Communicating freely


Archive for August, 2006

There is no such thing as a free lunch

Thursday, August 3rd, 2006

Gmail makes me nervous because it’s actually a giant advertising data farm.  Google harvests the text of every message and uses it to place little advertisements that suit my personal tastes or vices.  The Gmail threading system is smart.  It’s a terrifically designed web application.  It’s just worrying when we think about personal security.

I think the paradigm of ‘free’ services powered by advertising is not necessarily a good thing.  It offers a certain immediate service (free email!) but at a serious cost (Google gets to read everything you write).  People are going to have to realise that nothing is actually free.  There is a cost somewhere down the line when it comes to providing server farms with these services.

I don’t think that future web applications will be free.  I actually think I’ll be paying for a private web application when I take out my subscription to my operating system.  You know, I’ll buy my UbuntuPLUS package which will bundle a year of UbuntuMAIL and UbuntuPRODUCTIVITY and other web goodies to ensure my data can follow me around the world regardless of whether my laptop makes it with me or not.

I think there are two primary reasons for this occurring.  The first is that I don’t want Google reading my mail (calender, instant messages, office documents).  The other is that boxed software is becoming a commodity and the provision of useful web services is the next logical profit arena.

I posted a couple of days ago talking about how we can have private personal data on servers that provide web applications.  A comment replying to this assertion was posted to my blog suggesting that if a server does not interact with personal data its just a big storage mechanism and no more useful than a USB key.  I respectfully disagree.  Let me explain why.

There is personal data and there is personal data.  For instance, I am glad that my webmail provider knows my name because this allows us both to be pretty sure only the real Shane has access to the webmail account.  That’s personal, and that’s fine.  Google can have it.  However, I don’t want my webmail provider reading my incoming mail.  That’s personal and Google cannot have that.  I want encryption.  I want privacy.

Now, let’s imagine a service called ‘GooglePRIVATE’ which I paid for.  I give Google $24.95 a year to use their spiffy web application under the condition they never read my email.  They get my name and my credit card.  I get encrypted email.  We’re both happy.

GooglePRIVATE could work by storing my email in an encrypted database.  When I go to log onto GooglePRIVATE a session is established between my computer and their server.  My name and password give me access to my account and the password is also used to decrypt a local session of the database incrementally.  First of all the index arrives and shows my threads.  As I’m being absorbed by the message subjects the rest of the database is streaming and decrypting in the local session ready for use.

The server is providing storage, authentication and the algorithms for searching my mail.  It’s also the place where the web application lives (meaning updates are simple and automatic).  My local session is providing horsepower for decryption and the temporary session that holds my unencrypted mail.  When I’m done my database re-encrypts and drifts back to it’s home in the larger database at Google.

I’m sure you see where I’m going with this.  That’s a rough example of how I can envision web applications that don’t require a total loss of user privacy.  That’s the type of web application I would pay for because it would give me convenience without opening a door into my brain.  It’s bad enough with just me living in here.

Freedom is important to me

Thursday, August 3rd, 2006

This is an article I wrote for the Chinese community website Dim Sum.

==

I’m on a train on my way to a conference.  The day is just chasing away the night and the air is warm and humid with a rare English heatwave.  It’s over twenty degrees and it’s just past 6am.  This weather inevitably reminds me of Asia, and I am cast back to dawns in Shenzhen, Bangkok and Takamatsu.  For a selfish moment I want to walk away from the conference, catch a plane and return to the East.

A second later my mind taps my heart on the shoulder and normality is restored.  I have a job to do.  Today that job is the promotion of Free (as in Freedom) Software and more specifically the promotion of an organisation that is working to ensure Free Software is advocated and protected in Europe: the Free Software Foundation Europe.

When people hear the term Free Software they usually think about price.  Older computer users remember dodgy freeware given away on computer magazine cover disks.  It’s an easy misconception.  The word ‘Free’ in English has two meanings.  We associate one with price and the other with liberty.  Free Software is about liberty.  It’s a type of software that ensures the end user can use, modify, share and improve software without restriction.  Everything a person needs to do anything with Free Software is included in the package at (usually) zero cost.

This is not really a concept connected with computer science at all.  It’s about social inclusion and empowerment.  Free Software is basically a way of trying to ensure that technology is accessible to people.  It gives people the keys to digital infrastructure and hopes they drive somewhere interesting with it.

You can get Free Software operating systems that are as powerful and as easy to use as Microsoft Windows.  You can get office suites that offer comparable functionality to Microsoft Office.  There are image editors that replicate the functionality of Adobe Photoshop.  There are instant messengers to connect to MSN, AOL, iChat, Google Talk, Yahoo! and Skype.  There are even some tools you might recognise like Mozilla Firefox, a web browser that makes computing both safer and easier.

I think Free Software is a profoundly important concept.  The largest economic block in the world (the EU) and the largest nation in the world (China) agree with me.  There is a massive investment in Free Software to try and ensure that the digital future will be controlled by the users rather than large multinationals.  In the EU this translates into the adoption of Free Software products in national infrastructure.  Birmingham and Bristol in the UK have been early and enthusiastic adopters.  In China this translates into both the adoption and adaptation of Free Software to suit the local context.  Beijing created and maintains Red Flag GNU/Linux,  a Chinese Free Software operating system.

Free Software is part of a new wave of development that marks the point information technology enters day-to-day life.  It is become very important to make sure that people will have access to computers and this access does not depend on the decisions and desires of companies.  In a way computers can be regarded as the water of information.  They have become a critical part of any national infrastructure.

I find this to be incredibly exciting.  A world is slowly emerging where people can get a cheap computer and install a vast array of tools on it without needing money or expertise.  At this very second I am running a GNU/Linux distribution on my laptop.  It looks like a simple version of Microsoft Windows.  If I click a button on a menu item called ‘Add/Remove’ my computer will connect to the Internet and let me choose between thousands of different applications available without restriction on-line.  GNU/Linux is free (as in zero cost) and Free (as in Freedom).

Today I will be talking to people all day about why Free Software is important.  I’ll be locked away in a small dark room in the corner of the conference without air conditioning.  It will be hot.  It will be sweaty.  It will be exactly where I should be to try and sell the idea of empowering freedom to people.

Over the next few months I’m going to be writing about Europe, China and technology for Dim Sum.  I’m going to help demystify the weird world of flashing lights, beeping computers and acronyms like WYSIWYG*.  I’m hoping to explain why certain aspects of technology are having a profound effect on our lives, and why the emerging markets are bringing our cultures closer together.  Perhaps most importantly I’m hoping to share with you why computers are much more than the sum of their parts and how the geeks have almost accidentally created a new way for the world to communicate.

Communication is a two-way process and I don’t want my writing to be passive.  If you have questions, comments, suggestions or ideas email me at shane@opendawn.com and I’ll address your messages in future articles.  

*By the way, WYSIWYG actually means ‘What You See Is What You Get’.  It’s an idea that suggests design should be simple and immediately familiar.  We all know how to use a cup, door bell and door handle.  That’s WYSIWYG.  Trust geeks to take that simple idea and turn it into another acronym.

When everything goes together…

Tuesday, August 1st, 2006

Sometimes weeks pass without having the decency to give proper notice. That’s my current situation. In the blink of an eye I find myself in August instead of mid-July, and I’m rather concerned that I’m ageing without proper supervision.

So much has occurred since my last post. I’ve participated in a rather interesting security round-table at Birmingham University for the South Birmingham LUG. I’ve attended LUG Radio Live. I’ve delivered an unusual security talk to Birmingham Perl Mongers. I’ve contributed to certification frameworks. I’ve compiled code. The list goes on.

The most interesting thing for me during these weeks has been the constantly reoccurring theme of ‘a change in computing’. One way or another everyone is muttering about it. We’re all getting that nervous feeling that the Internet and the desktop are altering significantly. We see signs. People are talking about services, solutions, evolution.

I feel like we’re back in 1996. We’re looking at something with massive potential and we’re trying to get our heads around it. In 1996 the ‘thing’ was the Internet. Now I suspect the big thing is convergence. I think we’re going to see increasing transparency between local and remote services. We’re about to see that leap beyond Web 2.0 that people can feel on the hairs on the back of their neck.

“Pardon?” I hear you ask.

Well, I have this sneaking suspicion that we’re going to see a new generation of web services that integrate fully with workstations. Can it a hunch, but I see signs that the constraint of the web browser on the delivery of remote services is about to be removed, and we’ll see them existing beside our local applications.

We’ve seen some technologists rooting around this area with things like widgets. We’ve seen Google playing with Google Earth. People are testing the waters to see how this stuff can work. I believe when someone gets their head around it fully we’ll see some pretty startling technology.

At it’s most fundamental level we need a way to deliver non-geographic services without having network latency. AJAX provided part of the conceptual solution for this but fails to realise the full potential of remote services. It really is awful that Meebo is stuck inside a wasteful browser window.

Perhaps the next step will be the creation of special APIs for remote services. These APIs would create windowing objects and interaction with a local graphical user interface. They would allow Meebo to give me a cheerful messenger client on my desktop without the browser. That would be cool. Take it a step further and you’ve got your email client, messenger client and calender acting local but with the collaborative power and non-geographical flexibility of the remote.

Someone at the back just passed out. I suspect they were thinking about security.

Let’s go over that point by point.

Number one: how do we ensure the remote system is safe? The answer is a password. We’re pretty used to that already.

Number two: how do we ensure that we can trust the data host? The answer is we don’t have to. The remote profile data can be encrypted and only decrypted on the local machine while it’s being used. I believe this is relatively easy to conceptualise. I’ll go into that more another time. The personal data held remotely (be it email or other) can be secured using perfectly normal methods like OpenPGP and S/MIME.

Number three: how do we ensure the local machine is not compromised by bad web applications? The answer is special APIs. The APIs would create virtual window objects with access to a browser engine but without allowing access to anything else. It would be a separate API set to the standard local application API. In other words, it would only create the impression of a local application object like a window or taskbar item. The actual processes are held in lonely containers or virtual machines.

I’m going to go over this stuff in more detail another time. I think there is a lot of merit in the assertion that local and remote will have their differences reduced to zero. It strikes me as the next logical step in ICT evolution.

I’m really bored of finding my laptop is dead, there is no power socket, and there’s a net café around the corner. I need a solution to give me my full productivity tools without having to think about physical machines or geographical location. I know I’m not the only one. If someone delivers these tools without us needing to reinvest in infrastructure they’ll have the proverbial ‘killer app’.

Do you agree with me? Do you think I’m talking nonsense? Do let me know. shane@opendawn.com is the address for love, hate and everything in between.