Advogato blog for pelleb

28 Mar 2001

Wed, 28 Mar 2001 07:08:54 GMT

Ra-a-as. Just discovered I have 2 diary entries that are quite similar. I must be tired. Didn't even realise I had alread written some of that stuff down.

Whats happened since last is that Microsoft has released Hailstorm, which is quite interesting in a join the dark side Luke kind of way.

For those who arent familiar with Hailstorm check out Dave Winers discussion of it.

While I dont like the centralised approach to Hailstorm, there is plenty of scope for doing subversive tunneling here. Hailstorm, is based on mainly open protocols. All of Microsofts apps are going to be supporting them. There is already lots of OpenSource software supporting the protocols. My favorite is Soap::Lite for Perl. We can have lots of fun here and open up lots of alternate services to compete with MicroSofts. How about forexample if the SlashDot, SourceForge etc had Soap interfaces, they already have RSS interfaces. SOAP is just the next step.

Ofcourse, for Microsoft it's all about keeping the important data on their servers letting them do all sorts of nasty aggregations on it. Even if Microsoft is as they say they are concerned about privacy it's always a great thing for someone like the NSA or the MI5 here in England to have a single point of contact. Hey they might even have their own SOAP interface into Passport, where they can play to their hearts content.

So why not come up with a similar scheme, except let the software behind it be OpenSource and use some sort of distributed way of sharing the data. You could even have a tiny HushMail style login applet, that fetches your encrypted data from a distributed filestore and decrypts it in the applet after you entering your username and passphrase. This would send a Kerberos style ticket back to the server needing authentication.

This would still allow tracking on the local website level, but not on a global level.

Otherwise I'm working on some neat stuff in Python at the moment.

Booyaka-sha ... West side
-P

8 Mar 2001

Thu, 8 Mar 2001 23:26:26 GMT

I've been playing with DRNS as mentioned below and I think I've come up with a good way to do it.

We have a simple XML based format for certificates that are signed using pgp/gpg.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 <drns>
<domain name="/">
<!-- Root Certificate for the Distributed Rights System -->
	<allow expire="never" subtype="domain">
	<!-- 
		The Root Certificate allows the following 
direct subcontent:
		- only domains
		- subdomains don't have to expire
		- signed by the following signatures
	-->
		<sig>BB55 B33F 05B7 A620 CEA3  63C4 0DCE 
14A6 B176 8E09</sig>
		<sig>F370 AE16 6A8D FDB8 F170  BFAC 51D8 
0BCF EE8F 702F</sig>
	</allow>
	<contact>
		<email>registry@neudist.org</email>
	
	<www>http://neudist.org/registry/index.cgi</www>
	
	<soap>http://neudist.org/registry/soap.cgi</soap>
	
	<xmlrpc>http://neudist.org/registry/xmlrpc.cgi</xmlr
pc>
	</contact>
</domain>
</drns>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

 iD8DBQE6peBdDc4UprF2jgkRAiceAJ9IVgWbzYkYxS6TIVg/W5I17B8llQCg
mIjA
luEjsaG74Yl9iV3CFZlwzZA=
=ERm8
-----END PGP SIGNATURE-----

That is an example of a certificate for a domain name. This would be stored on MojoNation, Freenet, the web etc.

The certificate specifies certain signatures, that must sign any direct subdomains or subcomponents. This allows the owner nonrevokable control over a domain. If he issues a certificate to someone else for a sub domain, the owner of the sub domain non revokable control over this and so on.

8 Feb 2001

Thu, 8 Feb 2001 07:42:53 GMT

DRNS - Naming Schemes for Distributed Storage
While I know that there might be many people who'd disagree with me, I think it is very important in a distributed storage space to have some sort of structured equivalent to DNS. My working title for this is DRNS (Distributed Rights Naming System). This could be non storage protocol specific, so it might work on both MojoNation and FreeNet. Here are some of the ideas I have as requirements:

It should be able to be plugged in to various storage schemes.
It should be usable through existing browsers. (You should be able to append the name to an Existing URL for an freenet 2 web gateway for example.)
Names should be cryptographically unrevokable if wished. This is to avoid many of the disputes seen in the world of domain names right now.
It should support anonymous ownership. Otherwise why would you be using Freenet in the first place.
It should be hierarchical of nature, where each level of the hierarchy only controls issuance for the level directly below. Lets say that some one owned the /geovillages/ domain. They can control and set rules for issueing direct subdomains from their domain. But once they domain /geovillages/xxxsites/ domain had been issued by them, they can not control that domain or what goes on in that domain.
On creation a domain can be set to be expireable. This expiration will be a set time or date and can not be changed once it's been created. When expired a domain can be reissued with a new expiration.
Because of the hierarchical nature of the system. Given a document with a given name, you can verify that it and each parent domain above it is signed by the above domain.

One way to do this would be to use a hierarchy of PGP keys. Each domain would be described in a simple XML file, that was signed by the domain signer above.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 <drns>
<domain>
/neu
</domain>
<owner href="http://neudist.org">
1B14 4ED3 4CE5 3338 0B91  4640 AB15 3180 761B 4BD4
</owner>
</drns>

 -----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use 
<http://www.pgp.com>

 iQA/AwUBOoJJh4BkJoqOarblEQLSJwCgx0MN2IHwplBZ+klV+yfoN3Oh2r8A
mwaw
wjGb9v7pIQfs9BMh9zxkhvPq
=Hl06
-----END PGP SIGNATURE-----

This is the file that you get if you would get if you searched the underlying protocol for a file with the name "/neu". Any subdomains under "/neu" would consist of files similar to above, but signed by the key specified in the above owner tag.

The freenet of mojonation server would verify when a new document comes in, if it's allowed to be posted using the given name. Clients reading the file would also do a check for validity.

DRNS could be part of a layer of protocols to enable distributed, anonymous, p2p, commerce webs (how many more buzzwords can I put in here;). Higher level application specific protocols, could enable transactions and versioning ontop of this naming system and it's underlying storage protocols.

7 Feb 2001

Wed, 7 Feb 2001 10:51:08 GMT

I haven't written anything here for a while (Father, its been 3 months since my last confession :) ).

Seriously I've had many second thoughts about how I was going about developing Neudist. I was very reliant on Java and various other opensource projects, that just weren't quite as stable yet as they should be. I know that I should have spent time trying to debug these, but it became much more of a chore than I wanted it to be.

Also I decided that what is really needed for something as radical as Neudist, is real applications and not just a framework hoping someone will use them. So now I'm rewriting one of my first real Perl projects TravelTalk in Perl as Yet another Community Framework. Now, why don't I just use one of the many others that are available today? Well, none of the ones I've tried really fit in with my vision of what I want, also it's more fun doing all of this from scratch anyway. So I'm doing this thing which will someday be available on http://talk.org. in Perl, mod_perl, Mason and using the Postgresql database as the underlying source.

Let me tell you after having spent several years doing Java and working with clueless commercial appserver vendors, coming back to Perl is like returning home. I absolutely love it, having forgotten how productive you can get in this environment.

So what exactly am I doing that is so different with Traveltalk. Well the current version that is up, was written many years ago (1994-95) and you know the web has changed since then. One of the things I found was that many users of the system in the Caribbean, who were in the travel trade were using it as an important way for them to reach new customers, whom they thought more about like there friends than customers. Having read the Cluetrain Manifesto, with their statement that markets are conversations, I realised that my 2 great app interests (online communities and digital commerce) are closely related. What would be more perfect than to use TravelTalk as an experiment to combine the two. I wont go into too many details right now, but I think it could be quite cool.

So technically speaking I'm putting the final bit of coding on the actual community part now, should be live the end of Feb. Then slowly I will be adding NeuDist functionality to it, allowing people to setup small online businesses. Soap and RSS will be important parts of this. I was glad to see Dave Winer on Advogato. Even though he sells closed source software, he has been really important in building up protocols such as XMLRPC, Soap and RSS. He also pretty much invented the idea of Weblogs. He has also always supported Opensource vendors using the protocols he's been developing.

24 Oct 2000

Tue, 24 Oct 2000 09:44:48 GMT

I had an interesting discussion last night with a friend of mine about auditing of NEU's (Entities within my NeuDist project - think Nanocorps). He was arguing that people would only trust investing money or trading in NEU's if there was some sort of equivalent to the US GAAP and external manual Audits.

I'm a believer that for entities that are entirely online, including all their revenue, expenses, holdings etc. You can do the equivalent entirely in software. If users can see realtime what the status of the entity is and how funds and contracts flow through it, that should bring a level of trust that is unheard of in brickspace.

Independent analysts could make a living analyzing NEU's for investments or the savvy investor could do the same thing.

This requires a few important aspects of the NeuDist software. It has to be opensource so the process is entirely open. The software has to be properly audited like OpenBSD. Idealy there would also be some sort of way for the enduser to find out exactly what build of the server is running.

For other NEU's that venture out into Meatspace, I agree with my friend that we need to have other ways of determining trust. One way is to use an Advogato style trust model, another is to use and external auditing group. NeuDist will support the use of independent certifiers. These are not like todays CA's. Some of them will be underwriters, some will be analysts, there might even be cases where goverments see the usefullness in certifying a NEU for doing business (ie. incorporating) in the real world. The point is that different applications need different kinds of trust. If we at somepoint see Anheiser Bush or Coca Cola becoming NEU's they would need a trust model reliant on an army of auditors keeping track of them.

Before people argue that these entities should be private and none of what goes on should be public, I'd like to point out that that will be the case for probably the majority of NEU's out there. However if you want to receive an investment in terms of equity, bonds etc you may find that no one will give you any money unless you show them your books. This you could then easily do by adding a CAP to your financials. Many models exist, the idea with NeuDist is that we will provide a very basic yet vital layer in a framework for financial and legal trading and communication.

Also a big shout out to sohodojo. His ideas about NanoCorps map very closely to NeuDist.

19 Oct 2000

Thu, 19 Oct 2000 13:09:10 GMT

Finally getting some time to get rid of the last persistent bugs, before the first release of Neudist.

I really like the new Virgule stuff on SourceForge and will try to come up with a way of integrating my secure URL Caps with virgule. Mod_virgule has a lot of cool account management features and the whole trust metric concept that would be cool for use with online entities.

Just noticed in my last diary entry that I was talking about security in Ozone. I actually came up with a way of allowing and disallowing connections from certain addresses. There has been some problems with their CVS server for a few days, but it looks like it's back up again now, so I'll create a patch and submit it to the maintainer.

11 Sep 2000

Mon, 11 Sep 2000 16:53:06 GMT

While doing my Day job in London, I'm on the train 5 hours a day, which I'm currently using for my own little experiment in creating Cyber Entities - NeuDist.

I had to delay the launch as I discovered a new Object database called Ozone. I've been working with it the past two weeks or so, it's pretty cool and has a persistent DOM in it based on openxml. I've been having problems with the fairly nonexistent security model though, so I might have to work a bit on that and submit it to the ozone group.