Miron’s Weblog

After attending a couple of Quantified Self meetups, I was inspired to quantify various aspects of myself and my life.  For example, I was wondering if I am breathing well while I sleep, since I have been waking up tired on occasion.

I bought the Contec CMS50-F oximeter from here.

The software that comes with the CMS50 could be more reliable and user-friendly, and only runs on Windows.  I ended up spending a day  reverse engineering the USB protocol and writing a Python program to acquire and graph the data.  The software is on Gitorious.

Here are some of the charts you can get:

Tags: Social Networks by miron
No Comments »

Noah Hutton’s company Couple 3 Films has released year 1 of a 10 year documentary project documenting the Blue Brain project.  The project includes Henry Markham’s work on reverse engineering the brain, scaling up from rodents to humans by 2010.

The work is funded by the Swiss government.

Tags: Social Networks by miron
1 Comment »

Life Technologies announces $3,000 marginal cost (later this year) for sequencing complete human genomes.  This is after Illumina announced the same for $10,000 (now).  So a $1,000 genome early next year?

Here comes personalized medicine.

Tags: Social Networks by miron
No Comments »

I’ve been asked to outline specific scenarios after I posted a previous entry on the Google’s network compromise.  Here are some, from most serious to least serious:

• Build host - the machines that compile the source into binary packages are compromised.  In this scenario, code can be injected by the malicious party into the package just before it is signed and prepared for distribution.  All clients that install the updated packages are affected.  A software audit cannot identify the altered packages because the alteration happens after binaries are generated.
• Distribution host and Signing key – the machines that host the packages for distribution (web servers) are compromised and the package signing key is compromised.  The effect of this is the same as a build host compromise.
• Source repository – the machines that host the software source-code are compromised.  This allows code to be injected and all clients are affected.  However, a software audit can uncover the injected code.
• Insider threats – an insider can insert non-obvious security holes into software they are responsible for.
• Signing key - the key used to sign the software distribution is compromised.  This would allow the malicious party to compromise only specific targeted clients through a “man-in-the-middle” attack and DNS poisoning

How would multiple independent auditors help?  If the auditors can verify that a binary was produced from certain source, the build host compromise would be much harder, since the altered binary would not signed by the uncompromised auditors.  Similarly, a signing key compromise, if it is limited to a subset of auditors, would fail to get a full set of signatures on the altered package.

Source repository compromise and Insider injection of security holes would be more difficult to detect for subtle exploits, but again, multiple entities looking at the code increases the chances that the alteration would be caught.

(Note: verification that a certain binary was produced from certain source code requires a deterministic build system. Although such a system is relatively straightforward to implement, I have not run across one before I implemented Gitian.  I did find mention of it by Conifer Systems.)

Tags: Social Networks by miron
1 Comment »

CNet reports on Ponemon institute’s survey showing a doubling of data breach incidents.

Average cost per record in the surveyed group is around $200.

Tags: Social Networks by miron
No Comments »

Operation Aurora (Google’s compromise by China) highlights the possibility that software distributions may be targeted for code injection by malicious parties.  If Apple, Microsoft or a linux distributors are compromised, a large percentage of individuals, businesses and governments could be consequentially compromised when they install software updates.

One way to mitigate such a risk is to have multiple independent security auditors sign software distributions.  This is more likely to be successful in an open-source environment, where source is available and can easily be inspected.  I started such an initiative in late 2009 – Gitian.org.

Tags: Social Networks by miron
4 Comments »

Alex and I got nasal H1N1 vaccines on Tue. I felt tired on Wed and Alex has a sore throat. Nasal is live-attenuated instead of dead virus.

Apparently symptoms are more likely with the nasal. On the up-side – no preservatives!

Does the nasal-spray flu vaccine LAIV (FluMist) contain thimerosal?

No, the nasal-spray flu vaccine LAIV (FluMist) does not contain thimerosal or any other preservative.

Tags: Social Networks by miron
No Comments »

The Register tells us that Amazon will auction their excess capacity.  We’re a couple of steps away from computation becoming a liquid commodity.  The next step is for a couple of additional providers to arise (Google?).  The step after that is for the APIs to be brought in sync by the providers or by a third party intermediary.

Tags: Future, General, The New Web by miron
No Comments »

Peter Thiel writes regarding the failure of Democracy to preserve freedom and some possible technofix strategies. He includes are thoughts about creating freedom in Cyberspace, Outer space or on the high seas. I think it would be interesting to build certain distributed Internet apps that could change the dynamics of freedom, including reputation systems, gifting/barter systems and user-controlled Internet apps.
[Read more →]

Tags: Politics, Reputations, Social Networks, The New Web by miron
1 Comment »

I’ve been thinking about what we learned about freedom from the open-source movement.

I think one of the more important benefits of freedom is that it is generative. You can glue things together in ways that create completely new things. For example, you can take the Internet, existing computers and the ability to write software (originally the Mosaic browser) and create a whole new ecosystem – the World Wide Web.

What if you didn’t have the freedom to transmit arbitrary data on wires? You’d have the telco monopoly and no Internet. If you couldn’t talk to anybody you want? You’d get the original walled-garden AOL. If you couldn’t write arbitrary software?

But there’s nothing specific to software in this lesson. What if you couldn’t freely associate? If you couldn’t invest in arbitrary ideas? If someone else made the decisions for you?

Another question is how much could we go beyond the current state of affairs. I think we could have significantly more freedom in technology and obtain much richer outcomes.

For example, if reputations systems were not stuck in walled gardens, such as eBay and Amazon seller ratings, we could have a global reputation system. Such a system will be immensely more useful, since it could be used to guide us in every interaction rather than just the current 1%. I would guess that such a system could guide you to interesting content and interaction with uncanny accuracy. Such a system would have to be decentralized and user-controlled to protect the users’ interests.

Another promising direction is the Google Android phone OS. If you buy one of the unlocked ones (also known as dev phones), you can re-compile and install the OS and any applications you want. Google maps is one mobile killer app, but there will be more, and I would guess the truly groundbreaking ones will not pass the iPhone store gateway keepers. (see here, here and many others).

I sometime pay a price for being an early adopter and eschewing closed solutions. Yes, the iPhone is very slick and music from the iTunes store was tempting even when it was all DRM. But I think in the long term open solutions will be much more valuable. The original AOL was nice for the time, but it’s dead now.

Tags: Politics, The New Web by miron
No Comments »

O’Reilly Radar has a blog post about the Yale symposium on reputation economies in cyberspace.

Tags: Reputations, The New Web by miron
No Comments »

I was pretty excited to hear about Google trying to set a standard for social network applications. I wasn’t so happy to notice a serious omission in the way security is handled.

Executive Summary: no user authentication! Any user can forge anybody else’s identity when interacting with any OpenSocial application. As it currently stands, it is not possible to write secure social applications on the platform.

[Read more →]

Tags: Social Networks by miron
12 Comments »

Executive Summary

• OpenSocial applications will have diverging look-and-feel, from each other and from the containers. This is because the containers do not provide common elements to blend the application into the container.
• OpenSocial applications may not be vertically resizable, since they will exist in an iframe. However, Google has an API For resizing that some or all of the networks may implement
• Facebook has additional API functionality that is not present in OpenSocial
• The Facebook API is server oriented, whereas the OpenSocial/Google Gadgets API is client-side JavaScript oriented

[Read more →]

Tags: Social Networks by miron
3 Comments »

Stanford’s Delta Scan makes predictions similar to my take on Web 3.0, including:

• Trust over Social networks / Social accounting methods (i.e. reputation systems)
• the rise of computing grids
• Social mobile computing
• Knowledge collectives
• Mesh networks

Giving rise to:

• Adhocracies
• Faster innovation
• Faster/better decision making
• Increase in effectiveness of online economies

Tags: Social Networks, The New Web by miron
No Comments »

Wired latest issue has an article about the emerging arms race between rating systems (such as eBay, Amazon, Digg) and crowdhackers. Crowdhackers take advantage of the naive methods used to aggregate ratings in existing systems.

A crowdhacking proof system will have to use a transitive trust model rather than the naive averaging existing systems use.

Tags: Reputations, The New Web by miron
No Comments »

Google is a prime user of commodity grid supercomputing.  As such, they are in a perfect position to release a paper on disk reliability, with hundreds of thousands of data points.  Very interesting results, including the failure of SMART to predict failures, and low correlation with usage and temperature.

This will be important as grid supercomputing becomes the preferred way to manage compute resources.

Update: Slashdot points to another storage paper presented at FAST ‘07 confirming some of the points in the Google paper, and invalidating the manufacturers’ MTTF estimates.

Tags: The New Web by miron
No Comments »

Bill McColl writes an article named Supercruncher Applications on his Computing at Scale blog about massively parallel  “web 3.0″ applications.  In particular the following caught my eye:  continuous search, complex algorithmic trading and decentralized marketplaces and recommendation agents.

This is related to my previous post about the future of the web.

Found through Slashdot.

Tags: Reputations, The New Web by miron
No Comments »

Here is what I think Web 3.0 will have:

•  A global and open Reputation Network

•  A distributed and open Computing and Storage Platform

Reputation Network

What does it mean for a Reputation Network to be global?  Currently, we have propietary reputation systems, such as the reputation scores for sellers (and buyers) at Amazon and eBay.  However, that reputation is not portable.  This means that if an Amazon third-party seller wants to start selling on eBay, they have to start from scratch, as if their business is new.  Trust is an integral ingredient to transactions.  It becomes crucial on the internet, when a buyer and a seller are likely to never have heard of each-other.  With portable reputations, a trust metric can be made available in all interactions.

What about the open part?  A global reputation system owned by one entity is a non-starter.  Why would one trust a single entity to provide basic infrastructure that affects all commerce and other interaction?  Reputation should be like TCP/IP – based on open standards so that different vendors can provide different levels of service and create a robust overall system.  The individual reputation systems can remain under the control of Amazon, eBay and others.  However, they can inter-operate so that they can create a global reputation network.
Reputation should be subjective. End-users should be able to subscribe to different raters, and thereby compute different scores for the same target. End-users have diverse values and preferences. One number cannot capture this diversity.

Storage and Computing

What about storage and computing?  Currently, people have presence on the Web through Blogs, Wikis, Storefronts, IM, e-mail, etc. .  However, creating a new Web application faces certain barriers.  The application creator has to acquire servers, manage them, ensure that the data is safe and face scalability issues as the application grows in popularity.  Also, interoprability between applications is difficult.  A standardized computing and storage abstraction will allow new application to be installed by the user into their virtual computing appliance.  Users will have control of which application they run and how the applications communicate.  Applications and data will migrate to physical hardware based on what the user is willing to pay and what scalability requires.

The division of labor is:  the application provider does what they are good at – writing applications.  The computing and storage providers provide efficient and reliable computing and storage (and if they don’t – the application can migrate easily or even automatically).  The end-user does what they do best – connect the dots and provide content.

Tags: Future, Reputations, Social Networks by miron
3 Comments »

Federated, single-signon, standards based. What’s not to like?

BroadBand Mechanics presents People Aggregator

Web site is not fully functional yet, so have to wait.

Blogged with Flock

Tags: Social Networks by miron
No Comments »

Location based social network.

http://www.frappr.com/

and the transhumanist group thereon:

http://www.frappr.com/transhumanists

Tags: Social Networks by miron
No Comments »