to be freely available via the radio or the television -- if interspersed with advertising. I don't want to look into this problem here. For some good ideas one should read and listen to Lawrence Lessig speak on the issue of copyright and the future of the network, or the French economist Jaques Attali write about 10 steps to solve this problem.

The Anti-Privacy/Liberty Law

However noble the issue of saving artists is, the real problem is how this law intends to go about doing what it set out to do. And if one looks at it this way, one soon gets a bad feeling of having entered a Orwellian 1984 like world! (See the public letter "Sci-Fi Against Hadopi") The law is not just anti-piracy, it is also anti-privacy, anti-freedom of expression, anti-freedom of all sorts. It is like a super DDT, a chemical that gets rid of all insects, but is so powerful that it also starts killing humans too.

The Hadopi law (pdf) will enable a newly established administrative higher authority to receive ip addresses from content owners, and ask telecommunication companies to reveal the owners of that ip address, to whom they will send 2 warning e-mails, telling them that something illegal is being downloaded or uploaded from their network, and asking them to secure this network. It seems that this warning will not even mention the work that is thought to have been illegally transmitted. After the third postal warning the internet connection will be cut off. At that point the citizen whose connection will be cut off, will be placed on a black list, making it impossible for him to seek any other telephone connection. As it will be extremly difficult for him to defend himself, he will then have to accept putting a yet undefined piece of software on his network that will snoop everything he is doing. One motion required this software to also sniff the email communications [ I am not absolutely clear this went through though.]

So in short, private companies will be able to anonymously denounce French citizens, leading their internet connection to be cut off, and then forcing them to install snooping software on their network to prove their innocence! If this is not an extreem invasion of privacy I do not know what is.

To help citizens who want to stay legal find their way around the internet, the Hadopi institution will distribute special labels for clean content. Good citizens will be safe if they don't stray too far from officially approved sites. If this is not an attack on freedom of information I don't know what is!

Where is the resistance?

So over the past few weeks as my concern grew I tried discussing this with a number of people. My initial thought was that an issue such as this would not get through in a country that demonstrates on nearly every issue that comes up. What stunned me was the silence, or the lack of interest in these issues by most people. It is instructive in my view to look at various types of responses I got.

The law cannot be implemented view

A lot of people are convinced that this law cannot be implemented. It is too crazy to be workable. Let us hope and pray that it is! The previous DADVSI law wich had set punishments of €300 000 and 3 years in prison, was so extreemly overwhelmingly powerful, that it indeed was not useable.

But that argument is very dangerous. The DADVSI may not yet have been used, but it may one day be. It is certainly what is spurring the current law, Hadopi, which comparatively seems innocuously kind. It only will ask you to install snooping software on your network. And since it is big brother the State asking this, and most people have no idea of what this implies, a lot of people may very well be frightened into accepting this. In any case it does not matter if it is not immediately applicable. It need only slowly with time work itself into people's lives. If enough people have this working, even if it is widely bypassed, then you can bet that in 10 years time, a movement will start where people who do have this installed will complain that some of their fellow citizens don't have it, and so push for harsher laws, perhaps going so far as to install this automatically on all networks.

We can bypass it

A lot of technically savvy people have convinced themselves they can bypass this easily.

So what if they do? The law need only frighten the majority into behaving a certain way. With time, and with the majority on their side, they can add other laws to make the undesirable behavior a lot more difficult. For example for those who think that anonymising software is going to be an easy way out, then they should look at the next law on the table: Llopsi which will give the State the power to block any IP address they need to. Now perhaps a good use case for Llopsi will be large anonymiser services.

Not fighting a law because one decides one will not follow it, is a very selfish and short term way of thinking. Sadly it seems to have grown in a large portion of the population that allowed itself to be tagged as Pirates. And for that selfishness we will all pay (yes, this is not just a French phenomenon, it seems to be a globally orchestrated movement - see for example blackout europe.)

It will be blocked by the constitution

It may be. But then it may not be. In any case it is extreemly worrying that a law should have to go so far as to require blocking by the constitution. Remember how Lawrence Lessig's attempt to get the Supreme court to change the provisions on copyright? It failed.

It will be blocked by the European Union

The EU is a Union of States, where the states have an overwhelming power. The EU does not have an army and cannot enforce much. France has the "cultural exception" it can use quite easily, and it may also be that similar problems are brewing in the rest of europe. Don't count on the EU. The parliament have done a great job there, but they don't have the final say, and they can be pressured. They have just watered down the telecom bill for example. The EU is not the USA.

The people will rise

This is unlikely given what I have seen. Many people don't yet really feel the power of the internet. They work with the internet via the expensive and limited cell phone networks, if at all. For them the Internet is cool, but not essential. Furthermore traditional media are still extremely powerful, and they can direct the message the way they wish. If they were not so powerful, laws such as this would not ever be able to go so far. I don't watch enough television to be able to tell if both sides of the debate here have been aired equally. My guess is not. [ Update: the major French television channel TF1 - the first french TV channel to be created, now privatised - was found to have sacked the head of their innovation center, for having sent privately a critical message on Hadopi to his Member of Parliament as reported by Libération. Thereby confirming the suspicion that other sides of this debate are not getting equal airing time]

But in the long term the people may very well rise. If the law were applied equally and without discrimination then businesses may very well be the first to rise up -- and leave. Later as the internet does become more and more part of every day life, the people themselves may rise. Most likely the younger generation will feel most strongly the difference between what is being asked and what is reasonable. They may feel these new chains most forcefully. Mass movements though are worrying, because when masses move, they can end up being very difficult to control, and can easily go the wrong direction.

All in all I think it would be much better for people in France to call their deputies before the law passes and urge them to change their mind, than to wait and fight this out on the streets.

Vote

There are a number of ways people can get their voice heard. One is the twitition petition. But I don't like the way it requires your password. Better I think to add the string JVoteContreHadopi to a blog post or tweet of yours. After a little time the vote should appear on this Google query where the votes can be counted. (We did this for when voting for Java 6 on OSX leopard.)

Posted at 05:09PM Apr 30, 2009 [permalink/trackback] by Henry Story in Art  |  Comments[7]

Adding twitter to my blog using Scala

Having added javascript widgets to my blog a few months ago, I found that this slowed the page downloads a lot. Here is a way to speed this up again, by pre-processing the work with a Scala script, and using iFrames to include the result.

Here are the short steps to do this:

1. I wrote a Scala Program (see source) to take the twitter Atom feed, and generate xhtml from it.
2. I wrote a shell script to run the compiled scala jar

   #!/bin/bash
   
   export CP=$HOME/java/scala/lib/scala-library.jar:$HOME/java/scala/lib/learning.jar
   
   /usr/bin/java -cp $CP learning.BlogIFrame $*
   

3. Then I just started a cron job on my unix server to process the script every half an hour

   $ crontab -l
   5,36 * * * * $HOME/bin/twitter.sh $HOME/htdocs/tmp/blogs.sun.com/tweets.html
   

4. Finally I added the iFrame to my blog here pointing to the produced html <IFRAME src="http://bblfish.net/tmp/blogs.sun.com/tweets.html" height="300" frameborder="0"></IFRAME>

As a result there is a lot less load on the twitter server - it only has to serve one atom feed every half an hour instead of 1000 or so a day - and my html blog page does not stall if the twitter site itself is overloaded.

Also I learnt a lot about Scala by doing this little exercise.

Posted at 01:25PM Apr 29, 2009 [permalink/trackback] by Henry Story in Java  |  Comments[6]

Hadopi, a serious danger to French competitiveness

The last minute provisional rejection of the HADOPI law in France last week (it will go back for a vote on the 29th April), has given a new life to the debate here. The law, which is perhaps best explained on the French Wikipedia page, will give if passed, the power to Copyright holders to point out infringing ip addresses to a new higher authority (HADOPI) which will have the power to cut off internet connections after 3 warnings.

There are a huge number of privacy issues here, perhaps best illustrated by the possibility of someone using a p2p network to send themselves a copy of their legally purchased content. Furthermore as it is extreemly easy to infringe copyright - as the Baby dancing to Prince video case illustrates - this law will create a background atmosphere of fear which will have serious consequences on the ability to create new services.

This fear will lead outfits - cafés, libraries, hotels - that provide public access points to the internet, to demand some white list of acceptable content providers which they can allow their users access to without the danger of being cut off. The creation of such a list is extreemly expensive: certainly a lot more expensive than the profits the copyright holders may have gained by selling content to penniless teenagers. (Those of us that do have money, are happy to pay for the quality guarantees provided by pay for services. I'd rather pay a few $1 than be interrupted in the middle of a pirated movie by missing scenes, badly recorded music, or porn...). So there will be no justification to pour a lot of money into very complete white lists. Getting added to such lists will be a time consuming political game.

As a result startups that come up with new innovative services, being low budget idea driven companies, these will of course not have the money to play these advanced political games. Starting up in France will therefore be difficult or impossible. With much larger markets abroad - in the USA for example - the path to growth there will be clear. When these startups have then turned into billion dollar US companies, they will find it relatively easy to pay for the HADOPI political game and return to France. A loss to french entrepreneurship nevertheless.

This is not the first time this happened. Something similar happened with cryptography in the 90ies. France by severely restricting the strength of its keys, handicapped all of its ecommerce industry in the competition with the US, whose citizens were allowed to use any strength they wanted to. These laws were repelled in 1999 after much damage to its industry. Freedom is not just a cultural issue of fundamental importance. It is also the life blood of a dynamic economy.

Notes

1. The above are my own opinions, and not those of Sun Microsystems.
2. This article is published CC attribution, as all other articles on this blog. Please feel free to copy and translate. I do in fact read, write and speak french fluently, but my french spelling and grammar is just too rusty from lack of use, that I did not want to impose this on my readers

Posted at 01:18PM Apr 15, 2009 [permalink/trackback] by Henry Story in Philosophy  |  Comments[3]

Sun Initiates Social Web Interest Group

I am very pleased to announce that Sun Microsystems is one of the initiating members of the Social Web Incubator Group launched at the W3C.

Quoting from the Charter:

The mission of the Social Web Incubator Group, part of the Incubator Activity, is to understand the systems and technologies that permit the description and identification of people, groups, organizations, and user-generated content in extensible and privacy-respecting ways.

The topics covered with regards to the emerging Social Web include, but are not limited to: accessibility, internationalization, portability, distributed architecture, privacy, trust, business metrics and practices, user experience, and contextual data. The scope includes issues such as widget platforms (such as OpenSocial, Facebook and W3C Widgets), as well as other user-facing technology, such as OpenID and OAuth, and mobile access to social networking services. The group is concerned also with the extensibility of Social Web descriptive schemas, so that the ability of Web users to describe themselves and their interests is not limited by the imagination of software engineers or Web site creators. Some of these technologies are independent projects, some were standardized at the IETF, W3C or elsewhere, and users of the Web shouldn't have to care. The purpose of this group is to provide a lightweight environment designed to foster and report on collaborations within the Social Web-related industry or outside which may, in due time affect the growth and usability of the Social Web, rather than to create new technology.

I am glad we are supporting this along with these other prestigious players:

• ASemantics
• Boeing
• Cisco
• DERI Galway at the National University of Ireland, Galway, Ireland
• Garlik
• Institut National de Recherche en Informatique et en Automatique (INRIA)
• Institute of Informatics and Telecommunications (IIT), NCSR
• NICTA
• Rochester Institute of Technology
• SUN Microsystems
• Talis
• Telecom Italia
• University of Bristol
• University of Edinburgh
• Universidad Politécnica de Madrid
• University of Versailles
• Vrije Universiteit
• Vodafone

This should certainly help create a very interesting forum for discussing what I believe is one of the most important issue on the web today.

Posted at 10:22AM Apr 07, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[4]

howto get a foaf+ssl certificate to your iPhone

In my previous post I showed that a passwordless distributed social web is already possible on the iPhone. It just requires one to upload a foaf+ssl certificate to it. Here is a relatively easy way to do this. I leave it up to the readers of this blog to build even better ways to do it.

First of course you need to have a foaf+ssl certificate. If you don't have a foaf file, then you may want to first check out foafbuilder to create a foaf file and help you tie your distributed persona on the web together. It would be great if foafbuilder could also create those foaf+ssl certs.... For the moment they don't so the easiest way to get it is using the foafssl.org certificate creation service. That will load the certicicate right in your browser, and help you test it.

Once you have a certificate in your browser - I am assuming Firefox here - you just need to export it to the hard drive. In FF go to Preferences, and click on the advanced tab, and choose the encryption section.

I have a number of foaf+ssl certificates as you can see here. Choose one of them and click the Backup button. This will open another window asking you where you wish to save your certificate. Save it somewhere obvious in pkcs12 format. Make sure the file ends with a .p12 extension. You will also be asked for a password to encrypt your certificate, so it can't be opened in transit. You can use a complex password here as you will only need to remember it once.

Then just mail yourself that .p12 file using an account you can access on the iPhone of course. It is just a matter then of going to your iPhone, and opening your mail. In my mail I added a link to the web service I wanted to use next, to save me typing later.

When you click on the p12 link in your iphone, it will then ask you if you wish to install it. The certificate will most likely not be verified by another party. But that's ok, because you are the person who verified it. It is a certificate about you, and you know yourself better than most other people (except your mama of course).

You are then asked to enter the password you used to encrypt the certificate earlier. Once this is done your certificate will be installed on your iPhone, where it can stay happily for a very long time.

If you wish to have a number of different personalities on the web you can create different foaf profiles of yourself, where you can link different pieces of your web life together. As all detective films show it is very difficult to keep things forever secret. But you can at least keep pieces of your life clearly seperated, to keep nosy people busy.

Posted at 07:19PM Apr 03, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[2]

Global Identity in the iPhone browser

Typing user name/passwords on cell phones is extreemly tedious. Here we show how identification & authentication can be done in two clicks. No URL to type in, no changes to the iPhone, just using bog standard SSL technology tied into a distributed global network of trust, which is known as foaf+ssl.

After having installed a foaf+ssl certificate on my phone (which I will explain how to do in my next post), I directed Safari to foaf.me, which is a foaf+ssl enabled web site. This brought up the following screen:

This is a non personalised page. In the top right is a simple foaf+ssl login button. This site was not designed for the iPhone, or it would have been a lot more prominent. (This is easy to change for foaf.me of course). So I the zoomed onto the login link as shown in the following snapshot. Remember that I don't have an account on foaf.me. This could be the first time ever I go there. But nevertheless I can sign up: just click that link.

So clicking on this foaf+ssl enabled link brings up the following window in Safari. Safari warns me first that the site requires a certificate. The link I clicked on sent me to a page that is requesting my details.

As I do in fact want to login, I click the continue button. The iPhone then presents me with an identity selector, asking me which of my two certificates I want to use to log in:

Having selected the second one, the certificate containing my bblfish.net WebId is sent to the server, which authenticates me. The information from my foaf file is then used to personalise my foaf.me experience. Here foaf.me gives me a nice human readable view of my foaf file. I can even explore my social network right there and then, by clicking on the links to my friends. Again, this will work even if you never did go to foaf.me before. All you need is of course a well filled out foaf file, which services such as foafbuilder.qdos.com are making very easy to do. Anyway, here is the foaf.me personalised web page. It really knows a lot about me after just 2 clicks!

The foaf.me site currently has another tab, showing my activity stream of all the chats I have on the web, which it can piece together since I linked all my accounts together in my foaf file, as I explained in the post "Personalising my Blog" a few months ago.

Other web sites could use this information very differently. My web server itself may also decide to show selected information to selected servers... Implementing this is it turns out quite easy. More on that on this blog and on the foaf-protocols mailing list.

Posted at 06:14PM Apr 03, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[3]

Join the foaf+ssl community and get OpenId for free

Toby Inkster today was the first to put up an OpenId authentication service, that uses foaf+ssl certificates as credentials. This means that anyone with a foaf+ssl certificate can now log in not just to all the fun foaf+ssl services that are popping up, but also to the 100's of thousand of other services out there that are using OpenId - making it so much more valuable.

The OpenId service is written in Perl and requires less that 100 lines of code (see source).

From a user's perspective this is what happens, once everything is set up.

1. Go to an OpenId enabled service - I tried DZone and Identi.ca.
2. Enter your OpenId - I used http://bblfish.net/ - in the provided field. And click return.
3. Your browser will open a client cert popup asking which certificate you want to send - (you should set your browser up to ask you). Choose your foaf+ssl enabled cert. Press enter.
4. You will be logged in.

This has a few advantages:

• You no longer have to remember a password for the OpenId server. Your browser keeps that information.
• The OpenId server does not know your password either.
• You never had to tell the OpenId Server anything about yourself. All the information is available in your foaf file. And you could protect parts of your foaf file with foaf+ssl so that the OpenId service need know just the public stuff. You could then give special access to the service you are logging into to see protected parts.
• It is very easy to change the OpenId Server: just change the openid.server line in your OpenId page. Since the server maintains no state about you, this is easy to do: you won't have to create a new account, specify your name, address, ... remember another password, etc...
• No need for attribute exchange - though the server could easily be enhanced to enable it - since the attributes are all in the foaf file, linked to from the OpenId page. See my 2007 post: Foaf and Openid.
• It takes one less request to do this than in usual OpenId implementations, as the login step is removed. (this is replaced it is true by one more connection from the OpenId server to the foaf file. But this could be cached.)

It is very easy to get going - especially given that we are dealing with the first release software! Here are the steps:

1. First of course get yourself a foaf+ssl certificate in your browser, and a correspondingly foaf id. There are a number of services listed on the foaf+ssl wiki. Two solutions:
   • You can use the easy to use foafssl.org certificate creation service, but you'll need the foaf file to then point back to the OnlineAccount just created. This would require adding the following triple in geek mode to your foaf file, in order to help verify your identity claim:

     
     <http://you.com/foaf#me> <http://xmlns.com/foaf/0.1/holdsAccount> <http://test.foafssl.org/certs/0xx.rdf#accnt>.
     
     

   • Or you can follow the even more geeky instructions from my original blog to create yourself a certificate.
   We need to work on making the user experience much easier of course. This here is still just a proof of concept.
2. Next add a link from your OpenId page to the foaf server, and to your foaf file. A good choice for your OpenId page is your home page. Add the following in the <head>...</head> section of your html.

       <link rel="openid.server" 
           href="https://ophelia.g5n.co.uk:10443/openid/provider.cgi?webid=http%3A%2F%2Fbblfish.net%2Fpeople%2Fhenry%2Fcard%23me" 
           title="FOAF+SSL OpenId Server"/>
       <link rel="meta" title="foaf" href="http://bblfish.net/people/henry/card" type="application/rdf+xml" />
   

   You can see an example in the source of my home page at http://bblfish.net/. The pattern to follow for the href attribute is https://ophelia.g5n.co.uk:10443/openid/provider.cgi?webid=W where you replace W by the URL encoded value of your WebId. (You can use an online service such as this devshed one to do the encoding). The encoded WebId helps the OpenId authentication service verify that the person logging in there is really you - the person referred to by your webid. You should also point to your foaf file using the meta link, so that other services on the web can find this information easily.
3. You need to add a foaf:openid relation from your WebId to your OpenId page in your foaf file. This is so that the OpenId server can identify you in your foaf file. I added the following triple in my foaf.

   <http://bblfish.net/people/henry/card#me> <http://xmlns.com/foaf/0.1/openid> <http://bblfish.net/> .
   

   Which can take a number of different forms in rdf/xml of course.

That is it. This could easily be automated by foaf service providers. I'll update it as soon as we have some easier means of doing this.

Posted at 03:37PM Mar 20, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[3]

The foaf+ssl paradigm shift

Foaf+SSL builds on PKI whose paradigmatic example is that of a traveller crossing the frontier and showing his passport. The problem is that this analogy breaks down for foaf+ssl (wiki page) and can make it difficult to understand what is going on. What is required is a paradigm shift, and I will here help walk you through it. (Thanks to a educational exchange with Bruno Harbulot on the foaf-protocols mailing list)

Traditional PKI

So first let us step into the old paradigm. You arrive at a web site. It asks you for your certificate which is somewhat like being asked for a passport at a border. So in this analogy you are playing the role of the traveller who is looking to cross the border (access that resource), and the server is playing the role of border patrol officer, whose job it is to permit you only if you are authorized to do so.

So of course you hand over a certificate. This contains a number of things:

• Your identifier. This can be the passport number. In X509 it is the Distinguished Name. And with foaf+ssl we have are also making use of the subject alternative name, a WebId.
• Something to tie the certificate to you. In the case of the passport this would be the photo on the passport which should match your face. In the certificate this role is played by the public key that corresponds to the private key only you posses. The public key that you send is what others see of your face, ie, the photo on the passport, the private key would be your face itself.
• There may be a few other things written in the passport about you, such as your age, your birthplace, etc...
• The whole passport is designed to be recogniseable as having been published by the Government which issued it - usually it is also signed by them. And indeed in the certificate space we have the same thing: a Certificate Authority takes the place of the Government and signs your certificate.

The server receiving this certificate, playing the role of the border patrol agent, now himself needs to continue the process:

• First he must identify you. Ie, his task is given the pasport, to verify the referent of its holder. He can do this simply by verifying that the picture matches your face. In the case of TLS this is done simply through the cryptographic mechanism that established the https connection.
• Next the officer must verify that the information in the passport is issued by a government agency he trusts. This is the authentication step. (Authentication, from Greek αυθεντικός, real or genuine, from authentes for author) The officer verifies that the passport is genuinely from the government. To do this he verifies the watermarks, checks for signs of tampering, etc... In the case of the server this is very easy to do using encryption. The certificate is signed by the Certificate Authority, in such a way as to make it extremly difficult to tamper with. By verifiying the Certificate integrity and that the signature of the CA matches the one it has on file the server can be confident that the information it is reading was stated by the Authority it trusts. Since it trusts that authority it can believe its contents.
• Having accepted the contents, it can trust the identifier is of you, and finding that you are not on a blacklist, can authorize you to cross the border.

How the analogy breaks down

The problem with that analogy is that it does not help one to understand foaf+ssl, because with foaf+ssl the certificate presented to the server is self signed, and the identity self created!

To clearly see how the analogy breaks down, imagine what would happen if we mapped the foaf+ssl back to our border patrol situation. Imagine you arrive happily at the border and the officer asks you for a passport. You give him a piece of paper nicely crafted on your color laser printer at home, with your photo on the right hand side, your self created WebId, a URL you coined a few days before, your name, and your signature below. On the paper you put a nice logo, saying "Issued on 1 Jan 2009 by Me, valid for 1 year."

Now I don't recommend doing this during times of high tension between the countries on either side of the border, or unless you have some serious reason to believe that the officers have a good sense of humor. If they do, you can be certain you will be sent back from where you came from, and not into some more dingy place with bars instead of windows.

A better analogy

So lets leave those dreary, bureaucratic and slow moving border control situations where novelty is frowned upon far behind us. Instead let us try for a different example.

So imagine now you are going to a masked party, where only a preselected group of people were invited, of which you. As you arrive in your RoboCop costume which completely covers your body, and muffles your voice, you present a paper with a note on which is your typewritten ID. Having verified that the person with that ID is indeed authorized to join, the guard at the door asks you to move your right arm up and down three times, which you do. To wiggle your bottom as best you can, which you do. Satisfied that he has identified you, the guard lets you in, and you go party.

According to you, is this guard doing his job correctly? Has he correctly authorized you? Let me add here that the ID you gave him is a public ID and that the list of invited people is also public! What do you think? Because this is really not far from the foaf+ssl solution...

Well it all depends on a how the guard came to ask you to move your hand! Imagine that your ID was the URL <tel:+1.510.931.5491>, and that the guard took out his cell phone and called that number. You, in the depth of your RoboCop costume receive the call. The guard asks: "Hi are you in front of the party now?". You answer "yes", and the guard hears the voice in the phone answer "yes". He asks you to move your right hand up and down three times which you immediately do. He asks you to do the best to wiggle your bottom. Which you do. Now has he not identified you as being <tel:+1.510.931.5491>?

Are you thinking: "well yes, could I - being inside the costume - could I not have just overheard what the guard was saying, even had I not received the call?". If that thought bothers you, then replay the same scenario, but this time change the ID you give over to an email address, and have the guard send you an email, which you receive on your cell phone too. This is something we do all the time when signing up to web sites.

Notice now how this is similar to the foaf+ssl protocol. There you give the guard an https URL, and he queries that URL with an HTTP GET. That returns a response containing your public key, which is the one you used to communicate with the guard, thereby clearly tying you to your ID. Once that link is made, the guard can go straight to the authorization step: are you or are you not in the invited people's list.

The Web of Trust

We have been using email URLs for a long time to identify ourselves on sites. So what does foaf+ssl add that we did not have before? Well it does the same thing in a RESTful manner. REST is the architectural style on which the most successful hypermedia system ever was built. It is designed to make hypermedia easily possible. The advantage of building in this style is that it is very easy to link information together. So just as the original Web made it very easy to link documents together, so by following this style into the hyperdata space, we make it easy to link things together. By making identity RESTful we have layed the basic building blocks to then build a web of trust.

So to illustrate just a little bit more how this works, let us extend the access rules in our example slightly. To be allowed access to the party you either have to be on a list, or you have to be a friend of someone on the list. This just helps regulate the party somewhat, so that there are clear chains of responsibility that can be drawn in case of trouble. This time you are not on the list. You are still in your large RoboCop costume, and the guard calls you to ask you who you know. You say you know <tel:+44-161-275-014>. The skeptical guard, does not of course take everyone at their word automatically, so he does not let you in on this basis alone: you could be lying. But it is easy to verify. The guard checks that <tel:+44-161-275-014> is indeed a core guest of the party, and having checked that just calls that number, ask the person if he knows <tel:+1.510.931.5491>. If he answer yes, you are authorized.

With foaf+ssl we can do the same without requiring direct human intervention. By giving your WebId to the guard, he can "call" the WebId using HTTP GET (clicking on the link) and see what information that link returns. If the information returned identifies you (as it does by returning your public key) then we have, as shown previously, confirmed identification. Now if as we are supposing in this example, your URL is not on the list of directly authorized ones, the guard can check the document returned to find if any of your friends are directly authorized. If anyone of them is, he can 'call them' (with an HTTP GET of course) to find out if they claim you as a friend too. So the parallel with the above phone conversation holds very well. (For more detailed description of this example see "Building a web of Trust without Key Signing parties")

This way of linking between documents works because every object in those relations has a identifying URL, and because the documents are published RESTfully. The REST architecture is very strict about names referring to things independent of who uses them or of any previous state between the client and the server. If it were not, different people would be meaning different things with the same URL, which would be very confusing. By making it easy to link between documents we have the basic elements to grow a web of trust.

Conclusion

So how does foaf+ssl and the usual passport like PKI example compare? Here are a few thoughts:

• foaf+ssl focuses on identity, as OpenId does, but much more RESTfully. Traditional PKI on the other hand also conceives of itself as certifying extra information: name, age, address...
• In the passport example we pass a document by value, not by reference. The advantage is that that resource can be updated a lot faster than the passport can. One could easily imagine border control situations working like that. All that you would need would be to cite your passport Id to the officer and he could find your record in the government database and check your identity that way (by looking at your picture or checking your fingerprints).
• To get something similar to the passport example in foaf+ssl, the government would just have to produce its WebIDs. Then the content of the representation returned by that resource would be the governments view on me. (What remains to be done is to find a way to make clear who is speaking for whom - so to distinguish the case when the WebId is my employers and when it is mine)
• The WebId can much more easily be self created. This makes it easier to say more about oneself than an official source would ever want to be liable for certifying.
• WebId's can easily be linked to, so other people can relate to you.

Posted at 08:23PM Mar 03, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[2]

I ♡ NetBeans 6.7 !

As I was developing my recently released foaf+ssl server to demonstrate how to create distributed secure yet open social networks, I stumbled across a daily build of NetBeans 7 (build 200902061401), that is stable, beautiful and that has really helped me get my work done. NetBeans 7 is really going to rock!

Update: What I called NetBeans 7 is now called NetBeans 6.7.

Here is a list of some of the functionality that I realy appreciated.

Maven Integration

Haleluia for Maven Integration! I got going on my project by setting up a little Wicket project which I easily adapted to include the Sesame semantic web libraries and more (view pom).

The nicest part of this is that it then becomes extreemly easy to link the source and the javadoc together. Two commands which should be integrated as menu options have finally made it possible for me to work with NetBeans.

# get the javadoc
$ mvn dependency:resolve -Dclassifier=javadoc
# get sources
$ mvn dependency:sources

This simple thing just used to be a nightmare to do, especially as the number of jars one's project depended on increased. The Sesame group have split a lot of their jars up nicely, so that one could use subset of them, but the way NetBeans was set up it bacame a real huge amazing astounding pain to link those to the source. And what is an open source IDE worth if it can't help you browse the source code and see its documentation easily?

Now I don't think Maven is in any way the final word in project deployement. My criticims in short is that it is not RESTful in a few ways, not least of which is that it fails to use URLs to name things and it makes the cache the central element. It is as if they had turned web architecture upside down web, where people would name things by trying to identify the caches in which they were located rather than their Universal Locator. My guess is that as a result things are a lot less flexible than they could be. As Roy Fielding pointed out recently REST APIs must be hypertext driven. Software is located in a global information space, so there is no good reason in my opinion to not follow this precept.

Clearly though this is a huge huge improovement!

A better file explorer

I have sworn a few times at the previous versions of the NB file manager! Even more so when I had to use it to tie the javadoc to the source code - at that point it became a scream. Finally we have a command line File Explorer with tab completion. This is so beautiful I have to take a picture of it:

We use the keyboard all the time, and one can get many things done much faster that way. Navigating the File System with a keyboard is just much nicer. So why oh why is it still impossible to use up and down arrow keys in the classic view when some files are greyed out? ( Writing this I noticed there seems to be no way to get back from the classic view to the new command line view - please make it possible to get back! )

GlassFish 3 Integration

Well it is a real pleasure to work with a web server that loads a war in half a second. I use hardly any of the J2EE features so it's a good thing those don't get loaded.

I tried the HTTP Server Monitor and that could be useful if it were more informative. In RESTful development it is really important to know the response codes 303, etc... so that one can follow the conversations between the client and the server. Currently that piece is trying to tie things up too much into baby steps: just as with the File Explorer there should be an easy UI into a feature and an advanced mode. I'd like to see the full pure unadulterated content going over the wire, highligted perhaps to make it easy to find things. (It turns out this has been filed as feature request 36706)

GlassFish integration really helped me get my develop and deploy my foaf+ssl service.

User Interface

As you can see from the main picture the NetBeans UI seems to be going through a big transformation. Gone are some of the huge fat aqua buttons. The pieces are layed out in similar ways as in NB6.5, but this is a lot more elegant. A welcome change.

There is a very useful search bar at the top right of NB 7 now, which prooved to be very helpful at finding documentation, maven repositories, and many other things. It prooved to be very helpful a couple of times in my project.

One simple thing I would like would be to have a menu on each of the windows to open a file in its default OS viewer. So when I edit HTML which is a pleasure to do in NB, I would like to be able to quickly view that code in Firefox, Safari or Opera. Other XML files may have their default viewers, and so I think this is quite generalisable. In any case it should be easy to copy the file path of an open window, as one often has to do external processing of it. For files that are located on the internet, it would be great to be able to get their URL. This would help when chatting to people about source code one is working on for example.

Other

• There are IntelliJ key bindings now. I really needed this a year or so ago, as I was switching between the IDEs. I have forgotten them now so it's less of a problem for me, but it will be very important for people switching between the IDEs.
• I think this was part of NB6, but being able to browse the local history of source code is a really great feature. (I noticed that this does not diff html or xml for the moment)
• Geertjan's Wicket integration Module partly works on this daily build. You may require starting of with NB7 milestone 1 to get going as it seemed still to be fully functional there.
• I find this daily build needs restarting every day, as it seems to slow down after a while, perhaps using up a lot of memory.

Where is this going

Well those are the features that really stood out for me. And I am very happy to work with NB now.

I still think that the next big step, for NB 8 perhaps, should be the webification of the IDE. I think there is a huge amount to gain by applying Web Architecture principles to an IDE, and then the Net in NetBeans would fully reveal it's meaning.

Posted at 05:12PM Feb 13, 2009 [permalink/trackback] by Henry Story in Java  |  Comments[11]