Profile

Cover photo
Phillip Hallam-Baker
Lived in Geneva
301 followers|142,572 views
AboutPostsPhotosYouTubeReviews

Stream

Phillip Hallam-Baker

Shared publicly  - 
 
The Mathematical Mesh is an infrastructure designed to make the Web easy to use securely.

Modern cryptography allows us to protect information in almost any fashion that can be described precisely. But until now most security applications have been built for the 'enterprise' market where ease of use is a very low priority for most software providers because the person who has to use the system is very rarely the person who signs the check to buy it.

Cryptography does not have to be difficult to use. In fact, using the Mathematical Mesh actually makes computers easier to use. One of the problems that we had to solve in the Mesh was how to encrypt data in a way that the user had access to it on every device they owned but nobody else did. This means that the cryptographic configuration data (the secret keys) has to be synchronized across all the devices. Having built a system that can do that, we can synchronize any type of configuration data, passwords, bookmarks, email server settings, VPN configuration, SSH keys.

The biggest headache in administering computers today is the difficulty of managing a disparate collection of devices from different manufacturers, bought at different times with different software installed. Apple, Microsoft and Google all have an answer to this (of course!) just standardize on their platform and throw away any device when it gets too old. Even if that was an acceptable solution for computers, it isn't going to work as the 'Internet of Things' picks up steam.

The first public release of the proof of concept build is now available from Sourceforge. This is the set of tools I am using to make a set of demonstration videos and podcasts explaining the Mesh in detail. At this point, the code isn't ready for production use but it is complete enough to perform real tasks.

What I need to do right now is to show that this approach is practical and that it is useful. And to do that I am going to show how it can be used to activate the email encryption system that has been shipping with Windows and supported by all the leading vendors for 15 years now. As in the Wizard of Oz, we had the security solution all along, people just didn't know it was there or how to use it.

This email encryption mechanism is called S/MIME and it is based on an open standard that is published by the IETF. You may have heard about OpenPGP which is another email security standard which we hope to support in the near future. In principle the Mesh can be applied to pretty much any application that uses cryptography. The reason for choosing S/MIME is that it is the email security standard that is widely used in the US government for classified information.

Development of the Mesh was funded by my employer, Comodo Group Inc. who have allowed me to release the code under an MIT open source license.

https://sourceforge.net/projects/mathematicalmesh/
Mathematical Mesh download. Mathematical Mesh 2016-01-06 04:51:21 free download. Mathematical Mesh
1
Add a comment...

Phillip Hallam-Baker

Shared publicly  - 
 
So I discovered that C# already has futures, which figures. They are just done in a way that doesn't seem very C#-ish.

Spent some time playing with lambdas and I am really not seeing the point. LINQ uses them extensively as they are much nicer than the SQL like SELECT syntax but that is hardly a low bar, beating yourself over the head with a claw hammer meets that criteria as well.

Sure, it is marginally nicer to write 

x = Y (A,  w => w^3) 

than
x = Y (A, cube)
public long cube (int w) { return w^3; }

But even though I did the functional programming thing back in the day, it never struck me as vastly different to, let alone superior to declarative.
1
Add a comment...

Phillip Hallam-Baker

Shared publicly  - 
 
WTF???

Visual studio seems to have managed to work out enough of the syntax of the language I am using to be able to offer autocomplete.

Which is quite odd when I am probably the only person using the language and there has only been a synthesizer for it for a couple of months.

And even odder given that I really, really hate autocomplete. If work is that redundant, people should fix the language, not the editor. That is why I use tools like Goedel in the first place.
1
Add a comment...

Phillip Hallam-Baker

Shared publicly  - 
 
OK which Google genius decided to

1) Configure GMail to require the use of a strong password authentication scheme.

2) Decide not to support any of the strong password authentication schemes supported by Outlook or Windows Live Mail?

Failing to check a product works with what are by far the most widely used email clients seems rather cretinous to me.
1
Phillip Hallam-Baker's profile photo
 
OK, found the switch for turning off the security. But that really isn't a solution when Microsoft does actually support several SASL schemes that are secure.
Add a comment...

Phillip Hallam-Baker

Shared publicly  - 
 
Is there anyone who can give me a good reason to enable the new TLDs ICANN is selling the rights for at $250,000 a pop?

Apart from a great deal of malware and domain name squatting, anything going on at these new domains that I might actually want?

The fact that someone puts a machine on the net does not mean that I am under any obligation to let my machines contact it.
1
Ted Lemon's profile photo
 
They turn out to be a very useful way of detecting spam.   If it comes from one of the weird TLDs, it's not from a human, so you can just drop it.
Add a comment...

Phillip Hallam-Baker

Shared publicly  - 
 
Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\Users\Phillip>ping plotter.hallambaker.com
Ping request could not find host plotter.hallambaker.com. Please check the name
and try again.

C:\Users\Phillip>nslookup plotter.hallambaker.com
Server:  firewall.hallambaker.com
Address:  192.168.1.1

Name:    plotter.hallambaker.com
Address:  192.168.1.205

grrrrrrr
1
Add a comment...
Have him in circles
301 people
Pat Booker's profile photo
Daniel Durand's profile photo
Susan Evans's profile photo
Robert Thau's profile photo
Andrew Gonzalez's profile photo
wendy Q's profile photo
Andrew Newton's profile photo
Shankar Chandraker's profile photo
Jari Arkko's profile photo

Phillip Hallam-Baker

Shared publicly  - 
 
Service Name and Transport Protocol Port Number Registry. Last Updated: 2015-11-18; Expert(s): TCP/UDP: Joe Touch; Eliot Lear, Allison Mankin, Markku Kojo, Kumiko Ono, Martin Stiemerling, Lars Eggert, Alexey Melnikov, Wes Eddy, and Alexander Zimmermann SCTP: Allison Mankin and Michael Tuexen ...
1
Add a comment...

Phillip Hallam-Baker

Shared publicly  - 
 
Today I made a major change to the architecture of the Mesh. There are now two separate persistence logs with different data in each. This makes it possible to offer better privacy and anti-rollback guarantees.

The Mesh itself remains the medium through which public key information is exchanged. Any data that the user adds to their profile will be published to the Mesh within some time interval, currently shooting for 24 hours but eventually an hour. Once the data is in the mesh, the changes are permanent and can't be rolled back without anyone noticing unless every mesh node colludes in a permanent MitM attack on an unknown set of observers.

To access the Mesh, every user has to go through a portal at which they have an account. So to use the mesh a user has to have a mesh profile and an account on at lest one portal. But the mapping isn't one to one. A user can have more than one account for a given profile at a particular portal and the profile can be enrolled in more than one portal.

This separation allows me to remove all the accounts needed for users to administer their Mesh profiles from the Mesh itself. So all that an observer of the Mesh now sees is a series of pseudo-anonymous blobs of data. The only data that might tie them to particular individuals is lodged at the portals. It is not possible for an observer to know which portal(s) a given profile is enrolled at. 

So for example, lets say I enroll my profile in the CryptoMesh through the PRISMProof and SNOWDENProof portals. Both portals perform integrity checks to verify that there is nothing 'odd' happening to any profile that is enrolled in an account at that portal. If PRISMProof defects, SNOWEDENProof spots the defection and vice versa. Since PRISMProof is not aware that there is a multiple enrollment or how many enrollments there are, they are accountable regardless.
1
Add a comment...

Phillip Hallam-Baker

Shared publicly  - 
 
3:20: Printer is delivered to house. Box has clearly been opened. This is obviously a return.
3:40: Printer is plugged in. Printout is defective
3:50: Printer is taken back downstairs to await return
3:55: Replacement ordered from different vendor.

The seller (SellToner inc) obviously knew that the machine was defective and was obviously trying to pass it off. Bad luck for them is that I have Amazon and if they fail, Amex in my corner.

Its quite obviously a defective fuser unit. But who pays $225 to replace the fuser on a $429 printer? So instead of repairing it, they sent it out. 

If it hadn't been so obviously a return I might have been willing to deal with them. But they have wasted my time and I don't see any reason to waste any more giving them second chances.
1
Add a comment...

Phillip Hallam-Baker

Shared publicly  - 
 
So I have this Google+ app on my iPhone which periodically backs up photos from the phone to the cloud. It seems to do it about once a week.

Would it have really been so hard to add a 'synchronize now' option?

What I typically want to do is to take a photo and use it immediately. And I have just discovered that mailing the photo to myself didn't work because of some spam filter. Which is another stupid issue that should get fixed. Any mail I send to myself should automatically be considered not spam. Duh.
3
Kevin Osborn's profile photo
2 comments
 
I sometimes also just share the photo I want to use immediately with myself via g+
Add a comment...
People
Have him in circles
301 people
Pat Booker's profile photo
Daniel Durand's profile photo
Susan Evans's profile photo
Robert Thau's profile photo
Andrew Gonzalez's profile photo
wendy Q's profile photo
Andrew Newton's profile photo
Shankar Chandraker's profile photo
Jari Arkko's profile photo
Basic Information
Gender
Male
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Geneva - Boston - Chester - Hamburg - Harrogate - Oxford - Southampton
Package was out for delivery on Wednesday morning. They didn't deliver. 9:00pm they report returning it to the warehouse. Package was out for delivery on Thursday morning. They didn't deliver. 9:00pm they report returning it to the warehouse. Package was out for delivery on Friday morning. They didn't deliver. 9:00pm they report returning it to the warehouse. Now they are saying they won't deliver it till Monday.
Public - 7 months ago
reviewed 7 months ago
1 review
Map
Map
Map