Categories
analogies

Analogies for Tech: The Web as Houses

One of the historical patterns we see is where a specific field or part of life moves from being expert to common.  That’s been true with reading over time, for example.  It’s been true with automobiles in some countries.  There was a time when only women had babies….okay, you got me there.

But over time there’s an expectation in the computer industry that average people will learn technology to a greater degree, even if not to the same depth as a computer scientist or computer engineer.

I am examining potential analogies for explaining technology of various sorts to laypersons in the hopes they will grasp the relationships of the world they use every day.  I’ve already given part of the explanation of why, but here’s the other part:

Until you see the cracks in the walls with the sunlight slicing the darkness, and until you see the bubbles rising to the edge of the universe and ask what if it isn’t the edge at all, you have very little reason to jump out of the water or break into the day.

With that I hope to, from time to time, examine potential analogies for bits of technology.

The Web

The metaphor for the web is moving to a house you are building. In this, HTML is a set of special boxes.  You have some like title that are meant for very particular contents. You don’t put your china in a box with your hammers.

You have other boxes like html itself, which are there to hold everything you put in them. You put your china in one box, and your hammers in another, but both of those boxes can fit in a third, bigger box. That bigger box is actually the truck, in this case, but you might have palettes that hold many smaller boxes, as with something like div.

Then you have CSS, which are tags you attach to the boxes to tell the movers where they go. “This is a very dark brown room.” Or, “all of the windows should be blue, but after you have looked through one, it is purple.”

If you’ve seen that last bit, it’s the style applied to links using the default styles of most web browsers.

That’s right. There are default styles that come with the browser. They are there so that if you don’t specify, there’s a good base to work from.

Now, additional styles let you override those defaults, but there are also some amount of styling implied in the way you pack your boxes.

If you put some text in one box, then it will end up together in the house unless the styles applied are very explicit.

You also have peculiar boxes like script, which tell the builders that they contains fixtures or robots that will respond to visitors to the house in some way. They might be faucets that will, when turned on, create or delete whole rooms. They might be spy cameras to watch the visitors and tell the owners of the house what they did in the house.

Extending the metaphor out, the creator of the document packs everything up in their boxes with their blueprints and send them up to a server. Then you visit the server and it spits out the boxes with the blueprints, which your builder, the browser, assembles.

Some of the documents aren’t made in that way. Increasingly, the houses of the web are made in factories called applications. Think about some service like Google Search. They have thousands of computers working to find the content all over the internet, and when you search those computers shove that content into the right boxes with the blueprints and styles and deliver them to you.

Anyway, I guess that’s enough about the web for today. Did this analogy make it clear how the web works?

Categories
security

Global Network Security

The motivation for this post is the general lack of security permeating the services we use and the governments that are supposed to serve us.

The basic form of security on the Internet comes with your browser. Transport Layer Security scrambles your communication with a web service. This scrambling prevents governments, eavesdroppers, and aliens from listening while you access a bank or e-mail.

Many sites lack TLS support. It takes work to add, and it only gets added where necessary. That uncovers a basic point about security, that secure means protection equal to or greater than the risk. You probably wear clothes, at least sometimes, for protection from the elements. But you dress to the elements. If you will venture into a toxic area, you don a hazmat suit.

If you view this blog, assuming I don’t write anything obscene in your jurisdiction, you probably don’t care if those third parties know you accessed it. But for services with private data, you do care. Services should protect their important data first, and other parts only if needed or desired.

Look to the Firefox Sync service. The Firefox Sync service (Mozilla Wiki: Services: Sync), which allows users of the popular Mozilla Firefox web browser to store copies of their critical data (bookmarks, history, passwords etc.) in a service for copying between different computers and devices.

The architecture of Sync ensures that any time the risk of the data increases, the security increases to match. That’s just once, when it leaves your controlled device. Before upload, your browser encrypts the data, making it as impossible for Mozilla to access it as for any third party.

Compare that with a popular file storage service, Dropbox, which also uses encryption to secure your data. Quoting from Dropbox: Terms: Information Sharing and Disclosure: Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights (emphasis added):

We may disclose […] when we have a good faith belief that disclosure is […] to (a) comply with a law […]; (b) protect the safety of any person […]; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

The second emphasized portion surprises merely because Dropbox possesses the capacity to strip the encryption off of the data. While the last sentence serves to tell the user, “you can roll your own,” that strategy does not seem particularly effective at guaranteeing privacy. Sync’s method, on the other hand, leaves them powerless to decrypt the data (even if you need them to (eg, if you lose your secure key)).

Also compare the architecture of Sync to that of Google Gmail. A web-based e-mail service, Gmail uses TLS to keep your session of working with mail secure, but makes no claim to encrypt the data, and certainly not as it leaves your device.

Unlike Dropbox, which merely possesses the ability to decrypt the files, Gmail needs the plain text of the mail, as it advertises based on the content. While understandable, that business model does not necessarily benefit the user of the service. Again, you may DIY encrypt your mail, but most wouldn’t know where to begin.

Before moving on from Gmail and Sync to another topic, something worth noting (from Gmail Help: Accessing a deceased person’s mail, emphasis from original):

If an individual has passed away and you need access to the contents of his or her email account, in rare cases we may be able to provide the Gmail account content to an authorized representative of the deceased user. We extend our condolences and appreciate your patience and understanding throughout this process.

Their process includes a lot of legal documents and obtaining a court order among other hurdles. Compare that to a process Sync would need, which would require not only asking Sync for the data, but having access to a key that they do not know. If the deceased did not plan for disclosing such keys, consider that data lost until such time as computers may crack it (likely a long while).

Law enforcement and other legal processes sometimes require the disclosure of data from these services. For Sync, they receive a blob of data that they cannot read without the key. For Gmail and Dropbox, they get the actual data, ready to index and use.

The problems of government abuse weave through human history, and we should take them seriously. The first emphasized portion of the quotation from the Dropbox terms makes it clear that they do not need to prove a law enforcement request valid in order to comply.

Indeed, searching the web for information on how to verify the authenticity of law enforcement actions shows very little of use.

The American Civil Liberties Union (ACLU) writes (via ACLU: National Security: Surveillance Under the USA PATRIOT Act):

The FBI does not even have to show a reasonable suspicion that the records are related to criminal activity, much less the requirement for “probable cause” that is listed in the Fourth Amendment to the Constitution. All the government needs to do is make the broad assertion that the request is related to an ongoing terrorism or foreign intelligence investigation.

But, let’s modify that quote a little:

The [alleged government representative] […] needs to […] make the broad assertion that the request is related to an ongoing terrorism or foreign intelligence investigation.

The main change here underlines the possibility of impersonated government actions. Even if the individuals involved in a so-called law enforcement request do belong to the organizations, trusting their actions requires verification that currently does not exist.

I found a quote in a document distributed by the US Department of justice (US Department of Justice: Office of Justice Programs: Office for Victims of Crime: PDF: First Response to Victims of Crime: Tips on Responding to Victims With Blindness or Vision Impairment):

Tell victims your name, badge number, and the telephone number of
your dispatcher when responding to victims who are alone, and support
them in verifying your identity.

Note that applies only to victims, and vision-impaired ones at that. The verification process lacks any vigor, to boot. Under most circumstances, though, the merely appearing as a member of a law enforcement organization serves as equivalent to proof.

If you want to verify a government document (eg, a notice for jury duty), good luck. You can call the number provided, but they provide no chain of custody or proof. No cryptographic signature.

If served with a warrant, they provide no mechanism for verifying it, not only verifying the warrant’s registration with the claimed organization, but that the process that produced it represents an authorized, valid investigation.

We rely on some vague notion of trust alone.

The other path represents real security. The other path requires far more diligence, but it includes some emergent properties that make it worthwhile. These properties include a natural defense to corruption via feedback loops that erode bad law much faster and reinforce good ones.

Again, look at Sync. It makes you plan for if and how your estate may access your browser data. Look at the law enforcement request, where you retain control over your data, and some government agent acting under color of authority cannot ship your data to some foreign government or corporation.

A properly built online banking and payment system would preclude the possibility of unauthorized access, because a payment would not produce any data that could be used nefariously. A payment would simply be a one-time code for making a payment, just like a request to download a webpage can contain no identifiable information other than the IP address and the page requested.

Logging into your bank would give you a view of your account, but modifications (such as bill payment or fund transfer) would require several steps, with varying security, to preclude tampering. These steps use properties of known, secure handshakes, designed to thwart attacks.

The basic process of a payment:

  1. You tell a web store you wish to purchase.
  2. It prompts you for delivery information.
  3. You securely visit the postal service (or via some other mechanism prescribed) to obtain a secure hash for delivery information.
  4. You provide that to the website, which verifies the validity without knowing that location itself.
  5. The store prompts for payment information.
  6. You securely visit the bank service (or via some other mechanism prescribed) to obtain a secure hash for payment information.
  7. You provide it to the website, which again verifies the validity without knowing the bank account/credit account itself.

That may not be the exact process, but something similar could occur and limit the information leakage. Similar processes should work for a variety of transactions (again, warrants and other legal processes, web services, etc.). This does not merely protect you, but it protects the services as well (both their reputation and liability), as if a security breach occurs, the attackers only get a bunch of hashes they cannot do anything with.

Thanks, I know this ran long and still needs clarification and better development. Feel free to ask questions or give feedback.

Categories
software

The Coming Fragmentations

As any system grows, the cost of maintaining it as a single system grows.  When a system becomes a certain size, maintenance of it is too high, and fragmentation is required.

This can be seen in pizza.  Very few people refuse to slice a large pizza and eat it as a single unit.  Even the few that do (you monsters) would cut up a pizza that was twice the size.  Another way it happens with pizza is when the parties to the pizza could not agree on a single set of toppings, so different portions of the pizza have different toppings.

But it can also be seen in a few non-pizza places, which I will examine below.

Government

There’s a reason why a world government has been opposed by many people for a long time.  The size of such a government would be so big, with so much bureaucracy, that we would all die trying to figure out which floor we needed to visit to requisition a pencil to fill out a form to submit that would let us take our street-crossing test so that we might return home.

At some point, government at one level may grow too large, and it should fragment.  We have in the USA a national government, with state, county, and local governments.  At some point we will need to rework the layers so that we have regional governments (some of which might overlap), or specialized governments (eg, the Mississippi River Government that would manage collective interests for states and regions directly related to that river).

When we learn to manage the layers of government, we will be able to institute world governance that is not a threat to individual liberty.

This type of fragmentation might be called stratification, since it deals most particularly with layering the governments.

Transportation

The transportation in America, of humans, anyway, is primarily by autonomous transport (ie, cars).  There is some use of buses, trains, planes, and boats, but these are fairly limited in scope and, therefore, use.  In certain areas, the road-based system has grown too large, and it should be fragmented to help reduce that burden.

You can only build so many roads before it does no good.  It makes far more sense to add alternative transportation to augment the system.  This means that fewer people are reliant on the original form, and more of the traffic does not overlap.  It’s equivalent to adding multiple traffic channels in other systems.  Instead of getting cross talk on a radio, you can simply move some traffic to another channel, and continue with multiple sets of conversations independently.

This type of fragmentation is also a form of stratification.

Browsers

At some point it may make sense to fragment the browser.  When it happens, the OS gets new services to handle different parts of what’s currently in the browser.  That includes HTTP, bookmarks, cookies, authentication, signup, and rendering.

Some of these are already partially fragmented in the form of libraries, and some browsers like Uzbl already try to move toward a browser that is reliant on outside components.

While the functions could permanently remain in the browser, with other applications relying on the browser as a service, the benefits of moving them outside will reach a tipping point for most systems and users.

This type of fragmentation isn’t about the layers as much as about specialization, which it could be called.

Mobile Devices

One day the mobile device will likely fragment.  You will still have a dedicated component with a CCD for a camera, one with broadband wireless IO, one with a screen, but you won’t have a separate screen on your camera and phone.

In that world, you could use your computer screen as the head for your mobile device, for example, and you could use the power from the train to power your phone or mobile computer, saving your battery for later.

This is also a form of specialization, and some aspects are already there.  Many smart phones use WIFI when available instead of the wireless broadband.  There are also a few smart phones with the ability to plug in to a netbook-style dock.

Online Services

The final fragmentation for thought today is of online services like Facebook, but also things like Google and Wikipedia, and even the DNS itself may fragment.  There’s an ongoing push for someone to come up with distributed social networking.  Diaspora is the most prominent attempt, but others are working in the same direction.  This type of fragmentation might be called democratization, because its primary goal is to restore the control over the service to the users.

But it also has other benefits, including the possibility of improved utility.

Stratification, Specialization, Democratization

The three types of fragmentation today were in layering the functions, in breaking up by activity, and in distributing the control of systems.  They all have their places, and some systems will require a combination of them, or even something different entirely.

But we should be aware of the systems we interact with, and we should consider whether the problems we see are caused by other factors, or if they are due to the system outgrowing its britches.

The examples are numerous.  I could go on.  Economic systems, little league sports organizations, insect colonies, large-scale computing, military, etc.  The abstraction of fragmentation is quite useful, and even more so when intelligently put into practice.

Categories
biz

Is Metered Internet Inherently Bad?

The Canadian counterpart to the FCC made some regulatory changes that will mean many customers  will switch to “Usage-based billing” or metered billing for consumer internet services.  For details you can look at Ars Technica: 200GB to 25GB: Canada gets first, bitter dose of metered Internet.

The gist is a cap of 25 GB, down from 200 GB or unlimited, and a surcharge of $CAD 1.90 for every GB over the cap. There are some ways to plan for higher use, but they don’t really help that much.

This change is not voluntary to the providers.  It was imposed by the regulators in Canada, including the rates being charged.  The rates are too high, and the caps are too low.  So this is a bad move, an unfortunate change that had no real need behind it.

What I’m interested, though, is whether metered internet is inherently a bad thing.

Metering works well enough for some services, notably electricity, water, and sewer.  So long as the services are managed reasonably, and the rates are fair,  I expect to pay more if I use more.  Is the Internet different?

I actually think metered Internet could be a good thing if the prices are set correctly.  In the 1990s many European users had metering, and it was poorly executed then as well.  But here are some of the benefits to metered service, if the price is fair:

  1. Fix it fast: the power company keeps the juice flowing, as do the water and phone companies.  If the service is down, it’s not used, and they don’t get paid.
  2. Build it better: it also gives them a reason to make sure the installation is of higher quality to begin with.  So they can lower their repair costs, and ensure you will use as much as you can in a billing period.
  3. Upgrade it: for the Internet, growth is constant.  Historically, the USA has lagged in upgrading its lines (along with everything else), but metering gives some incentive to do that, too.  If they get paid by the GB, they want you to be able to suck them down that much faster.

So there are some of the upsides, but where’s the downside?  There is only one real downside, and that’s when the price is too high.  And there’s the rub.

If the price is too high, each advertisement is a slap in the face.  Every wasted byte seems like a website is against you.  You’ve got a budget (both in bytes and dollars), and they are screwing you.  That’s how it was back in the 1990s, where European users would often flame people with long signatures on mailing lists.

And the price will be too high unless there is competition (or regulation).

Edit: As Canada has nixed the plan, I’ll simply note that there were some quite apropos posts around the internet comparing the cost per GB to other forms of sending data, such as via the postal service, which made it utterly clear how poorly the actual metering rate was thought out.

Categories
biz

Google Policy Blog: Myth v. Myth

Google’s public policy blog has posted a response to criticisms of their joint proposal with Verizon on Network Neutrality: Facts about our network neutrality policy proposal.  It takes a heavy view of criticisms, constructing Myth strawmen (or at least glossing over the fine distinctions made by critics).

Here are their “facts:”

  1. Something is better than nothing.  (The second fact is a repeat of this.)
  2. Wireless is different than wired connectivity.
  3. Distinguished services are sufficiently defined to preclude network bias scenarios.
  4. (This and the next are kind of silly to include, but for completeness:) A proposal for legislative action is not a business deal between Verizon and Google.
  5. A proposal for legislative action is not binding on Congress, they are still free to make it worse.

I’m going to skip those last two, for the reasons I parenthesized.  As to the rest:

Something does not mean something good

It’s straightforward to recognize that inadequate protections that merely provide coverage for providers to do as they wish will be a horrible failure.  And that’s what’s being proposed by Verizon and Google.  It’s legless and mealymouthed, and it could actually be more harmful than that if it turns out as other flawed systems such as the US immigration policy.

Their proposal, if implemented, simply would not have teeth.  Codified, it would act as an ipecac, allowing a brief sojourn from network bias only to vomit the bias back out, soiling the internet.  They note that the non-discrimination provision might just evaporate, and without that, any such legislation would be a fraud.

Why I say IPN

Wireless or wired, Internet Protocol is Internet Protocol.  Google will continue to fail to admit to that, and as such they want to pretend that the open-access rules they were able to get bundled with wireless spectrum auctions count for something.  Those rules have yet to bear any results for consumers who, despite the “more than just two providers to choose from,” the wireless industry remains an oligopoly where consumers lack real choice or differentiation of service.

You can expect the de facto price fixing and market inefficiencies to stand firm so long as a chunk of plastic (ie, the hardware, which is more of a status symbol than anything) remains their main selling point.  Until wireless becomes a dumb service where they must compete on price and performance in a brightly lit market, we will continue to suffer from another rotted industry.

And if wireless carriers can mix network bias on top of their offensive wares, that will only cement the industry to remain corrupt for the long haul (at least until wireless mesh is feasible).

Secure banking by (insert ticker symbol)

Among the differentiated services Google envisions is “a more secure banking service.”  Yes.  Let’s have your service provider collude with your bank, and charge you a special fee for the privilege of security. Let’s see you change your bank and ISP at the same time.  Double the bureaucracy, and imagine all of the termination fees!  Someone’s wet dream, to be certain.

Banking on the internet does need to become more mature and more secure.  But it still needs to remain on the internet because commerce is an essential function of peoples’ liberty.  Engaging in open, fair trade is absolutely necessary.  This is among the ideas in any well-constructed argument for the right to internet access.

The commercial forces that have persisted for over a century have an interest in keeping us tied to them, but the internet allows those chains to be torn off, melted down, and sold to the highest bidder.  And yet here comes Google proclaiming we should entrench them further.  Sigh.

So that’s out, but what about their other suggestions?  The other suggestions suffer the same flaw: any service that could be provided with a biased agreement with an ISP could be equally provided by another company with neutrality.  That’s what regulation in a free market is: the removal of barriers to market entry that prevent competition.  That’s why we have anti-trust laws, and it’s why no one should take the Verizon/Google proposal seriously, as they fail to recognize that fact repeatedly in that public document.

Okay, enough of that muck.  The bottom line is this: no institution shall rule the internet.

If the internet remains useful at all, it remains open.  If they want to destroy it, they can, but they cannot rule it.  Ruling it would destroy it, and it would take all of their gold with it.