Web Encryption Framework

Last year danigm, which is a good friend of mine told me about this new project he was going to undertake, that he will present to CUSL (Free Software University Contest). It’s GECO (Password Manager), which will allow you to store your passwords online so that you can sync them in different computers.

Of course, storing all your passwords must be done in a very secure way if you don’t like surprises. The connection with the server must be secure (SSL?) so that no one else can see your passwords. But what’s more, are you going to upload your passwords in clear? No way buddy, that’s too risky. I wouldn’t trust all my passwords not even to my best friend, and even if so, what if the server gets compromised?

So the thing is, GECO is designed to have both a web and desktop client. The problem here is that current web browsers like Firefox don’t provide a standard framework to cipher and decipher data on the client. You’ve got SSL, but that only ciphers communications with the server, and that doesn’t solve the problem.

So what did my friend danigm do? He will be using Slow AES, a free software implementation of AES both in Javascript and python. Because he not only needs to be able to cipher and decipher text in the client via Javascript, but he also needs to ensure that when he uses the gnome desktop client developed in python, exactly the same AES algorithm implementation is used, so that what is ciphered using the web client can be deciphered in the desktop client and vice-versa.

The penalty of this is that this AES implementation is, as it name shows, slow. That’s not much a problem for ciphering small text strings like passwords. But I’m using his project as an example of what I think is coming next in the future. Because web applications are becoming common in our daily Internet life. There’s Gmail for example, which is an astonishing piece of software, and I’m tempted of using it replacing the good old KMail, but there’s one big feature that I’m missing: GPG.

I’ve tried the GPG Firefox plugin for Gmail, but it doesn’t work very well and besides, it doesn’t in other web browsers, like our all times favourite Konqueror. I’ve even used sometimes the Gtalk chat Gmail’s feature, which connects via Jabber to my IM contacts but also with my email contacts that use Gmail, which is handy sometimes, but being me an avid user of Kopete’s OTR plugin, I miss the security it provides. Finally, there are also some web services which provide online data
storage, an online hard disk if you want to name it like that. Google itself seems to be playing with idea of launching the Google Drive. Storing more
and more data online will make yourself much more exposed to potential privacy loss risk unless they are stored encrypted.

As a consequence, I think SSL is not enough any-more as a way to protect your privacy online: we need a comprehensive, well-designed framework for encrypting and decrypting data in the web browser. The next question is, then, how should be such a framework?

I have some ideas about that too: it should use standard implementations of well-known algorithms, like GPG and RSA. Probably a Javacript binding of lybcrypto should be fine. But we need also a way to ensure users that the clear data is not going anywhere else, meaning that the Javascript code is not playing tricks like copying the clear data and sending it to the web server, and the web server will only get the ciphered data and not in clear.

Now, there’s no easy way to solve that. In order to accomplish that last point we need to isolate the part of the page that deals with the ciphered data from the part of the page which deals with the clear data, creating a software jail for the later. The idea is having special html tags or tags with special attributes, which:

1. Can be stylized using css (remember? it’ not 1999 anymore)
2. Ciphered data can be processed securely and transparently in the web browser without compromising its security.

So normal Javascript code would see this data ciphered, and would be able to communicate with the server via usual ways: either sending a form via POST/GET or using AJAX. In the other hand, the Javascript code that deals with the encrypted data would see the data in the clear, but would not be allowed to communicate
with anyone, to send the data anywhere. That code is in jail. And for various purposes like updating the encrypted data, some information would be allowed to flow from the normal Javascript code to the jailed Javascript code, but not in the opposite direction; information would flow only in one way: from insecure code to secure code, not compromising security.

Of course, if such framework gets developed, standardised and deployed in most web browsers, even then some sites won’t make use of it at least for a long time. It’s not in Google’s best interest to let you cipher easily your email and IM conversations if they want to be able to show contextual ads, for example. But other services like GECO, or other kind of services we can’t even think of yet, will surely make good use of such a framework, and that’s the idea. I think the potential use of a Web Encryption Framework (or WEF for friends) is not only in common-place web applications and web services, but also in business web applications where security is a must.

Don’t get me wrong, I haven’t thought the actual details of this proposal. What you see here is all I’ve got at the moment. This is only one idea that I wanted to write about so that you people tell me what do you think about it, so now it’s your turn.

Akademy-es 2008 A Coruña starts!

Hello everyone, it’s been a long time since I last blogged. None has said it yet so let me be the first to announce it via this blog: Akademy-es has started for spanish people. It starts today and it will end this Sunday. Yesterday morning Alejandro and I took a plane from Seville (South of Spain) to A Coruña which is in the northern coast of Spain and it’s where the event will happen. I’ll be a very nice experience to see again all those spanish people which I knew in Akademy 2008.

So how was yesterday? Basically we walked, walked up and down A Coruña first trying to find a good digital camera, then finding a place to eat, then buying some new shoes becase the boots I was wearing were killing me and then going with José Millan to a nice Kebabs having dinner and some beers. We hadn’t slept for al ong time and thus were very tired so we came back to José’s place (thanks for being so nice and providing us accomodation!) and slept there as a log for long hours.

Today will be a more productive way programatically-speaking, because we’re already in the university, we’re experiencing some difficulties with the network but as you can see we reach to Internet, and probably the wifi network will get better today beause the organization is setting up some AP for us. We’ll see what the time brings us today and I’ll try to blog it later =).

Ciencia, Religión y Teorema de Gödel

Bueno como parece que va a terminar siendo habitual escribir entradas acerca de lo que se comenta en la asignatura de TIS, he creado una categoría específica con objeto de clasificar con ella dichas entradas. Cito aquí el correo que hoy he enviado al profesor de Jose Manuel Elena Ortega:

Hola!

Hoy en clase hemos comparado algunas diferencias entre las bases de la Ciencia y Religión. Todos sabemos que ambos (Ciencia y Religión) son conceptos diferentes. En este contexto puntualicé más o menos lo siguiente:

Los axiomas matemáticos son verdades que no se cuestionan, característica que comparte con la doxa religiosa.

Usted me dijo que eso no era cierto por el teorema de Gödel. Según la wikipedia y cito:

“En cualquier formalización consistente de las matemáticas que sea lo bastante fuerte para definir el concepto de números naturales, se puede construir una afirmación que ni se puede demostrar ni se puede refutar dentro de ese sistema.”

El teorema de Gödel demuestra que hay afirmaciones *no* se pueden contradecir -ni afirmar- en cualquier formalización *consistente* de las matemáticas. Se basa por tanto en formalizaciones consistentes, es decir, que formalizaciones fundamentadas en axiomas que no se contradigan.

Asi qué el teorema de Gödel no niega mi aseveración: “las matemáticas se basan en axiomas consistentes, la religión no necesariamente” sino de hecho se basa en axiomas consistentes (que es lo que yo afirmaba) para demostrar que con esa base se puede llegar a afirmaciones que ni se pueden refutar ni demostrar.

Saludos,
        Eduardo Robles Elvira.
–
“The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.” (George Bernard Shaw)

Mitos, leyendas e ideas preconcebidas

Publico un email bastante largo que he enviado hoy al profesor Jose Manuel Elena Ortega de la asignatura TIS, que me ha salido tan largo que he pensado que da para una entrada para el blog, que tengo algo abandonado. El asunto del email es el mismo que el título de esta entrada del blog, “Mitos, leyendas e ideas preconcebidas”:

Hola Jose Manuel,

(Permíteme que te tutee). Soy alumno de tu clase de por la tarde de TIS.

Quiero decirte que se equivocó hoy en clase y mucho cuando sugirió que yo era un defensor de USA por el simple hecho de apoyar la tesis de que efectivamente llegaron a la Luna. Probablemente si pregunta a cualquier alumno de su clase que me conozca y le pide que señale con el dedo a la persona que más crítica sea con la política de USA me señalarán todos a mí con el dedo.

A raíz del debate de la clase de hoy he estado repasando algunos posts de mi antiguo blog donde hablo de cosas relacionadas y he encontrado cosas que así lo atestiguan, y además una entrada en especial que probablemente te haga esbozar una amplia sonrisa.

En http://edulix.blogspot.com/2006/01/licencia-para-matar.html digo “En España hay cierta fijación con los Estados Unidos de América y yo reconozco que la tengo.” y “discutimos sobre las incursiones ilegales de la secreta, la CIA, que el 14 realizó actos terroristas.”

En http://edulix.blogspot.com/2006/01/cuanto-mayor-es-la-mentira-ms-gente-la.html recomiendo el documental The Corporation, claramente crítico a todo lo que USA representa.

En la última entrada de este blog ( http://edulix.blogspot.com/2006/07/traduciendo-cointelpro.html ) que cerré en 2006, menciono mi traducción en la Wikipdia del artículo de COINTELPRO, toda una conspiración (pero real, de las que a mi me gustan, no como la de “el hombre no llegó a la luna”) del gobierno de USA que la mayor parte de la gente desconoce.

El blog a partir de 2006 lo dejé pero en webs como http://slashdot.org http://www.barrapunto.com o http://www.meneame.net podrás ver comentarios míos críticos con USA.

Como he anticipado, hay una entrada que escribí hace unos 2 años que te va a hacer esbozar una sonrisa: http://edulix.blogspot.com/2006/02/vivir-para-siempre.html , en la que hablo del tema Vivir para siempre, y de La Singularidad, temas que hemos tratado en TIS. Ya ni me acordaba de haber escrito ese post, y me ha hecho mucha gracia puesto que esgrimo exactamente los mismos argumentos que tú has usado en clase en el tema de la Singularidad.

Así pues creo que queda claro que no soy la persona que usted se imaginó: ni soy un fanático pro-USA, ni estoy siempre en contra de sus posturas. Soy muy pragmático. Nunca excesivamente – porque no se puede ser excesivamente pragmático .

–

Sobre el tema de si el hombre fue a la Luna o no, siento decirte que el argumento “si no volvieron es porque no fueron, si hubiesen ido tendríamos chalets en la luna” es bastante pobre, y además es, permíteme que te lo diga, un “argumento” totalmente demagógico. Si no volvieron luego de ir unas pocas de veces es porque la carrera espacial en plena guerra fría dejó de tener sentido para los políticos una vez ganada. No es que la NASA no quisiera volver, porque lo hizo cuando pudo, es que los políticos cortaron su presupuesto, y como comprenderás ir a la luna no sale barato.

Hay cientos de documentos disponibles en la web de la NASA que atestiguan que fueron varias veces a la luna con tripulantes, y no hay argumentos de peso que demuestren la falsedad de éstos documentos. Como comenté en clase, te facilito el episodio de los Cazadores de Mitos acerca de los argumentos (como el de la bandera ondeante) que se suelen esgrimar en contra de la veracidad de estos documentos:

http://www.youtube.com/watch?v=Wym04J_3Ls0

http://www.youtube.com/watch?v=MtWMz51eL0Y

http://www.youtube.com/watch?v=5taIxlNA_Lw

http://www.youtube.com/watch?v=uE4w2MIYhC4

http://www.youtube.com/watch?v=hMBCfuKs9i8

No he encontrado refutaciones a los contra-argumentos esgrimidos por los Cazadores de mitos. También quiero decir que a lo largo del tiempo he leido varias veces en distintos sitios sobre este interesante tema, y mi conclusión personal (que es que USA llegó a la luna en 1969) no ha sido tomada a la ligera en una tarde por tan sólo ideas preconcevidas.

Por cierto Mythbusters tienen muchos episodios interesantes y didácticos. Según parece es un programa creado por la revista Popular Mechanics, que supongo conocerá: http://www.popularmechanics.com/mythbusters

–

Sobre si Walt Disney está criogenizado o no.. seamos serios, ¿cual es tu fuente de información? No quiero caer como en el error de presumir nada que pueda ser falso porque no es mi estilo, pero este mito suele creéselo gente que no se ha planteado su falsedad y no se ha molestado en ver argumentos en pro y en contra, gente que conoce la historia del Walt Disney criogenizado de oídas, es decir sin tener ninguna fuente concreta fiable más que el típico “me lo han contado“, “lo he oído” o “dicen que“.

Personalmente cuando hago afirmaciones siempre me gusta citar mis fuentes para que quien me lea o escuche sepa a qué atenerse. En la conocida web acerca de mitos Snopes.com explican con detalle el mito del “Walt Disney criogenizado / en suspensión animada”: http://www.snopes.com/disney/info/wd-ice.htm No he encontrado refutaciones a estos argumentos.

NaCl-u-2,
     Eduardo Robles Elvira.

PD1: Si has llegado hasta aquí, ¡enhorabuena!
PD2: Como me ha salido un email bastante largo lo publicaré en mi nuevo blog ( http://blog.edulix.es ) y así le doy algo de contenido =).
–
“The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.” (George Bernard Shaw)

Back in black & Akregator news

So this summer I spent some nice holidays in Ireland, Akademy was fantastic, and then the September exams were not so nice but they at least already ended so that’s ok. Yeah, it’s been quite a while since last time I blogged but now I’m back in black, once again, to make KDE 4.2 rock.

I haven’t started the classes yet and I already I’ve got already a lot of exciting projects in my head. Since yesterday I’ve been touching the code of Akregator. It is one of the applications I use the most throughout the day, together with KMail, Konqueror and Kopete, because thanks to this excellent feed reader I read the news from meneame, digg, slashdot, Planet KDE, and so on.

But akregator 4.1 seemed to have a major leak of memory because after using it for some days I end up with it using more than 300Mb of memory and that’s not right. So I had to closed akregator and reopen it, but doing that I lose the tabs I had opened in akregator. So? No problem sir, I will go straight to the code and try to fix it. That’s what I did!

Today I’ve commited a patch to trunk that adds support in akregator to automatically save the tabs you have opened when you close it, and they are restored the next time you run akregator. And the same will happen when you close KDE and login again if you have KDE configured to save & restore session. This will be available in KDE 4.2. Also, I fixed a leak in akregator, because sometimes it was not freeing the tab when you closed one. That fix is backported to KDE 4.1 too.

I must say that the akregator people have been very friendly to me and I will probably send more patches to them in the future. However now what I have in mind is getting an even better session support in konqueror, so be tunned =). Ok, I think that’s all for today.

KDE 4.1 RC1 here I come

It’s been a long time since I wrote my last blog entry. Truth is I’ve been quite busy first with final exams and then with different related tasks like having fun, burning myself in the beach, collaborating with PIRATA and yes, fixing some konqueror bugs, as we are in bug-fixing only mode.

So I’ve fixed all the known bugs for the two main features I’ve developed for konqueror, the undo closed items and the session manager and crash recovery dialog: KDE 4.1 RC1 is going to rock! Please report any bug you notice in konqueror and specially in the mentioned areas so we can have a KDE 4.1 release with no bugs in them. And of course…

This will be my first akademy, and I already know I will have a very good time there and I will be able to see face to face nice people with which I’ve been in contact with for a long time already.

Nokia does not get it

Dr Ari Jaaksi is Nokia’s vice president of software and head of its open-source operations. Note that Nokia recently acquired Trolltech so now he has an important role in Qt’s future. An I’m worried because he has been quoted saying nonsense like this:

“We want to educate open-source developers. There are certain business rules [developers] need to obey, such as DRM, IPR [intellectual property rights], SIM locks and subsidised business models.”

No thanks you very much, but I don’t want software defective by design (not even the evils at Apple like DRM anymore), I don’t believe in imaginary property, and I hate SIM locks as much as the next guy.

“As an industry, we plan to use open-source technologies but we are not yet ready to play by the rules; but this needs to work the other way round too.”

You better start playing by the rules because else the other companies might do it faster than Nokia and you will lose the opportunity. Oh: And just as a remind: when you go open source, you *must* play by the rules by honoring the license of the software.

Really, it’s sad to listen to things like this from someone controlling the company who owns Trolltech  I am sure that the vice-president of companies like Red Hat wouldn’t say nonsense like the above. But it’s no surprise coming from someone in a company that seems to be absolutely in favor of software patents in Europe according to FFII.

Random updates

The final exams are coming soon and I should study, so I guess that’s why I’m here again trying hard to find something else to do… other than studying.

Tonight pinotree told me he found some memory leaks in konqueror and that I should try running valgrind against it. I haven never really used valgrind, but he has been very helpful with that. We found some minor not really important leaks.. and then this really nasty leak that should have never happened and I’m really  glad we found and fixed in rev815027.

Each tab in konqueror contains one or more konqviews. Normally it’s just one. For each view, we hold in a HistoryEntries the information about the pages you visited so you can go back&forward in the history. Each HistoryEntry contains quite a lot of useful information like: the url, the locationbarURL, the postData, the page cache, etc. And the bug was.. the KonqView destructor was not deleting its HistoryEntries, so that when you closed a tab, they were not really removed from memory. Quite nasty if you ask me! And really easy to fix thanksfully, once the problem has been found.

I’ve also been fixing some konqueror sessions bugs just after the beta 1, and I plan to fix some more for the next beta so be tunned! Oh and by the way, for those coming to akademy, Akademy 2008 registration is already opened and of course I’ve already registered myself. I will go to all the events, and I will pay for a bike so we can go to nearby places riding a bike. I love cycling =). And I’m in the group “KDE España” so that all spaniards can be grouped together.

Some guy called “Sami Liedes” gathered together a quite large (50!) list of bugs he had with KDE 4 beta 1 in kde-devel, and looking at konqueror bugs only, I had found at least 3 of them already, and one of those three was directly related to my code and had already been fixed. I will investigate the remaining ones =).

Enough blogging for today, I guess it’s time to go to bed now

Licencia GPL vs. aplicaciones web. AGPL

Esta nueva entrada en el blog proviene de un mensaje que he mandado a la lista de correo de Sugus. Lo publico en mi blog porque quiero tener una URL que pasar a la gente cuando quiera que conozcan el problema que tiene licenciar bajo GPL software en red, y cómo la licencia Affero GPL lo soluciona.

Hay cierto desconocimiento sobre los términos de la GPL en las aplicaciones web. Creo que es importante para aquellos interesados en el software libre conocer realmente las implicaciones de la licencia libre por excelencia, la GPL.

La GPL y todas las licencias libres han de cumplir las cuatro libertades del software: poder ejecutar el programa, acceder al código, modificarlo y redistribuirlo. Pero estas libertades sólo las tienen los usuarios del software.

Edulix 2010

Si yo soy un usuario de MS Windows y quiero ejecutar el sistema operativo Edulix 2010, puede que tenga que pagar para ello. Si yo como creador del software elijo un modelo de negocio en el que sólo los usuarios
legítimos, aquellos que tienen binarios de Edulix 2010, puedan acceder al código cuando me lo pidan por email, eso lo permite la GPL. Y si elijo también que tengan que pagar 35€ para que yo les ofrezca una copia de Edulix 2010, la GPL también lo permite. Libre != Gratis.

Claro que.. cualquiera podría pagar 35€ y luego redistribuir mi software de manera gratuita.

Google

Ahora pongamos como ejemplo el caso del código del buscador Google. Nadie que no sea de Google tiene acceso a él, e incluso dentro de la propia compañía casi seguro que guardan cierto control sobre su código para que no haya filtraciones.

Resulta que los únicos que tienen acceso a los binarios o código de las páginas web de Google son los propios empleados de Google, y por tanto, son los únicos “usuarios legítimos”, por llamarlo de alguna manera. De esa forma, si el código fuese GPL y sus usuarios decidieran no redistribuir el código a
nadie, seguiría siendo técnicamente software libre, igual que cuando te bajas un programa que sea software libre, lo modificas y no lo redistribuyes.  Sigues cumpliendo con los términos de la GPL.

Eso es lo chocante: pese a que millones de personas acceden a la página web de Google todos los días, su código podría estar bajo licencia GPL y sin embargo todos éstos millones de personas no tendrían derecho legítimo a acceder al código fuente. Desde mi punto de vista, es un fallo de la GPL.

Affero GPL (AGPL)

La licencia AGPL resuelve precisamente éste problema. Es una copia calcada de la GPL, pero añade una cláusula (sección 2(d)) que añade la obligación de distribuir el software si éste se ejecuta para ofrecer servicios a través de una red de ordenadores.

En el preámbulo de la propia licencia lo explican claramente (traduzco del inglés):

La Licencia Pública General GNU permite crear una versión modificada y dar acceso público a ella en un servidor sin tener que liberar el código fuente al público.

La Licencia Pública General de Affero GNU está diseñada específicamente para asegurarse de que, en esos casos, el código fuente modificado esté disponible a la comunidad.

Como véis no me estoy inventando nada. Eso lo dice la licencia oficial de la FSF. Ah por cierto también explican que la GPL v3 en principio iba a contener la famosa cláusula 2(d), es decir que iba a ser igual que la AGPL… pero que algunas empresas [1] no les gustaba la idea y por tanto la quitaron
de la versión final de la GPL v3. (y digo yo: vendidos!)

Lujury, conclusiones

Así que… Anarb, lo siento pero técnicamente Lujury podría perfectamente ser libre, GPL. Algunos me llamarán taliban por esto pero.. pero desde mi punto de vista la GPL y demás licencias que no tienen en cuenta el problema del software en red no son suficientemente libres. Stallman es un vendido, podría
haberlo arreglado en la GPLv3 y no quiso . Tenemos la GPL en un altar y ésto nos puede llevar a confusión cuando no comprendemos realmente la licencia.

¿Mi sugerencia/solución? Para aplicaciones en red como las páginas web, licenciar el software bajo Affero GPL (AGPL). Y yo incluso abogaría por especificar éste problema para que las licencias que no lo resuelvan no sean consideradas completamente libres por la FSF o la OSI.
–
[1] Lo siento no he encontrado la referencia sobre lo de “algunas empresas”, pero juro que lo leí en alguna parte xD

Konqueror session management + crash handler

So as it was promised, konqueror session management is already done. I’ve just sent an email to kfm-devel with the patch attached and hopefully the patch will enter into trunk before the hard feature freeze (next monday) so that we get it in Konqueror 4.1.

The session management support is pretty similar to the one that Opera has. Let’s say it’s inspired in Opera =). And as everyone likes screenshots, here there is one that shows the new menus for session management:

So you can easily save current session, open one of the saved sessions, or manage current sessions. And only one more item was added to the File Menu, which is the same menu where session management resides in Opera.

The Manage sessions dialog lets you save current session in a new session or in an existing session (overwriting it). It also can rename an existing session, or delete it. Or even open one of those sessions. Quite straightforward if you look at it, actually:

And I have reserved the best part for the end. Proper crash session recovery! Because Konqueror shouldn’t, but it can crash sometimes. And it crashes even more when you use KDE trunk. Until now, the only option you had to recover from a crash was using the crash plugin which is sub-optimal.

What I’ve done is something similar to what Opera, Firefox and many others browsers do: Save session every X seconds (it’s configurable via konquerorrc, 10 seconds by default as in firefox). This is done for all konqueror processes, and it’s saved in ~/.kde/share/apps/konqueror/autosaved/. Each process saves its session timely there in a file with a name similar to “:1.114″ which identifies it. When a konqueror instance is closed cleanly, its file is removed.

Thus, every time a new window or konqueror process is launched, Konqueror reads that directory and asks to DBus if there’s any service registered with the name “:1.114″, for example, or whatever name have the autosaved files. This is done very fast, because no text parsing or waiting is needed, so the user doesn’t feel any delay.

If for some reason there’s a file with a name that is not related to a registered dbus service, that means that something wrong happened i.e. a konqueror process crashed or froze. And in that case, you get this nice dialog:

Which allows you to restore session if you want, or not, or even not restoring it now but restoring it later (opening a new konqueror process / window). As David Faure suggested me, it also allows you to check “do not ask again” and always do whatever you choose automatically without asking everytime. Nice isn’t it?

There’ still some related fixes I want to add to SVN before hard feature freeze, like adding a KAction menu to “Hibernate konqueror”, i.e. Save current session and close konqueror, so that next time you open konqueror it can be restored. Also listing the crashed and still not restored sessions (i.e. you clicked in “ask me later”) in the sessions menu.

Oh and adding an option to undo closed tab to right click menu of the konqueror tabbar is a must too, I use that option a lot now in firefox and we need it too .