winterkoninkje: shadowcrane (clean) (Default)

So, as you know, I recently got a cell phone, my first ever to be exact. Add so, of late I've been exploring the wonders of awkward interfaces, bizarre limitations, and vendor crippled hardware. And the first thing I thought was, y'know? We need linux on this thing.

If we could only get a well understood, free, open operating system on one of these things we would finally have the universal communicators we've always dreamed about. If we had such a CellOS we could use cells to communicate over typical instant messaging protocols, to communicate over irc, to check emails, to freely copy our program preferences between our cells and our pcs.

On further reflection that general point has only been driven home, though the details refuted. Perhaps Linux itself is not suited for cell phones. Linux was developed primarily for the microprocessor and personal computer market. Linux has been ported to some embedded systems such as Sharp's latest SL-C line of their Zaurus PDA, so it's certainly capable, but it might not be the best tool for the job. There's been a good deal of work on minimizing the footprint of Linux for small and embedded systems in utilities like Busybox, so I won't say it can't happen. But maybe it'd be easier to start a new POSIX-compliant embedded OS, something linux-like enough that programs could be ported but with some sort of microkernel more suited to the limitations of the hardware. But I digress.

When cells first came out, they were unipurpose items, phones and nothing more. And since then they've gained more and more features: clocks, cameras, memory cards, txt messaging, bluetooth,... . And IP over cell has been invented again and again. Once CellOS emerges, then the full breadth of both the linux/open-source communities as well as the Internet will be available wirelessly everywhere, not just in coffeeshops and offices.

But that's just the beginning. In the time since cellphones were introduced, portable electronics have become ubiquitous as the personal computers of yesteryear. Cellphones, PDAs, Laptops, mp3 players,... . And over the last few years these devices have been converging more and more as PDAs develop harddrives, laptops move towards ultraportables, and mp3 players develop more and more multimedia capabilities. If cellphones developed a free open OS the convergence will come complete. Cellphones already have internal and removable storage, and very small scale high-capacity storage have been proven by Zaurii, iPods, and their ilk.

So what would that mean, having a full computer with gigabytes of storage and wireless interfaces over cell, bluetooth, and maybe even 802.11 and IrDA? With such an embarrassment of wirelessness terminal computers in schools and libraries could just call on your cell directly for preferences to your programs, autodetecting when you brought it near the terminal. Your cell could carry not just your preferences but encrypted identification and authentication keys allowing you to automatically log into terminals with the press of a button, or just by walking up to it, depending on your preferences.

With this native id/auth mechanism, cells would replace all the prox cards issued by colleges, businesses, and other technolizing entities. They could either issue you a new id/auth cert to store on your phone, or they could register your unique personal id/auth key. Cars could require authentication before starting, or unlock as you approach them rather than fumbling for your keys in dark parkinglots. Every user will be connected. Every user could broadcast information about themselves to listening nearby users. No more awkward repeated inquiries when you've forgotten someone's name. No more searching for pen and paper to jot down a phone number, nor even needing to punch it in. Services like dodgeball could be improved on and you could always locate friends if you have their key.

With a wearable display such user info could be superimposed above people's faces, for everyone or only looked up for those you watch intently. Name, age, profession, other information could be posted in a cross between online getting-to-know services and im away messages. Emoticons could be used to signal receptiveness to romantic advances, or requests for directions, or any number of other awkward encounters between strangers. As such displays become more common and as LDS (location dependent services) evolve you could have the nearest restaurants you'd be interested in show up as waypoints, or could have real-time directions given based on knowledge of your exact position and environmental circumstances like weather, construction, or even traffic flows. Shops could advertise their names with virtual signs instead of sandwich boards which block walkways, need to be taken in at night, and suchlike.

None of this is wild fantasy, all of it could be achieved with today's equipment though the software and protocols may not yet be designed. So why don't we have it? The big reason is because the cellular providers don't want us to. In the computer world ontogeny really does recapitulate phylogeny. Each new technology goes through the same cycle of discovering certain basic truths about computers, truths they refuse to believe just hearing about them. The big issue here is "authentication". Most services rather quickly discover the need for multiple users and so the need for identification. But at first there is no thought given to security.

The unix side of the world discovered this years ago with R-services. The R-services were a way of logging into and manipulating remote systems. The problem is the way they worked: a user from somewhere out there said "hey I'm john let me in", and the computer would look up to see if there was in fact a john on it's system, and if there was it let the user in. Voila. Which means, that anyone who knew someone named john had an account there, they could get in.

When networking became no longer an elite club where you knew everyone else who could get on your network and so could go about slapping wrists, the R-services were realized for the security hole they were. Subsequently they were replaced by the S-services (e.g. ssh) for "secure". The S-services won't just let any old user in who claims to identify as a known user, but rather requires some authentication from them: a password or a key, delivered over encryption rather than cleartext. The first generation of S-services were replaced by a second generation, but not because the idea wasn't sound but rather because the algorithms for determining authenticity were insufficiently secure.

Years later when Windows came onto the scene they too had to learn the harsh lesson of authentication, much to the bemusement of the older unix hackers. And again and again. One of the big things keeping us from CellOS is that cellular vendors are mortified that we'll discover their dirty little secret: there's no authentication. They don't want an open operating system on their hardware because their networks are set up only to accept identification (something resembling a MAC address) and if a known, open software was sending out that information, then it could spoof it and charge someone else's account. Their entire edifice would come crumbling around their ears.

The thing they've not been forced to realize yet is that security through obscurity isn't. There are hackers already working on creating known software for these horribly proprietary devices. The technology is old enough that you can make a working cellphone with breadboards and shelf-bought components. The future is coming whether they like it or not. And they, like every technology before them will be forced to learn some simple truths about networking and the world. The funny thing is, it's not that hard to change, the apocalypse isn't coming. It's not a fundamental flaw in the hardware, just an oversimplification of its usage. All they'd have to do is rewrite their cellular protocols so that when someone says "hey, I'm DE:AD:BA:BE:CA:FE and I want to make a call" instead of just complying and routing them through if the account exists, they instead say "o rly?"

April 2017

2 345678
161718192021 22


Page generated 25 Apr 2017 06:48 am
Powered by Dreamwidth Studios