Open Source Physical Security
This session was different than what I inferred from the title. I guess I was thinking more about lock-picking type physical security, since I had heard there were lock-picking presentations at the recent DefCon13. I guess I would have named it more like "Open Source Security Policies".
This discussion focused on how those of us who think about privacy and security on a day-to-day basis could change the current "Big Brother" style security policies by using a more open-source type approach.
The discussion was lead by Christine Peterson of the Foresight Institute which I infer is a nano-tech "think tank" kind of place. During the presentation Chris asked me to capture our notes, so the rest of this is mostly those notes (with a bit of context added by me):
Regarding what the group would like to see in order to facilitate the open data streaming of information collected (in an airport, for example):
- Make all the data public
- Make it public in real time.
- Make sure what is being made available is explained and understandable. (I.e. Don’t stream a bunch of numbers without saying what those numbers represent.)
To provide for more individual security at the same time as providing for public security:
- Do not connect identification to other measurements (such as chemical, behavioral metrics)
- Rod brought up the point that identification (as they exist right) now are completely ineffective in guaranteeing identity.
- (My observation on this (added after the fact) is that identification works for those working within the system, but fails at protecting against those working against the system.)
Should we allow or disallow private collection of some kinds of data? And as an example, Chris discussed how some types of audio surveillance are illegal for regular citizens to own…:
- The group agreed that privately collected data (chemical data such as DNA) should totally be allowed.
The further effects of the above decision:
- Privately collected chemical evidence may imply a legal/moral duty to disclose
- It may be my duty to make any data that I collect available and fully open, but it is your job (the government?) to collate it.
- (And this data collection and publishing should still adhere to the divorcing of identity from the data collected.)
- (In an extreme case) if you collect data, but don’t make it publicly available, you may be seen as liable for this information that you hold.
At one point I also interjected an example of how younger generations of people are doing more and more data-sharing of their own lives… And the group discussed how public policy is slow to catch up with this cultural change. (E.g. People being fired for personal info about themselves they post in online communities.) I feel this is a major change and the effects of this change will reverberate throughout our culture in the coming years.
This session was started by Enoch Choi, but was especially relevant since Danny O’Brien (who is credited with coining the term) was present.
On the origins of Life Hacks. Danny did a 100 question survey of a set of people he considered to be highly productive (geeks). There were a lot of interesting learning he was able to distill out of all the data he collected.
One of the learning that got a lot of notice in this discussion was how some of the geeks would find a tool, become an ‘expert’ in using it, and use it for all sorts of things, even those outside of the intended scope of that tool. (Emacs was mentioned as a prime example of this…) Email as a todo-list, email as a scheduler, email as a reminder system, etc…
There were a lot of reading suggestions in this session:
- A Perfect Mess
- Mind Hacks
- Mindless Eating
- Hacker’s Diet
- Test Driven Development:By Example - According to Danny, this book is an amazing and rare glimpse into the world of an "expert", but where they admit to having failings…
Caution about GTD ("Getting Things Done"). It is a whole structure to revamp your life. It’s a very large cognitive load. Life Hacks by comparison tend to be small incremental changes.
Life hacks are solutions, but the real important thing is to realize what the underlying problem is.
One hack that was given as an example was to tell your todo items to other geeks. The thinking goes: geeks are good at remembering trivia outside of their own lives, but not in it. So, when you tell other geeks that "I have to go to the bank on Wed", then later, on Wed, you can say "What am I doing today?" and other geeks will pipe up with "You’re going to the bank." (I think this is an interesting, though possibly unreliable, hack. And, in the spirit of "crowd sourcing", I think this should be termed "crowd storage".)
There was also a caution that I think I might have fallen into: Beware the ‘hobby’ of (reading about) productivity, don’t mistake it for being productive.
(I was a bit late hitting this session, as I originally went to "Agile Design", which was all about UI-design, not architecture-design.)
This talk was given by Yoz.
When I first got there, Yoz was talking about ToonTalk, which is an animation based programming language for kids. Yoz said that it was surprisingly sophisticated involving concurrency and message passing. He also caveated (is that a word?) that ToonTalk hasn’t been updated in a while, but it is an interesting experience.
One of the most interesting truisms that Yoz talked about was this: you have no idea what kinds of things your web site is capable of… People will use it in ways you never even imagined.
(This kind of mirror one of the discussion points from the Life Hacks discussion.)
Yoz then talked about the challenges of providing a programming API to your users. (He works for SecondLife, which does provide this capability to it’s users. Some of the challenges:
- assume all user-generated code is "hostile"
- localize the effects of user-generated code, so that if bad things happen, they only happen to that one user, or a small subset of users, and cannot bring down the entire system.
Now, at this point in the day, I was contemplating leaving the event, because I was pretty tired. I figured I had done my duty on Saturday by helping out at the registration table for about 2 hours, but I was feeling guilty about leaving before cleanup… So, to mitigate my guilt, I pulled a chair up to the wall, and ported the hard-copy classifieds to the BarCampBlockClassifieds page.
Here’s a hint people: If you want people to contact you, you should write your email LEGIBLY!
I got to this session a bit late because of my self-assigned classified’s work.