Wednesday, May 20, 2015

How Android OS should REALLY deal with privacy

I'll give you two design options that would improve OS privacy.  I am thinking of the Android Operating System, but these are design principles, so they would be just as applicable for a Windows 10 Universal Application (App) or an iOS App.  I am aware that this would be a huge undertaking, but it would be awesome!

1.  Handle-based access

This is not a new concept, but when you combine a system with pick-list controls and standard display controls, it is possible to allow an application to choose one or more contacts, display them and send a message without knowing the names or phone numbers.  The system would only expose a single handle to represent each contact.  Only isolated components would have the special privileges allowing access to the private details.  This would change the way applications create custom-drawn components, but would prevent even a HACKED system from leaking information as long as the process isolation subsystem was not compromised.  They could install "isolated" custom components that would be available only to a list of apps signed with a particular certificate.  This custom component could then access private information, but could not share memory back to the parent app, talk to the internet, write to the file system, etc. without gaining this permission just like an App.

This design would have a HUGE positive impact for persons with sight, hearing or other limitations, as they could select different components to serve their purpose (for example, the audio system could flash and buzz instead of playing sound, the display could talk over Bluetooth to an interactive Braille supplemental tablet or wristband).

2.  Information control

Allow the user to select the level of access for each application, with the option to select a default access level:
  • Dummy API, for example a list of dummy contacts with none, just you, or a small list of dummy phone numbers.
  • Limited API, only a tagged list of contacts is available.
  • Full API, same as today.

Another API example would be the network subsystem - we could have:
  • No connection
  • limited network
  • access over a specific WiFi only (only on the trusted HOME network)
  • access over Wifi only
  • access over 4G only
  • access over any network with certain white/blacklist active
  • unlimited access over any network

A combination of these two designs would make for an amazingly secure system, but it might start resembling the HURD kernel.  What does this design NOT prevent?  It would not prevent in-app advertising (unless you gave an App the no-connection, or the all-sites-blocked network API).  Applications that needed to serve advertisings might start requesting a working internet connection before they will allow you to play your game, so it wouldn't particularly break the ecosystem as it is today, but would give users amazing control over their system.

Along with a tightly controlled App Store, this might even allow Android to be used by some government agencies, or by users with privacy concerns.


I think it would actually be pretty easy to implement a different limited contact list, and perhaps a dummy phone.  Tablets have to present a dummy phone after all.

Labels: ,

Friday, April 17, 2009

Behind the times with NHibernate 2

I am so behind the times ... NHibernate 2.0.1 GA was released last fall and 2.1.0 Alphas are coming out. In the mean time, has been subsumed by Redhat's JBoss. The url doesn't take you anywhere useful, and following the javascript menu to projects / services / hibernate still doesn't get you anywhere - pure garbage. It is clear that JBoss wants to sell you their enterprise build of Hibernate instead (that "Products" link works).

I have been so busy with my day job that I haven't been keeping up. I work at a hospital, supporting Cerner Millenium - writing CCL, Perl, Python, Microsoft SQL (occasionally), and a bit of C#.

Cerner CCL is a proprietary language that feels like a mash-up of Fortran IV and and an arcane dialect of SQL from 1976. The language used to run on VMS servers, but we have migrated to HP-UX, and I am OVERJOYED to have a choice of using a posix shell, ksh or csh. Also, I recently discovered that CCL allows me to map C library functions into the language. So far we have used this to allow file open, close, read, write and seek.

Labels: , ,

Wednesday, March 18, 2009

ADDPATH NT/DOS command line script

(Yes, We say script now instead of batch ... times are changing).

Here is a stupid little batch file that I have written several times. It adds a single argument to the path in your current command-line session (so it is not permanent).

@echo off
if "%1" == "" goto end_script
set path=%path%;%1

Labels: ,

Monday, March 02, 2009

Iron Languages on DLR

The "Iron" languages that run on the .NET DLR (Dynamic Language Runtime) are making progress. I just noticed that IronRuby has a release on RubyForge.

To be honest though, I have moved to Python as my script language of choice, with Perl as the ever-present fallback. Iron Python seems like it is coming along nicely. Iron Python 2 can even host itself. I can't wait for MonoDevelop or SharpDevelop to support IronPython on Windows.

Labels: ,

Thursday, February 19, 2009

The Castle Project will facilitate native SQL.

I just spotted this on FishEye ... an example native SQL query. You'll need source from SVN or a recent download from the build server - more recent than patch 5551 by mzywitza on 17 February 2009.

This is very nice, allowing parameterized SQL without the hacks that I used (you can search here for some of my old blogs on the subject).


Thursday, January 29, 2009

Search and Replace in Visual Studio 2005

I usually have to look this up, so I am posting it to my blog.

Visual Studio 2005 has a "Regular Expression" option on the "search and replace" dialog. (Previous .Net editions had it as well.) I occasionally want to rewrite several lines of text without writing a macro or wearing out my fingers. Here's what I do ...

If I have a file with several lines of


And I would like to convert these to

SET R1 = "TEST1"
SET R20 = "TEST2"
SET R31 = "TEST3"
SET R42 = "TEST4"

I would search for "declare [R|r]{.*} = .* with constant\({.*}\)" and replace with "set r\1 = \2" (don't add quotes into the search dialog).

This grabs the text in curly braces and assigns it to \1 and \2, so I can re-assemble it as I wish. I had to use a backslash in front of the parenthesis since otherwise this is seen as part of the reg-ex and not as a literal.

Labels: ,

Tuesday, November 25, 2008

PdfPoster - a simple fix for Windows

I have tried a couple of times over the last 3 months to use PdfPoster on some Erwin documents. Unfortunately, I am using Windows XP on my work PC. It was clearly documented that I needed to install PyPdf 1.11 or higher, so I did easy_setup to install 1.12. Recently, I tried "C:\test>pdfposter -vvv -s 2.0 SCHEDULING.pdf scheduling_2x.pdf" ... and received a nice traceback (see below). This led me on a wild goose chase, under the assumption that my PyPDF library was not installed correctly. After a while, I decided to start python in immediate mode and just exercise PyPdf. It worked fine, but I noticed that the example opened a file using "rb" mode (read only, binary). So, I opened pdfposter/ under my site library directory, scrolled down to the bottom and changed the 3rd line of "def main" from "inpdf = PdfFileReader(open(infilename))" to "inpdf = PdfFileReader(open(infilename, "rb"))". Problem solved! So if you ever have problem with a python application, where it works under Linux but not under WinXP, try opening files in binary mode.

Mediasize : 1x1 a4
595.00 842.00 dots
Postersize: 1x1 a4
595.00 842.00 dots
---- processing page 1 -----
input dimensions: 612.00 792.00 (trimbox of input page)
output dimensions: 595.00 842.00 (poster size)
Calculated page scaling factor: 0.972222
output dimensions: 595.00 770.00 (calculated)
Pages w/o rotation 1 x 1
Pages w/ rotation 1 x 2
Decided for rotation: no
Deciding for 1 columns and 1 rows of portrait pages.
Traceback (most recent call last):
File "C:\Python25\Scripts\", line 8, in
load_entry_point('pdftools.pdfposter==0.4.5', 'console_scripts', 'pdfposter'
File "C:\Python25\lib\site-packages\pdftools\pdfposter\", line 119, in r
main(opts, *args)
File "C:\Python25\lib\site-packages\pdftools\pdfposter\", line 298,
in main
posterize(outpdf, page, opts.media_size, opts.poster_size, opts.scale)
File "C:\Python25\lib\site-packages\pdftools\pdfposter\", line 251,
in posterize
_scale_pdf_page(page, scale)
File "C:\Python25\lib\site-packages\pdftools\pdfposter\", line 235,
in _scale_pdf_page
content = ContentStream(page["/Contents"].getObject(), page.pdf)
File "c:\docume~1\rtate\locals~1\temp\easy_install-gpolew\pyPdf-1.12-py2.5-win
32.egg.tmp\pyPdf\", line 1114, in __init__
File "c:\docume~1\rtate\locals~1\temp\easy_install-gpolew\pyPdf-1.12-py2.5-win
32.egg.tmp\pyPdf\", line 165, in getObject
File "c:\docume~1\rtate\locals~1\temp\easy_install-gpolew\pyPdf-1.12-py2.5-win
32.egg.tmp\pyPdf\", line 549, in getObject
File "c:\docume~1\rtate\locals~1\temp\easy_install-gpolew\pyPdf-1.12-py2.5-win
32.egg.tmp\pyPdf\", line 67, in readObject
File "c:\docume~1\rtate\locals~1\temp\easy_install-gpolew\pyPdf-1.12-py2.5-win
32.egg.tmp\pyPdf\", line 539, in readFromStream
File "c:\docume~1\rtate\locals~1\temp\easy_install-gpolew\pyPdf-1.12-py2.5-win
32.egg.tmp\pyPdf\", line 544, in getObject
KeyError: 0

Labels: ,