Sunday, 30 March 2008
My projects - an overview
Lately, my focus has been slightly torn, not only do I have two personal projects on the go at once (DSSN and OCDL) and some planned projects (like TCP over HTTP), but I've also got a big work project I'm doing and have been doing for months now. On top of that my dad's not been well, there's a whole bundle of Birthdays coming up (Jules' Mum - 50, Mine - 30, Jules - 29, Jules' Dad - 50), and we've been rather busy almost every weekend since January.
Needless to say, (with the exception of the work project that I don't really have a choice about) I've not really kept my eye on the ball with anything.
Let me explain a little bit about the projects I'm trying to do (again, excepting the work project - I'm resolving now never to talk about work in my blog... it's just too damn dangerous and I've heard of too many careers destroyed by talking about or talking at work).
DSSN is my main focus for personal project work at the moment. It stands for "Distributed Secured Social Network" and grew out of an idea I had for an authentication system to improve the security provided by OpenID. I talked about the whole DSSN system at BarCamp Manchester in March 2008, where my authentication system was described as "having reimplemented Kerberos". After the day was over, I looked into Kerberos, and while there are similaraties between Kerberos and the Authentication System I devised, it's not the same.
DSSN is designed to act as both Client and Server for the content you use online, acting like a combination of an e-mail client, RSS reader, calendar, to do list, and shared address book. The individual DSSN nodes communicate with each other using XML based feeds, over an HTTPS feed and use either PGP/GPG to encrypt the exchanged data or for those who don't have the ability to include PGP/GPG on their server, the system can automatically generate a hash from the message content and forward that as part of the XML.
So, why re-invent the Social Network? Well, frankly, I'm concerned that a very small number of players control the personal details of most of my friends, and their friends, and their friends... and so on. I know the Data Portability Project are designing a way to make sure you can get your Facebook information on MySpace, but I want to be sure that when Facebook gets bought out by Rupert Murdock, or MySpace gets bought by Microsoft (these are possibilities rather than predictions), I want to be sure that my data doesn't exist on their servers, or if it does, it's PGP encrypted with my private key, and they can't mine the data for "marketing purposes", and on the day that Bebo gets cracked, the crackers can't sell my contact details to the Russian Mafia for the purposes of Identity Theft.
So, why the delay? DSSN is a complicated beast. For it to be secured from the start, I wanted to be sure that the API's were right from the outset, and that I'd got my head around how to ensure the traffic flow was secure. I'm still trying to figure it all out (at http://spriggs.org.uk/projects/dssn/wicked) and then life got in the way.
OCDL is something that was suggested at the Manchester BarCamp at a talk about the ECDL, and was proposed because a certain monopoly has provided extensive "funding" to the ECDL (like they do with schools) to encourage people to think that to use a word processor, you need to buy their particular Word processing package, and again, when you want to use a spreadsheet, you'll want their Excel-lent spreadsheet program. For web browsing, well, I'm sure you get the idea.
The OCDL was supposed to be a series of lessons about computing, starting with the basics of how to use an internet browser, an e-mail client or web mail site, how to use a word processor and spreadsheet, and then with some "advanced" modules on the fundamentals of Databases (probably taught with OOo Base, MySQL or a common proprietary databasing application). The lessons would be released under two Creative Commons licenses, depending on whether it was a completed lesson, or one still being drafted (that is, the draft versions are released with a No Commercial, Attribution license, and then when finished, the released versions have a No Derivatives license, but this will be done with the approval of all participants in the process).
So why the delay here? As a concept, this dual-license sounds great, but in practice, how do you enforce these two very distinct and separate license clauses? Also, other people, much more knowledgeable with teaching skills and underlying knowledge about the products have already started to write other training courses.
I'm seriously considering ditching the idea of building an OCDL system, as I don't think I'm the right person to push it forward.
I've also got a series of microprojects I've got bubbling at the back of my head.
There's a project to wrap proper TCP or UDP packets in HTTP or HTTPS. This was designed to allow access to SSH and E-Mail from Wifi Hotspots where only HTTP traffic is allowed. The main reason I've not implemented this is because frankly, I work in IT Security, and I just know that the first day I catch someone who's using this at work, I'll let it slip that I wrote this traversal system, and I'll be in big trouble!
I want to write a web based Food and Exercise charting system, which should help me lose weight. The reason I've not got very far with it? I keep circumventing the system, and put data straight into the database using phpMyAdmin, which means I end up not actually doing what I'm trying to with the system, and just keep writing kludge.
Before the requirement for keeping an accurate logbook was removed from the Amateur Radio regulation, I had planned to write a full featured log book in PHP, and then I wanted to use Ruby, and now, I don't really know what I want to do with it all.
I had another couple of projects I wanted to work on, and wrote them up on my wiki at home (http://home.spriggs.org.uk) but they are all like shiny bits of paper, just waiting to tempt me away from what I'm working on at the time.
I'm slightly scared this blog will become another shiny bit of paper.
Needless to say, (with the exception of the work project that I don't really have a choice about) I've not really kept my eye on the ball with anything.
Let me explain a little bit about the projects I'm trying to do (again, excepting the work project - I'm resolving now never to talk about work in my blog... it's just too damn dangerous and I've heard of too many careers destroyed by talking about or talking at work).
DSSN is my main focus for personal project work at the moment. It stands for "Distributed Secured Social Network" and grew out of an idea I had for an authentication system to improve the security provided by OpenID. I talked about the whole DSSN system at BarCamp Manchester in March 2008, where my authentication system was described as "having reimplemented Kerberos". After the day was over, I looked into Kerberos, and while there are similaraties between Kerberos and the Authentication System I devised, it's not the same.
DSSN is designed to act as both Client and Server for the content you use online, acting like a combination of an e-mail client, RSS reader, calendar, to do list, and shared address book. The individual DSSN nodes communicate with each other using XML based feeds, over an HTTPS feed and use either PGP/GPG to encrypt the exchanged data or for those who don't have the ability to include PGP/GPG on their server, the system can automatically generate a hash from the message content and forward that as part of the XML.
So, why re-invent the Social Network? Well, frankly, I'm concerned that a very small number of players control the personal details of most of my friends, and their friends, and their friends... and so on. I know the Data Portability Project are designing a way to make sure you can get your Facebook information on MySpace, but I want to be sure that when Facebook gets bought out by Rupert Murdock, or MySpace gets bought by Microsoft (these are possibilities rather than predictions), I want to be sure that my data doesn't exist on their servers, or if it does, it's PGP encrypted with my private key, and they can't mine the data for "marketing purposes", and on the day that Bebo gets cracked, the crackers can't sell my contact details to the Russian Mafia for the purposes of Identity Theft.
So, why the delay? DSSN is a complicated beast. For it to be secured from the start, I wanted to be sure that the API's were right from the outset, and that I'd got my head around how to ensure the traffic flow was secure. I'm still trying to figure it all out (at http://spriggs.org.uk/projects/dssn/wicked) and then life got in the way.
OCDL is something that was suggested at the Manchester BarCamp at a talk about the ECDL, and was proposed because a certain monopoly has provided extensive "funding" to the ECDL (like they do with schools) to encourage people to think that to use a word processor, you need to buy their particular Word processing package, and again, when you want to use a spreadsheet, you'll want their Excel-lent spreadsheet program. For web browsing, well, I'm sure you get the idea.
The OCDL was supposed to be a series of lessons about computing, starting with the basics of how to use an internet browser, an e-mail client or web mail site, how to use a word processor and spreadsheet, and then with some "advanced" modules on the fundamentals of Databases (probably taught with OOo Base, MySQL or a common proprietary databasing application). The lessons would be released under two Creative Commons licenses, depending on whether it was a completed lesson, or one still being drafted (that is, the draft versions are released with a No Commercial, Attribution license, and then when finished, the released versions have a No Derivatives license, but this will be done with the approval of all participants in the process).
So why the delay here? As a concept, this dual-license sounds great, but in practice, how do you enforce these two very distinct and separate license clauses? Also, other people, much more knowledgeable with teaching skills and underlying knowledge about the products have already started to write other training courses.
I'm seriously considering ditching the idea of building an OCDL system, as I don't think I'm the right person to push it forward.
I've also got a series of microprojects I've got bubbling at the back of my head.
There's a project to wrap proper TCP or UDP packets in HTTP or HTTPS. This was designed to allow access to SSH and E-Mail from Wifi Hotspots where only HTTP traffic is allowed. The main reason I've not implemented this is because frankly, I work in IT Security, and I just know that the first day I catch someone who's using this at work, I'll let it slip that I wrote this traversal system, and I'll be in big trouble!
I want to write a web based Food and Exercise charting system, which should help me lose weight. The reason I've not got very far with it? I keep circumventing the system, and put data straight into the database using phpMyAdmin, which means I end up not actually doing what I'm trying to with the system, and just keep writing kludge.
Before the requirement for keeping an accurate logbook was removed from the Amateur Radio regulation, I had planned to write a full featured log book in PHP, and then I wanted to use Ruby, and now, I don't really know what I want to do with it all.
I had another couple of projects I wanted to work on, and wrote them up on my wiki at home (http://home.spriggs.org.uk) but they are all like shiny bits of paper, just waiting to tempt me away from what I'm working on at the time.
I'm slightly scared this blog will become another shiny bit of paper.
Labels: Technology
Subscribe to Posts [Atom]
