| Andrew Cooke | Contents | Latest | RSS | Twitter | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Lepl parser for Python.

Colorless Green.

Photography around Santiago.

SVG experiment.

Professional Portfolio

Calibration of seismometers.

Data access via web services.

Cache rewrite.

Extending OpenSSH.

Last 100 entries

Ssh, tty, stdout and stderr; Feathers falling in a vacuum; Santiago 30m Bike Route; Mapa de Ciclovias en Santiago; How Unreliable is UDP?; SE Santiago 20m Bike Route; Cameron's Rap; Configuring libxml with Eclipse; Reducing Combinatorial Complexity With Occam - AI; Sentidos Comunes (Chilean Online Magazine); Hilary Mantel: The Assassination of Margaret Thatcher - August 6th 1983; NSA Interceptng Gmail During Delivery; General IIR Filters; What's happening with Scala?; Interesting (But Largely Illegible) Typeface; Retiring Essentialism; Poorest in UK, Poorest in N Europe; I Want To Be A Redneck!; Reverse Racism; The Lost Art Of Nomography; IBM Data Center (Photo); Interesting Account Of Gamma Hack; The Most Interesting Audiophile In The World; How did the first world war actually end?; Ky - Restaurant Santiago; The Black Dork Lives!; The UN Requires Unaninmous Decisions; LPIR - Steganography in Practice; How I Am 6; Clear Explanation of Verizon / Level 3 / Netflix; Teenage Girls; Formalising NSA Attacks; Switching Brakes (Tektro Hydraulic); Naim NAP 100 (Power Amp); AKG 550 First Impressions; Facebook manipulates emotions (no really); Map Reduce "No Longer Used" At Google; Removing RAID metadata; New Bike (Good Bike Shop, Santiago Chile); Removing APE Tags in Linux; Compiling Python 3.0 With GCC 4.8; Maven is Amazing; Generating Docs from a GitHub Wiki; Modular Shelves; Bash Best Practices; Good Emergency Gasfiter (Santiago, Chile); Readings in Recent Architecture; Roger Casement; Integrated Information Theory (Or Not); Possibly undefined macro AC_ENABLE_SHARED; Update on Charges; Sunburst Visualisation; Spectral Embeddings (Distances -> Coordinates); Introduction to Causality; Filtering To Help Colour-Blindness; ASUS 1015E-DS02 Too; Ready Player One; Writing Clear, Fast Julia Code; List of LatAm Novels; Running (for women); Building a Jenkins Plugin and a Jar (for Command Line use); Headphone Test Recordings; Causal Consistency; The Quest for Randomness; Chat Wars; Real-life Financial Co Without ACID Database...; Flexible Muscle-Based Locomotion for Bipedal Creatures; SQL Performance Explained; The Little Manual of API Design; Multiple Word Sizes; CRC - Next Steps; FizzBuzz; Update on CRCs; Decent Links / Discussion Community; Automated Reasoning About LLVM Optimizations and Undefined Behavior; A Painless Guide To CRC Error Detection Algorithms; Tests in Julia; Dave Eggers: what's so funny about peace, love and Starship?; Cello - High Level C Programming; autoreconf needs tar; Will Self Goes To Heathrow; Top 5 BioInformatics Papers; Vasovagal Response; Good Food in Vina; Chilean Drug Criminals Use Subsitution Cipher; Adrenaline; Stiglitz on the Impact of Technology; Why Not; How I Am 5; Lenovo X240 OpenSuse 13.1; NSA and GCHQ - Psychological Trolls; Finite Fields in Julia (Defining Your Own Number Type); Julian Assange; Starting Qemu on OpenSuse; Noisy GAs/TMs; Venezuela; Reinstalling GRUB with EFI; Instructions For Disabling KDE Indexing; Evolving Speakers; Changing Salt Size in Simple Crypt 3.0.0; Logarithmic Map (Moved)

© 2006-2013 Andrew Cooke (site) / post authors (content).

Taking Back Email (not)

From: andrew cooke <andrew@...>

Date: Mon, 23 Apr 2012 20:20:01 -0300

I was brainstorming some ideas for a "worthy" project; I finally decided it
wouldn't work, but thought I might as well write things down in case I have
a change of heart.


The idea that email needs "fixing" seems to be common at the moment (it was
included in a list of "problems" by Paul Graham).  Now, personally, I manage
my email locally, because I am unhappy with Google (or anyone else) having
access to so much information.  And it works quite well.  So the core of the
idea was that I could make that approach available to others, packaged in a
way that didn't require any expertise.

Email would be pulled from existing mail providers over IMAP and stored
locally.  There would be an embedded SQL database for search (like mairix).
The client would probably be in the web browser, running against a local
server.

Taking things further, you could extend the client to automate encrypted
email.  The idea I see working is based on ssh - you don't try to guarantee
that the initial key exchange is perfect, but you cache it and warn of
changes.  So every email would include a private key; these would be extracted
and cached by my software when it receives email from others; sending email to
people with a known key would automatically trigger encryption; a change in
keys would flag a warning.

There were some more ideas about UI, implementation, and searching /
cataloguing email, but that's the general idea.

But there are two problems.

First, sending email requires an SMTP gateway.  You can't just send email from
your own machine these days.  And while you can pull email from web providers
you cannot push it.  So there would need to be a central SMTP server.  That's
not so terrible - adding a central IMAP server for receiving email would help
avoid sharing data with the big players, and you could imagine people paying
for this service.

Second, and more seriously, I realised that I was stuck thinking of a PC-based
solution.  And really, these days, it needs to support mobile devices.  Which
don't have the resources to do this.  Email really does have to be in the
cloud, in a sense.

Coincidentally, the title "From Personal Computers to Personal Clouds" caught
my eye -
http://www.windley.com/archives/2012/04/from_personal_computers_to_personal_clouds.shtml
I haven't read the article, but given the above you can see an argument for
some kind of personal cloud platform...

Andrew

Re: Taking Back Email (not)

From: Michiel Buddingh' <michiel@...>

Date: Tue, 24 Apr 2012 07:04:19 +0200

Why keep IMAP at all central to your solution?  The protocol
practically begs to be supplanted by a REST-based API.  Most IMAP
operations translate neatly to HTTP GET or PUT requests; I think that
if such an API could be standardised (for things like searching,
tagging etc, where the implementation isn't a transparent mapping), it
would be possible to once again decouple email storage and email user
interfaces(*).

To me, that would be a fundamental part of 'fixing' email, since
people tend to be incredibly specific about their preferences in a MUA
interface.

I like your thinking about email encryption, too; I think the PGP
infrastructure we already have is wonderful, but the practices devised
around it prioritize security above everything else.  For example, I
hesitate to send signed email to friends, because I know it will be
visible as a confusing blob of alphabet soup, or worse, as some kind
of suspicious attachment that can't be opened.

Oh, and I have to enter my password, and worry about key management (I
really should generate a subkey for my GPG key, so I can safely send
signed email from my laptop, for example).  Even for an experienced
computer user such as myself, the practice requires quite a bit of
thought.

Email needs a second level of security--one that's maybe not perfect,
but requires next to no conscious decision-making to use.

mvg,
Michiel

(*) It's possible now, of course, but most web mail software has to
implement IMAP behind the scenes, at a non-negligable programmer cost.

Re: Taking Back Email (not)

From: andrew cooke <andrew@...>

Date: Tue, 24 Apr 2012 09:06:58 -0300

It's interesting to think about replacing the prtocols.  Email is strange in
that two people "own" a message (sender and receiver) so it seems to need
either duplication or a trusted third party.  Your comment started me
wondering if you could replace SMTP/POST (sending email) with a combination
of:

 - publishing the email on your (HTTP) server
 - something like RSS (so that the recipient know where to look)
 - restricting visibility to the recipient's browser
 - "strong" browser caching, so that once the recipient sees the message,
   it doesn't matter if it's deleted

But it's all kind of complicated for no real gain.  There's a dedicated
infrastructure and tools for this that should probably be leveraged...


Maybe the "two people owning the message" means that there's a special kind of
3rd party that has certain cryptographic properties, which would formalize
things like delivery verification, no forwarding, etc?  Not sure I am being
clear here - I imagine a server that has quite an abstract interface,
something like "store a number" or "generate a pair of primes" etc that could
be combined to implement message serving/hosting/storage with the required
properties.


A related idea is P2Pmail - if everyone starts running their own servers again
then you can deliver directly.

Also, with a web of public keys you can use HMACs to whitelist sources, which
helps with spam filtering (I think? does PGP allow this?)

Andrew

Comment on this post