Saturday, November 24, 2012

Why Kubrick is a genius

When I watched Kubrick's Eyes Wide Shut I left the theater with questions rather than answers. I was puzzled and exhausted. It took the evening and several days after that I managed to come to terms with it and I found an answer that I alone worked out. Kubrick with his film had asked a clever question. Eventually I had managed to find an answer, it may not be the right answer, in fact there may not ever be a right answer, but it was my answer. This sort of engaging art is the most valuable one, the one we should qualify as "masterpiece".

Terry Gilliam makes similar observations and brilliantly uses Spielberg to demonstrate Kubrick's genius.

Friday, November 23, 2012

Writing security applications for Apple App Store

I spent over two decades in the IT industry, significant portion of that was spent building security applications, including encryption software for EFTPOS terminals used in Australia.

For over a decade now I have been playing with the idea of writing a simple password manager for my own personal use. The idea evolved into a range of products, some of them were free in the public domain and some were commercial applications.

Most recently, since July 2011 I have been working on a product called MiniBluebox that allows users to define and keep their private data such as passwords in one or many secure documents stored on Mac, IOS devices or iCloud.

Unfortunately "security apps" category is a hard sell. Most people do not understand what is involved both in terms of risks, and in terms of technology. It is extremely difficult to communicate security in layman terms especially in an era of Internet-induced attention deficit disorder.

There are hundreds of similar password manager apps, and it is possible that some of these applications could have been developed by people with questionable credentials or intentions.

From my experience even though Apple tests your app for general fitness (eg. crash tests), they do not catch or test everything. It is true that IOS apps are sandboxed, and technically it helps, however sandboxing alone may not be sufficient to protect users' data against malware attacks. Ultimately the users' privacy depends on the type, application method and level of encryption used, among other factors.

We should also consider, the sheer volume of Apple App Store domain which is now staggering. At the time of this writing there are nearly or over 1 million apps on the App Store. The consumers are increasingly exposed to a massive online store with very little at their disposal to filter and check credibility of applications other than dubious star system that focuses on commercially motivated usability aspects.

During app submission Apple asks the developer if their app is using Encryption.

If you answer "Yes" then Apple channels you to a U.S. Government website for you to register your app and its encryption algorithm with Bureau of Industry and Security, U.S. Department of Commerce, Commodity Classification Automated Tracking System (CCATS). Note this is required by U.S. Law.

But my point is not everybody I believe answers this question candidly.

By the nature of my work I interact with other developers at websites such as StackOverflow. I have had the impression that some developers may be hiding the fact that their password management application uses encryption simply to be able to bypass tedious process of registering their apps with CCATS. I also do not think Apple checks whether the question is answered candidly.

So ultimately as a user you should do your homework and investigate thoroughly not only what the app does, but who developed it and how it is being developed.

Personally I try to explain every bit of information that might interest users on product website and in principle I maintain open and honest relationship between myself, Apple, users and everybody else.

The encryption algorithm I use is called Skein which is public domain and how I use it is explained on my website. MiniBluebox is officially registered with Bureau of Industry and Security, U.S. Department of Commerce, Commodity Classification Automated Tracking System (CCATS). MiniBluebox was given the encryption registration number ERN R103536.

There is absolutely no secret on what I am doing, and I strongly encourage my users to contact me for any questions they may have. But by the same token I can't help to think that Apple should provide users and developers a better, fairer and more transparent store environment for users to make informed decisions especially in the area of security.

Tuesday, November 20, 2012


In his book "Citizens: A Chronicle of The French Revolution", British historian Simon Schama argues;

"For it is at the top, rather, rather than in any imaginary middle of French society, that the cultural roots of the Revolution should be sought. While any search for a conspicuously disaffected bourgeoisie is going to be fruitless, the presence of a disaffected, or at the very least disappointed, young "patriot" aristocracy is dramatically apparent from the history of French involvement with the American Revolution. That revolution did not, as is sometimes supposed, create French patriotism; rather, it gave that patriotism the opportunity to define itself in terms of "liberty", and to prove itself with spectacular military success."

Schama's analysis focuses on continuum of life stories, rather than discrete events. Personal stories connected to one another, reflecting intimacy and drama; stories that are told without requiring political classifications, deliberately eschewing systematic compartmentalization. 

This sort of brave history telling builds itself in sharp contrast to familiar Marxist line that in a way hijacked French Revolution; put its events under bitter cold dialectical lens, undermined personal stories as much as it could, and locked events and people into precise compartments (eg. class struggle),  perhaps in the aim to retrofit them into Marxist Revolution.

Therefore this book opens rather than closes the story of French Revolution in a novel way. In its origins new avenues emerge such as the role of young patriotic aristocracy whose influence appears to be far greater in shaping the revolution compared to bourgeoisie; a much like fabricated afterthought rather than a genuine power broker.

Sunday, November 18, 2012

French Revolution, how it all began

The great river of history has no single event that shapes currents here and now. But some events, seemingly uninteresting with their humble beginnings, may turn into gigantic storms that would shake humanity.

It would not be an overstatement to say Voltaire was the most influential French Enlightenment writer whose radical ideas led to French Revolution.

“In 1726, Voltaire responded to an insult from the young French nobleman Chevalier de Rohan, whose servants beat him a few days later. Since Voltaire was seeking compensation, and was even willing to fight in a duel, the aristocratic Rohan family obtained a royal lettre de cachet, an often arbitrary penal decree signed by the French King (Louis XV, in the time of Voltaire) that was often bought by members of the wealthy nobility to dispose of undesirables. This warrant caused Voltaire to be imprisoned in the Bastille without a trial and without an opportunity to defend himself. Fearing an indefinite prison sentence, Voltaire suggested that he be exiled to England as an alternative punishment, which the French authorities accepted. This incident marked the beginning of Voltaire's attempts to reform the French judicial system.
Voltaire's exile in Great Britain lasted nearly three years, and his experiences there greatly influenced his thinking. He was intrigued by Britain's constitutional monarchy in contrast to the French absolute monarchy, and by the country's greater support of the freedoms of speech and religion."  (from Wikipedia)