The Sun BabelFish Blog

Saving Face: The Privacy Architecture of Facebook

In his very interesting thesis draft Saving Face: The Privacy Architecture of Facebook, Chris Peterson, describes through a number of real life stories some very subtle and interesting issues concerning privacy and context that arose during the rapid evolution of the now 250 million member social network.

Perhaps the most revealing of these stories is that of Junior High School student Rachel who broadcast the following distress status message my grandmother just friend requested me. no Facebook, you have gone too far! Chris Peterson develops: Rachel and her grandmother are close. She trusts her grandmother. She confides in her grandmother. She tells her grandmother "private" things. She is certainly closer to her grandmother than many of her Facebook Friends. So what's the big deal? Rachel explains:

Facebook started off as basically an online directory of COLLEGE STUDENTS. I couldn't wait until I had my college email so that I could set up an account of my own, since no other emails would give you access to the site. Now, that was great. One could [meet] classmates online or stay in touch with high school mates [but it] has become a place, no longer for college students, but for anyone. [About] five days ago, the worst possible Facebook scenario occurred, so bizarre that it hadn't even crossed my mind as possible. MY GRANDMOTHER!? How did she get onto facebook?...As my mouse hovered between the accept and decline button, images flashed through my mind of sweet Grandma [seeing] me drinking from an ice luge, tossing ping pong balls into solo cups full of beer, and countless pictures of drunken laughter, eyes half closed. Disgraceful, I know, but these are good memories to me. To her, the picture of my perfectly angelic self, studying hard away at school, would be shattered forever.

The paper is full of legally much more serious stories, but this one is especially revealing as it makes apparent how the flat friendship relation on Facebook does not take into account the context of the relationship. Not all frienships are equal. Most people have only very few friends they can tell everything to. And most often one tells very different stories to different groups of friends. In the physical world we intuitively understand how to behave in different contexts. One behaves one way in church, another in the bar, and yet another way in front of one's teachers, or parents. The context in real life is set by the architecture of the space we are in (something Peter Sloterdijk develops at length in his philosophical trilogy Spheres). The space in which we are speaking and the distance others have to us guides us in what we should say, and how loud we can say it. On Facebook all your friends get to see everything you say.

It turns out that it is possible to create an equivalent contextual space on Facebook using a little know and recently added feature, which allows one to build groups of friends and specify access control policies on posts per group. Chris shows clearly that this by itself is not enough: it requires a much more thorough embedding in the User Interface so that the intuitive feel one has in real life for who hears what and to whom one is speaking is available with the same clarity in the digital space. In the later part of the thesis Chris explores what such a User Interface would need to do to enable a similarly intuitive notion of space to be available.

Applications to the Social Web

One serious element of the privacy architecture of Facebook (and other similar social networks) not covered by this thesis, yet that has a very serious impact in a very large number of domains, is the constant presence of a third party in the room: Facebook itself. Whatever you say on these Social Networks, is visible not only to your group of friends, but also to Facebook itself, and indirectly to its advertisers. Communicating in Facebook puts one then in a similar frame of mind to what people in the middle ages would have been in, when mankind was under the constant, omnipotent and omniscient presence of God who could read every thought, even the most personal. Except that this God is incorporated and has a stock market value fluctuating daily.

For those who wish to escape such an omni-presence yet reap the benefits of online electronic communication, the only solution lies in the development of distributed secure social networks, of a Social Web where every body could own what they say and control who sees it. It turns out that this is possible with semantic web technologies such as foaf and access control mechanisms based on ssl.

One very positive element I take from this thesis is that the minimal technical building blocks for reconstituting a sense of context is the notion of a group and access control of resources. In a the Social Web we should be able to reconstitute this using the foaf:Group class and foaf+ssl for access control. On this basis Chris Peterson's user interface suggestions should be applicable in a distributed social network.

All in all then I found this thesis to be very rewarding and a very interesting read. I recommend it to all people interested in the Social Web.

Posted at 06:32PM Jul 25, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[5]

How to write a simple foaf+ssl authentication servlet

After having set up a web server so that it listens to an https socket that accepts certificates signed by any Certification Authority (CA) (see the Tomcat post), we can write a servlet that uses these retrieved certificates to authenticate the user. I will detail one simple way of doing this here.

Retrieving the certificate from the servlet

In Tomcat compatible servlets it is possible to retrieve the certificates used in a connection with the following code:

import java.security.cert.X509Certificate;
protected void doGet(HttpServletRequest request, HttpServletResponse response)
             throws ServletException, IOException {
       //...
       X509Certificate[] certificates = (X509Certificate[]) request
                       .getAttribute("javax.servlet.request.X509Certificate");
       //...
 }

Verifying the WebId

This can be done very easily by using a class such as DereferencingFoafSslVerifier (see source), available as a maven project from so(m)mer repository (in the foafssl/ directory).

Use it like this:

  Collection<? extends FoafSslPrincipal> verifiedWebIDs = null;

  try {
     FoafSslVerifier FOAF_SSL_VERIFIER = new DereferencingFoafSslVerifier();
     verifiedWebIDs = FOAF_SSL_VERIFIER.verifyFoafSslCertificate(foafSslCertificate);
  } catch (Exception e) {
     redirect(response,...); //redirect appropriately
     return;
  }

If the certificate is authenticated by the WebId, you will then end up with a collection of FoafSslPrincipals, which can be used for as an identifier for the user who just logged in. Otherwise you should redirect the user to a page enabling him to login with either OpenId, or the usual username/password pair, or point him to a page such as this one where he can get a foaf+ssl certificate.

For a complete example application that uses this code, have a look at the Identity Provider Servlet, which is running at https://foafssl.org/srv/idp (note this servlet was trying to create a workaround for an iPhone bug. Ignore that code for the moment).

Todo

The current library is too simple and has a few gaping usability holes. Some of the most evident are:

• No support for rdfa or turtle formats.
• The Sesame RDF framework/database should be run as a service, so that it can be queried directly by the servlet. Currently the data gathered by the foaf file is lost as soon as the FOAF_SSL_VERIFIER.verifyFoafSslCertificate(foafSslCertificate); method returns. This is ok for a Identity Provider Servlet, but not for most other servers. A Java/RDF mapper such as the So(m)mer mapper would then make it easy for Java programmers to use the information in the database to personalize the site with the information given by the foaf file.
• develop an access control library that makes it easy to specify which resources can be accessed by which groups of users, specified declaratively. It would be useful for example to be able to specify that a number of resources can be accessed by friends of someone, or friends of friends of someone, or family members, ....

But this is good enough to get going. If you have suggestions on the best way to architect some of these improvements so that we have a more flexible and powerful library, please contact me. I welcome all contributions. :-)

Posted at 10:23AM Jul 24, 2009 [permalink/trackback] by Henry Story in Art  |  Comments[0]

How to setup Tomcat as a foaf+ssl server

foaf+ssl is a standards based protocol enabling one click identification/authentication to web sites, without requiring the user to enter either a username or a password. It can be used as a global distributed access control mechanism. It works with current browsers. It is RESTful, thereby working with Linked Data and especially linked foaf files, enabling thereby distributed social networks.

I will show here what is needed to get foaf+ssl working for Tomcat 6x. The general principles are documented on the Tomcat ssl howto page, which should be used for detailed reference. Here I will document the precise setup needed for foaf+ssl. If you want to play with this protocol quickly without bothering with this procedure I recommend using the foaf+ssl Identity Provider service which you can point to on your web pages, and which will then redirect your users to the service of your choosing with the URLEncoded WebId of your visitor.

foaf+ssl works by having the server request a client certificate on an https connection. The server therefore needs an https end point which can be specified in Tomcat by adding the following connector to the conf/server.xml file:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="50" scheme="https" secure="true"
           sslProtocol="TLS"/>

Servers authentify themselves by sending the client a certificate signed by a well known Certificate Authority (CA) whose public key is shipped in all browsers. Browsers use the public key to verify the signature sent by the server. If the server sends a certificate that is not signed by one of these CAs (perhaps it is self signed) then the web browser will usually display some pretty ugly error message, warning the user to stay clear of that site, with some complex way of bypassing the warning, which if the user is courageous and knowledgeable enough will allow him to add the certificate to a list of trusted certs. This warning will put most people off. It is best therefore to buy a CA certified cert.(I found one for €15 at trustico.) Usually the CA's will have very detailed instructions for installing the cert for a wide range of servers. In the case of Tomcat you will end up with the following addition property values:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="50" scheme="https" secure="true"
           keystoreFile="conf/yourServerCert.kdb" 
               keystoreType="JKS" keystorePass="changeme" 
           sslProtocol="TLS"/>

And of course this requires placing the server cert file at the keystoreFile path.

There are usually two ways for the server to respond to the client not sending a (valid) certificate. Either it can simply fail, or it can allow the server app to decide what to do. Automatic failure is not a good option, especially for a login service, as the user will then be confronted with a blank page. Much better is to allow the server to redirect the user to another page explaining how to get a certificate and giving him the option of authentication using OpenId or simply the well known username/password pattern. To enable Tomcat to respond this way you need to add the clientAuth="want" attribute value pair:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="50" scheme="https" secure="true"
           keystoreFile="conf/yourServerCert.kdb" 
               keystoreType="JKS" keystorePass="changeme" 
           sslProtocol="TLS" clientAuth="want" />

Most Java Web Servers on receiving a client certificate, attempt to automatically validate it, by verifying that it is correctly signed by one of the CA's shipped with the Java Runtime Environment (JRE), verifying that the cert is still valid, ... As the SSL library that ships with the JRE does not implement foaf+ssl we will need to do the authentication at the application layer. We therefore need to bypass the SSL Implementation. To do this Bruno Harbulot put together the JSSLUtils library available on Google Code. As mentioned in the JSSLUtils Tomcat documentation page this will require you to place two jars in the Tomcat lib directory: jsslutils-0.5.1.jar and jsslutils-extra-apachetomcat6-0.5.2.jar (the version numbers may differ as the library evolves). You will also need to specify the SSLImplementation in the conf file as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="50" scheme="https" secure="true"
           keystoreFile="conf/yourServerCert.kdb" 
               keystoreType="JKS" keystorePass="changeme" 
           SSLImplementation="org.jsslutils.extra.apachetomcat6.JSSLutilsImplementation" 
           sslProtocol="TLS" clientAuth="want" />

Usually servers send in the request to the client a list of Distinguished Names of certificates authorities (CA) they trust, so that the client can filter from the certificates available in the browser those that match. Getting client certificates signed by CA's is a complex and expensive procedure, which in part explains why requesting client certificates is very rarely used: very few people have certificates signed by well known CAs. Instead those services that rely on client certificate tend to sign those certificates themselves, becoming their own CA. This means that certificates end up being valid for only one domain. foaf+ssl bypasses this problem by accepting certificates signed by any CA, going so far as to allow even self signed certs. The server must therefore send an empty list of CAs meaning that the browser can send any certificate (TLS 1.1). With the JSSLutils library available to Tomcat, this is specified in the conf/server.xml file with the acceptAnyCert=true attribute.

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="50" scheme="https" secure="true"
           keystoreFile="conf/yourServerCert.kdb" 
               keystoreType="JKS" keystorePass="changeme" 
           SSLImplementation="org.jsslutils.extra.apachetomcat6.JSSLutilsImplementation"
           acceptAnyCert="true" sslProtocol="TLS" clientAuth="want" />

At this point you have set up your Apache Server correctly. A user that arrives at your SSL endpoint and that has a couple of certificates will be asked to choose between them. Your client code can the extract the certificate with the following code:

       X509Certificate[] certificates = (X509Certificate[]) request
                       .getAttribute("javax.servlet.request.X509Certificate");

You can use these certificates then to extract the WebId, and verify the SSL certificates. I will write more about how to do this in my next blog post.

Posted at 06:25PM Jul 23, 2009 [permalink/trackback] by Henry Story in Java  |  Comments[3]

two months of foaf+ssl talks

For the past one and a half months I have been traveling through Europe giving talks on foaf+ssl, the RESTful authentication protocol for the Social Web. Here is a short summary of where I have been.

18 May 2009, Salzburg Research

On my way cycling from Fontainebleau to Vienna, I stopped by in Salzburg, Austria, where the offices of the organisers of the EU sponsored KIWI (Knowledge in a Wiki) project, which Sun is participating in, are located. I introduced the group there to foaf+ssl, and they are now working on an implementation for their award winning semantic wiki.

20 May 2009, Semantic Web Company

Right after arriving in Vienna, I met up with Andreas Blumauer, editor of the recently published Springer Book "Social Semantic Web". Hopefully my presentation will make its way in some form or another into the next edition :-). Andreas also gave me an overview of the powerful yet easy to use thesaurus management system named Pool Party, they are developing.

1 June 2009, European Semantic Web Conference, Heraklion

Ian Jacobi who had come to Crete for the occasion, helped me present the paper FOAF+SSL: RESTful Authentication for the Social Web in the SPOT track. The other papers presented in that track all fitted together very well, giving a very good overview of the topics that need to be covered in this space. I will be rereading them soon. The ESWC conference was also a great opportunity to do a number of quick one to one presentations by demoing it working on the iPhone. ( Sadly the latest OS release broke the SSL stack, making my iPhone so much less useful )

18 June, Vienna University of Technology

In Crete I met Christoph Grün who helped organize a slot to present at the Institute of Software Technology & Interactive Systems. Christoph is working on Online Tourism web services, which would be a great use case for foaf+ssl. Imagine a group of people deciding to organize an outing on a tourism wiki site, where all members of the group would get access to that outing after a simple drag and drop of a foaf:Group URL onto the outing project console.... No account setup required.

23 June, Metalab Hacker's Club, Vienna

While in Vienna I gave a presentation at the Metalab, an open meeting space for hackers of all walks of life. As it happened a journalist from the well known French newspaper "Le Monde" happened to be present and wrote up an article "Les nouvelles tribus du Net" (now paying) on the lab, mentioning my presentation en passant.

2-3 July, Sun Microsystems Kiwi Meeting, Prague

The Kiwi group met in Prague for a couple of days to synchronize their work. After having won the best semantic web application prize at the European Semantic Web Conference in Crete, the mood was very positive. This was a good place to introduce the rest of the group to the potential of foaf+ssl, which is currently being implemented in Kiwi by Stefanie Stroka.

13 July, University of Leipzig

I spent a whole day with the excellent Agile Knowledge Engineering and Semantic Web team at the University of Leipzig. After an update on their latest work with DBPedia, Ontowiki, xOperator, ... I presented foaf+ssl. After lunch we then spent the afternoon on a very helpful hands on session. There are still enough rough edges in the different implementations of foaf+ssl that a bit of guidance can save a lot of time. End result, a few days later Sebastian Dietzold notified me that Philipp Frischmuth had written a first implementation available publicly at http://trunk.ontowiki.net/. During our session we also discovered a bug on http://foaf.me/, which was soon fixed.

15 July, University of Potsdam

Hagen organised a very well attended meeting at the University of Potsdam. The questions following the talk were very good, and showed a large interest. Sadly we did not have time for a hands on session, as my next meeting was just a few hours later. Hands on sessions are still very important, as they help turn a talk into an experience. It helps a lot that Melvin Carvalho enhanced foaf.me to make it very easy to create both a foaf file and a linked certificate, so with time these hands on sessions should be easier and shorter to do.

15 July, New Thinking Store, Berlin

I finished the day with a presentation at the New Thinking Store in Berlin, organized by Martin Schmidt. This was an opportunity again to present to Web 2.0 and more directly practical people.

Posted at 05:16PM Jul 20, 2009 [permalink/trackback] by Henry Story in travel  |  Comments[0]

Nobody is responsible

Peter Sloterdijk animates a program on the major German Television Station ZDF, entitled the Philosophical Quartet. The latest program of his, which could be translated as Risk and Responsibility: the art of being Nobody is very much worth watching (if you speak german). Sloterdijk starts off the program by reminding us of the ancient story of Ulysses and the Cyclops. In order to free himself from the blood thirsty monster, Ulysses boldly plunged a red hot stake into the sleeping monsters only eye who screaming in pain and rage asked who it was who had done that. Ulyses answered that his name was "Nobody". As the cyclops friends then arrived alerted by the screams of their fellow, and asked him who had done this deed to him, that they could avenge him, they received the answer Nobody. Thinking therefore that the Gods had done that to him, and that he was thus responsible for his deeds, they left him to die in his pain.

This story is used as a spring board by the quartet - the 2 philosohpers and 2 guests: Beatrice Weder Di Mauro swiss economist member of the German 5 wise men board of economic affairs, and novelist Bodo Kirchhoff - to look into the question that nobody seems to be to blame, or accepts the blame, for the massive financial meltdown that saw more money evaporate in a year than all the biggest robberies of all time piled one next to the other over the whole course of humanities history. Clearly something went wrong. Something needs to change, some things need to stop, some to die... The point is well made that the bankers that gave themselves such huge salaries on account that they were responsible for the huge benefits they made, seem to have lost all sense of responsibilty in the crisis. What then is it that needs changing? What criteria should be set in to avoid such errors in the future? One proposal - perhaps a very harsh one for all attempts at mergers - is that you should never allow a system to grow to such a level that it cannot fail, or better: never allow a system to grow so that when it is time to ask for responsibility for a crisis, the only answer can be Nobody.

Posted at 06:03PM Jun 19, 2009 [permalink/trackback] by Henry Story in Philosophy  |  Comments[1]

Peter Sloterdijk, radical cure to twitter

Do you feel like you are in a binary discussion on some topic, that goes back and forth with no apparent progress? Do you feel you have gotten so involved in a micro topic, that you feel that you may be missing the big picture? Is perhaps the phantasy of such a big picture you have taken as your background, itself the cause of the problem you are dealing with? Do you find yourself preaching that God is dead, or not? Are you preaching? Why?

Peter Sloterdijk, one of the most famous contemporary German philosopher, is known to write very large books that span over all domains of human activity from philosophy to history, to technology, aesthetics, biology, religion and economics, in a passionate, often humorous, sometimes jolting way, linking these in a fluid narrative that flows healthily through the barriers of all academic disciplines. Sloterdijk diffuses dualisms through fluid depth of analysis, carefully linking both sides of a debate in such a way that they can be seen to be part of the same surface reflecting a third party that had not yet been seen, the real topic of the discussion perhaps, of which he goes on to draw the history and evolution.

So in his latest book "Du mußt dein Leben ändern" ("You must change your life"), which I have nearly finished reading here in Vienna, Sloterdijk starts off with the a beautiful poem by Rilke of the same title (english translation with german original here ) where Rilke describes what could be called a religious call for transformation whilst looking at an ancient Greek stone torso of Apollo he had come across in the Louvre museum in Paris. The undeniable reality of this upward sentiment of transformation, is what Sloterdijk then goes on to describe the history of throughout his book, linking it to the exercises that Olympic athletes of our times to always further push back the boundaries of what humanity is capable of, which he then traces back to the budhist philosophers and their spiritual exercises, the ancient greek schools of thought, and the exercises the early Christians followed to break through the barriers of death, by for example entering the Roman circus' to be devoured calmly by Lions. This pursuit of transcendental improvement can then be found to have moved from the monasteries of the middle ages into the artisans workshops where the practices of meditation were put to use in the building of the Protestant work ethic...

For those who speak German here is a very interesting interview of him in October of last year on a Swiss television channel talking about the financial meltdown that occurred.

(Thanks to Michael Zeltner for the link on his very interesting blog. More parts here).

And here, for the French speaking of you here is an interview with Elisabeth Levy where they discuss modern media, rumours, and more.

For english speakers here is a talk on Reality Peter Sloterdijk gave a last year before the opening of the large swiss nuclear collider, which I think made the news. (The sounds is not very good, but the points he makes are serious and funny simultaneously):

Posted at 12:45PM Jun 19, 2009 [permalink/trackback] by Henry Story in Philosophy  |  Comments[1]

The foaf+ssl world tour

As you can see from the map here I have been cycling from Fontainebleau to Vienna (covering close to 1000km of road), and now around Cyprus in my spare time. On different occasions along my journey I had the occasion to present foaf+ssl and combine it with a hands on session, where members of the audience were encouraged to create their own foaf file and certificates, and also start looking into what it takes to develop foaf+ssl enabled services. This seems like a very good way to proceed: it helps people get some hands on experience which they can then hopefully pass on to others, it helps me prioritize what need to be done next, and should also lead to the development of foaf+ssl services that will increase the network value of the community, creating I hope a viral effect.

I started this cycle tour in order to loose some weight. I still have 10kg to loose or so, which at the rate of 3kg per 1000km will require me to cycle another 3000km. So that should enable me to visit quite a few places yet. I will be flying back to Vienna where I will stay 10 days or so, after which I will cycle to Prague for a Kiwi meeting on the 3rd of July. After that I could cycle on to Berlin. But really it's up to you to decide. If you know a good hacker group that I can present to and cycle to, let me know, and I'll see how I can fit it into my timetable. So please get in contact! :-)

Posted at 12:21PM Jun 11, 2009 [permalink/trackback] by Henry Story in travel  |  Comments[5]

Link Roundup for Friday 29 May 2009

Linked Data is getting a lot of press:

• Linking Data and Semantics at O’Reilly is a very interesting article that shows how some developers at O'Reilly Media, the famous computer book publisher, moved from ad hoc XML formats published with complex scripts to RESTful publication, and then found themselves unable but to start using the benefits brought by linked data and the semantic web, thereby simplifying a lot of their data issues. Great progress.
• Price Waterhouse Coopers just published a bullish 58 page Technology forecast for the Semantic Web containing a lot of very good articles. download for free here

On a the Social Web front:

• I added 5 simple use cases for the Social Web, which foaf+ssl can take care of on the Social Web XG wiki.
• Bruno Harbulot tagged release 0.3.1 for the FOAF+SSL java libraries and release maven jars for them, as explained in his e-mail to the list

There is a new project called Interactive Knowledge Stack (IKS), which is a Semantics Based Open Source platform for Small to Medium CMS Providers.

Posted at 08:33PM May 29, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[2]

Identity in the Age of Cloud Computing

The Aspen Institute published a 90 page round table report in April entitled "Identity in the Age of Cloud Computing: The next-generation Internet's impact on business, governance and social interaction" under a generous Creative Commons License. I read the freely available pdf over the last week with interest, as it covers a lot of the topics I am talking on this blog, and gives a good introduction into cloud computing (of which I have not yet written).

The paper is a report by J.D. Lasica of a round table discussion with a number of very experienced people that occurred just before the 2008 presidential election. It included people such as Rod Beckstrom, Director of the National Cyber Security Center of the United States Department of Homeland Security, David Kirkpatrick Senior Editor of Internet and Technology at Forune Magazine, Professor Paul M Romer of Stanford University, known for his work on New Growth Theory, Hal Varian, chief ecoomist at Google, and many more...

The discussion around the table must have been very stimulating. Here is my take on the paper.

Identity

Identity turned out to be the core of the discussion. The abstract summarized this best:

Throughout the sessions personal identity arose as a significant issue. Get it right and many services are enabled and enhanced. The group tended to agree that a user-centric open identity network system is the right approach at this point. It could give everyone the opportunity to manage their own identity, customize it for particular purposes, (i.e., give only so much information to an outsider as is necessary for them to transact with you in the way you need), and make it scalable across the Net. Other ways of looking at it include scaling the social web by allowing the individual to have identity as a kind of service rather than, as Lasica writes, "something done to you by outside interests."

The Cloud

The cloud is a way to abstract everything in the connected web space. It is the way the user thinks of the net. It is nebulous. Where information and services are is not important. This is the experience people have when they read their mail on gmail. They can read their mail from their computer, or from their cell phone, or from their hotel, or from their friends computer. The mail and the web, and their flickr photos, and their delicious bookmarks are all there.

The cloud from the developer's point of view is very similar. He buys computing power or storage on Amazon, Google, GoGrid or the upcoming Sun Cloud. Where exactly the computer is located is not important. If demand for the service he develops grows, he can increase the number of machines to serve that demand. This of course is a great way to quickly and lightly get startups going - no need to get huge financing for a very large number of servers to deal with a hypothetical peak load.

The Social Networks on the cloud also allow people to link up and form virtual and short lived organizations for a task at hand. This again reduces costs enabling the companies to get started for very little money, very quickly, try out an idea. The paper does not say this: venture capital is no longer needed -- good thing too, as it has been serverely reduced by the current recession.

The Cloud and Identity

The cloud is the abstraction where the physical location of things becomes unimportant. What operating systems run the software we use, what computers they run on, where these computers are, all that is abstracted away, virtualized into a puff of smoke.

What is of course still needed is a way to name things and locate them in the cloud. What is needed is a global namespace, and global identifiers. These are indeed known as a Universal Resource Locator (URL). Since everything else is abstracted away, URLs are the only consistent abstraction left to identify resources.

It is therefore just one small step for the panelists to agree that something like foaf+ssl is the solution to identity on the cloud. It is user centric, distributed, permits global social networks, and allows for people to have multiple personalities... Foaf+ssl provides exactly what the panelists are looking for:

open identity would provide the foundation for people to invent and discover a new generation of social signals, advice services, affinity groups, organizations and eventually institutions. Because the identity layer is grounded on the principles of openness and equality, anyone would be able to create social networks, tagging systems, repu- tation systems or identity authentication systems.

Posted at 08:30PM May 21, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[1]

You are a Terrorist!

Every country in Europe seems to be on the verge of introducing extremely powerful legislation for state monitoring of the internet, bringing us a lot closer to the dystopia described in George Orwell's novel Nineteen Eighty Four. Under the guise of laws to help combat terrorism or pedophilia - emotional subjects that immediately get everybody's unthinking assent - massive powers are to be given to the state, which could very easily be misused. As internauts we all need to make it our duty to follow very closely these debates, and participate actively in them, if we do not want to find ourselves waking up one morning in a world that is the exact opposite of what we have been dreaming of.

Germany

In Germany a new Data Retention law passed already it seems in 2008, allows the state (quote)

to trace who has contacted whom via telephone, mobile phone or e-mail for a period of six months. In the case of mobile calls or text messages via mobile phone, the user's location is also logged. Anonymising services will be prohibited as of 2009.

Du bist Terrorist (You are a Terrorist) english subtitles from lexela on Vimeo.

France

The passage of the hadopi law in France, will create a strong incentive for citizens to place state built snooper software on each their computers in order to make it possible to defend themselves against accusations of copyright infringement. But that is nothing compared to the incredibly broad powers the state wishes to give itself with Loppsi 2 law (detailed article in Le Monde, and Ars Technica) which would give the president the power to insert spyware onto users computers (which could record anything being done of course), create a very large database of people's activities, help link information from various databases, and much more... The recent case of the sacking of the web site director of the once national, now private, TF1 television channel for having communicated his doubts on Hadopi privately to his Member of Parliament - as reported on Slashdot recently - does not give one much faith in the way privacy is being handled currently by the government.

The United Kingdom

In the UK the Home Secretary Jaqui Smith had proposed to create a database dubbed Big Brother to log every single activity of every one of it's citizens - in order of course to root out the very 21 century crimes of pedophilia and terrorism (did the IRA not operate before the internet? Are pedophile rings something that only emerged with the internet, or is it that they just became more visible?). She had to pull back somewhat from the initial proposal, and now wishes all that information still to be tracked, but only to be kept on the service provider's databases as reported by the Daily Mail, The Telegraph, The Independent...

Conclusion

So are we now all suspected terrorists, pornographers, pedophiles, murderers, subversives, ... that the governments must know all about us? We may have voted for the current government and have complete faith in their use of these tools. But what when the opposition comes in, and takes hold of those same powers? Will we be as comfortable then? The excellent 2006 film The Lives of Others shows just how intrusive the East German state was on its own citizens during the cold war - and that with the very limited tools they had available. With modern computing tools, that type of spy operation could be done at much much lower cost and so perhaps even be viable for the state.

If you feel things just can't go this wrong, then I would also recommend watching Julie Taymor's adaptation of Shakespear's Titus Andronicus. It really is important to realize that things can go badly, very very badly wrong. Ignoring a problem, not taking responsibilities in fighting them will lead to disaster, as the current economic crisis - predicted years before it occurred, but without any action being taken - should have amply proven by now. Sadly for people who predict danger, if people do act on the danger and avoid it, nobody may even notice how close to danger they really were. So our actions may remain unsung. But at least we may put some chances on our side not to wake up in a new form of dictatorship, worse than any ever dreamed of by our those who helped forge our democracies.

Posted at 09:39AM May 20, 2009 [permalink/trackback] by Henry Story in Art  |  Comments[0]

FOAF+SSL: RESTful Authentication for the Social Web

The European Semantic Web Conference (ESWC) will be held in Heraklion on the Island of Crete in Greece from 31 May to 4 June. I will be presenting the paper "FOAF+SSL: RESTful Authentication for the Social Web" which I co-authored with Bruno Harbulot, Ian Jacobi and Mike Jones. Here is the abstract:

We describe a simple protocol for RESTful authentication, using widely deployed technologies such as HTTP, SSL/TLS and Semantic Web vocabularies. This protocol can be used for one-click sign-on to web sites using existing browsers — requiring the user to enter neither an identifier nor a password. Upon this, distributed, open yet secure social networks and applications can be built. After summarizing each of these technologies and how they come together in FOAF+SSL, we describe declaratively the reasoning of a server in its authentication decision. Finally, we compare this protocol to others in the same space.

The paper was accepted by the Trust and Privacy on the Social and Semantic Web track of the ESWC. There are quite a number of interesting papers there.

I have never been to Greece, so I have a feeling I will really enjoy this trip. Hope to see many of you there.

Posted at 11:54PM May 14, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[4]

Some Feedback on the Garmin Edge 705 cycle GPS

After close to 500km of cycling with my new Garmin Edge 705 I think I have enough experience to be able to bring the community some valuable feedback on this device.

Improvements since previous model

Compared to my old Garmin Etrex Legend, which I blogged about in July 2005, the Edge is a huge improvement.

• The old Etrex had a ridiculous limitation of 24MB of memory, which was ok for loading up maps for a circumference of 100km of your neighborhood, but not enough for cycling long distance across Europe. The Edge 705 can take 2GB extension memory cards and is able to load the road maps of all of Europe. That is great: It means I don't have to carry a computer everywhere I go - even though I do currently - and I don't have to load up maps onto the Edge once every day.
• The price has fallen dramatically. The GPS + the maps of Europe came to €400, half the price nearly of the previous model.
• The Edge can better calculate cycle roads. I noticed this last Friday when having carefully used my laptop to draw out the road from Troyes to my destination I found myself on a two way road which would have been very pleasant had it not been for the 20 ton trucks passing me every minute in both directions. I stopped, asked the Edge 705 to calculte the road free of any of my interferences, and it immediately found a little dirt track to get me off that road (even though I had specified that I'd rather wish to avoid dirt tracks). The dirt track punctured my tire, which I found then was in a pretty bad state anyway. But rather have the tire punctured, than my head...
• The Edge 705 comes with a heart rate monitor
• It knows the elevation one is at, and the rate at which one is climbing
• It can calculate the calories spent: it added no calories when I was zooming downhill without pedaling

Compared to Cell Phones

Before buying my Etrex I had inquired into whether a cell phone could have done the job. I did the same this time, and I have to say that it very nearly did. I found quite a number of iPhone add ons for cycling (listed on my delicious account) and I think for something close to the same price as the Garmin Edge, I could have put something together. It would have required

• an extra battery pack (or two) to extend the battery life (perhaps Mophie's Juice pack Air
• a cycle mount (such as this one perhaps)
• some protection against rain. The Otterbox iPhone armor series would have been nice, but is no longer produced it seems. But perhaps Mophie's juice back with a waterproof bag would have been enough.
• a heart monitor which is really important when out for some serious exercise. such as smhearlink perhaps?
• Some turn by turn navigation software. Google Maps is really amazingly good, much better and faster than Garmin's software available on PCs amazingly enough. It has a pedestrian and a car mode, but not a cycle mode which is a pity. Still this would need to be tied up with the heart rate monitor, some visualization tool to tell you how fast you are going, some way of giving you directions, etc... This may come with a release of the next version of the iPhone, and I have seen some impressive demos of software called xGPS that provides turns by turn navigation on a jail broken iPhone.

All of this was perilously close to being possible. With a bit of energy I could have gotten all of this to work. What stopped me, was the data costs in Europe. I was going to leave France, go to Germany, Austria, the Czech republic, and Greece at the very least. And of course as soon as you leave your country of origin, data rates are simply not affordable: 9€ a Mega Byte. So that was clearly not an option. So the Garmin by allowing me to carry all the maps on the device and not requiring any internet connection is just the only solution for the international cyclist.

The bad

The Garmin software is also meant to work on OSX now, which it did not a few years ago. But it still does not work very well. I expressed my annoyance publicly after spending 8 hours trying to install the maps on the 2GB SIM card, and failing to. I had to do it from Windows in the end. That is a very very bad initial experience. It was a sunny day, and instead of being out on the road, I spent it trying to install and re-install software. I very nearly gave it all back there and then.

The Garmin software for OSX and PCs is dead slow. Google whose servers are on the other side of the world, has much faster responses. My feeling is that Garmin, being an MS-DOS company, does everything through disk access, because I could swear that it is not much faster on my dual 2.33Ghz Intel than it was on my 1.3Ghz Power Book.

Also the Garmin software does not have a cycle route calculation mode. It is only designed for cars. So you can't really sit down on your PC and calculate your route in advance there, because it won't be the same as what your GPS comes up with.

The cycle calculation mode on the Edge could do with a lot of improvements:

• Cycles are not cars. You can do a U-turn on a bicycle in an instant - you don't have to find the next intersection to make a turn. If on a cycle I don't turn after being warned, it is probably because I don't want to turn.
• In Germany and Austria, I noticed that Garmin does not seem to have such a good idea of where the cycle paths are. It would be really helpful to the GPS to know those.
• The Garmin path calculation algorithm is very slow. I think it recalculates the whole route whenever one makes a wrong turn. It should really just make a quick adaptation, and find the shortest smallest change required to stay on the same route.
• I am just about to check, but one very important list of shops the Garmin Edge should have are the cycle shops.

Conclusion

The Garmin Edge holds a good advantage over the onslaught of cell phone options, but if I were them I'd be watching the cell phones very carefully. They are not at all far from being able to offer some very decent, or equivalent solutions. (How far that is depends on your ideas of how quickly roaming rates will fall in Europe)

Posted at 08:34PM May 12, 2009 [permalink/trackback] by Henry Story in travel  |  Comments[12]

A Simple foaf+ssl Identity Provider (IdP)

In order to help people get started with foaf+ssl, we have put together a very simple Identity Provider service (IdP). This removes the need for web services to have to deal with setting up https certificates and changing much to their current web setup. With a few lines of server side code any server can now easily find the WebId of a user, and try out some interesting ideas at little cost. If the experiment is useful, for extra security and reliability a business case can then be made for integrating a full foaf+ssl stack.

The protocol is very much as we outlined in a earlier post entitled "Sketch of a foaf+ssl+openid service". The details of the API are listed directly on the root of the first foaf+ssl IdP serviced, available here: https://foafssl.org/srv/idp. All the Service Provider - that is the consumer of the IdP - needs to do is to add a login button or link to his web page that points to the above IdP with a authreqissuer=$url parameter that points back to a CGI controlled by the Service Provider that can parse the redirect containing the user's WebId. That url comes with a timestamp to avoid replay attacks, and is signed to assure authenticity.

Bruno Harbulot wrote the code and published it under a BSD licence by the University of Manchester where he studies. The code is available on the So(m)mer Subversion repository. You can download it with:

$ svn checkout https://sommer.dev.java.net/svn/sommer/foafssl/trunk foafssl --username guest

Update September 14, 2009

The IdP is now RDFa enabled, using Damian Steer's RDFa parser for Jena which I ported to Sesame. The war file can be downloaded directly from the dev.java.net Maven repository. To set up your own IdP use that WAR and follow the foaf+ssl setup instructions for Tomcat. This war may only work for Tomcat 7.

Posted at 12:56PM May 12, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[0]

why I bought the Michelin Guide

As the issue of copyrights and intellectual property are moving up the public agenda (see this Economist article for example), I thought I'd write a few posts on what I do buy and work out why I did buy it, rather than say pirate it, to use the emotional term of the day. Let me start here with the Michelin Guide for the iPhone.

The Guide Michelin, as it is known in France, is famous world wide as a very professional database, sold until recently as a book, of the best restaurants in Europe. The Michelin Guide sends highly qualified inspectors anonymously to restaurants to evaluate the quality of their cuisine. They also check the cleaniliness of the kitchens, evaluate the service, the decor, and much more. The result is a reliable guide to restaurant quality.

So why did I spend €10 for the iPhone application for the database of French Restaurants? A search on the internet gives a lot of free restaurant evaluation services. I could have used those instead, right?

It's really all about dating. When you are out with a sophisticated girlfriend, or even on a business lunch, it just won't do to pull out your notebook, and spend 10 to 20 minutes searching on Google through reviews of restaurants, that might have closed a few months ago. It takes a lot of time to sift through open reviews simply because tastes differ massively. To be able to evaluate the quality of a restaurant through online reviews requires assesing the taste of the reviewer from the very limited information available to you from the text -- reviews that could furthermore easily have been faked or sponsored somehow by the owner of the restaurant himself. So when you are on a date or with your wife and she wants a good quality restaurant close to where you happen to be right now, you don't have more than 3 minutes to come up with an answer. You are going to spend easily €30 to €100 on the meal. And a bad meal can spoil a day or a business meeting. So compared to that, what is €10 for the Guide Michelin?

What is important here is that you want quality information here and now. The quality is provided by the inspectors of the Michelin Guide, and the system they put in place to do the tests and verifications. It is confidence in their methodology that gives confidence in their results. Perhaps something similar could be done using crowd sourcing, but I have not yet found such a site, and my guess is that this could be very difficult to put together (not impossible mind you: it is up to Michelin, to keep the cost of their information low enough that building up a parallel database remains uninteresting).

So here are a few reasons I can think of for paying Michelin directly for the information:

• The information from old guides has no more value. The latest information is what I am paying for
• by not giving money to the source I'd be reducing my chances of having good information in the future
• if I got information from someone who did not claim to be using the info from the Guide even though they were, I'd have a lot less reason to believe their results
• if they did use the info from the guide but sold it to me as a copy that was not respecting the policy of the guide, I'd have reason to doubt the honesty of the company giving me the info, and so of the quality of the information itself - trust is an essential ingredient in an information economy
• The time it would take me to find a pirated version of the guide, and the nuisance of constantly finding updated versions, would be worth a lot more that €10 of my time.

An analogy with medicine is illuminating here. You can read up in libraries all about a physical problem you may have. But it could take you months to read up about it, and a lot more to get to the point where you felt that you were knowledgeable about the subject: ie that you could diagnose sympotms correctly and prescribe the best medicines for it. If the disease was about to kill you in a few months then you just clearly won't have time to learn. This is how we get scarcity in an information/knowledge economy. The information may be free to reproduce, but tracking the truthfulness of the information is very costly. Learning it takes time. Perhaps we need to replace the notion of the price of a good depending on the offer and the demand for it, with one of the price of a good being related to the accessibility of the good and the need of it. Learning is the procedure to aquire a knowledge resource. Learning takes time, and that has a cost: in other options that are no longer available, for example. Using the knowledge of others is a short cut to having to learn, and the value of this is reflected in its price.

Posted at 10:38PM May 10, 2009 [permalink/trackback] by Henry Story in Philosophy  |  Comments[3]

JVoteContreHadopi

Pour que les députes Francais entendent les voix des internautes il faut se faire entendre. Je suggere ici une facon trés simple de le faire, qui utilise l'internet a son avantage, et qui de plus est tres distribuée. Simplement ecrivez un blog (ou un tweet) contenant la chaine de characteres "JVoteContreHadopi". Vous pouvez aussi expliquer vos raison pour votre vote en détail. (Moi je l'ai fait ici). Nous pourrons aprés utiliser Google pour compter les votes en utilisant cette requete. Ca peut prendre un peut de temps pour que Google index votre blog - si vous avez des trucs pour que ca ce fasse plus vite, ajoutez les dans les commentaires en bas. Vous aurez une partie des réponses, mais vous les aurez plus rapidement en cherchant sur twitter search.

Certains internautes utilisent le service twitition. Mais je n'aime pas l'idée qu'il faille leur donner mon password.

Nous avons fait quelque chose de similaire pour un vote beaucoup moins important portant sur Java 6 et OSX leopard.

Posted at 06:22PM Apr 30, 2009 [permalink/trackback] by Henry Story in Art  |  Comments[1]

The anti-privacy/liberty law named Hadopi

The Hadopi law(en) being voted now in France, constitutes an incredible attack on Freedom of expression and Privacy. It is fascinating to see how a law that gives the state an easy route to invade people's every digital thought is being pushed through, and will very likely be accepted by the French parliament on Monday May 4, 2009.

Parliamentary Maneuverings

The maneuvers of the French parliament here take some work to understand. A few weeks ago Hadopi was rejected in the Assembly by 21 votes against, 15 for. For an Assembly containing well over 300 deputies, and for a law of such importance, it may seem odd that so few people were part of the discussion. The best understanding I have of this is that President Sarkozy, has made this a very personal issue, having promised to a lot of big media friends, with which he is very close, to put in place a system to break the problem of "piracy" on the internet. Anyone in the majority who may have been tepidly against the law, may not have wished making such a powerful enemy. Others may have thought the law was a done deal given the backing. And sadly I think most of the deputies don't really understand the issue at all, as reveled by this video asking deputies what p2p is.

The Anti-Piracy law

Having lost the first vote, Sarkozi ordered his troops together to make his majority in parliament felt by having them massively vote for the law. The problem is that the majority voting now have very little understanding of the technical issues in front of them. Their view of the issue is the one a large part of the French population have: this is simply an issue of being for or against the Pirates; being for or against the artists. "Piracy is theft" is the simplifying drumbeat which organises their thoughts.

Coming to the defence of artists is of course a very noble thing to do. I myself try to stay as clean as possible in that regard, favoring works that are clearly licensed openly. Most work I publish under very free licences, that make it close to impossible to pirate my work. This article for example is published under a Creativce Commons attribution licence. In any case I find it much easier to buy or rent DVDs than to search for content that may be broken on some other p2p network.

What the best way to defend artists is, and how to find ways of rewarding their work is a complex issue. For the past 50 years people have mostly accepted electronic work to be freely available via the radio or the television -- if interspersed with advertising. I don't want to look into this problem here. For some good ideas one should read and listen to Lawrence Lessig speak on the issue of copyright and the future of the network, or the French economist Jaques Attali write about 10 steps to solve this problem.

The Anti-Privacy/Liberty Law

However noble the issue of saving artists is, the real problem is how this law intends to go about doing what it set out to do. And if one looks at it this way, one soon gets a bad feeling of having entered a Orwellian 1984 like world! (See the public letter "Sci-Fi Against Hadopi") The law is not just anti-piracy, it is also anti-privacy, anti-freedom of expression, anti-freedom of all sorts. It is like a super DDT, a chemical that gets rid of all insects, but is so powerful that it also starts killing humans too.

The Hadopi law (pdf) will enable a newly established administrative higher authority to receive ip addresses from content owners, and ask telecommunication companies to reveal the owners of that ip address, to whom they will send 2 warning e-mails, telling them that something illegal is being downloaded or uploaded from their network, and asking them to secure this network. It seems that this warning will not even mention the work that is thought to have been illegally transmitted. After the third postal warning the internet connection will be cut off. At that point the citizen whose connection will be cut off, will be placed on a black list, making it impossible for him to seek any other telephone connection. As it will be extremly difficult for him to defend himself, he will then have to accept putting a yet undefined piece of software on his network that will snoop everything he is doing. One motion required this software to also sniff the email communications [ I am not absolutely clear this went through though.]

So in short, private companies will be able to anonymously denounce French citizens, leading their internet connection to be cut off, and then forcing them to install snooping software on their network to prove their innocence! If this is not an extreem invasion of privacy I do not know what is.

To help citizens who want to stay legal find their way around the internet, the Hadopi institution will distribute special labels for clean content. Good citizens will be safe if they don't stray too far from officially approved sites. If this is not an attack on freedom of information I don't know what is!

Where is the resistance?

So over the past few weeks as my concern grew I tried discussing this with a number of people. My initial thought was that an issue such as this would not get through in a country that demonstrates on nearly every issue that comes up. What stunned me was the silence, or the lack of interest in these issues by most people. It is instructive in my view to look at various types of responses I got.

The law cannot be implemented view

A lot of people are convinced that this law cannot be implemented. It is too crazy to be workable. Let us hope and pray that it is! The previous DADVSI law wich had set punishments of €300 000 and 3 years in prison, was so extreemly overwhelmingly powerful, that it indeed was not useable.

But that argument is very dangerous. The DADVSI may not yet have been used, but it may one day be. It is certainly what is spurring the current law, Hadopi, which comparatively seems innocuously kind. It only will ask you to install snooping software on your network. And since it is big brother the State asking this, and most people have no idea of what this implies, a lot of people may very well be frightened into accepting this. In any case it does not matter if it is not immediately applicable. It need only slowly with time work itself into people's lives. If enough people have this working, even if it is widely bypassed, then you can bet that in 10 years time, a movement will start where people who do have this installed will complain that some of their fellow citizens don't have it, and so push for harsher laws, perhaps going so far as to install this automatically on all networks.

We can bypass it

A lot of technically savvy people have convinced themselves they can bypass this easily.

So what if they do? The law need only frighten the majority into behaving a certain way. With time, and with the majority on their side, they can add other laws to make the undesirable behavior a lot more difficult. For example for those who think that anonymising software is going to be an easy way out, then they should look at the next law on the table: Llopsi which will give the State the power to block any IP address they need to. Now perhaps a good use case for Llopsi will be large anonymiser services.

Not fighting a law because one decides one will not follow it, is a very selfish and short term way of thinking. Sadly it seems to have grown in a large portion of the population that allowed itself to be tagged as Pirates. And for that selfishness we will all pay (yes, this is not just a French phenomenon, it seems to be a globally orchestrated movement - see for example blackout europe.)

It will be blocked by the constitution

It may be. But then it may not be. In any case it is extreemly worrying that a law should have to go so far as to require blocking by the constitution. Remember how Lawrence Lessig's attempt to get the Supreme court to change the provisions on copyright? It failed.

It will be blocked by the European Union

The EU is a Union of States, where the states have an overwhelming power. The EU does not have an army and cannot enforce much. France has the "cultural exception" it can use quite easily, and it may also be that similar problems are brewing in the rest of europe. Don't count on the EU. The parliament have done a great job there, but they don't have the final say, and they can be pressured. They have just watered down the telecom bill for example. The EU is not the USA.

The people will rise

This is unlikely given what I have seen. Many people don't yet really feel the power of the internet. They work with the internet via the expensive and limited cell phone networks, if at all. For them the Internet is cool, but not essential. Furthermore traditional media are still extremely powerful, and they can direct the message the way they wish. If they were not so powerful, laws such as this would not ever be able to go so far. I don't watch enough television to be able to tell if both sides of the debate here have been aired equally. My guess is not. [ Update: the major French television channel TF1 - the first french TV channel to be created, now privatised - was found to have sacked the head of their innovation center, for having sent privately a critical message on Hadopi to his Member of Parliament as reported by Libération. Thereby confirming the suspicion that other sides of this debate are not getting equal airing time]

But in the long term the people may very well rise. If the law were applied equally and without discrimination then businesses may very well be the first to rise up -- and leave. Later as the internet does become more and more part of every day life, the people themselves may rise. Most likely the younger generation will feel most strongly the difference between what is being asked and what is reasonable. They may feel these new chains most forcefully. Mass movements though are worrying, because when masses move, they can end up being very difficult to control, and can easily go the wrong direction.

All in all I think it would be much better for people in France to call their deputies before the law passes and urge them to change their mind, than to wait and fight this out on the streets.

Vote

There are a number of ways people can get their voice heard. One is the twitition petition. But I don't like the way it requires your password. Better I think to add the string JVoteContreHadopi to a blog post or tweet of yours. After a little time the vote should appear on this Google query where the votes can be counted. (We did this for when voting for Java 6 on OSX leopard.)

Posted at 05:09PM Apr 30, 2009 [permalink/trackback] by Henry Story in Art  |  Comments[7]

Adding twitter to my blog using Scala

Having added javascript widgets to my blog a few months ago, I found that this slowed the page downloads a lot. Here is a way to speed this up again, by pre-processing the work with a Scala script, and using iFrames to include the result.

Here are the short steps to do this:

1. I wrote a Scala Program (see source) to take the twitter Atom feed, and generate xhtml from it.
2. I wrote a shell script to run the compiled scala jar

   #!/bin/bash
   
   export CP=$HOME/java/scala/lib/scala-library.jar:$HOME/java/scala/lib/learning.jar
   
   /usr/bin/java -cp $CP learning.BlogIFrame $*
   

3. Then I just started a cron job on my unix server to process the script every half an hour

   $ crontab -l
   5,36 * * * * $HOME/bin/twitter.sh $HOME/htdocs/tmp/blogs.sun.com/tweets.html
   

4. Finally I added the iFrame to my blog here pointing to the produced html <IFRAME src="http://bblfish.net/tmp/blogs.sun.com/tweets.html" height="300" frameborder="0"></IFRAME>

As a result there is a lot less load on the twitter server - it only has to serve one atom feed every half an hour instead of 1000 or so a day - and my html blog page does not stall if the twitter site itself is overloaded.

Also I learnt a lot about Scala by doing this little exercise.

Posted at 01:25PM Apr 29, 2009 [permalink/trackback] by Henry Story in Java  |  Comments[6]

Hadopi, a serious danger to French competitiveness

The last minute provisional rejection of the HADOPI law in France last week (it will go back for a vote on the 29th April), has given a new life to the debate here. The law, which is perhaps best explained on the French Wikipedia page, will give if passed, the power to Copyright holders to point out infringing ip addresses to a new higher authority (HADOPI) which will have the power to cut off internet connections after 3 warnings.

There are a huge number of privacy issues here, perhaps best illustrated by the possibility of someone using a p2p network to send themselves a copy of their legally purchased content. Furthermore as it is extreemly easy to infringe copyright - as the Baby dancing to Prince video case illustrates - this law will create a background atmosphere of fear which will have serious consequences on the ability to create new services.

This fear will lead outfits - cafés, libraries, hotels - that provide public access points to the internet, to demand some white list of acceptable content providers which they can allow their users access to without the danger of being cut off. The creation of such a list is extreemly expensive: certainly a lot more expensive than the profits the copyright holders may have gained by selling content to penniless teenagers. (Those of us that do have money, are happy to pay for the quality guarantees provided by pay for services. I'd rather pay a few $1 than be interrupted in the middle of a pirated movie by missing scenes, badly recorded music, or porn...). So there will be no justification to pour a lot of money into very complete white lists. Getting added to such lists will be a time consuming political game.

As a result startups that come up with new innovative services, being low budget idea driven companies, these will of course not have the money to play these advanced political games. Starting up in France will therefore be difficult or impossible. With much larger markets abroad - in the USA for example - the path to growth there will be clear. When these startups have then turned into billion dollar US companies, they will find it relatively easy to pay for the HADOPI political game and return to France. A loss to french entrepreneurship nevertheless.

This is not the first time this happened. Something similar happened with cryptography in the 90ies. France by severely restricting the strength of its keys, handicapped all of its ecommerce industry in the competition with the US, whose citizens were allowed to use any strength they wanted to. These laws were repelled in 1999 after much damage to its industry. Freedom is not just a cultural issue of fundamental importance. It is also the life blood of a dynamic economy.

Notes

1. The above are my own opinions, and not those of Sun Microsystems.
2. This article is published CC attribution, as all other articles on this blog. Please feel free to copy and translate. I do in fact read, write and speak french fluently, but my french spelling and grammar is just too rusty from lack of use, that I did not want to impose this on my readers

Posted at 01:18PM Apr 15, 2009 [permalink/trackback] by Henry Story in Philosophy  |  Comments[3]

Sun Initiates Social Web Interest Group

I am very pleased to announce that Sun Microsystems is one of the initiating members of the Social Web Incubator Group launched at the W3C.

Quoting from the Charter:

The mission of the Social Web Incubator Group, part of the Incubator Activity, is to understand the systems and technologies that permit the description and identification of people, groups, organizations, and user-generated content in extensible and privacy-respecting ways.

The topics covered with regards to the emerging Social Web include, but are not limited to: accessibility, internationalization, portability, distributed architecture, privacy, trust, business metrics and practices, user experience, and contextual data. The scope includes issues such as widget platforms (such as OpenSocial, Facebook and W3C Widgets), as well as other user-facing technology, such as OpenID and OAuth, and mobile access to social networking services. The group is concerned also with the extensibility of Social Web descriptive schemas, so that the ability of Web users to describe themselves and their interests is not limited by the imagination of software engineers or Web site creators. Some of these technologies are independent projects, some were standardized at the IETF, W3C or elsewhere, and users of the Web shouldn't have to care. The purpose of this group is to provide a lightweight environment designed to foster and report on collaborations within the Social Web-related industry or outside which may, in due time affect the growth and usability of the Social Web, rather than to create new technology.

I am glad we are supporting this along with these other prestigious players:

• ASemantics
• Boeing
• Cisco
• DERI Galway at the National University of Ireland, Galway, Ireland
• Garlik
• Institut National de Recherche en Informatique et en Automatique (INRIA)
• Institute of Informatics and Telecommunications (IIT), NCSR
• NICTA
• Rochester Institute of Technology
• SUN Microsystems
• Talis
• Telecom Italia
• University of Bristol
• University of Edinburgh
• Universidad Politécnica de Madrid
• University of Versailles
• Vrije Universiteit
• Vodafone

This should certainly help create a very interesting forum for discussing what I believe is one of the most important issue on the web today.

Posted at 10:22AM Apr 07, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[4]

howto get a foaf+ssl certificate to your iPhone

In my previous post I showed that a passwordless distributed social web is already possible on the iPhone. It just requires one to upload a foaf+ssl certificate to it. Here is a relatively easy way to do this. I leave it up to the readers of this blog to build even better ways to do it.

First of course you need to have a foaf+ssl certificate. If you don't have a foaf file, then you may want to first check out foafbuilder to create a foaf file and help you tie your distributed persona on the web together. It would be great if foafbuilder could also create those foaf+ssl certs.... For the moment they don't so the easiest way to get it is using the foafssl.org certificate creation service. That will load the certicicate right in your browser, and help you test it.

Once you have a certificate in your browser - I am assuming Firefox here - you just need to export it to the hard drive. In FF go to Preferences, and click on the advanced tab, and choose the encryption section.

I have a number of foaf+ssl certificates as you can see here. Choose one of them and click the Backup button. This will open another window asking you where you wish to save your certificate. Save it somewhere obvious in pkcs12 format. Make sure the file ends with a .p12 extension. You will also be asked for a password to encrypt your certificate, so it can't be opened in transit. You can use a complex password here as you will only need to remember it once.

Then just mail yourself that .p12 file using an account you can access on the iPhone of course. It is just a matter then of going to your iPhone, and opening your mail. In my mail I added a link to the web service I wanted to use next, to save me typing later.

When you click on the p12 link in your iphone, it will then ask you if you wish to install it. The certificate will most likely not be verified by another party. But that's ok, because you are the person who verified it. It is a certificate about you, and you know yourself better than most other people (except your mama of course).

You are then asked to enter the password you used to encrypt the certificate earlier. Once this is done your certificate will be installed on your iPhone, where it can stay happily for a very long time.

If you wish to have a number of different personalities on the web you can create different foaf profiles of yourself, where you can link different pieces of your web life together. As all detective films show it is very difficult to keep things forever secret. But you can at least keep pieces of your life clearly seperated, to keep nosy people busy.

Posted at 07:19PM Apr 03, 2009 [permalink/trackback] by Henry Story in SemWeb  |  Comments[2]