Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

- Archives - 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12 2004-12-26 2005-01-30 2005-02-06 2005-03-06 2005-03-13 2005-03-20 2005-04-03 2005-04-10 2005-04-17 2005-04-24 2005-05-01 2005-05-08 2005-05-15 2005-05-29 2005-06-05 2005-06-12 2005-06-19 2005-06-26 2005-07-10 2005-07-17 2005-07-31 2005-08-28 2005-10-09 2005-10-16 2005-10-23 2005-11-13 2005-11-27 2005-12-04 2005-12-18 2006-01-08 2006-02-05 2006-02-12 2006-02-19 2006-03-05 2006-03-12 2006-03-26 2006-04-23 2006-04-30 2006-07-16 2006-07-30 2006-08-06 2006-09-03 2006-10-08 2006-10-22 2006-10-29 2006-11-26 2006-12-10 2007-01-28 2007-02-04 2007-02-11 2007-03-11 2007-03-25 2007-04-08 2007-06-03 2007-06-10 2007-06-17 2007-07-01 2007-07-08 2007-08-19 2007-09-30 2007-10-07 2007-10-21 2007-11-04 2007-11-11 2007-11-18 2007-11-25 2008-01-27 2008-02-03 2008-02-10 2008-02-17 2008-02-24 2008-03-09 2008-04-06 2008-05-18 2008-05-25 2008-06-01 2008-06-08 2008-07-13 2008-08-10 2008-08-24 2008-08-31 2008-09-07 2008-10-05 2008-12-28 2009-05-10 2010-04-25


Blog Feed

Recent Items
 
Republishing before Silence
 
Command Line Utilities: What Would Purr Do?
 
Retiring InfoNuovo.com
 
Confirmable Experience: What a Wideness Gains
 
Confirmable Experience: Consider the Real World
 
Cybersmith: IE 8.0 Mitigation #1: Site-wide Compat...
 
DMware: OK, What's CMIS Exactly?
 
Document Interoperability: The Web Lesson
 
Cybersmith: The IE 8.0 Disruption
 
Cybersmith: The Confirmability of Confirmable Expe...

  

visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

 

TRUST 2: Proliferation of COTS in Critical Infrastructure

ACM News Service: Diffie - Infrastructure a Disaster in the Making.  This summary features Diffie's perspective on the current distractions from attention to the infrastructure, the rapid introduction of software that is not designed for such reliability, and the inevitability of PKI adoption, like-it-or-not. Bill Brenner's 2005-04-12 SearchSecurity.com article is the second of two parts.  This Diffie interview has some valuable context.  For example, Diffie doesn't go for the monoculture theory, recognizing the practicalities that also figure into security approaches.  Known for insightful gems, Diffie drops this keeper: "... Diversity isn't the most critical question.  It's the proper attention to software coding that's critical.  Security differs from reliability because someone's looking for the part you didn't get right." [dh: My emphasis] The article is too short.  The sensibilities expressed here resonate for me and I want more!  It's great to see Diffie anticipating direction and that suggests where I can concentrate on simplified use in my own cryptographic applications.  And we get more Diffie humor:

How do you see the technology evolving over the next decade?
Diffie: I expect it to develop an opposable thumb and settle into a level of standards.  I think the most glaring example of success is the Advanced Encryption Standard (AES).  We now have a high-grade crypto algorithm. Standards like AES, SHA-384 [and] ECC digital signatures… will drive out their competition ...

I find that encouraging.  I will find it more encouraging if the shake-out doesn't leave us with protocols that require a business model that fore-closes cottage innovation. Martin Hellman's part of the interviews appeared on 2005-04-11, and the Diffie-Hellman key exchange algorithm is presented in a 2003-01-23 article by Mike Chapple. Brenner also has a 2004-07-01 article on differing views of the monoculture threat.  That one demonstrates to me that the metaphor is too pat.  Software platforms are clones, so it isn't even a monoculture in that regard.  One disease kills all.  But true diversity (in the Darwinian sense) is not possible for software, and it is also not useful.  Species survival doesn't matter if most of your copies die in the plague.  Get it?  And contrived-diversity forms being proposed raise their own trustworthiness concerns.  For one: How do you turn in a bug report against an operating system that has genetic variations in the copy you are running?  The medical profession seems to handle that well enough, but how do you give your computer two aspirin?  Digital failure of the software kind is not like having a few cells die while antibodies do their thing.  The monoculture idea is catchy and only a metaphor with the destiny of all metaphors when over-applied. I am delighted to learn of.  SearchSecurity.com.  I am also amused by how strongly the site puts my software firewall through its paces, and how they track my every move as I navigate around.  I love all the little boxes with [ad] in them.  Even more exciting are the rectangles on the page with browser warning pages scrunched into them, telling me that I am not authorized to browse a page and giving me a 403 response.  I have finally figured out this is provoked by in-line MIME types.  And of course my browser blocked the third-party cookie from bitpipe.com. I wonder how much more thrilling life will be if I register for the free membership?  Not today, thank you very much.  What's amusing about all of this is that this is exactly the way I find Microsoft to be at cross-purpose with itself.  The market-facing side, illustrated by MSN, is busily expecting us to drop all of our safeguards to enjoy the experience they and their advertisers have in store for us, while the security-facing side is ragging us to practice the 3 whatnots, protect ourselves, update as often as we brush, etc., etc.  The more I run into this, the dirtier I am beginning to feel.  We are making ourselves crazy with this sick combination of security righteousness and base mercantilism.  (Actually, I think I am giving mercantilism an undeserved bad name, but we are being taken a long way from dealing with the country storekeeper, and I don't have a better label.)

¶ posted by orcmid at 4/14/2005 12:48:00 PM

from:

 

TRUST: Team for Research in Ubiquitous Secure Technology

ACM News Service: UC Berkeley to Lead $19 Million NSF Center on Cybersecurity Research.  This blurb features the announcement of a 5-10 year NSF grant to an 8-university "team" headed by UC Berkeley. Features of the arrangement seem to be concern for U.S. critical infrastructure, and a lack of alignment with human users and usability requirements.  It looks like the eye is on development processes and the training of "trustworthy systems engineers" in the future. Although it looks like this is in danger of being too many things to too many people ("public policy, economics, social science, andhuman-computer interface technology" with the notable omission of software and system engineering), I most certainly want to pay attention to any initiative where "researchers will commit themselves to the development of novel technologies designed to make organizations more capable of designing, constructing, and operating trustworthy critical infrastructure information systems." Sarah Yang's 2005-04-11 UC Berkeley press release confirms that it's about critical infrastructure systems, and not Uncle Tully's PC.  At the same time we know that commodity components are prevailing everywhere, and the TRUST folk may have to look harder at the reach of their grand acronym.  I can see why usability is emphasized here, considering how operability of infrastructure systems under emergencies, and vulnerability to human error, is a big concern.  At the same time, if the notion of cultivating disadvantaged groups as sources of future talent is more than motherhood, one would think that the training and outreach programs will also touch people who build, uh, future games, mobile arrangements and just maybe Uncle Tilly's media/household control center. The Berkeley CITRIS activity will be tied in, but the only link given was a cross-polliinator to NSF's Science and Technology Centers program.  It looks like I'll need to search more widely to find the concrete bits.

¶ posted by orcmid at 4/14/2005 11:17:00 AM

from:

 

Bring us Your Metadata, Your Tired, Your Poor, Your Abandoned Document Formats

ACM News Service: Permanent Record.  I am interested in preservation of digital content and metadata schemes, so my eye landed on this one.  But not enough to clip it in this blog. Oh wait.  They are proposing a generic framing scheme that is operational (now)? and also good for archiving later.  Hey, I'm building a little reference implementation for a document-management repository as a feasibility demonstration of how TROSTing can be done.  So I need a preservable metadata format for the goodies. I haven't figured out how Champollion figures strongly in this setting except as a remarkable example of what it takes to decipher an older-than-legacy data format.  David Braue's 2005-03-29 article in Australia's CIO magazine spins the tail and also provides links to the AGLS specifications for the metadata wrapping.  There is also discussion of the other record-management standards that can apply and a boost for the Xena open-source content-abstraction project.  There are some chewy goodies here for us document-management geeks.

¶ posted by orcmid at 4/12/2005 09:56:00 PM

from:

 

Building Blue Relationships and Partnerships

ACM News Service:Sharing the Wealth at IBM.  This is "Big Blue," not the other kind, though the red and blue could take a few tips here. I am drawn to this account not so much because of what IBM is doing in creating free licenses on patents that apply in open-source and open-standards work, but because of the stated purpose: "IBM wants to accelerate productivity and profitability via closer collaboration with suppliers, corporate customers, and industry partners through the sharing of patents and other intellectual property." What fascinates me is that IBM appears to recognize its industry and the industry community around open-source development as an aspect of partnership that works in its self-interest and that of its more-direct customers. This raises interesting considerations around the establishment of dependable systems with demonstrable trustworthiness, something that I ponder as part of my TROSTing investigations. Where I am baffled is in how one can move from conversations and arrangements that arise in the management of commitments in a performer/customer/contractual sense to what might correspond to equally powerful arrangements, if any, for trustworthiness in indirect elationships based on community participation and contribution.  Questioning where commitment and accountability arises in community effort comes up immediately whenever a business relies on an open-source package for a strategic purpose. Something similar happens with commodity software. There a strong support relationship between the provider and the individual customer is not very strong.  I have zero clout in obtaining a patch to Microsoft Office for some glitch, but General Motors can get that done because of master licensing and other arrangements made in the mutual interest of both Microsoft and GM. The differentiation of support through licensing schemes is a feature that provides a clear support arrangement between the two entities while also subdividing the market. I have no clue how that gap is to be covered with regard to trustworthiness, especially around any expectation of support, in the absence of a direct relationship, though I need to take a stab at it.  The impact of IBM's approach is probably not to be felt before I complete my dissertation on TROST, but I will keep watching this unfolding experiment. Looking back over these words, it does look like the creation of support businesses, already undertaken with packagings of Linux, might be the answer after all.  I wonder if it is really that simple. Steve Lohr's 2005-04-11 New York Times article will be available on-line for a few more days [;<).&nbps; The John Kelly quote makes more sense there:

"The layer of technology that is open is going to steadily increase, but in going through this transition we're not going to be crazy," Mr. Kelly said. "This is like disarmament. You're not going to give away all your missiles as a first step."

Another lead, beside my readings on trust economies, may lie here:

"If you open up your technology and reveal quickly, people will build on your stuff," said Eric von Hippel, a professor at the Sloan School of Management at the Massachusetts Institute of Technology and author of a new book, "Democratizing Innovation" (MIT Press, 2005). "It becomes more economically efficient to be open."

There is more in the piece.  What works for me is the idea that "interoperability trumps intellectual property" in producing open systems that grow markets and opportunities for all of the participants.  I favor that.  Now let's see how this plays out in reality.

¶ posted by orcmid at 4/12/2005 09:25:00 PM

from: