Tuesday, April 22, 2008

Securing User-Centric Mashup Applications


Here is a little whitepaper written primarily by Sigbjorn with help from me and Eric from Galois

Abstract
Having the ability to easily combine together information from a number of disparate input sources into a greater whole is a touted benefit of 'Web2.0' mashup applications. They have great promise as flexible, and user-tailored ways to both disseminate and collaborate on information on the web, but with today's web technology, face a number of security risks when being asked to also aggregate restricted information sources. This paper introduces the domain and what these risks are, along with suggested mashup application architectures that are more secure.

Monday, April 21, 2008

Play


Lately I've been thinking about the concept of "Play".

When I first learned the game of Go, I was just messing around and it was really fun. I was playing. Then I got a little bit better at it and started caring if I was winning. It stopped being quite so fun. It started being Serious.

Sometimes we can do the same thing at home as we do for our work and it's fun and playful. I think a lot of open source developers have that experience.

Play is when it's almost like the result doesn't matter. It doesn't matter if you win or lose or if your program gets used by a bunch of people, or if you sell the product.

Play is when it's almost like standards don't matter. You'll be as organized about things as you want to be. You'll use good coding conventions if you feel like it. You'll write detailed documentation if it doesn't take too much time. You'll play Go with someone who is not at your level just for kicks, even though it doesn't help you to get better.

Play is going for a walk in the woods not to get exercise or to get enlightenment, but just because you enjoy it.

In fact, despite what I said above, you can care about the end result if that's part of your joy, and you can care about the standards if that's part of your joy. When I was talking to my friend Dylan about this, he said that he races better when he's just playing. That's also why some people love their jobs.

You know you are Playing when you find Joy in the action itself and those other pieces are incidental. Go Play :)

Wednesday, April 9, 2008

A Dissident Camera that Can't Be Confiscated?


The rise in the use of cell phone cameras and cheap, high-quality video gear has been a really interesting development for journalism. Citizens routinely video or photo monitor the behavior of police at protests, for instance, and upload them to the Internet.

One problem with this is that the camera or digital media can be confiscated as the the police in Portland allegedly did (and this is apparently common, as noted here, here, here, here, and here).

But with the combination of cheap, high quality cameras with cheap, portable WiFi devices, this social problem can be overcome with a technical solution. It should be pretty easy to build a camera device which uploads video via wifi directly to a site like youtube or a server outside of repressive countries.

A simple solution that could work almost right now without any hardware modification would be to write some shell scripts for the Nokia N810 or similar. These devices have everything you need: A built-in video camera, a wifi card, and it's based on Linux, so you can program for it, and there are already ssh clients available.

Here are a few problems with that: Internet is not available everywhere in most cities (but cell phone connections are), and the Nokia doesn't have a very high quality camera.

A more complex but flexible solution would be to add a bluetooth card to an existing high quality camera (here's a video camera and a still camera that already have bluetooth). The Bluetooth card could transmit photos to an Internet-enabled cell phone in your pocket like the Palm Treo, which could upload it to youtube or what-have-you. Similarly, a video-enabled cell phone like that Treo could upload the video directly to youtube.

Remember, you don't have to stream the video at viewable speed, just fast enough so that if it gets confiscated you will have already uploaded it.

One problem with that approach is that Bluetooth is kinda slow. It also requires three devices (camera, phone, and Internet server), and the camera and phone would require specific programming which isn't necessarily that easy to do since they're often based on proprietary platforms.

Anyway, this is bound to happen eventually, and maybe has already? Does anyone sell a digital video camera with an "upload to youtube" feature built-in?

Friday, April 4, 2008

My Commute


My commute starts in the relaxed, low key South East of Portland where I ride through neighborhood streets that have more cyclists than cars. On my way home along this road, the view of blinking bike tail lights is always an inspiration.

I meet the most cyclists while crossing the river, though. There are two lanes here on the bridge and the faster cyclists take the left lane. It gets tight further on, and not everyone gives the pedestrians the space they need.

Once I hit downtown, it's mostly car traffic. There are bike lanes, but the construction can be distracting and disruptive. Throughout the downtown commute, I can easily keep up with the cars. There are so many cars that they slow each-other down, but lots of them don't know this.

The downtown part of my rides finishes at the top of a hill, and then I get to bomb down it, across the commuter train tracks and past the train stop. Most days, when the weather is nice, instead of turning left to get onto the train, I turn right up another hill.

This hill is surprisingly steep. This is probably the hardest part of the ride. The people here seem to have bigger cars than downtown, and they are more distracted. I'm not moving particularly fast here so they zoom by me.

Then it's relief: This hill ends in a beautiful park. Often I won't see any cars for the entire trip through the park. In a few minutes, I'll ride past an awesome view of the mountain, weather permitting.

It's a steady climb from here to the top of the hills. The steepest part is fortunately pretty short and I like to tackle it quickly to get it over with. Pretty soon, I'll ride by the zoo and often hear loud bird sounds or something.

I like the downhill part of the ride because I don't have to take it too slowly. There's no traffic, just a bike lane beside the highway. Very occasionally, I'll be going faster than the cars on the highway, but not usually.

Then I hit the suburbs. The drivers here are extremely distracted, impatient, and driving large cars. The streets are designed to direct the traffic onto particular streets, so I have learned to avoid those streets and ride over the speed bumps.

At the end, I ride across the train tracks again. I could have taken the train all the way in, but this was much nicer :)