ComputerSecurity - LeFreq/Singularity GitHub Wiki
One can infer from Godel that no logical system will ever be complete and secure, ever. Given that, why not make a system that is fun and so cool that no one tries to screw you up?
Being open still means, that like a house, one still shuts the door, but you don't have to have a lock on it, because they can still get in through the window, pick the lock, or wait for you to get home and social engineer you. But, why not just befriend them and then they'll get access through greater understanding.
A couple of models are considered: a publish model where users/nodes must push content to the network to be visible vs. an explore model, where people can just visit your island of content, copy all non-locked content, vote on it, offer change suggestions. This projects aims to balance personal autonomy and group cohesion.
So, security is attained, not by crypto or complex authentication mechanisms, but through redundancy and radical openness where many eyes get to see everything. If people go to your node and want to look at your files, they must be able hold a clone of them, so that the network has stored the data securely. If they can't store the file, they can't look at it. Files that you don't want looked at, you must lock up. It's a bit like your house. People can look in (but they can't get a great view of what's inside). But if someone notices that you have a great piece of art in yoru living room, they can comment on it, without the user needing to publish it. Each file is tagged with meta-data, that include the node origin (and other provenance), date of creation, etc.
You see, it's already socially engineered for people's desires to be connected to one another, make cool things, and be loved.
Of course, we'll still rely on crypto for monetary transactions via Paypal or some similar agent, but let them worry about it. We'll get to make the better world.
Isn't that cool? Lolzzzzzz.
However, just as in real life, there is another dimension of data intimacy where boundaries exist. For example, while you may keep your door unlocked, it is considered rude for people to go around the neighborhood checking on doors. Similarly, a building may have a data access point, where anyone could collect data. PEople have already built protocols for quickly checking how much data they want to share with a stranger. Data stewards must work out what that means for nodes that are buildings, or POS devices, etc.
Building data (accessible via standard serial cable), consider:
- Public: building open or not (simple LED?)
- Give NODEID: get water/electrical rate, occupancy, a standardized building record for the day (Earth, maybe not Aasgaard where less is expected from the public).
- Give a matching user credential: get historical data of the building record (cf personal record of what job they have, where they live, where from, )
- Give security, get who is in building (access logs), data format for architectural layout (giving data for network and telecom cabling routes and closts, electrical layouts, plumbing (fire vs regular water paths), and wastewater, ventilations shaft routes, elevators and stairway (people) routes, fire suppression units, data collection areas, pneumatic paths, locked areas (level 1, 2, 3, 4(suppressed)).
- On first start, the system allows the user to set an email address as a default message for all user-owned objects when a getstate command is issues from the default inspection objevct.
- The initial approved users list is empty in the SET command, allowing no one to enter the user's objects. "nodename" >> trusted_users could add users..