Real Ink Verifyable Signatures

So I saw someone sign a credit card slip today with a smile face and a star, they mentioned that this was a light security feature to make it real easy to tell if someone was trying to forge their signature (without seeing theirs first at least).

I thought that was a pretty neat idea, and to be honest, any excuse to legally draw smiley faces is cool in my book, but it got me thinking…

We live in a day and age where we have some REALLY good hashing functions and cryptology avilable to everyone… and signatures would be a nice place to make use of them.

Suppose you had a small application on your phone, it could generate a number between 1-100 based on a key, and what day it is, such that it would be completely impossible for anyone else to be able to know what it was or do the same, without having your key.

You could essentially have a signature that no one else could reproduce, just by writing down the correct number after your signature.

(and then my mind started thinking about how that should be a genetic implant in your hand to have a key generator , or maybe in your pen, phone, etc etc)

There is a serious limitation to it though, you could never prove that you DIDN’T sign anything, as people would just say you left it out that one time on purpose.  You could only prove that you DID sign something.

Anyhow.. i still think it would be pretty cool, and sense I’m a bit of a geek i think it would be totally worth the effort of always having the gadget on you..

And if you think.. instead of a number 1-100, if it had a database of 1000 awesome symbols.. you could just draw one of them instead.  Maybe Egyptian glyphs… hmmm

yes.. in my head i do foresee myself being extremely important, and there being a life and death situation pivoting on the argument “Greg didn’t sign this! he never would have!  You forged it just to try and save your puny rebelion!”  “Stop the execution!  I have undeniable proof!”

Automatic Hidden Media

Second Life is a unique environment (compared to basic web browsing) for two reasons I want to mention.

1. IP addresses are NOT public information to the sim owner.

2. Sim owners can make users go to a web site without them knowing where they are being led

Normally on the web, your IP address is basically public information, it is critically required by any site you connect to, because without it, it doesn’t know where to send the data.  However sense SL is set up such that LL internal servers handle all of the routing, IP addresses are not necessarily to be known by sim administrators.

This lead’s to a few consequences.

1.  It makes it very difficult for the sim administrator to be able to identify individuals, which can lead to issues in security and control.  (Griefers using multiple alts that can not be linked together)

2. It provides users and visitors the perception that their alternate accounts are private information that they can control.

Now clearly, once you leave second life servers (by opening a web browser, media url, radio station, etc), the interesting phenomenon caused by LL taking care of the IP addresses is gone, and they are once again public information to the administrator.

Most people do not realize this, and possibly some education would fix any issues that are arising; but I see more to it than this. (specially when looking for a solution).  In secondlife, LL has provided sim owners the ability to run scripts that can direct it’s users to open up an external server, and for the best user experience (and by default) this is automatic.  The other mode is full manual (where the play/stop button at the bottom toggle the auto/none), an the last mode is totally off.

This really does not leave much security or control to the user, as when they have it turned on, it is automatic.

Perhaps as a power user (or paranoid) feature, I am planning on adding a third mode which will make the viewer prompt before each media change completes, and will let the user choose to let it complete or not.

For example, if you have media on and someone turns the tv in front of you to go to, you will receive a dialog similar to “Media change requested to, do you wish to continue?”  and options of “Yes”,”No”,”Always yes for this domain”,”Always No for this domain”,”Always yes for this parcel”,”Always no for this parcel”.

This would then allow the user to stop a media request to

This is all great and shiny.. unfortunately there is a big complication, the brilliant people at LL decided it was a good idea to NOT ALLOW PEOPLE TO SEE WHERE THEY ARE GOING.  This is a check box setting that sim admins can set, which prevents the data from being viewable to the client interface (though of-course the backend must still have it to be able to load that page).

Emerald Devs were very strong against any bending of that rule, even to the extent that simply showing the domain that is about to be loaded would be a horrible sin.

The other issue is that there are some scripts that rely on a type of security that expects a very fast response time from the client (that would be lost if the user takes to long clicking apply), so basically, it might break some content.

Personally, I feel that (not just technologically) that people have a right to control every aspect of what they want, so far as that it doesn’t mess with other people.  If they want to block something and break that content, they should be allowed to.  If they want to choose which sites they visit and which ones they don’t, they should be allowed to.  And also, with undesirable thing’s on the internet, I think it is extremely important for people to be able to see where the data they are about to download comes from.

The final version of this in emerald will probably be just a third option, with the buttons mentioned, that will have to hide the URL if the land floater hides it as well, probably with a big warning box about how it might break content.

Ill be happy with that then nothing at least. Rant over. (P.S. Laura hasn’t been around for a week, exams and cramming now too, and ive just been on a really frustrated emotional streak that tends to drive me to my core.  Security issues and stuff have been pumping my blood sockets, I’ve already (stupidly and very rudely) reverted someones code that I didn’t agree with/ understand fully, broken down in tears over another issue that doesn’t even matter, as well as commit a patch to allow users to control what user agent information is sent to web sites (this was reverted as well, as aparently that is also a evil thing to do)) So I figured I’d rant it out here so I don’t do anything stupid.