Count me as #2 of 1000

James Howard Kunstler is sometime over the top in tone, but dead on accurate in the long term... his latest column warns of the dangers faced by our country, and by our President Elect. He supposes we're not adult enough to face the threat head on, and I worry he might be right(emphasis mine):

"The motoring era is coming to an end. Heroic investments in highway infrastructure to create jobs will be a tragic waste of our dwindling capital. The pressure for Mr. O to make these misinvestments will be enormous, perhaps insurmountable. There are probably not a thousand people in the US who agree with what I am saying -- meaning the consensus to keep the cars running at all costs overwhelms reality at the moment. Does Mr. O's concept of "change" include the possibility that we may have to live very differently in this society?

     Chances are, if Mr. O knows any of these things he might be crucified in the polls and the media by acknowledging them. The only "change" that America really wants to hear about is evicting George Bush from the White House."

So, count me as #2 out of those thousand people who have read his column, and actually agree with it. The problem is that we need the majority to wake up from their consumer era dream, and get back to work, making adult decisions, for our own sake, and our children.

Acer Aspire One - 20 days later

I purchased this Acer Aspire One 20 days ago... and I'm still VERY happy with it. 

This computer is not the most powerful thing out there, but it's more than good enough for the tasks I tend to undertake. The price more than makes up for this.

I've shown this computer to a bunch of my fellow commuters, and the usually respond favorable when I talk about it. I explain that it's a real computer, and it has Windows XP and not the dreaded Vista... which scores points. 

If they are still interested in it, I tell them there are two very important points they need to be aware of:

• It's small
• It has no optical drive

It's small in every way, the screen, the weight, the keyboard and trackpad. It takes adjustment, and is a definite tradeoff.

The other big point is the fact that there's no DVD/CD drive... which makes the decision to give one of these as a gift a bit risky.  The machine does come with InterVideo WinDVD for some reason... I'm hoping I can just download my Season 4 of Dr Who and watch it... otherwise I'll find another way.

I'm sitting in a car dealership waiting for repairs... using their WiFi while connected through my machine at the office to avoid their filters... and this thing is just the right tool to check my email, read some web pages, and post this entry.

If you can live with the two points above, this might be the machine for you.

Still highly recommended.

Hard Target Search - Neologism

After spending the last hour with Google and every concievable search, I have come to the first conclusion that the term "Hard Target Search" is a neologism, first popularized when Tommy Lee Jones said it in the movie: The Fugitive

Here's a clip from the script:

He stops and looks into the TV lights and starts moving downtrack. The media and State Police move with him like Israelites behind Moses.

GERARD

Ladies and gentlemen... our fugitive's been on the run for ninety minutes. Average foot speed over uneven ground - barring injury is approximately four miles an hour, giving us a radius of six miles. I want a hard-target search of any residence, gas station, farmhouse, henhouse, doghouse and outhouse in that area. Check-points go up at 15 miles.

(to media)

You got that? Good. Now, turn those damn things off and get out of our way.

Here's the definition of a hard target found on the internet:

HARD TARGET :

• any fortified, reinforced, armored, or protected object, mobile or stationary, which may require special ammunition or specific tactics (eg: sequence, approach, etc), and serves as a FORCE MULTIPLIER when attacked; see HARDEN, OBJ, COLLATERAL DAMAGE, RULES OF ENGAGEMENT (ROE), RFZ, NFZ, FREE FIRE ZONE, BDA, IRONCLAD, SKIN; compare SOFT TARGET. 
  

Hard targets are hard to kill, thus not generally hard to find. This bit of dialog sounds very military, but doesn't actually mean anything.  It's a neologism, written by Hollywood.

If then entered the slang, and got used in a Seinfeld episode called "The Sponge":

ELAINE: Well, Kramer was right. My friend Kim told me the sponge is off the market.

JERRY: So what are you gonna do?

ELAINE: I'll tell you what I'm gonna do - I'm gonna do a hard-target search. Of every drug store, general store, health store and grocery store in a 25-block radius.

So, it's off to the races, and the neologism has hit critical mass.

Poor mans geofiltering - The Zip Code

We had cause to try to filter a database today to entries near specific US cities. It turns out that the ZIP code is our friend.

First we used Wikipedia to locate a landmark in the target city (because you can't get a Zip code from the USPS unless you have a specific street address).

Knowing the zip code, we then went to Ben Fry's wonderful ZIP code visualizer to get an idea of the range of zip codes that would roughly approximate our desired scope.

Fast and efficient... thanks to the time savings experts of the past.

Tiny bubbles - and why you should care a bit

I recieved a link to an MIT tech TV news release about storing energy... and it didn't really explain it well... so I dugg around and found out more. Here's how I explained it to my friends in an email:

The reasons you should care about this are laid out better in this video, which explains a lot more of the details:

 

http://techtv.mit.edu/videos/273-tiny-bubbles

 

 

At 3:26 they nicely explain about the reduced voltage required (which means it's more efficient) of 1.6 Volts instead of 2.3 volts of the 1.2 volts you could potentially recover in a fuel cell.

 

At 3:55 they explain that there are no precious metals involved, which means it could be scaled quickly once they tweak it.

 

At 5:15 they explain why they started experimenting with cobalt compounds to avoid precious metals

 

At 5:45 they explain the nifty catalyst they set out to make and investigate

 

At 6:05 - it didn't work... serendipity occurs instead

 

At 6:55 - they don't know how it works... but they are willing to learn

 

 

 

So... here we have a new way of efficiently converting excess electrical power to hydrogen and oxygen. This is a critical part of the cycle required to store energy for later use. 

 

I consider this the modern physics equivalent of inventing the first granary. It's a new place to securely store a harvest from the sun.

 

Thanks to my wonderful wife, Noran for the early birthday gift. I'm now the happy owner of an Acer Aspire One, which seems to be the ultimate machine for commuters like myself. My friend Daryl took this photo.

The photo on the screen is available from my Flickr photostream.

I couldn't resist playing with it in an almost recursive fashion... so I ended up with this:

So now I'm 45. I'm still amazed I lived past 28, and grateful for every day.

Change.gov - post 3

This is my third cross-posting to Change.gov.

The era of cheap oil and plentiful gasoline is rapidly coming to a close. The American car industry is build to harness two key resources that no longer exist in this country, cheap gas, and people with the money to buy new cars.

We need to save the manufacturing capabilities of the big three, but not to build more cars. We need to build new trains, trolleys, buses, and other vehicles to meet the transportation needs of the 21st century. We need to work together, and end the selfish need to cocoon ourselves in a ton of steel just to get a gallon of milk.

We need to save the remaining energy resources of this planet to allow our children and grandchildren to inherit them, in order to use them to cover the emergency needs that arise from time to time.

We need to end our love affair with the single person car. It will take some adjustment. We'll all have to give up the isolation, and actually get to know each other, but it's ok. We're all Americans, and we can get through this together.

Social network networks

I've learned that Facebook seems to link to almost everything, including Blogger and Flickr. It's a computer network of social networks, all geared to distributing social objects on a vast scale!

Recieved wisdom - saving for later

Some day I'll be contemplating something like this... and this makes total sense to me right now... so what better way than to blog it for posterity:

If you are virtualizing your server environment – use NFS as your storage protocol. It’s better, period, end of story. Don't beleive me, ask Nick Triantos at NetApp. If you are ok with limited storage capacity, let a NAS storage controller virtualize your disk and present NFS to your virtual servers. If you want to protect yourself from lock-in and the pain of provisioning beyond a single NAS controller, do your virtualization in the network connecting your storage arrays to your virtualized servers. 

Change.gov - post #2

The Internet is still in it's infancy, it's entirely likely that the applications and protocols that the majority of us will find most valuable ten years from now have not even been thought of yet. It's thus very important to make the internet a level playing field, to allow it to continue to be a fertile field for growing new ideas, and new prosperity.

To do this, we should encourage Internet access for all Americans. One very low cost way is to help encourage a culture that shares this resource. The recent FCC rulings concerning "White Space" or unused radio channels are a great step forward. We should also encourage the FCC and others to allow communities that wish to build their own Internet infrastructure, instead of forcing them to wait for one of the incumbent monopoly providers to decide it's worthwhile.

The Internet was meant to be shared, anything you can do to help would be greatly appreciated.

New tools

It's always fun to get a new tool. You immediately start to put it to use, and to see what new capabilities it offers. So it is with my new Acer Aspire One netbook. It's really tiny, and I did opt to pay the Microsoft tax, in exchange for knowing that it'll do everything I want, albeit slower than previously.

So far, I've removed most of the bloatware that comes with it. I am wondering why they put a DVD player program on it, as it doesn't have an optical drive... but such is life.

Songs about teamwork

I was recently asked for ideas for songs about teamwork... after some research on the net... here's what I came up with

"I can help" - Billy Swan 1974 - http://www.youtube.com/watch?v=Sr645Ti4ju8

"Let's Work" - Mick Jagger - http://www.youtube.com/watch?v=b7m3BKgUZAM

"With a little help from my friends" - The Beatles - http://www.youtube.com/watch?v=poUoCggQZd0

"All together now" - The Beatles - http://www.youtube.com/watch?v=4gkKAa2jIjk

"Don't stop believing" - Journey - http://www.youtube.com/watch?v=ip1zsUIosoA

"We didn't start the fire" - Billy Joel - http://www.youtube.com/watch?v=pKu2QaytmrM

"Simply the best" - Tina Turner - http://www.youtube.com/watch?v=bMbtzalS3u8

"Nothing's gonna stop us now" - Jefferson starship - http://www.youtube.com/watch?v=5PP1HEFlkdY

Wonder Pets Theme Song - (for a bit of humor) http://www.youtube.com/watch?v=xxlWvE2U0nw&feature=related

Change.gov is now online, and accepting suggestions

There's a new domain in town... http://www.change.gov/, which is set up by the transition team. They are looking for ideas... I just posted my first

Create an commission responsible for auditing and reviewing every branch of government, composed of at least 50% certified public accountants, and the balance from the general population. Set it up so that it would be treated like Jury duty.... it would be a public service, and NOT a permanent position. Like Juries, they would pick their own foreman once they were qualified and grouped and given a section to work on.

I've got a few more to type in.

Chicago Bean Panorama - Prints Available

Now available, limited edition xerographic prints of this picture

Thanks to this special offer, you too can own a limited edition xerographic print on heavy stock.

This edition is limited to 10,000 prints, each signed by the artist. Overall size is 17 x 11 inches, approxmate image size is 16.7 x 5.8 inches.

Thanks to Hugh at Gaping Void for the idea.

Old posts - adding value to the archives

I'm wondering what the rest of the world things about old posts... so I came up with this Google query to find out

http://www.google.com/search?q="old+posts+are+like"

What I found was a total of 7 hits... which isn't much... so I must have worded it wrong... but the hits I did get seem to indicate that the main reason for leaving them around is to show up more often in search engines... which could very loosely be considered a proxy for value.

I'm interested in makeing this pile of posts into something other than more wasted disk space... that's why I'm adding labels (there's a list at the bottom of this blog) and trying to revisit things and add value.

Archives are important... and need to be nurtured. You don't prune them back, but you can tend them.

Why I blog, and what to do afterwards.

Andrew Sullivan has written a great piece over in the Atlantic about why he blogs. He goes through the history of blogging, and weighs it against other forms of writing. I agree with it in the most part, but I disagree with his characterization of blogging at the start: (italics are mine)

This form of instant and global self-publishing, made possible by technology widely available only for the past decade or so, allows for no retroactive editing (apart from fixing minor typos or small glitches) and removes from the act of writing any considered or lengthy review. It is the spontaneous expression of instant thought—impermanent beyond even the ephemera of daily journalism. It is accountable in immediate and unavoidable ways to readers and other bloggers, and linked via hypertext to continuously multiplying references and sources. Unlike any single piece of print journalism, its borders are extremely porous and its truth inherently transitory. The consequences of this for the act of writing are still sinking in.

I agree that social convention around blogging is to not go back and do heavy editing of what you've written in the past. This is a crucial cornerstone on which we build our arguments with each other and ourselves over time. If the past is allowed to be edited, then anything can be forced to be true with sufficient effort. So there is much value in keeping the archives safe.

However, there is also something to be said for adding to the archives, which I don't think is currently done on anywhere near the scale that it could be done. It might be useful for me at some future point to add references that point back to this article, add corrections, etc. I think there is quite a bit of value to be added in this way.

I personally flit around a bit too much for even my own sensibilities... tending towards a tangential life at times, but I do manage to get back to the basics, and get things done sufficiently well to allow society to consider me a valued member. (I hope)

I'll try to go back, see what value I can add, and make this blog a bit less ephemeral, and a bit better value for everyone. There are lots of good and bad arguments that have been made, decisions informed, and lessons learned. It's a shame to lose the value in them because they simply are too hard to find.

I believe we need to put a bit more effort into this, collectively as well. We need to slow down our pace, be a bit more considered, and we'll all be better for it. This requires no new tools, just a bit of a tweak to the social contract we bloggers share.  We can all make our existing work more valuable, and a proper gift to our children, instead of just a random pile of rants.

Thanks for your time and attention.

Blogging tools still suck

Here's an article which is interesting, insightful, and dead wrong...

To be able to do a full criticism of it, you really need to be able to do markup on it. That is, you need to be able to add a layer of commentary on top of it. Currently, the only way to do this is to copy the whole bloody thing, and then embed your own layer of markup into the copy. This sucks.

The idea of marking up text is hard coded into things like the Torah... which is 5000+ years old... yet the wizards that give us toys like IE, Firefox and Chrome can't seem to grasp this concept.

ugh!

The Bailout and how we got there... actually explained.

Please spend an hour of your time listening to episode 365 of This American Life. 

They explain how the economy got to the dire straights it's currently in, and discuss the bailout.

If you have any desire to understand, you should listen.

Quote of the day

"We are now in the golden age of thieves. And where I come from we put thieves in jail, we don't bail them out." — Rep. Pete Visclosky, Democrat.

Thanks to Scott Olsen for the tip, and WSBT for the Quote, and to Pete for doing a hell of a job.

Bailing out the world?

If Karl Denninger is right, the bailout really is an attempt to bail out the World's banks... which explains why the people in Europe would care about our mess... watch the video, and decide for yourself.

I don't want to give away $700,000,000,000 of our money overseas, neither should you.

Learn from History

The depression became the Great Depression because Congress got stampeeded into passing the Smoot-Hawley Tariff Act and made things worse. From Wikipedia (emphasis MINE)

The Smoot-Hawley Tariff Act (sometimes known as the Hawley-Smoot Tariff Act)[1] was an act signed into law on June 17, 1930, that raised U.S. tariffs on over 20,000 imported goods to record levels. In the United States 1,028 economists signed a petition against this legislation, and after it was passed, many countries retaliated with their own increased tariffs on U.S. goods, and American exports and imports plunged by more than half. In the opinion of most economists, the Smoot-Hawley act was partially responsible for the severity of the Great Depression.[2][3]

Now we have the Bailout which is opposed by Economists... don't let them repeat the mistake again.

Trivia... it was the Hawley-Smoot Tariff Act which was the dry boring history that Ben Stein was talking about as a Teacher in Ferris Bueller's day off, which is why I knew about it.

Here we go again.... damn thieves are trying to rip us off again!

Senator Bayh's voicemail was full, but I was able to call Senator Lugar's office... I suggest you do the same. We can't let this bailout pass... it'll be pissing away $700,000,000,000 of our money as a start, and won't fix anything.

The administration is trying to scare you into giving them money... normally this would be called Strong Armed Robbery in the state of Indiana, but in Washington DC it's called politics as usual.

Don't let the thieves get away with it.

My Congressman Rocks!

Here's the email I got from my Representative - Peter J. Visclosky... who I will continue to vote for in reply to my letter opposing the bailout. (Ephasis mine - all mine)

  

Dear Michael:

 

Thank you for contacting me to express your concerns regarding government assistance to distressed financial institutions. 

 

I absolutely agree with you. That is why today I opposed H.R. 3997, the Emergency Economic Stabilization Act of 2008, and the House rejected it by a vote of 205 to 228.

 

I do not believe that it is the responsibility of Congress to bail out financial firms experiencing loss because of a lack of regulation, a lack of oversight, the greed of financial executives who often make sums in excess of 250 times the income of the average American worker, and bad judgment. 

 

I have the gravest reservations over this proposal, and I am appalled at the President's arrogance to suggest that Congress act within ten days to undo a disaster that has crescendoed over the last ten years and enriched countless Wall Street executives and speculators while impoverishing multitudes. Enclosed, please find a copy of the remarks that I submitted for the Congressional Record during consideration of H.R. 3997.

 

The problems in our current financial system are not temporary aberrations in an otherwise healthy system, and may not be so easily addressed. As I write, it is not known whether similar proposals will be considered in the future. However, given the gravity and systematic nature of these problems, you can be assured that I will examine any future proposal with the same care and deliberation I exercised with H.R. 3997.

 

Thank you again for contacting me. Do not hesitate to let me know if you have any other questions or concerns.

Sincerely,

Peter J. Visclosky

Member of Congress

It's heartwarming to me to know I've got good representation.

The people have spoken... for now...

They voted the bailout down... the first good news all day.

Maybe now we can move forward, and purge this toxic debt from our markets, and get to work rebuilding our country.  Some transparency will certainly help if we can get it.

What the bailout really means

A friend noticed that the first vote on the bailout failed... and asked for my opinion....

If we do nothing, we'll have to watch some banks fail as the CDO mess along with the derivatives beast die... it won't be nice... but at least the Government would still be here, and could help out the little guy once the consequences of this bad debt are fully known. Folks like us could survive it.

 

If this bailout makes it through, regardless of the details, the bailout buys us a few months to a year of the status quo. It does this by hiding the "toxic" loans from the markets by eating them before anyone gets a chance to see how foul they truely are.  Of course, to do this we'll be spending somewhere around 0.7 Trillion dollars, and it will only take a small nibble out of the shitpile. There will be trillions more left, which still has to be dealt with.  The 0.7 Trillion has to come from somewhere, and for the first time, the Congress, Treasury, and Fed are considering just printing it up, with no "reserve" to back it.  Once they get a hit of truly free money, they'll be like a meth addict, and think they can just buy up all the bad loans...   that's when the result is totally debasing our currency, resulting in the devaluation of the dollar to nothing.

 

It's my opinion that passage of this bailout signals the end of the United States of America.

 

  --Mike--

Bad word of the day - Webinar

I recently decided to try out a Webinar offered by Dr Dobbs, it was "on demand" which was good because that meant it wasn't somewhere off in the mysterious future where I might not get to attend... score +1.

They made me register and give a ton of marketing information... score -1 

They spent the first 1/2 minute explaing how to use the live features... score -1

They didn't edit down the presentation... score -1

Three strikes and they're out!

My plan to resolve the mortgage crisis... ugly, but effective

I believe that mortgages are a symptom, and not the real problem. Trust and transparency allow us to have expections that actually get met. Nobody knows what Paulson will do... which is going to make things worse, regardless of his actions. 

We have a solution that works...it's called the Bankruptcy Courts The process of Bankruptcy won’t have much (if any) stigma once the wave hits… people will be able to walk away from houses they shouldn't be in, and those that gave "home equity" loans to people based on inflated property values were taking a risk that shouldn't be rewarded either.

I firmly believe that the capital markets will not "sieze up" as the personal savings rate in the US has gone UP THROUGH THE ROOF in the past few months, people are saving cash like mad… if banks need money, all they need to do is offer a decent return on an FDIC insured savings account, and funds will FLOOD IN. 

We need to backstop the FDIC to protect individuals, possibly moving the limit from $100,000 per account to $1000,000 per person. Otherwise let the FDIC raise its premiums to recoup the losses in the long term, and this crisis gets solved from almost no money what so ever.

The simpler the solution, the better. The less new code in a program, the fewer new bugs. Let's not write a lot of new code (or laws) to try to fix this bug.

What do you think?    

--Mike--

Cluetrain urgently needed

As I think more about the bailout... the need for a copy of the ClueTrain to be used here is more apparent than ever.

The bailout and the process leading up to it is totally opaque to the general public. We're being rushed into this by the type of government by panic that Naomi Wolf warns us about in her latest book.

We need to stop, breathe, slow down and take a few moments to talk about this, discuss it, open up the conversation and shine some daylight into this mess.

We need radical transparency if we're to have any hope of doing this right... the fact that opposing candidates both agree with the bailout was to me a very strong sign that this is politics as usual... which we just can't survive.

The United States needs a clue... open up the books, find the real costs of the fiscal games of the past 30 years, and push the bad debt out into the light of day, where everyone can see the stinking corpses floating on Wall Street, and then give that debt a proper burial. 

Bush, Pelosi, McCain and Obama need to be together tonight on every channel if this thing gets done, and explain it all to us, exactly... or we need to vote each and every member of congress who swallows this out of office.

I'd write more, but I'm spending the day with my Father... and life is short.  I've said my piece, now please talk about it with your friends and family, and stop this bailout insanity, for our nation's sake.

May God bless the United States of America.

  --Mike--

The clearest explaination of the bailout, ever!

If you care about the future at all, please, PLEASE, go watch this video

http://www.youtube.com/watch?v=lsC2k9opOP0

Sneakernet 2.0

Metafilter linked to Google's Project 10¹⁰⁰ which is looking for ideas to help humanity in general.

I don't know why by here's my first contribution, which I think can be done without any money or great deal of time. I copied my answers out of the form before I hit submit, because I thought it was a pretty good idea and wanted to be sure to save it. You can read them at the bottom of this post.

My basic idea is to learn from history, toss in modern code and the fact that almost everyone can get access to a working computer / USB port, to build a set of social networking tools that don't need the internet, but could certainly use it. 

We need Sneakernet 2.0

I have massive amounts of photographs which I would like to share with my family. Because of the limitations of even "broadband" connections in the US, it's just not practical to do this across the internet. I'm sure that there are lots of people with lots of stuff they want to share that just aren't willing to try to stuff it through the net.

Plain text (or html) is tiny compared to the vast size of the thumbdrives we now throw away. With the appropriate software and/or organization tools, you could re-implement "fidonet" using USB keys to eventually get things to the places they need to go, with or without the net.

The internet is nice, but there needs to be more, with store/forward and some hints provided by the people who carry the stuff around, you can get far more bandwidth to far more people. This I believe is a worthy goal.

My favorite quote on this subject from history:

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway. —Tanenbaum, Andrew S. (1996). Computer Networks. New Jersey: Prentice-Hall, 83. ISBN 0-13-349945-6.

There's already projects to be done, I'll survey the existing stuff and join one if it looks promising.

Here's the questions and answers raw from the form I filled out, in case they help explain things better.

10. What one sentence best describes your idea? (maximum 150 characters)

Build a complete set of social and computer networking tools that can be distributed on/via USB Sticks.

---

11. Describe your idea in more depth. (maximum 300 words)

CBBS opened a new vista of social networking in 1978, which lead to Fidonet, to parallel UUCP, etc. Build a set of tools which allow the modern update to it, with sneakernet as the backbone.

This could be used by families to share photos. Researchers with huge data sets on the larger scale of things.

Provide a nice standard way to share stuff on a massive distributed scale that's extremely easy to use.

---

12. What problem or issue does your idea address? (maximum 150 words)

Routes around censorship and trust issues with the internet. Lowers the barriers to entry for social networking.

---

13. If your idea were to become a reality, who would benefit the most and how? (maximum 150 words)

Anyone who needs to share a huge amount of stuff with others they meet or send packages to on a frequent basis.

---

14. What are the initial steps required to get this idea off the ground? (maximum 150 words)

Some brainstorming, evaluation of available tools, and a small community of people who want to contribute to the idea.

---

15. Describe the optimal outcome should your idea be selected and successfully implemented. How would you measure it? (maximum 150 words)

Everyone around the world gets to share more stuff, and gets more as a result.

Pissing in the wind

It's probably as useful as pissing into the wind, but I wrote both of my senators here in Indiana with the following text:

They made bad loans, they deserve to pay for it, not me and my child.

 

DON'T BAIL OUT WALL STREET

More information needed in hyperlinks

It would be useful if you could add information to hyperlinks, beyond that of the target URL.

You might want to link to a given URL for a number of reasons, it seems to me that there should be a way to express at least part of your intention when linking.

For example, you might

• agree
• disagree
• have an update
• think it's funny
• want to tag an entry
• add a comment

Right now a hyperlink is just an address, stripped of intent. We need to add intent information as well.  If an article has 100 trackbacks, it would be nice to be able to examine those who agree or disagree, etc... in categories. The relevate attributes can be added, we just need to discuss and agree on some standard terms and tags.

What do you think?

Rebuilding the 4th estate

I firmly believe it's time for us to rebuild the 4th estate. It's obvious that we can't count on professional journalism to supply anything usefully approximating the truth any longer. A democracy requires informed citizens to survive. Thus the disappearance of credible journalism is an exisential threat to the United States, a matter of national security, of the first order.

We need Social Journalism... NOW

We need Social Journalism... NOW

We've got just a bit more grace period before the financial world implodes, and things get a lot meaner. Either we figure out means of carrying out journalism and democracy amongst ourselves with the newly minted technologies we have available, or we're all toast.

Open source software, USB storage are the keys to building and propogating a social network that can sustain the cause of Liberty in the face of powerful forces which would censor us into oblivion.

The newest bailout AIG is rumoured to have provisions to allow a firm to raid the assets of all the accounts it holds to "aid liquidity"... this is just what happened to LTV steel here in the Calumet Region, which resulted in all of the workers getting screwed out of about 1/2 of their retirement, and the loss of their health care plans. 

Is this true or not? I as a single person may not be able to find out, which is what gives the people who write these insipid little clauses later used to steal from us wiggle room to work.

My reason for bringing this up is a creeping sense of dread... one reason is that my pension has just been threatened, and I have no real means of determining the truth, other than to wait and see if I'm a victim or not.

Further along that thread is the realisation that any private assets held in the United States can be siezed under a number of guises...

• RICO - claim it was drug money, force the rightful owner to PROVE it wasn't
• Terror - claim they were supporting terrorists, throw them in jail
• Retirement - allow the holding firm to raid your pension
• US Dollars - fudge the inflation numbers and print as much as you want to spend
• Stocks - the DOW isn't keeping up with inflation
• Houses, Land - Emminent Domain

So there are a number of "legitimate" ways to take anyone out of the middle class without arousing suspicion... it's becoming increasingly clear that we'll need some way to fight back, outside the system, but within the framework of the law. We're all at risk here if we don't have some way to find the truth.

Social Journalism would seem to be our best bet.

The best way that I can think of to jump start this is to use blogs while they are still open and free to get a consensus and figure out what truely works and doesn't. We have to pick up the slack and do our own investigation and reporting, as the corporate giants buy out the last newspapers and commodify our process for finding the truth.

Edit suggestions always welcome. 

  --Mike--

Post 9/11 photography on the CTA - Entirely Reasonable

I was taking some photos on the Red Line of the Chicago Transit Authority today, and I was told politely that I would need to get permission. So I put the camera away... and decided to see what's involved in getting permission. The response was one which I'm quite happy with, as a photographer, passenger, and Citizen of the United States.

I rode the Green Line to the LindenClinton stop and walked over to CTA headquarters. Ms Kelley in customer service was very nice and polite in determining who should handle my inquiry. The lobby on the second floor features a nice Neon sculpture I hope to photograph some day.

After a short wait I was greeted by Ron Grazian Jr., who is the Planning Coordinator for Operations Oversight. He explained the situation to me, and gathered information from me about the nature and purpose of my photography. He gave me a copy of the policy document they use for their staff, which will probably prove helpfull at some point in the future. He also made the quite valid point that they have 11,000 employees who may or may not know the fine details of their policy.

The policy itself is quite reasonable, leaving things to the discretion of their employees, which is probably the most sane approach to things they could have possibly done. I'm very impressed with the professionalism and thoughfullness of the CTA.

In discussing why I take photos, and what I do with them, I was surprised that Ron had not heard of Flickr, so told him about the site, and gave him a link to my photostream. We both learned some things, time well spent.

All in all, a 5 Star experience. No hiding behind a set of rules, or anything of that nature, just real 1:1 conversation. 

Thanks Ron!

NSclient++ Error 2755 - Solved

NSclient++ is a package which is used by Nagios to monitor Windows based systems. I recently tried to install it, and got an Error 2755. The problem was that I was installing from a network volume. Copying the file to the desktop and executing it from there resolved the problem.

Real Change - End the empire, restore the Republic

The United States sits at the apex of a mighty empire that stretches across the world. It is a former Republic that has been co opted by a Military Industrial Complex which profits greatly from the supply of tools necessary to coerce the rest of the world into give us more than our fair share of resources. The recent misadventures in war for profit have show us the limits of our power, and the future will not be kind if we continue to overreach and sow discord with the rest of humanity. We risk going the way of the Roman Empire, and we should learn from the past, and not repeat their mistakes.

If we settle down, get our own house in order, and play nicer, we might just survive another 200+ years, otherwise we're in for a chaotic inevitable decay.


This is the first in a series of blog posts to flesh out the list from yesterday.

What do you think REAL CHANGE means?

I was coerced into voting for Barack Obama in the Indiana primary instead of my first choice, Ron Paul as with most elections in the United States, I had to vote for a lesser evil instead of someone I actually wanted to support, it sucked, but I swallowed hard, and took it like a man. I'd rather have someone who might get us out of Iraq, and who might have enough sense not to continue the American Empire project which is leading us rapidly into a repeat of the last days of Rome. Mr Obama appeared to be the only electable choice who at least gave us that chance.

Now we see the true colors of Mr Obama starting to come out. He has chosen a running mate who has none of my views, and doesn't represent anything other than the status quo.

Our country is broken, and facing extinction, and all we get is more bread and circus... the shit storm is coming, and it won't be pretty. I don't think Obama represents enough change, and it's discouraging. I let this sit while I thought about it overnight... this morning a new twist arrived, in a comment on his blog, Doc Searls asked

what would real CHANGE be?

This gives me an opportunity to turn this around into a positive, and I'm glad.

Here's my list, off the top of my head:

1. Admission that we've been covertly building an Empire, and a promise to stop, and support Democracy around the world instead.
2. Admission that we're hooked on foreign fuels, and we need to break this addiction, starting now. Immediate tariffs on imported fossil fuels to start paying off the national debt.
3. Admission that we've been bought and paid for by lobbyists from all over the world, and it will stop now. Lobbying undermines the Constitution, and thus is a form of Treason.
4. Admission that the shift from the Gold standard was a mistake, and an immediate return to the Gold standard at $2000 = 1 Ounce, giving everyone a one time 50% inflation hit, instead of the 5-10 years of 17% inflation like the 1970s. After that, no more inflation, ever.
5. Trials for High Crimes and Misdemeanors of those involved in the planning and promotion of the Iraq war, which caused the death of over 4000 Troops, countless other injuries both physical and mental, along with well in excess of 100,000 civilians, and hundreds of thousands of displaced persons. Not to mention the trillions of dollars lost.
6. Immediate dissolution of both Fannie Mae and Freddy Mac, with the bondholders receiving whatever is left after costs are recovered by the US Government. Shareholders would get nothing.
7. Elimination of the Electoral college, replaced with a 1st/2nd/3rd choice system of direct election of the President. The VP would serve at the discretion of the President, subject to Senate confirmation.
8. Phased withdrawal of US troops from all foreign bases, including Gitmo.
9. Allocating at least 1/2 of all radio frequencies for use of the public to allow a free national wireless internet.
   

Hows that for a start?

Running from the Coyote

My Around the Coyote submission was rejected. 8(

I've decided to see who else is writing about the same thing.

It seems to be a lot smaller this year.

How do you mark your enemies in social networks?

Keep your friends close, and your enemies closer.

Sun-tzu
Chinese general & military strategist (~400 BC)

Thomas Hawk (not his real name) is a "friend" of mine. I like his photography, and he seems to be very positive in supporting others. Like me, he's a fan of photographing the world around us, including art.



The Broken Pitcher - William Adolphe Bougereau

Recently, MoMA, the Museum of Modern Art in San Francisco decided to change its policy to allow non-flash photography in the galleries, he signed right up.

Simon Blint is an asshole. He decided that the new policy doesn't allow for non-flash photography if you have a dSLR. This lead to him forcibly ejecting my friend from the museum.

This leads me to a new conundrum... how do I tag someone as my newest enemy in all of my social networks? Facebook doesn't have a way for me to tag him as an ENEMY, which is a very odd exclusion if you think about it.


Hating someone, or something, is one of the primal urges to action that gets a lot of things done in the world. Social networking should include a way to DEMOTE someone like this twit, or cops on power trips, or whatever. Social networks must allow for this basic and essential expression of anti-value if they are to truely be useful.

I believe that we need to add enemy lists, twit lists, etc... into the framework of VRM as well. This can only help us to label spammers, scammers, and other undesirables quickly and efficiently.

A social network that doesn't allow you to include your enemies isn't worth having.

The Vista Dead Pool

Let me be one of the first to congratulate Dave Winer on kicking off the snowball that will herald the end of Vista...

I won't miss it, unlike OS/2.

My elevator pitch for BitGrid

I had an idea back when I was in college (1981-82) about using an array of look up tables to do programmable logic. I've never really had a chance to get a chip made, as my work is nowhere near that field these days. I'm wondering if you think my idea has any merit.

I've got a blog up at http://bitgrid.blogspot.com where I write about this subject, trying to get a chip made some day.

The idea is simple, really... a grid of cells with 4 inputs, a look up table, and 4 outputs. The 64 bits determine the outputs for any possible input combination.

Routing logic is even simpler... there is none. If you want to route through a cell, you have to program the cell to do it.

Thus any cell can be routing or computation, or both.

An unsigned n bit adder takes n cells

An unsigned n bit multiply takes n*(n-1) cells

A divider takes (n+1)*n cells, unless you want to divide by zero...then it's (n+1)^2 cells



Sound interesting? Waste of time?

I'd like to know what you think.

Blogging at the end of the long tail

If you're reading this, thank you for your time and attention.

Doc Searls is one of the bloggers I read on a daily basis. He's consistently promoted blogging as a way for us to express ourselves and help each other out. I recently posted comments about the nature of blogging out here in what's known as the "long tail"... so described because if you graph the amount of readers of traffic amongst all blogs, I'd be out in the long tail with most other blogs, having only a few readers.

Here's the basic dynamic, based on an illustration I grabbed from WikiPedia:



The environment that Doc is used to is radically different than the one the rest of us live in. Because he's got a stream of followers, he gets constant feedback on how he's doing. Out here in the tail, comments are a rare occurrence. The torrent of attention becomes a trickle out here. Thus the dynamics that work for him don't play out in the long tail.

It's more likely that someone will leave a comment for Doc, because more people read his work. It's also true that the person leaving the comment is more likely to get other people to read their comment as well, because comments are usually public. Private comments like emails don't enter this picture, but I strongly suspect they have correlation with popularity as well.

The positive feedback loop that helps push up the top bloggers works for the other end as well, the top get pushed higher, and the bottom gets pushed lower. Someone on the long tail might have a few interested followers, but they will likely not bother to go through the hassle of signing up to put a single comment on a web site. An email, or offline comment is the more likely route.

Then there is the male culture factor...

As men, a blogger starts with a disadvantage. Guys like to solve problems, we’re taught not to comment on things unless we can solve a problem, or have our 2 cents to throw in to a discussion. This is why we make crappy bloggers, we’re not good at the blog relationship thing, because we don't give lots of feedback.

We’re also impatient… it takes YEARS to find an audience, we’re used to getting new skills by working hard, the harder we work, the faster we get better…. blogging isn’t like that.

Last but not least, there's the problem of having a wide field of interests...

When you’ve got no traffic, it also doesn’t make sense to put things in separate blogs… so the audience you do have gets a lot of stuff they don’t care about… which discourages them as well. In my own case I’ve realized this and am in the process of separating out my areas of interest into different blogs. Most of them get NO hits on a given day… and one or two every once in a while thanks to random web searches. Is it really worth it?

Summary...

Do we have a voice in this bold new world or not? From out here on the long tail, it’s VERY hard to tell.

I think the #1 thing we can all do is to make it a point to at least leave 1 comment per day on someone’s person blog. Like complements, they only have value if they say something positive, and are true.

In other words, The love we share, is the love we receive.

The Quest for the Ball?

Virginia likes the park because she's got freedom to play. I like it because it gives her a very large safe zone in which she can play, and I can play too. 8)

Virginia

It's time for T-Shirts again. ;-)

The future is Usenet, all over again

With the rise of Twitter, and the subsequent introduction of Laconica to federate things, I think I'm beginning to see the rhyme of history. Eventually we'll want to replicate everything in Usenet, but just a bit different

• Anonymous posting will be prohibited
• Tags will replace the hierarchy of groups
• Digital Signatures will prevent forgery
• All posts will have URIs so we can still link to them.
• We still won't be able to markup hypertext. (a pet peeve)
• Data will be streamed instead of batch mode.
  

There were a lot of things to like about Usenet

• Push model saved bandwidth
• Aggregation was built in
• Group hierarchies helped increase signal to noise
• It was federated from the start
• Binary attachments were supported
  

So, we'll get some new hybrid which will help us adapt to the contemporary demands of the internet. I believe that a new push infrastructure is on its way. If done right, we could even get rid of Email and the spam problem, but that's story.

DNS -- It's worse than I thought - Technical version

As most of you know, DNS (Domain Name Service) is the system by which names such as www.apcu.org get translated into numbers that the computer can use to connect to systems on the internet.

There is a very deep and serious flaw in design of DNS which affects virtually everyone, which was recently discovered. The technical details of this flaw are still being kept secret, but it has been disclosed that part of it involves the nature of requests from DNS clients when they do a "recursive" lookup. Here's a link that explains the details: http://www.inetdaemon.com/tutorials/internet/dns/recursive.shtml

It appears that if you know what someone is asking for, you can answer their next question, even if you're not supposed to. This means that you can't trust the answers from your DNS if it happens to be one of the vulnerable ones. (The ones that haven't been patched yet)

The situation is complicated, and made worse by the NAT (Network Address Translation) that we all use to share an internet connection among more than one computer. All of those Linksys, Belkin, Dlink, etc… devices we bought make it easier to guess the next question… if your DNS is behind one of them. This means that anyone with a Windows Domain, or Linux Server who has their own DNS now has to consider moving the DNS back outside the NAT… which isn't a nice prospect.

The DNS clients built into ALL of our PCs need to be updated as well. This means doing Windows Updates for ALL of your PCs

Fortunately, there is a tool to help you test your system (not just your DNS, but the whole chain) to see how you will fare (it's not a guarantee, but a guideline) available online at:

http://www.doxpara.com/

It's on the right side of the screen… conviniently labeled "Check My DNS".

It turns out I'm ok at home because ComCast has patched the servers I use… but I've got a ton of work to do at work.

There will be full public disclosure of the vulnerablity on August 6, 2008. I strongly urge you to use this time to get ALL of your systems tested and patched appropriately before the hackers of the world learn the details.

I'll be spending a lot of time on this… and so will most of you, it's far better to do it now than to have to clean up a mess afterwards. (When you can't trust your DNS to get the patches, etc!)

Exim is a bit nuts

I'm using Nagios to monitor servers, but was having some trouble getting emails to exit the Ubuntu JeOS server that I had set up to run it under VMware. (Most of my stuff is Windows, and Nagios is a linux program). It turns out that a program called exim is used to send emails, and it's a bit crazy.

All attempts to send email to myself resulted in replies which contained the error:

all relevant MX records point to non-existent hosts

Thanks to this entry on the PkgExim4UserFAQ, I was able to get a clue

A probable cause for this might be that all MX records for the offending domain point to site local or link local IP addresses, which are ignored by the dnslookup router to protect from misconfigured external domains. The default configuration has relaxed checking for domains that the local system is configured to allow relaying to, so adding the offending domain to dc_relay_domains will most probably help. Please note that this entry might be necessary anyway to bypass relay control for the domains in question.

Please note that no domain on the public Internet should have MX records pointing to site local or link local IP addresses, so you might check your externally visible MX records.

If this doesn't help, try analyzing the output of exim -d -bt some.local.part@the.offending.domain.example

Well, I did the requisite test, to find this among the output

ignored host mail.xxxx.com [10.0.0.x]

Ignored host?? Clearly not the same as one that is non-existent. So... the first error was a lie.

All the relevant records pointed correctly to a very much alive and well host, but exim chose to ignore it because it was local.

In order to get around this, you have to follow the suggestion of Marc Haber and tell it that it is going to relay email for your local domain (which sounds like a very bad idea) in order to get it to work.

I don't know why they did it this way, but I'm posting this here to help others figure it out.

XP era ends?

Larry Dignan over at ZDnet asks:

XP era ends: Will Vista step up?

Larry assumes that Vista is inevitable, and that anyone who questions it is unpatriotic... er... just a complainer. He then goes on to the straw men:

If you’re a Vista complainer you have two options from here:

• Move away from Windows completely (users try a new OS and developers jump ship).
• Or shut up and go with Vista.

Now, the false choice here asserts that all non-Vista operating systems will suddenly and completely have no value once Microsoft, in their infinite wisdom says so.

There are a lot of reasons to avoid Vista like the plague. People went along with having pre-loaded Windows back when new versions were generally an UP-grade... but Vista breaks far too many things, and causes way too much grief. There is a lot of user hostility being build up over this, causing people to start searching for alternative platforms as an escape route.

Linux seems to be the platform of choice, be it on a Mac or a PC. We can all run XP under VMware if we need to run some application that can't get ported eventually to Linux. Microsoft is quite aware of the place they are putting everyone into, but really has no choice in the matter. They desperately want to keep their OS market share to help drive their Office cash cow, but know that this is ultimately a losing proposition. So they will keep the drama going, probably announcing some form of "extended support" to keep it alive for a while longer to prevent defection to Linux.

The XP era is ending, long live Linux.

166437 and counting

I've managed to gather all of my photos from the last 11 years in one disk, and I've got 166,437 distinct Jpeg files, plus some movies in AVI and MPG, and a few NEF files. WOW

Mellon Collie

I got a nice spiffy new hard drive to gather all my photos together on... only to find out that I may have lost a few years worth due to inadequate backups... ugh, I'm feeling a bit of Melancholia.

My main task now is to fight through this, and try to recover what I can. Ugh!

Update: I have all of them in a lower resolution format... good enough for small prints... still working on getting the originals back.

Towards a new database model

Over the past few days I've been pondering the way databases get used, and I think I have a way to help make things better by shifting things around a bit. I'm going to dive right in to deep territory here...

The current crop of SQL type databases are all batch oriented. They just don't scale well because of this. We need to update the model from one of data that gets visited by the occasional query to one where the queries are always running and updating their results.

If you find yourself requerying a database without having changed the data yourself, you're wasting a huge amount of resources. You really only want to know what's changed, and it's silly to re-examine everything that isn't modified since the last run of the query.


Imagine a table in a database. If you recorded the initial state of the table, and all of the subsequent operations, you could perfectly replicate the state of the table.

If you then wrote code to implement this type of logic, it takes a lot less code to keep valid replicas. You would have a stream of changes instead of a set of facts that constantly needed to be reexamined.

If you ran a query against such a table, then ran the query against the stream of changes, you could have a running output that worked vastly more efficiently, since you only have to examine records that have changed.

I'm not a computer scientist, nor an engineer, but it seems to me that this model should be looked into a bit, and has some promise to save us all some time and effort.

Who knows, it might even save Twitter.

Dead D40... ugh!

My Nikon D40 just died... it has only taken about 29000 photos since I bought it after Thanksgiving... this really sucks! I've contacted support, and will be sending it in on Monday.

The shutter is fubar... when you turn it on it says

! Error: Press shutter
release button again.


Oh well... time to dig out the Coolpix 8800 and get the batteries charged.

Flow based databases to fix twitter?

Twitter is a popular web based instant messenger service, which has been having problems with scaling lately. The facts seem to indicate that a traditional Relational DataBase Management System just isn't an appropriate fit in this case.
I believe that this is a perfect case for a new type of database, and perhaps even a completely new framework of programming. I don't have a good name for it, and the ideas are still vague in my head right now, but I'll try to outline what I'm thinking of below.

I would break Twitter up into a series of tables which get distributed and replicated among a cluster of servers. The tables would relate to each other, but not in the strict atomic transaction model, but one of eventual consistency. These tables would be:

• Users
• Queues
• Subscriptions
• Content

The real trick would be to treat the tables more like queues or pipes full of data that are appended to with very low random write frequency. The changes would then be aggregated in a channel to make it easy to keep multiple copies for coping with the heavy read access from all of the clients connected at any given time.

The bandwidth external to Twitter is pretty high, because you've got lots of people with many subscribers. The amount of actual non-duplicate data is surprisingly small... and I'm guessing that it's on the order of 3kbytes/second. The real challenge is distributing this 3kbytes in a consistent and reliable manner to all the places it gets copied out.

A flow based database would be able to handle such types of loads by maintaining many local copies and keeping them in eventual consistency by tying them into a channel. This is a place where multicast might be a really good strategy, if not a straight peer-to-peer network.

A flow database could be a straight up normal table in an RDBMS, or it could be something new optimized to the task.

What do you folks think?

Oh my G-d, Scoble killed Twitter...

So Robert Scoble is to blame for taking out Twitter, the all too popular instant messaging system, because he's just to gosh darned popular.

As if...

As I've stated before, the aggregate flow of all tweets in on the order of 10-20 messages per second, based on peeking at the message sequence numbers. It seems readily apparent that they've chosen the wrong architecture for this.

The tweets themselves should be aggregated with a sequence number, and user sequence number into a stream which should get copied to all of the boxes handling User Interface. Deleting a message would be handled by reposting it to the same queue with no data.

The subscription lists should be another stream.

The user database could be yet another stream.

All of those streams should aggregate out to about 10 kbytes/second. The process of splitting out the work to UI boxes is one of straight forward partitioning of the load, and maintaining a list of tweet sequence numbers for each person to see. The aggregated total of all of the three streams would sit on each UI box so they didn't have to get any of it from across the net.

That's my basic idea for scaling twitter. Comments welcome.

Tim, Noran, Virginia, Bear

Here's a great photo of Tim, Noran, Virginia and Bear. We took Virginia to the Lincoln Park Zoo in Chicago to celebrate her second birthday. Tim was nice enough to meet us there for the occasion. A fun day was had by all.

Bear got to see some of his cousins.

Greta still remains missing. She was last seen near Niagara falls a few years ago.

Rememberance

In Flanders fields the poppies blow
Between the crosses, row on row,

That mark our place; and in the sky
The larks, still bravely singing, fly
Scarce heard amid the guns below.

We are the dead. Short days ago
We lived, felt dawn, saw sunset glow,
Loved, and were loved, and now we lie
In Flanders fields.

Take up our quarrel with the foe:
To you from failing hands we throw
The torch; be yours to hold it high.
If ye break faith with us who die
We shall not sleep, though poppies grow
In Flanders fields.
— John McCrae



This is a day to remember those who came before us, and to reflect upon the legacy they left for us.

The time is now, always now, to decide what you can do to make the world a better legacy for our children.

Hezbollah has fiber?

Today's news of the unexpected is that Hezbollah, the opposition (terrorist?) group in Lebanon has it's own fiber network!

Wow!

Yet, I can't get fiber for a reasonable rate at work or at home in the worlds only remaining SuperPower... hmmmmm.

Found via John Robb.

ACL as punishment?

Over at Echovar, in the midst of a post summarizing the Internet Identity Workshop:

Chris Saad injected the data portability meme into the flow and suggested personal Access Control Lists, in the form of a “Sharing OK/Not OK” check box on data you give to individuals or companies. It would be interesting to watch Robert Scoble manually configure a complex ACL on his 20,000+ friends (Scoble rushes in where Angels fear to tread).

While it would truly be torture to force a person to manually configure an ACL for 20,000 people, it doesn't have to be that way. One wrong move, and you've lunched everything.

Giving away capabilities on the other hand would be a much easier thing. You have the host environment generate a capabilities token for the piece you wish to delegate access to, then send it through email, or on a web page, or whatever the end user's security policy specifies is the right thing to do.

It would make far more sense to have a system that lets users delegate capabilities to any given part of their information, blog posts, photos, etc. The fact that you start with a model of least privilege means that you start with the most you're willing to give away, and pare down from there. You don't have to worry about giving away the store by mistake.

Yes, Access Control Lists would be punishment, but being able to give away little bits, without fear, is a quite liberating alternative.

I look forward to the future.

QWERTY Considered harmful?

An interesting observation from Daniel Berger:

Larry Wall’s first rule of computer language design is, “Everybody wants the colon”³. Maybe the problem is that we just don’t have enough symbols on our darned keyboards. The result is that we’re left fighting over the scraps that QWERTY gives us, e.g. the colon. My opinion is that a limited number of usable characters limits our thinking and our expressiveness. (emphasis mine)

In my recent quest to push forward awareness of capabilities, the notion of expressiveness seems to be at the crux of everything. If you don't have a conventional way to express something, it takes a lot of work to come up with something to get your point across.

I believe that rich source code is overdue. The idea first came to me via Chuck Moore's ColorForth, but I think it could be applied in a wider array of places. The ability to simply highlight a section and make it a comment without worrying about syntax would be cool, but I'm sure there are far more powerful uses that would quickly arise, such as the ability to do literate programming, freely mixing source and documentation and content.

The arguments against any new programming technique usually tend towards the fact that pretty much any language can already express any program. These arguments always miss the expressiveness that a new language brings to making it easier to solve a certain class of problem.

Originality

Quote of the day:

Originality is overrated. Clarity, especially for those of us who have trouble achieving it, is also appreciated.

That was in response to an Megan McArdle's concern her post might not be original enough. It was, and I learned a few things. I liked the CS Lewis quote in the middle.

Almost useful capabilities demo - 0.012

So, I've done some more programming, and I'm now up to version 0.012. for my Capabilities demo.

The main page at http://127.0.0.1:81 is now the user page, with the protected content. You have to have a capabilities token to edit the data.

The administration page is at http://127.0.0.1:81/admin, which allows you to create and revoke capabilities, and see the current "protected content".

It's all implemented in python, in a single file, just to make it easy to demo.

The slow road to implementation

There are a lot more choices to make, and details to manage, in the process of programming a web server than I would have expected. I've made a lot of decisions, trying hard not to worry too much about it, to avoid analysis paralysis.

http://warot.com/python/ contains my recent python programs. I have to name them with .txt on the end or the web server tries to run them (and fails).

So far I've managed to get up to webserver008.py, which manages to create random numbers and keep a list of them available. At the rate I'm going, I'll have something usable in a few months, which is better than never. 8)

Should you choose to actually download and run the thing... here's what it does.

In a DOS box (or your command line equivalent)

Welcome to Mike Warot's capability based security demo web server, version 0.008

You can access it at http://127.0.0.1:81
Use control-c to tell it to shut down, which may take up to 10 seconds
started httpserver...

If you then open http://127.0.0.1:81 in a web browser, you'll get a very informative message like this:

this is the default content, not served from a file
Here are the valid tokens:

Now.. for the completely undocumented and poorly written section of code... change the URL to http://127.0.0.81/token, and you'll get something like this:

0451a66530b72a980725745c39992239

Isn't that lovely? If you then go back to the home page at http://127.0.0.1:81 and refresh the page, now you'll see:

this is the default content, not served from a file
Here are the valid tokens:
0451a66530b72a980725745c39992239 [Revoke]

That's a list of all the tokens, with the ability to revoke one of them. That's pretty much the full extent of the power of this demo.

It's a list, with a undocumented, poorly designed and inconsistent UI... but it's a step in the right direction. Oh... and it's licensed with the GPL so you can fork the project. ;-)

I hope to get a reasonable list view with the ability to issue tokens without having to mung the URL in the next day. Code to actually give out capabilities to edit a resource should be next week.

It's slow going, isn't it?

--Mike--

Computer as suspicious package

It occurs to me that almost none of us could answer the question "did you pack it yourself" in the affirmative if we're using a PC, especially not if we bought it from a vendor who favors crapware.

I haven't actually had total control over the contents of a computer since I built a little box back in the 1980's that watched for a ring signal on a phone line, flipped the relay to pick up the line, used a 4 channel 8 bit A/D converter to sample 4 incoming voltages, then used a speech chip to speak the given voltages (in almost recognizable english) to the caller, twice, then hang up.

I wrote the code, programmed the 2764 EPROM, and it was totally under my control. I packed that piece of hardware... but since then... no way.

If you get a new PC from a good source, you can reasonably trust that the BIOS isn't going to be subversive. Once you load an OS, you've definitely had someone else doing your packing.

If it came loaded (or used)... there's really no way you can truly trust it, you just have to assume it's all going to be ok. Most of the time, it works out that way, or if it is a zombie on a botnet, you don't even know it, which is almost as good for most people.

It's a strange thought... but one I think might provoke some discussion.

Only Communists complain about twitter??

Why Cliff Gerrish thinks that wanting to fix twitter is the same as communism is beyond me. I'm not part of the Gillmor gang, and I'm annoyed that twitter is broken quite a bit. Does that make me a communist too?

Twitter breaks, a lot... it's broken now, giving me time to write this. It's ok to complain about a broken service. Twitter is a good service, when it works, but it's too valuable to leave to the winds of chance. Thus... replacing twitter with something more reliable is a natural itch.

I guestimate that the aggregate flow through twitter is somewhere around 3kbytes/second when it's at full bore. It can be replaced with a set of machines, with normal code, and normal network hardware. There's no super hardware or non-obvious patentable code buried in it... anyone with enough programming skills, hardware and time could do it.

But... even hinting that we might do this sends Cliff into a 1950's McCarthy era rant about communism... it's just.... odd.

Being able to trap keywords and subscribe to them from the overall stream still only has to content with 3kbytes/second. Again... normal hardware, normal networks, just a bit of distributed software to make it all work.

Even more stuff to choose... ugh!

The last time I did full time programming, I was using Turbo Pascal 7.0 on a DOS platform. The notion of being able to have multiple users trying to use our little home grown inspection software was just starting to enter reality. I then did a bunch of other stuff.... now programming is coming back into play because of the capabilities demos I want to do.

I'm like a newbie all over again... I've kept up a little bit on the buzzwords, etc... but haven't had to actually implement anything from scratch in more than 12 years. I figured surely in the meanwhile all of this stuff would be sorted out, and there would be a nice standard way to have programs talk to each other across the internet.

So now I know what all of those buzzwords like SOAP, XML-RPC, REST, WDSL and the rest mean... nobody has a nice simple way to do things...

I was hoping to do a nice simple demo of a RESTful capabilities system using Python as a simple standalone app that anyone could just put on their PC (or server). It turns out that there are several things in the way. Here are some of the things I've learned.

• Cryptographic random number routines aren't included in python. (Dean Landolt suggests punting the issue and getting on with it... and I agree for the demo)
  
• The library that would do it requires me to be able to re-compile python (using Visual Studio 2003)
• REST isn't... the common example of Flickr as a RESTful API isn't.
• WDSL is for people who like to write specification specifications, and don't write code.
• REST is the choice, except that web browsers don't actually PUT or DELETE, and a lot of people use GET for things with side-effects.
• There are a lot of python web toolkits out there, including CherryPy, TurboGears, Web.py, Django, and others.
  

In spite of all that, here are my design choices to date:

Programming language: Python, because it's cross platform, a known entity, and quite powerful, despite the immutable strings, and comes with a web server library.
Database: None - it's a demo
Random Salt: the built in non-secure RNG from python
Protocol: REST-ish... GET for reading, idempotent operations only, POST for everything else. Rest because there should only be one URL per object, regardless of the compromise about PUT/Delete.


The demo will be of the ability to edit a string. You'll be able to see the string with a straight web page. You'll be able to request a token to edit the string, you'll be able to write the string (provided you have the token) and you'll be able to revoke the token.

I'm hoping that's simple enough for me to get done on a few train trips to/from work.

Random numbers are hard... whoda thunk it?

It turns out the hard part of doing capabilities on the Internet is the lack of a suitable random number generator... which kinda blindsided me. I'm trying to find an implementation of the ISAAC random number generator that would work in either Python, or active server pages, and haven't been able to find one. It's critical to give out unforgeable tokens, and a cryptographically secure random number generator is the way to go. You can't even think of using the built in random generator, because it's too easy for a determined attacker to guess the next output after a short run of samples.

So, eventually I'll find what I want (or be forced to port it myself)... and then I can get back to the examples... which will generate a token consisting of the object, the capability, and a random number to serve as salt to keep from having it forged.

Wish me luck.

Twitter - Capabilites mashup

The idea of a distributed replacement for Twitter is floating around... and I've been writing about capabilities recently... what would we get if you merged the ideas?

#1. - Get rid of user accounts on twitter... just hand out the capability to post, which would be different each time it's issued, and individually revoke able. I'd hand them out in an Email, to limit the user base a bit and cut down on spam. You could always store the email address somewhere in a table along with the capability to know who it is if necessary.

#2. - Allow each user to then hand out tokens that would allow a direct message, which they could proxy and/or revoke themselves. This would make it possible for an end user to block someone from making direct messages, without the need for it to happen in the central code. The proxy that does this could be a separate service, and doesn't play a part in the security of the central capability provider code.

#3. - Allow each user to hand out tokens that would allow following them, which like above, they could proxy and revoke themselves. This turns the distributed twitter into an effectively private email system without too much work.

#4. - There's really not much difference between a tweet and a blog post, other than length. There's not much different between a private posting and and email... you could cover all of them this way.

Ok... it's 10:30 and I'm sleep deprived, so this might not be as coherent as it seems at the time... though I hope it is.

Capabilities offer a huge amount of flexibility when doing system design. They make it possible to break apart the logic of a complex application without having to worry about the combinatorial explosion that results from the conventional idea of having every piece of code enforcing a ton of rules.

What do you all think?

--Mike--