Lucky to talk to Ania Piotrowska from Nym as part of my #WeDontSteam #Podcast

Nym promises to be the 'better than #Tor' anonymous network - a bold claim but one she says they don't make lightly. #SurveillanceCapitalism #privacy


@theruran Cool some new homework. I let you know, I have to read first. Changes are, as it is something "over TCP/IP" like Tor (Vulnerable to the hidden channels + IC serial numbers tagging attack ), and running on unsafe PC's, without any critical execution protection like SGX, that it will be equivalent to Tor in terms of anonymity protection regarding major players like NSA. Still, as it is new, it way work better for a short while, before they adapt their govware to it.

@stman what about printing the messages on paper? or passing thru a transformer that displays an easily verifiable artifact?

unused bits as indicated in specs must either be formally-verified to ensure against their use or removed altogether - possibly making for awkward packing or inefficient representation.

@stman I think what you want is to transmit Abstract Syntax Trees, i.e. executable programs. They are only serialized when present in the transmission cables. There are even cryptographic ways for the sender to ensure the program is executed properly. The program's environment is encapsulated or can be swapped with a trusted environment more safely than the joke that are sandboxes today.

It's kinda like sending the image decoder with the image data and metadata. Except these programs can be a lot simpler and more standardized than they are today. We essentially know the breadth of common use cases and can design for that.

@theruran @stman
20+ years ago, when I was an early e-commerce entrepreneur, I was trying to find someone to write a back-office system for me, based on an apparently similar assumption.
An e-shop order would be an active entity, "crawling" along the decision tree, being bounced between actors, fed with input and feeding others with output. Way above my budget then and probably ahead of time. But it is nice to see the idea exists beyond my skull.

@stman @yaaps

This is the project I was remembering and referencing in my post:

An Ironclad App lets a user securely transmit her data to a remote machine with the guarantee that every instruction executed on that machine adheres to a formal abstract specification of the app’s behavior. This does more than eliminate implementation vulnerabilities such as buffer overflows, parsing errors, or data leaks; it tells the user exactly how the app will behave at all times.

Going through the cryptography section of their website and I found some related topics that may be of interest: verifiable computing, homomorphic encryption, Secure Multi-Party Computation and EzPC, Certification of Symbolic Transactions, and Differential Privacy (also under Database Privacy)

This may catch your attention, from the EzPC page:

Secondly, to execute these protocols, one must express the computation at the low-level of circuits comprising of AND and OR gates, which is both highly cumbersome and inefficient.

So there's a lot here that ought to stimulate your imagination. This is what I imagine for the future of computing is that these cryptographic mechanisms are native and used to guarantee privacy of data and computation.

@stman @yaaps oh, yeah - the Ironclad App user transmits data to a remote machine for computation; but with verifiable computing the user transmits a function and set of inputs, then receives the output. I was mixing these up in my mind.

How do you know you own the machine? 

@stman @theruran
If you compile an AST to gates, that's a minute, hyper-detailed accounting of the implementation. If you represent and gates and or gates as ones and zeros, the final representation is unlikely to compress more efficiently than a source code representation. So, yes. Bulky, high bandwidth, and inefficient. But...

You might still want that for a bootstrap

@stman @yaaps It's a more difficult issue because you are talking of compilers, but the research I referenced above describes how to ensure the remote machine is executing your program according to formal semantics. The benefit of sending HDL instead of TTL would be less information on the wire.

I don't understand what you say here about Abstract State Machines. It's another abstract machine that is represented mathematically (formal semantics). As with any abstract machine, we can theoretically implement it in hardware just as they did with the LISP microprocessor. The output and stepwise process of an ASM can be tested on many different machines using different software, thereby using the principle of redundancy to verify correctness. It can even be implemented as an FPGA softcore (again theoretically, I don't really know about the space requirements of typical ASMs versus what's available on a run-of-the-mill FPGA).

@stman @yaaps

Why do you say it's cumbersome, and inefficient ?

They said that... It was a blockquote. I'm not sure why they said that yet, as I'll have to read more about it.

@theruran @stman
A joke about that from a couple weeks ago:

Unison uses a hash of the AST as an identifier, which is at right angle to the OCaps concept of an unguessable reference. You can use both together as long as the look up to execute the content of the AST is done in a local namespace

Of course that also requires a common syntax for the AST

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!