12 results back to index
Beautiful security by Andy Oram, John Viega
Albert Einstein, Amazon Web Services, business intelligence, business process, call centre, cloud computing, corporate governance, credit crunch, crowdsourcing, defense in depth, en.wikipedia.org, fault tolerance, Firefox, loose coupling, market design, Monroe Doctrine, new economy, Nicholas Carr, Nick Leeson, Norbert Wiener, optical character recognition, packet switching, performance metric, pirate software, Search for Extraterrestrial Intelligence, security theater, SETI@home, Silicon Valley, Skype, software as a service, statistical model, Steven Levy, The Wisdom of Crowds, Upton Sinclair, web application, web of trust, x509 certificate, zero day, Zimmermann PGP
Neal McBurnett (see “References” on page 129) analyzed the network structure of the Web of Trust digraph. He examined the digraph for path lengths, connectedness, degree of scale, and other features. 128 CHAPTER SEVEN Mark Reiter and Stuart Stubblebine created PATHSERVER (see “References” below), a way to evaluate multiple signature paths between keys. These analyses are inspired by the Web of Trust and derive from the Web of Trust, but we must note that they are orthogonal to the Web of Trust proper. It is an integral feature of the Web of Trust that it consists of viewpoints; it may be considered relativistic, in that no frame of reference in the Web of Trust is inherently more valuable or trusted than any other. The trust portion of the Web of Trust relies completely on the user-specific trust markings and the weights that the key holder places on keys.
. • Sal is signed by two dangling keys, which represent people unconnected to your Web of Trust. We can now distinguish those two easy-to-confuse concepts of validity and trust another way: using the figure. Validity is a quality of a node (circle), whereas trust is a quality of the edges going between nodes. It is through the trust paths that we determine validity. Rough Edges in the Original Web of Trust The basic Web of Trust in early versions of PGP works very well as a cumulative trust system. However, there are a number of architectural and semantic rough edges in it. We fixed these rough edges in later versions of PGP, but we will review them here first. Supervalidity In Figure 7-1, Fran is a special key, in that she has a score of four: two from being signed by you and two from being signed by Eli. The Web of Trust makes no allowance for supervalid keys, yet intuitively there should be something special about Fran.
This underlines the point made when we defined trust at the beginning of this chapter: Web of Trust trust is a specialized trust limited to the sphere of validating keys, not a real-world trust. Nonetheless, signing someone’s key can be a very personal decision. Many people feel very strongly about it. Part of the strength of the Web of Trust is that this personal touch is part of PGP’s zeitgeist. But it can also be a weakness that something so very simple—stating that you believe someone is who they claim to be—can become so emotionally charged. That’s why the xkcd comic strip in Figure 7-2† is funny. For many people, certifying a key is an intensely personal thing. FIGURE 7-2. Responsible behavior A related emergent property of the Web of Trust is that key signatures acquire a cachet. They become like autographs, and develop social value.
Little Brother by Cory Doctorow
airport security, Berlin Wall, citizen journalism, Firefox, game design, Golden Gate Park, Haight Ashbury, Internet Archive, Isaac Newton, Jane Jacobs, Jeff Bezos, mail merge, RFID, Sand Hill Road, Silicon Valley, slashdot, Steve Jobs, Steve Wozniak, web of trust, zero day
> You sure they're looking for us? In response I sent him to the quiz. > OMG we're doomed > No it's not that bad but we need to figure out who we can trust > How? > That's what I wanted to ask you -- how many people can you totally vouch for like trust them to the ends of the earth? > Um 20 or 30 or so > I want to get a bunch of really trustworthy people together and do a key-exchange web of trust thing Web of trust is one of those cool crypto things that I'd read about but never tried. It was a nearly foolproof way to make sure that you could talk to the people you trusted, but that no one else could listen in. The problem is that it requires you to physically meet with the people in the web at least once, just to get started. > I get it sure. That's not bad. But how you going to get everyone together for the key-signing?
These are exactly what they sound like: a party where everyone gets together and signs everyone else's keys. Darryl and I, when we traded keys, that was kind of a mini-keysigning party, one with only two sad and geeky attendees. But with more people, you create the seed of the web of trust, and the web can expand from there. As everyone on your keyring goes out into the world and meets more people, they can add more and more names to the ring. You don't have to meet the new people, just trust that the signed key you get from the people in your web is valid. So that's why web of trust and parties go together like peanut butter and chocolate. # "Just tell them it's a super-private party, invitational only," I said. "Tell them not to bring anyone along or they won't be admitted." Jolu looked at me over his coffee. "You're joking, right?
If it's really easy for anyone to know what your real key is, man-in-the-middle gets harder and harder. But you know what? Making things well-known is just as hard as keeping them secret. Think about it -- how many billions of dollars are spent on shampoo ads and other crap, just to make sure that as many people know about something that some advertiser wants them to know? There's a cheaper way of fixing man-in-the-middle: the web of trust. Say that before you leave HQ, you and your bosses sit down over coffee and actually tell each other your keys. No more man-in-the-middle! You're absolutely certain whose keys you have, because they were put into your own hands. So far, so good. But there's a natural limit to this: how many people can you physically meet with and swap keys? How many hours in the day do you want to devote to the equivalent of writing your own phone book?
Linux Security Cookbook by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
Before using a public key to encrypt sensitive data to send to someone, make sure that the key actually belongs to that person! GnuPG allows keys to be signed, indicating that the signer vouches for the key. It also lets you control how much you trust others to vouch for keys (called "trust management"). When you consider the interconnections between keys and signatures, as users vouch for keys of users who vouch for keys, this interconnected graph is called a web of trust . To participate in this web, try to collect signatures on your GnuPG key from widely trusted people within particular communities of interest, thereby enabling your key to be trusted automatically by others. Public-key methods are also the basis for digital signatures : extra information attached to a digital document as evidence that a particular person created it, or has seen and agreed to it, much as a pen-and-ink signature does with a paper document.
gpg: There is no indication that the signature belongs to the owner. A keyserver does absolutely nothing to assure the ownership of keys. Anyone can add a key to a keyserver, at any time, with any name whatsoever. A keyserver is only a convenient way to share keys and their associated certificates; all responsibility for checking keys against identities rests with you, the GnuPG user, employing the normal GnuPG web-of-trust techniques. To trust a given key K, either you must trust K directly, or you must trust another key which has signed K, and thus whose owner (recursively) trusts K. The ultimate way to verify a key is to check its fingerprint with the key owner directly. [Recipe 7.9] If you need to verify a key and do not have a chain of previously verified and trusted keys leading to it, then anything you do to verify it involving only computers has some degree of uncertainty; it's just a question of how paranoid you are and how sure you want to be.
But the more smartly selected checks you make, the more independent servers and systems an attacker would have to subvert in order to trick youand thus the less likely it is that such an attack has actually occurred. This process will also merge new signatures into an existing key on your key ring, if any are available from the keyserver. 7.21.4 See Also For more information on the web of trust, visit http://webber.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html. Recipe 7.22 Revoking a Key 7.22.1 Problem You want to inform a keyserver that a particular public key (of yours) is no longer valid. 7.22.2 Solution Create a revocation certificate: $ gpg --gen-revoke --output certificate.asc key_id Import the certificate: $ gpg --import certificate.asc Revoke the key at the keyserver: $ gpg --keyserver server_name --send-keys key_id Delete the key (optional) $ gpg --delete-secret-and-public-key key_id THINK CAREFULLY BEFORE DELETING A KEY.
The Orbital Perspective: Lessons in Seeing the Big Picture From a Journey of 71 Million Miles by Astronaut Ron Garan, Muhammad Yunus
Airbnb, barriers to entry, book scanning, Buckminster Fuller, clean water, corporate social responsibility, crowdsourcing, global village, Google Earth, Indoor air pollution, jimmy wales, optical character recognition, ride hailing / ride sharing, shareholder value, Silicon Valley, Skype, smart transportation, Stephen Hawking, transaction costs, Turing test, Uber for X, web of trust
Moreover, if we tie all M a ss Coll a bo r at io n â•… 147 these developments in mass collaboration with better accountability, through pay-for-performance models and the improved data feedback made possible by the widespread use of inexpensive sensors, we can see vast improvements in the effectiveness of development work worldwide. In the next and final chapter, we will look at what significance and opportunities these collaborative capabilities present for the trajectory of our global community. This page intentionally left blank Conclusion A Web of Trust Like the U.S.–â•‰Russian space program that led up to it, the planning and construction of the International Space Station required the partners involved to overcome some unique challenges. The collaboration brought together fifteen nations with different bureaucratic and political processes and differing national objectives and interests, geographically separated on three continents. Many key personnel didn’t share a common language or culture, and there were complexities related to intellectual property issues.
Trust-based communities may be best suited for some challenges, whereas passive collaborative platforms may appropriately address others. Whether or not you believe that it is possible to develop real trust-filled relationships online, I think it’s reasonable to consider Willow Brugh’s view: “I think we are able to open the door to build trust more quickly and to be more aware and accepting through online interaction. I think we’re also able—â•‰and this is the key point—â•‰to expand the web of trust, where I might not trust you directly but I have met someone that you know and trust them explicitly, and therefore I’ll trust you as well.” I am really fascinated by this possibility, and we have only begun to scratch the surface of what’s possible when we connect seven billion problem solvers—â•‰and then connect those problem solvers with needed data and tools. Unity Node The long voyage to the creation of the International Space Station that began with the U.S.
Chapter 9: Mass Collaboration 1.â•‡ Discussions took place at an “unconference” to help coordinate disaster and crisis response, called Crisis Camp. Panelists included Phil Dixon and Jeff Martin from Google, Jeremy Johnstone from Yahoo, and Patrick Svenburg from Microsoft, with Greg Elin from the Sunlight Foundation moderating. 2.â•‡ Luis von Ahn, “Massive-Scale Online Collaboration.” Filmed April 2011. TED video, 16:39. http://www.ted.com/talks/luis_von_ahn_massive _scale_online_collaboration?language=en. Conclusion: A Web of Trust 1.â•‡ Carl Sagan, Pale Blue Dot: A Vision of the Human Future in Space (New York: Random House, 1994), 7. 2.â•‡ Founding members of Impact CoLab are Ron Garan, Elyse David, Krishan Arora, Ness Knight, Daria Musk, Dan Cook, and Ali Llewellyn. 3.â•‡ Star Harbor Space Training Academy is a project conducted through Space Development Ventures. The founding CEO is Maraia Hoffman and founding members include Shubham Garg, Tim Bailey, Alan Ladwig, Robert Ward, Jacob Hockett, Luis Marquez, and retired astronauts Leland Melvin and Ron Garan.
Coding Freedom: The Ethics and Aesthetics of Hacking by E. Gabriella Coleman
Benjamin Mako Hill, crowdsourcing, Debian, dumpster diving, en.wikipedia.org, financial independence, ghettoisation, Hacker Ethic, informal economy, Jacob Appelbaum, Jaron Lanier, Jason Scott: textfiles.com, Jean Tirole, knowledge economy, laissez-faire capitalism, Louis Pasteur, means of production, Paul Graham, pirate software, popular electronics, RFC: Request For Comment, Richard Stallman, rolodex, Ronald Reagan, Silicon Valley, Silicon Valley startup, slashdot, software patent, software studies, Steve Ballmer, Steven Levy, Ted Nelson, the scientific method, The Structural Transformation of the Public Sphere, web application, web of trust
A remarkable accomplishment for someone who’s been with the project this long, but not so surprising for someone whom no other developer has, as far as I can tell, ever claimed to have met in person.21 When it became clear that Miller, who occupied a crucial technical position in the project at that time, was outside the web of trust, there was such alarm that within three days, two developers drove to meet the individual in question and succeeded in bringing him into the cryptographic network. The developers’ strong reactions demonstrated the essential nature of these infrequent face-to-face interactions and significance of verifying the identity of one of their technical guardians. Integration into Debian’s web of trust is thus a vital first step in new maintainers’ integration into the Debian project. This process connects and leads into the second and often most rigorous part of the NMP: philosophy and procedures.
Having traded and verified this information, developers later place their unique cryptographic signature on each other’s keys to confirm to others that they have connected the key being signed with the individual in possession of those identity documents. This is a process of identity verification that can then be used over the Internet to confirm, with certainty, that an individual is who they say they are. By requiring new developers to obtain the signature of an existing Debian developer, the NMP integrates them into what they call a cryptographic “web of trust.” Because nearly every hacker within Debian has a key signed by at least one existing developer, and because many developers have keys signed by numerous others (the stronger the connected set of signatures is, the more trustworthy it is considered), nearly all maintainers are connected. Debian can use cryptographic algorithms to prove that most every developer met at least one other developer, who in turn met at least one other developer, and so forth, until every developer is linked.
The past is weaved into the present, and the voicing of commitment in the application becomes the path toward a future within the project. It is a step that brings a developer closer to a new social localization within a larger ethical and technical project of developers who have also undergone the same reflective exercise. Through this reconfiguration of temporality, developers after the NMP can be said to share at least three connections: they are technologically linked through the web of trust that requires them to meet at least one other developer; they share the experience of a common ritual of entry; and finally, they have started to learn a Debian-specific vocabulary with which to situate themselves within this world, formulate the broader implications of freedom, and continue the conversation on freedom, licensing, and their craft, with a wider body of developers. Although the philosophy aspect of the NMP often results in voluminous expository output, it is by no means the bulk of the process; in fact, it is only half of step three of a five-step process.
What's Mine Is Yours: How Collaborative Consumption Is Changing the Way We Live by Rachel Botsman, Roo Rogers
Airbnb, barriers to entry, Bernie Madoff, bike sharing scheme, Buckminster Fuller, carbon footprint, Cass Sunstein, collaborative consumption, collaborative economy, Community Supported Agriculture, credit crunch, crowdsourcing, dematerialisation, disintermediation, en.wikipedia.org, experimental economics, George Akerlof, global village, Hugh Fearnley-Whittingstall, information retrieval, iterative process, Kevin Kelly, Kickstarter, late fees, Mark Zuckerberg, market design, Menlo Park, Network effects, new economy, new new economy, out of africa, Parkinson's law, peer-to-peer lending, Ponzi scheme, pre–internet, recommendation engine, RFID, Richard Stallman, ride hailing / ride sharing, Robert Shiller, Robert Shiller, Ronald Coase, Search for Extraterrestrial Intelligence, SETI@home, Simon Kuznets, Skype, slashdot, smart grid, South of Market, San Francisco, Stewart Brand, The Nature of the Firm, The Spirit Level, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, Thorstein Veblen, Torches of Freedom, transaction costs, traveling salesman, ultimatum game, Victor Gruen, web of trust, women in the workforce, Zipcar
Statistics retrieved February 2010 from www.CouchSurfing.org/index.html. 32. Jeff Miranda, “Take the Couch,” Boston Globe (August 22, 2007), www.boston.com/yourlife/articles/2007/08/22/take_the_couch/. 33. Mark Granovetter, “The Strength of Weak Ties,” American Journal of Sociology 78, no. 6 (May 1973): 1360–1380. 34. Debra Lauterbach, Hung Truong, Tanuj Shah, and Lada Adamic, “Surfing a Web of Trust: Reputation and Reciprocity on CouchSurfing.com,” IEEE International Conference 4 (2009): 348. 35. Traveler CouchSurfing story from Lisa Lubin, “You Meet the Darndest People While CouchSuring,” Chicago Tribune (August 9, 2009), www.chicagotribune.com/travel/chi-0809-couch-surfingaug09,0,208222.story. 36. Paul J. Zak, “CouchSurfing 101,” Psychology Today, The Moral Molecule blog (October 2008), www.psychologytoday.com/blog/the-moral-molecule/200810/CouchSurfing-101. 37.
What Would Google Do? by Jeff Jarvis
23andMe, Amazon Mechanical Turk, Amazon Web Services, Anne Wojcicki, barriers to entry, Berlin Wall, business process, call centre, cashless society, citizen journalism, clean water, connected car, credit crunch, crowdsourcing, death of newspapers, disintermediation, diversified portfolio, don't be evil, fear of failure, Firefox, future of journalism, Google Earth, Googley, Howard Rheingold, informal economy, inventory management, Jeff Bezos, jimmy wales, Kevin Kelly, Mark Zuckerberg, moral hazard, Network effects, new economy, Nicholas Carr, PageRank, peer-to-peer lending, post scarcity, prediction markets, pre–internet, Ronald Coase, search inside the book, Silicon Valley, Skype, social graph, social software, social web, spectrum auction, speech recognition, Steve Jobs, the medium is the message, The Nature of the Firm, the payments system, The Wisdom of Crowds, transaction costs, web of trust, Y Combinator, Zipcar
As we quizzed him, Jake told the executive that he never goes directly to a brand like this man’s newspaper or even to blogs he likes. He rarely types in one of those addresses and wonders what they have to tell him today. Mind you, he reads a lot of news—far more than I did at his age. But he goes to that news only via the links from Digg, friends’ blogs, and Twitter. He travels all around an internet that is edited by his peers because he trusts them and knows they share his interests. The web of trust is built at eye-level, peer-to-peer. Before I go on, let me acknowledge that, of course, things can go wrong. In 2005, the Los Angeles Times decided to be cyber-hip by inventing the “wikitorial,” an editorial from the paper that the public was invited to rewrite. In no time, the quality of discourse around the first wikitorial descended to the level of that on a prison yard during a riot because the Times had made a fundamental error: A wiki is a tool used for collaboration, but there was no collaborating to be done on the topic of the Times’ wikitorial—the Iraq war.
accounting loophole / creative accounting, affirmative action, bank run, banking crisis, Berlin Wall, bonus culture, Branko Milanovic, BRICs, call centre, Cass Sunstein, central bank independence, collapse of Lehman Brothers, conceptual framework, corporate governance, correlation does not imply causation, Credit Default Swap, deindustrialization, demographic transition, Diane Coyle, disintermediation, Edward Glaeser, Eugene Fama: efficient market hypothesis, experimental economics, Fall of the Berlin Wall, Financial Instability Hypothesis, Francis Fukuyama: the end of history, George Akerlof, Gini coefficient, global supply chain, Gordon Gekko, greed is good, happiness index / gross national happiness, Hyman Minsky, If something cannot go on forever, it will stop, illegal immigration, income inequality, income per capita, invisible hand, Jane Jacobs, Joseph Schumpeter, Kenneth Rogoff, knowledge economy, labour market flexibility, low skilled workers, market bubble, market design, market fundamentalism, megacity, Network effects, new economy, night-watchman state, Northern Rock, oil shock, principal–agent problem, profit motive, purchasing power parity, railway mania, rising living standards, Ronald Reagan, Silicon Valley, South Sea Bubble, Steven Pinker, The Design of Experiments, The Fortune at the Bottom of the Pyramid, The Market for Lemons, The Myth of the Rational Market, The Spirit Level, transaction costs, transfer pricing, tulip mania, ultimatum game, University of East Anglia, web application, web of trust, winner-take-all economy, World Values Survey
Other than the simplest face-to-face barter deal in the economy, when items can be simultaneously exchanged, every economic transaction requires one party to trust the other. And as so few transactions involve simultaneous exchange, that trust is embodied in money or financial instruments, which count and store the value, and allow it to be exchanged. Figure 10. Without trust, all economic transactions are like Checkpoint Charlie. It is extraordinary, when you stop to think about it, how extensive and also how delicate the web of trust represented by money has become in the modern global economy. All but a few countries are engaged in international trade and vast amounts of financial transactions cross national borders. Much of it now takes the form of electronic records on computer systems, not even paper money or bonds or shares, which are themselves abstractions. The economy is a pattern of zeroes and ones. Paul Seabright describes this web in the introduction to his wonderful book The Company of Strangers: Most human beings now obtain a large share of the provision for their daily lives from others to whom they are not related by blood or marriage.
Version Control With Git: Powerful Tools and Techniques for Collaborative Software Development by Jon Loeliger, Matthew McCullough
How the repositories of a large project are organized, or how they coalesce and combine, is again largely immaterial to the workings of Git; Git supports any number of organizational models. Remember that the repository structure is not absolute. Moreover, the connection between any two repositories is not prescribed. Git repositories are peers. So how is a repository structure maintained over time if no technical measures enforce the structure? In effect, the structure is a web of trust for the acceptance of changes. Repository organization and dataflow between repositories is guided by social or political agreements. The question is, “Will the maintainer of a target repository allow your changes to be accepted?” Conversely, do you have enough trust in the source repository’s data to fetch it into your own repository? Repository Structure Examples The Linux Kernel project is the canonical example of a highly distributed repository and development process.
Accelerando by Stross, Charles
call centre, carbon-based life, cellular automata, cognitive dissonance, Conway's Game of Life, dark matter, dumpster diving, Extropian, finite state, Flynn Effect, glass ceiling, gravity well, John von Neumann, knapsack problem, Kuiper Belt, Magellanic Cloud, mandelbrot fractal, market bubble, means of production, packet switching, performance metric, phenotype, planetary scale, Pluto: dwarf planet, reversible computing, Richard Stallman, SETI@home, Silicon Valley, Singularitarianism, slashdot, South China Sea, stem cell, technological singularity, telepresence, The Chicago School, theory of mind, Turing complete, Turing machine, Turing test, upwardly mobile, Vernor Vinge, Von Neumann architecture, web of trust, Y2K
"None of them tried treating it as a map of a connectionist system based on the only terrestrial components anyone had ever beamed out into deep space. Except me. But then, your mother had a hand in my wetware, too." "Treating it as a map –" Amber stops. "You were meant to penetrate Dad's corporate network?" "That's right," says the cat. "I was supposed to fork repeatedly and gang-rape his web of trust. But I didn't." Aineko yawns. "Pam pissed me off, too. I don't like people who try to use me." "I don't care. Taking that thing on board was still a really stupid risk you took," Amber accuses. "So?" The cat looks at her insolently. "I kept it in my sandbox. And I got it working, on the seven hundred and forty-first attempt. It'd have worked for Pamela's bounty-hunter friends, too, if I'd tried it.
barriers to entry, borderless world, Chelsea Manning, computer age, Edward Snowden, Frederick Winslow Taylor, Hacker Ethic, Howard Rheingold, Hush-A-Phone, interchangeable parts, invisible hand, Joseph Schumpeter, means of production, Menlo Park, Network effects, new economy, Norbert Wiener, open economy, packet switching, pre–internet, RAND corporation, RFC: Request For Comment, Richard Stallman, Ronald Coase, Ronald Reagan, Silicon Valley, Steve Crocker, Steven Levy, Stewart Brand, technoutopianism, Ted Nelson, The Nature of the Firm, Thomas L Friedman, Thorstein Veblen, transaction costs, web of trust
Grove, Only the Paranoid Survive (New York: Doubleday, 1996). 22 William Lehr, “Compatibility Standards and Interoperability: Lessons from the Internet,” in Kahin and Abbate, eds., Standards Policy for Information Infrastructure; Tim Berners-Lee, Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web by its Inventor (New York: HarperOne, 1999), 98; and Calliess and Zumbansen, Rough Consensus and Running Code. 23 Andrew L. Russell, “Dot-Org Entrepreneurship: Weaving a Web of Trust,” Enterprise et Histoire 51 (2008): 44–56; Andrew L. Russell, “Constructing Legitimacy: The W3C’s Patent Policy,” in Laura DeNardis, ed., Opening Standards: The Global Politics of Interoperability (Cambridge, MA: The MIT Press, 2011); Raghu Garud, Sanjay Jain, and Arun Kumaraswamy, “Institutional Entrepreneurship in the Sponsoring of Common Technological Standards: The Case of Sun Microsystems and Java,” Academy of Management Journal 45 (2002): 196–214. 24 H.
The confusion by Neal Stephenson
correlation does not imply causation, dark matter, Fellow of the Royal Society, Filipino sailors, invisible hand, Isaac Newton, out of africa, Socratic dialogue, South China Sea, spice trade, urban planning, web of trust
“For yesterday at dinner at the home of Monsieur Castan, I was treated to a description of that same system—a description so flattering that I asked him why it was not used everywhere else.” They found this amusing. “What was Monsieur Castan’s reaction to that?” asked Jacob Gold. “Oh, that other places were cold, distrustful, that the people there did not know one another so well as they did in Lyon, had not built up the same web of trust and old relationships. That they were afflicted by a petty, literal-minded obsession with specie, and could not believe that real business was being transacted unless they saw coins being physically moved from place to place.” The others looked relieved; for they knew, now, that they would not have to break this news to Eliza. “So you are aware that when accounts are settled in Lyon, it is all done on the books.