ABottomLine

• Web Design by Schwill Dresden

AboutExampleSameEqual

You know the difference about eq? and equal? (C-Programmers know == and strcmp instead) and you probably remember how you once understood it. Most computer science students need some time to understand how important that difference is.

At the other hand, natural languages develop a term for each concept which is just important enough. And there is the differentiation between same and equal, which compare exactly to eq? and equal?.

So much nothing new. Both the paragraphs above are just an example of text containing the same idea, referential equality (in this case), and I could easily add more explanations.

If all these explanations actualy contain the the same idea, (which is to be attributed to the same originator / author, even though I don't know whom), then we are in trouble concerning intellectual property rights.

If two texts, pictures, head etc. express the same idea, and we want to make intellectual property possible (feasable, defensible, trade-able) at all, then we need to take steps to model it. (and I'd add to model it the way natural language does) This is also important to other fields: I wasted long hours in document management meetings, without result basically due to the same confusion.

ACID

Atomic Consistent Isolated Durable http://foldoc.doc.ic.ac.uk/foldoc/foldoc.cgi?query=ACID

These are the properties a transaction is supposed to have.

BTW: A transaction is a ProcessStep, which input and ouput areas overlap.

ACL

ACM

ActionDocument

Action Document

There is a document accociated with each place, which defines the dynamic aspects of that place.

The document conforms to mechanism/action.dtd and contains two-ari or three-ari functions. The first parameter is an object created using make-access (in case of transactions initiated by a write request) or make-reader-access (in case of read access). This parameter is used to access aspects (slots) of the place in question.

The second parameter is an object of the same structure, to access the current message. This one is always read only.

The third argument applies only the the accept method. It is the result of the propose method as it has been approved in the last voding round.

See also: mechanism/place.scm slot mind-action-document.

AHistoryOfFreeAndOpenSource

http://www.groklaw.net/article.php?story=20050327184603969

AJAX

Stricktly spoken Ajax (sometimes called Web 2.0 "technology") is not related to Askemos -- except that everyone and their mother will eventually use it for their own applications.

http://www.openajax.org/index.php

As a programming environment Askemos is well suited to drive Ajax applications. However it's a good idea not to depend on it, at least not for essential features. Client side scripting is often turned off for it's security risks in sensitive environments.

To mitigate the effect - and thereby exploiting some unique features of p2p style "servers" - we use redirect tricks to give those users, who refuses script execution, a somewhat ajax-alike feeling. (The trick goes to the expense of network traffic, but since a p2p-server is usually found at the local machine, the additional traffic is no problem.)

TODO: use http://hop.inria.fr/ , it's very simillar porting from bigloo should be simple.

About http://softwareas.com/ajax-patterns:http://ajaxpatterns.org/

The idea of Ajax is to use a hidden frame like http://www.adaptivepath.com/publications/essays/archives/000385.php and http://search.cpan.org/~eric/OpenThought-0.71/lib/OpenThought.pm to update the client side (recently also called the ajax way as described here too).

Thus coding Ajax is an application level task altogether. BALL however will eventually support JSON encoding and probably include some optimisation for the emerging frameworks.

See also css to apply js and exercised here too. Newsforge about mozex extensions , which support external editors for textareas

http://www-128.ibm.com/developerworks/library/j-ajax4/index.html?ca=dgr-lnxw01GWT4Ajax

AnonymisationLayer

The (optional) anonymisation layer provides anonymity and privacy, protecting against observation and physical localisation of users and services.

Askemos supports the SOCKS4a protocol, playing nice with tor. (Which is unfortunately open to atttack(pdf).

About tor vulnerability regarding TCP timestamp attacks.

TODO: teach tor to foward/replicate requests to alternative instances of the same "hidden service".

We will be talking http://www.i2p.net/sam

A (not yet supported) alternative would be jap.

API

ASAP

ASCII

ASIS

AskemosAbout

This paper used to be the best one about the design. While it's ageing, it's still recommented to be read it first.

Askemos has quite a few facets to look at.

The aim of the project Askemos is to create a public archive and support private domains of incorporeal values (or perceivable and valuable ideas) in the InformationSpace. Whatever that is... is to be defined here as well. It will take several years and a lot of contribution from many heads until that goal is reached.

While the above aim is more a long term one, the projects first need was an adequate infrastructure. This infrastructure must caters to the needs in the computer age as ink, paper and Gutenberg for the last few hundred years, i.e., supply equally simple, reliable, durable and doubtless space for communication over distance and time. During the course of several years requirements have been compiled and an AskemosDesign was created. No single environment was found, which could satisfy all design requirements, hence the software Askemos was implemented.

See also:

• Dan Bricklin: Software That Lasts 200 Years
• David S.H. Rosenthal & Vicky Reich: Making Web Publishing Irreversible
• Windsor Hsu: Saving Bits Forever A Systems View of Long-term Digital Storage

The Software Askemos

The software Askemos, itself part of the project (and the only thing which already made major progress), is, technical speaking, an new kind of operating system. It implements the notions which are required to experience the InformationSpace. As such it's a possible infrastructure and hence a potential implementation of the technical base for the project.

Because every infrastructure is inherently will less, and Askemos defines an infrastructure which works between computers as well as in the brain, it must be an open system with unrestricted availability. And it is!

contents 2nd draft

to the audience

Please understand that these pages and their structure currently emerge from silly notes kept at all sorts of places - and those notes are easily reached here. Please help: send comments, fixes and questions on spelling, grammar, wording, facts, content and your opinion. Beware that it was decided early to mix languages here (and how to choose the PrimaryTextLanguage). Now we'll have to separate those pages, but this takes some time.

Intro

The information age.

AskemosScope

What for?

The civil society in the information age. Profile applications. Needs of libraries. Communication in natural languages. Trusted systems.

AskemosDesign

The way and why that way.

AskemosBackground

Within the civil society the principle of legal certainty has central importance, which must be enforced.

Philosphy. Communication. Understanding natural languages. Structuralism. Safety, security, trust, law, state and forms of governments; RousseauSocialContract. (Why are computer systems still hierarchical, while the real world goes democracy?) RelatedProjects

AskemosHLD

High level design. This design is driven only by requirements which derive from the task (scope). Requirements, which are implementation related go into the LLD.

LLD

Low level design: choice of implementation language, technology, frameworks, standards. Implementation decisions, notes on tradeoffs and caveats.

AskemosServer

How? Documents on implementation, extension, installation and use for the practitioner.

NewsAndOlds

state of development, history, stories and lessons learned

AskemosResources

demo, source, tarball, license and author

AskemosBackground

Dear reader, I'll write up the background step by step. Please ask, if you feel some need. I feel that this part is very importand as such, but at lower priority in time.

Those who ignore history are doomed to repeat it. Those who study history are doomed to know it's repeating.

The questions we shall (superficial) address here concern Philosophy. Communication. Understanding natural languages [german]. Structuralism. Safety, security, trust, law, state and forms of governments. (Example: Why are computer systems still hierarchical, while the real world goes democracy?)

The most important design goal for the Askemos system is the ability to express basic legal concepts clearly and make them accessiable to methods of linguistic and logical analysis and reasoning, which have been developed in the advance of computer science. Whatever is justified on that ground will be included. However care has to be taken to include just enough and nothing else to make it powerful enough and keep it flexible at the same time. Driven by the aim, imperative of basic design decisions by legal and philosophical considerations and comprehensibility to persons literate at these fields is highly important, much more than technical considerations which have the potential to blur the point. Readers may always skip technical sections until they actually want to become Askemos programmers.

The Starting Point

Legal systems are self consistent logical systems expressed in some language. To model them throughout and in all possible variations it's important to isolate the smallest amount of axioms and rules, from which the rest can be build. This selection is not arbitrary (as one might often get the impression when reading computer science literature). Many philosophers and jurists have paved the way and is our duty to follow consistently.

To begin with, we felt that the philosophy of enlightenment, which is also the foundation of the political systems of the occident and the modern states of the western hemisphere, would be the best theory to start with. That decision was not inescapable but rather arbitrary and it's not done in the intention to exclude other philosophies or legal systems as long as there is mutual respect for our culture too. But after all, the founders of the project where german - one specialised in enlightenment philosophy one in computer sience - and we where self-critical enough not to aim at the infeasable. If it would turn out that it's impossible to destil a globally applicable "kernel" of legal theory, there's still the need to have a marketable product. (Remember that Askemos was started as a private project with the intent to produce an operating system superior to the "state of the art".) Fortunately, to the best of my current knowledge, that legal theory is not in conflict with any philosophy I studied so far.

The over all structure of our system(TODO find better pointer or replace) is the same as for the semantic web: a gaph (network) of frames (Minsky, '75). Relations between the frames allude to natural language and there's a clear distintion between denotational level, meta level and context. TODO since context and meta level are often confused (I've read the best distinction in the french structuralism): bring some poiter here.

The lower level of the Askemos system, the part implemented by the Askemos virtual machine, models the laws of nature (in tems of an RDF model), on top of which we (can) have free, autonomous, self-determined agents (subjects) and basic means to ensure certainty of sequences of events.

On the basis of that virtual machine, which executes "legal" code, those agents can engage in trade, treaties and contracts. That's the subject matter of the Askemos application layer. Details are beyond the scope of this work.

on laws of nature and natural law

It would be outright stupid to restrict laws of nature by human will. That's the basic idea behind the legal theory of natural or superpositive law. However it's questionable how far these superpositive law shall go. Many philosophers and legal theories include for intance human rights among superpositive law and we personally share that view, but it's not nessesary so. Hence, since it must be possible to express the opposite view, only those elements may be included in the base system which are nessesary, universal and reasonable. That's the reason why the model calculated by the virtual machine may not provide more than autonomy and self-determinism for subjects and certainty on reports of past events.

Everything else, including human rights, must be left to the application level. Fortunately certainty about past object creation allows ethernal manifestation of those rights within realms of application.

There's also an important practical reason behind this tight restriction: feasability, see above.

Safety and Security

The object and rights management (role based provisioning) model of Askemos is higly similar to the object-capability model as Miller and Shapiro describe in Abstraction Mechanisms for Access Control (2003, reposted here [original] with kind permissions of the authors).

Threats and requirements, CommonCriteria (here?)

legal requirements

Within the civil society the principle of legal certainty has central importance, which must be enforced. This is the role of the Askemos infra structure within systems of AskemosScope. Hence the enforced rules have to match the legal requirements. Here we'll compare with J.J. Rousseau social contract, John Locke (two treaties of government) Immanuel Kant and other enlightment philosophers, the chinese philosophy and others. Benjamin Soskis Man and the Machines: It's time to start thinking about how we might grant legal rights to computers. (Frankly: in the beginning of the HistoryOfAskemos Askemos was just an attempt to formalize the common patterns found in a few of those philosophies. See also DasBewusstsein)

Programming Theory

The target domain emphasises high standards on correctness and verification. Many popular programming environments fail to meet this criterion. (Including popular things like C, C++, Java and C#.) Since they are defined somewhat informal and true result verification is replaced by to observation of behavior of a technical apparatus. That's too weak a definition of correctness, such applications should not incure legaly binding consequences. Recent german case law already appreciates that fact that an apparatus might fail and hence reject legal consequences based on such observation, see [Az.: 31 C 79/05-83] @heise.de.) Askemos applications must be based solely on abstract calculi without reference to any technical apparatus. The following calculi influenced the Askemos design and can be used to model applications.

Calculi & Functional Programming

Some easy reading on lambda calculus for the perl programmer http://perl.plover.com/yak/lambda/ - should be moved elsewhere. See also Pointers in the Scheme page(which should be split in theory and applied programming).

A Concurrent Calculus with Atomic Transactions

Today this seems the best match.

Jumbo Lambda

TODO: read it.

Process Algebra

The pi calculus (an extension of the lambda caculus) (the pi-calculus in direct style) is also related to dynamic binding:

lambda(fut)

Maybe lambda(fut) is a better match then pi-calculus? I just came across it and did not have the time to read past page 3, but up to there it's operations match the Askemos implementation.

Petri Nets & Functional Nets

The same combination of functional programming and petri nets as in Askemos have been used as the theoretical spine of http://lampwww.epfl.ch/fn/

"reactive" processes

Came across Actors mid 2005. Looks simillar too.

Io - simillarities

NOTE?: This remark SHOULD be moved to some "comparision" page. The Io language has quite a simillar structure to Askemos whereby readers ougth to identify Askemos places and Io objects. However places are sort of more heavy weight and Io objects appear not to have access control and permission handling (by default). However I really like it from the 1st reading. Maybe it would be great to port Askemos over.

Dynamic Binding

A fundamental concept in natural and artificial languages is the dynamic binding of names to objects (or object identifiers). (see also)

more to process algebra http://lambda-the-ultimate.org/node/view/482 , http://lambda-the-ultimate.org/node/view/535 TODO: mustread, http://lambda-the-ultimate.org/node/view/568

"Continuations": Oleg Kiselyov How to remove a dynamic prompt. more http://lambda-the-ultimate.org/node/view/1197

Topology and Messaging

Conclusion: Evolutinary successful mechanism utilize network topologies of "equal" objects. They communicate with unidirectional, unreliable signals and deploy redundancy to account for the uncertainty.

Examples: the brain, ant hills, systolic algorithm

C. A. R. Hoare Communicating Sequential Processes - interesting read. More from http://www.afm.sbu.ac.uk/csp/ .

TODO look into http://www.iam.unibe.ch/~scg/Research/Piccola/ for structur description.

I should have found http://www.acims.arizona.edu/EDUCATION/education_frame.html before (5th Sep 2001), sound theory background which describes modells in discrete events. Hence it should fit...

Bibliography

TODO

A good question an a few pointers http://www.ucalgary.ca/~rzach/logblog/2005/04/motivating-intro-logic-for-philosophy.html .

These projects seem worth looking closer than I came around to.

The TUNES project has interesting, highly relevant reads, which should be integrated here in one form or another.

John Mc Charty (1998) A Programming Language Based on Speech Acts, (it's a pity that I only found it in 2002) contains a lot of philosophical background knowledge. As such it's terribly related to the Askemos. TODO: evaluate, read, comment on.

AskemosBibliography

Books

H. Baker (Critique of DIN Kernel Lisp definition version 1.2) [unread]

H. Abel, G. Sussman (MIT Press 1985, 0-262-01077-1)

K. Beck (Addison Wesley 199X, 0-201-61641-6)

D. Megginson (Prentice-Hall 1998, 0-13-642299-3)

G. Booch (B/C Inc. 1994, 0-8053-5340-2) and others

G. Kiczales, J. Rivieres (MIT Press 1991, 0-262-61074-4)

L. Bic, A. C. Shaw (Prentice-Hall 1988, 0-13-539776-6)

C. A. R. Hoare "Communicating Sequential Processes" (Prentice Hall 1985, )

N. Petkov (Akademie Verlag Berlin 1989, 3-05-500661-5)

A. Zell (Addison Wesley 1994/96, 3-89319-554-8)

R. Wobst (Addison Wesley 1997, 3-8273-1193-4)

A. Oberweis (Teubner 1996, 3-8154-2600-6)

K. Füssel (Münster 1983 3-923792-00-X)

D. R. Hofstadter (1979 [also 3-608-93037-X])

J. Locke;

U. Eco 1977

I. Kant "Kritik der reinen Vernunft"

K. L. Reinhold 1790

Minsky, Marvin Lee "A framework for representing knowledge." 1975 In Winston, Patrick Henry (Hg.): The psychology of computer vision. New York et al.: McGraw-Hill. 211-277.

Related Projects

AskemosDesign

The way and why that way.

This paper used to be the best one about the design. While it's ageing, it's still recommented to be read it first. Or see also the slides of the talk Askemos - Holons at the market place at netobjectdays.org 2002.

Distributed systems face many problems. Web users are subject to random disruption of performance and service. All kinds of compatibility issues make moving data between devices is a major headache. Computer networks require significant expertise to configure and maintain. The principal programming abstractions available today-processes, threads, files, and sockets-do not adequately address the problems of managing information, keeping information available, true and secure. (See the .NET page if you did not yet get that point.)

To overcome this accidental hardship Askemos defines an autonomous, virtual machine on document level, which works distributed among independent components (companies, departments etc.). Programmers are only concerned with application level questions, which are an inherent part of their tasks.

Askemos provides an environment to a) hold information, services and processes in form of a graph (network) of documents and b) to execute and combine those. As such it's similar to grid computing. [TODO: check for similarities and differences]

Semistructured and extendable data and application specific, executable rules are both modelled in a system independent way. These models are almost completely defined using public and freely available standards. Because of this public processable definition it becomes possible to trade services within the network as well as the underlying resources.

Long term availability is assured by selecting standards, towards the market converges and which are guaranteed to be available independent of institutions or companies and their property claims.

Protection in the interest of multilateral trust is based on a combination of elements: a) there is not central authority, which could be abused b) relevant meta data is associated with each object for legal proofs, this creates the important type of a deed c) Askemos works as a network where transaction are executed in a distributed manner with voting - correct results will be given even if one of the nodes (e.g., the other party of a contract) made illegal changes. (In reality one can still create fake evidence, but at least the creator and time of creation can no longer be faked. That's a relieve for justice problems like here.)

A second advantage of the redundant distributed execution is a win in availability.

Askemos assumes a independent base technology assuring a secure data exchange between nodes of the net. This is an ideal and impossible assertion, which is in practice constantly approximated by application transparent integration of required technology. (These days this calls for cryptography.)

A second base technology is the user interaction tier. This is typically served by web browsers, desktop tools specialized to other tasks or mobile appliances.

AskemosBackground

Philosphy. Understanding natural languages. Structuralism. Communication. Trust, law, state and forms of governments. (Why are computer systems still hierarchical, while the real world goes democracy?) RelatedProjects

AskemosHLD

High level design. This design is driven only by requirements which derive from the task (scope). Requirements, which are implementation related go into the LLD.

LLD

Low level design: choice of implementation language, technology, frameworks, standards. Implementation decisions, tradeoffs and caveat.

AskemosDVM

The Askemos virtual machine follows the semantics of pi-calculus. This design style has been widely found beneficial for instance in Hardware (especially FPGA) Design and the Erlang programming system.

A place of the Askemos DVM executes process step when it receives a message. A reply function

reply = function(place, message)

is computed for each step, where

reply

an aggregate denoting the answer the process step yields to the incoming message. The programmer used to traditional operating system terms might think of the reply element content as a list all those system calls which the function needs to complete and which might modify values.

function

Step response, a two-ari function defined by the ActionDocument.

message

A read only accessor to the aggregate denoting the current input.

place

A r/o (read type request) or r/w (write type request) accessor to the aggregate denoting "this" place. Often called "me".

The input area (message and place) and the output area (reply) each are described as an xml document, and the function is defined as an XSLT transformation.

These process step are executed by several physical machines in parallel and a byzantine agreement over the value of the reply is required for the step to be actually performed.

1. A place in this virtual machine can be understood as the container of an arrow (See John Hughes, Generalising Monads to Arrows) or a continuation which is evaluated in steps.

2. Read more at LtU: mondas for beginners and a collection of monad links.
3. Looks like PiDuce implements quite a simillar processing paradigm.

AskemosHLD

Warning this part of the documentation is still a puzzle.

High Level Design

An autonomous, distributed virtual machine at document level

Orthogonal Aspect Separation

The implementation shall reflect the strict separation of aspects (meta systems) by design. Orthogonal means here, changes in one aspect will never affect statements concerning any other aspect.

Orthogonal aspects in Askemos:

• access control and capability system
• functional description ([tree] transformations)
• processing model (dynamic behavior -- transitions fireing, implicit parallelism)
• persistence
• (transparent) distribution over quorum systems
• local (and legacy) integration (TrustedCode)

definitions DEFINITIONEN

The Askemos is a space of objects (see DEFINITIONEN) so called places. Those places send/receive two types of mesages (read and write). For details see AskemosDVM.

Desired Features

From the task of the Askemos operating system as derived from the before mentioned AskemosScope, this summary of initial features was desired:

- Root less object network model.
- Persistent data.
- Not data specific, XML optimized.
- Flexible name space management.
- Object autonomy.
- ACID transactions.
- Simple messaging concept.
- Any extension language feasible.
- Lightweight threads at my fingertip.
- The sheer concept of a dead lock is a bug altogether.
- Many network protocols supported.
- API for backing store adaptors supporting freenet, gnutella etc.
- Distributed Virtual Machine (DVM).
- A frame work for object to sustain at least 15 years.
- Something for document management as Perl is for tasks like system
  administration.  Would have to be sort of an application server,
  but none could deliver the needed features.
- Few dependencies, small footprint.

NuNuDesign

german high level design requirements (for managers)

AskemosProtection

The rights system is the heart of Askemos. We will reason here about one of the two basic axioms.

As always with axioms, the reasoning can't be done "inside" the system (otherwise we would try to violate Gödel's completeness theorem). The first section gives a brief summary of this reasoning, which is expanded in AskemosBackground. The second section introduces a formal (set theoretic) notion of rights, and a formal criterion to sort rights systems into corruptible and incorruptible. Then we argue that "traditional" capability theory is a special case of the Askemos rights system and derive some practical consequences to show the utility.

The principle of inalienable rights

There is a set of rights associated which each individual. (Here an individual might be a person or even a thing).

It is impossible (illegal) to transfer the whole set of rights of one individual to other individuals.

It is immediately clear to human understanding, that there are inalienable rights. At the end of the day nobody can lie to his/her own consciousness. It always tells you the truth even though you might yourself lie to others. Telling you the truth is the very right of your own consciousness and you can't sign that right off at all. Therefore the idea of inalienable rights irrevocably exists in any persons understanding.

In AskemosBackground we will trace back the insight of this anthropological fact in various cultures to proof it being a common ground of mankind, independent of political and cultural differences. For instance Rousseau reasons "The Social Contract Or Principles Of Political Right" (RousseauSocialContract) about the construction of self preserving systems of rights.

The Rules

The principle of the inalienable right and a very basic set theory is the design principle behind the protection handling system of Askemos. No further assumptions which could introduce cultural or historical dependencies are made.

These rules have not yet been translated into web pages. Please see the section "distributed authority" in the paper here for a concise, formal description. (TODO the rule set in the paper should start with the definition of the element/set relationship. This is a stylistic mistake, it doesn't change anything.)

Comparison

The general protection system of Askemos overcomes deficiencies of traditional protection systems as found in operating systems at the market today.

Basically all those protection systems are based on a super power, which can overrule everything, like a king. These hierarchical systems where historically followed by democracies in history, which rely on the logical inversion of the super power, the public right. A public right is mathematically spoken a system invariant. There exists no individual power, which can overrule the public right.

At the other hand an administrative power is often needed for efficiency and it is provided as well, just restricted to a domain rooted in the administrator user.

The protection system layed out here is structured as a set of hierarchies, which can sign their parts off among each other.

A distributed system, where each point of operation is assumed to fail with some probability, requires a protection mechanism which is based on a system invariant. As a welcomed side effect it is impossible to overtake the system in the "traditional" style, where individuals can break into the administrative account of systems and destroy or steal all data.

Capability based schemes (see for instance http://cap-lore.com/CapTheory/index.html ) are sort of a special case of the Askemos protection system. A capability is usually an opaque bit pattern, which are undivisible objects. This leave those systems with the problem of the transfer. To transfer indivisible rights between objects a higher right is required, which eventually contradicts the axiom of the existence on inalienable rights. Except for this transfer problem, which is solved by the replacement of opaque bit patterns through sets, that is divisible objects, all rules apply.

The public right or common code and the taboo

To facilitate communication (i.e., to get any trusted contact between two individuals started first time), a special right is needed, which all individuals do have.

But there is a difference between the public right and the right of the individual. The individual has the right to change it's mind at any time. The public right can not. Therefore the set of rights the place - which represents the public right - has is represented by the difference of this very places (so called "full") right and it's counterpart: the right of the individual.

Within Askemos programs, these two rights are the only well known rights. The function public-oid yields the OID representing the public right, while my-oid yields the symbol for "private".

At any Askemos installation the place with the public oid shows the rules of use under which the particular installation participates in the Askemos. It is always a constant object, or in the context of program execution, it is used as the symbol for "constant".

The counterpart, the right of the individual is the taboo. It is never possible to access that object.

Software Requirements

• there is a separate value space for rights
• robust against known attacks (with possible exemption for denial of service attacks)
• it's impossible to extend rights or derive rights from other values spaces
• work like humans beings assign capabilities among each other
• Detailed design notes.

AskemosProtection06

This document describes the design and implementation of the 0.6 series of the AskemosProtection system (including a view notes on it's history). Most readers can easily skip that part without loss of information.

High Level Design

The first idea for this protection scheme came to me from VSTa and worked very well with wrapbit. It handles subjunctive schemes. The outcome of the scheme is a hierarchy of subrights rooted by the creator (there is no superuser as common with operating systems). To solve the chicken and egg problem, there is a special right, secured by a secret placed on the physical machine, where the creator want's to authenticate. This right allows to create new user authentification frames and restrict user rights for that particular machine.

CAUTION

Special policy must be followed, this policy publically displayed and doing so so must be part of the license agreement -- when operators use this power. This policy should *at least* include a hard to forge notice dated prior to the operation, the rules for reasons, why the operation might be performed and a duration how long the note itself will be archived.

We end up the formula being the ultimate documentation for rights. Users will hopefully only see this formula one day, when they managed to loose a right they did not want to loose. Good luck: there might be a chance that you get the right back. If not, read this and understand why there is nobody who can help in this case. After all this lossage is somehow the prize you pay for freedom. If we had a chance to help via administration, this would be the back door for theft and abuse.

Hierarchical Rights

Next an early description from the requirements document.

There is no absolute super user mechanism.

A protection is assigned to each place. Based on the idea that everything is allowed until explicitly forbidden, we narrow what's allowed using this protection.

A protection is a sequence of documents called totem. A totem as such is "just a name", a symbol without data and context.

It's suggested that the document describes (for user and lawyer) how the permission granted so far is narrowed. But that's just a convention.

A set of capabilities is assigned to each message.

A capability is a sequence of totems, which could be part of a protection.

We say a capability dominates a protection if either

1. the first totem of the capability is the same as the first of the protection and the rest of the capability dominates the rest of the protection.
2. the capability is empty.

(define (dominates? prot capa . capas)
  (let loop ((prot prot)
             (capa (if (null? capa)
                       (error "dominates?: null-capability found.\n")
                       capa)))
    (cond
     ((null? capa) #t)
     ((null? prot) (if (null? capas) #f (apply dominates? prot capas)))
     ((not (and (pair? capa) (pair? prot))) #f) ; type check, "default"
     ((eq? (car capa) (car prot)) (loop (cdr prot) (cdr capa)))
     (else (if (null? capas) #f (apply dominates? prot capas))))))

Note: the point (b) makes a capability the "super user" capability of a set of protections. This is probably against intuition, but see next point.

To assure that there's no super user, it's impossible to assign an empty sequence as capability. A user can grant and revoke a subcapability of one of his capabilities to other users, this retains the super user concept for those cases where appropriate, but restricts it into a certain domain.

A subcapability sc of a capability c is a capability if dominates(sc c) and sc != c.

Functional Rights

The plain realm handling would require that we explicitly grant each and every access. This is ok for delegation alike cases. We want to be prepared for publishing situations. Here it's much better to have an ACL or (german: disjunktive Rechte) rights. Here I do an experiment and encode that implicit within the protection. ...

There is a second hierarchy, which we call functional which is determines the task at hand. Such a right fr is granted if a protection fp is dominated by a capability, which consists of the rest of the original protection p with the first element is left.

(define (serves function . capabilities)
  ;; ... the protection is shortened.  If that's dominated by the
  ;; request we've found the service level.
  (let loop ((function function))
    (cond
     ((null? function) #f)
     ((apply dominates? function capabilities) function)
     (else (loop (cdr function))))))

A service level is a convenience function, which puts both the basic mechanism into a short function. It's function, which accepts a variable number of documents (or symbols for sake of development costs) to be used as subset of the protection to dominate or serve. If we find something in the public domain, we can take it over.

It returns the right, which explains the access. This could be either the owner of the frame, the right which was granted from the owner or someone service permit, under which the frame was opened and which was also assigned to the owner of the capabilities.

(define (make-service-level protection capabilities)
  (if protection
      (if (pair? protection)
          (lambda subs
            (let ((protection (apply append protection subs)))
              (if (apply dominates? protection capabilities)
                  #t
                  (apply serves protection capabilities))))
          (error "illegal protection ~s" protection))
      (lambda args #t)))

TODO

1. Make sure that the mechanism can do whatever the domain type system described at http://research-cistw.saic.com/cace/dte.html can do.
2. See whether http://www.cl.cam.ac.uk/users/rja14/ and http://bejtlich.home.texas.net/intv2-1.txt are related at all, just found the reference close to the domain type system (see TODO 1).
3. Fix the comment related to TODO 2 in the code.
4. Dig out that security firm, which I heard about today 2000-07-26. The are reported to implement an apparently isomorph operation with chip cards.
5. Find out what caja has on offer. http://code.google.com/p/google-caja/

Related Work

Domain Type System http://research-cistw.saic.com/cace/dte.html

http://cap-lore.com/CapTheory/index.html

A hardware TCB controlling dynamic data dissemination
with respect to a lattice-based information flow policy.
http://pag.lcs.mit.edu/6.893/readings/brown-tr15.ps

Xena xml access control at element level,
http://www10.org/cdrom/posters/p1096/

;; For active actions there are two assumptions possible:
;;
;; a) for all slots attempts are made to set them as requested.  This
;; is technical equivalent to dump file system semantics (with
;; addition of some meta data held in attributes).  At the philosophic
;; level this means that every public right can be used by everyone as
;; pleasant.  This is at least not democracy, more like anarchy.  You
;; can certain construct secure systems this way, but you will
;; definitely need an absolute power (a potential tyrann).
;;
;; b) public places are safe from any single request.  They just throw
;; an exception.

AskemosResources

Mailing list & help

There is a mailing list now. (I was never created before, because it was expected to be done within Askemos - but the project is simply too large to get all these things done in time.)

Support Development

If you want to grant your time and skills, see ProjectsOnThePlate and everything "up" from TODO for subprojects ready to pick up.

Source

• See system requirements before you start to install.
• the cvs repository at askemos.org has been replaced by svn in ~askemos/ball-source group access askemos-source. Inquire for presonal account. Don't forget to set your umask to 022!. The repository at sourceforge is irregulary updated. Sorry.
• The last Askemos source tarball (1 MiB)
• Last stable version (0.8.6): Askemos source tarball.

Other

ports to other platforms

A port to chicken is almost. Release is stalled due to chicken issues.

online test

A demo installation: Go to gonzo's home (use "gonzo" as user name with the password "oznog") to see how it looks alike when loged in. (TODO the test account is really outdated.)

copyright

Licence: GPL

Author: Jörg F. Wittenberger

AskemosServer

Purpose	Operating System
Manufacture	softeyes
Platform	POSIX / BSD
License	GPL
Market	distributed systems

Big picture

Usually it's not easy to grasp what Askemos is, since it has a few facets. It's importance lies in the combination and seamless integration of a certain set of features found elsewhere too.

This white paper used to be the best one about the design. While it's ageing, it's still a recommented read.

Askemos is expected to be implemented on top of various base systems. (As it's best deployed with one instance at the local host, the next logical step would be to integrate it into the browser. But we are not yet there.) This document describes implementation and administration of the Askemos system available today.

Basics

The current implementation is a two layer operating system built on the foundation of a Unix compatible base system, which does the I/O. The AskemosServer compares to the "exec server" of micro kernel systems.

There are plenty of approaches already, but none was found, which could satisfy the AskemosDesign requirements. Askemos can fulfill those because it overcomes by design a lot of accidental hardness as inherent in legacy systems. Todays operating systems provide abstractions for individual computers, network connections files etc. these have no importance for the developer or user in the Askemos.

Askemos is an environment where simple, collaborating agents may form an intelligent systems. My personal dream of the latter is sort of a public library which can't "burn".

1. quick overview
2. a more general description
3. Askemos Einführung (german, different content)
4. frequently asked questions

Development at top of Askemos

There are roughly two ways of dynamically generating programm output like websites. One way is the "PHP way" (or Perl, Ruby, pick one). This means you write some HTML code and mix the output from running another program in between. Beeing often used, there are several disadvantages though. For example, operation on fragments of code must all be done on the string-level. Superflous, distracting and potentially buggy code is introduced in your application to parse input and generate output. At worst, your output is simply invalid. Another disadvantage is that malicious or obnoxious HTML and scripts can be inserted relatively easy in the output by any potential attackers of your site, unless you take great care to escape HTML characters - which again clutters you application code.

The other way is to use XML: You use languages like XSL, which includes XSLT and XPath or XQuery?. The BALL kernel blends the latter approach with MIME converters to use simple input syntax like SXML, Wiki or OOo, since reference XML is needlessly verbose and thus hard to write, Scheme and SQL into a system of communicating sequential processes to express your business logic.

• example tour introducing of XSLT methods for the AskemosDVM
• Function documentation: scheme, dsssl, sxpath, srfi's, others (index)
• core api for interaction with the Askemos kernel.
• AskemosProtection a capability system without central authority.
• Applications on top of Askemos bear similarities with the software behind the yahoo store. Get some background from http://www.paulgraham.com/lib/paulgraham/bbnexcerpts.txt
• Tip: use Ajax / Web2.0, but don't depend on it (client side scripting might be turned off in sensitive environments).

BALL internals

Most references to background information are in source code comments, where used.

• How to write new virtual machines. (Example: policy/nu.scm
• source repository ModuleStructure05

Installation and Administration

• system requirements
• installation
• Licence The Askemos server is available under the GPL.

  If you feel the need to license under other conditions, please contact softeyes.net

• performance considerations

AskemosScope

Dear reader, I'd love to bring some order here. But time is rare to work on this part. Please bear with me.

Aim on Eternal Software

The aim of Askemos is the system independant integration of information technology infrastructure across areas of accountability. In the essay Software That Lasts 200 Years summarises Dan Bricklin motivations and design requirements of Askemos. (Even though he did not know.) See also the POPLmark Challenge.

Usage examples

Askemos (as it's commercial counterpart fiXml) fit a wide range of applications , e.g.,;

• general workflow and information systems
• trouble- ticket and order handling applications
• points of delivery for immaterial goods including payment (e.g. tipping would be simple)
• accounting, reliablearchives and document management Three examples shall outline range of possibilities:

example use: virtual office

Four small or medium-sized enterprises, departments of larger enterprises or simillar win a virtual office in the internet: For that purpose the aggree by contract to operate an Askemos network. Each of them has a permanent internet connection (cheap flat rate) and permanently runs a server. Whilst those severs are only available to say 90% (quite feasable) the virtual office is fully available 99% of the time. The restricted, that is read only mode, of operation is even there in 99.99% of the time. It's planed to create a bootable media to run such a server.

example use: distributed community coordination

http://www.investregionx.de is a project to coordinate rural development projects. The commercialy licensed variant "fiXml" of Askemos is used to provide the community with online tools for project coordination and communication. Here it is escpecially important, that users can freely manage access rights to documentation available to subgroups and keep each other up to date.

example use: eGovernment

Scaling up, governmental administration could operate large scale installations to announce and keep public data. Each citizen could have a personal account for information and register purpose.

The actual advantage over a central solution here is security. Abuse, while possible as long as humans have access, is limitted because there's only limitted power on each account. No central administrative power can be abused.

Design guiding Material

The article http://www.teleport.com/~sphere/documents/0006/6/index.html has a focus on what programs are. Askemos does not care so much about programs as such, but with programs being some abstract modell and nothing more than an idea, we can generalize those arguments to help to describe properties of objects in the InformationSpace as handled by Askemos. I found this article related, whether or not I'll find the time to look close -- I don't know.

In http://www.law.berkeley.edu/journals/btlj/articles/12_1/Stefik/html/reader.html we can read about the concept of trusted systems. The studies made when designing Askemos directed to the insight that we have to distinguish between the information itself and data, which encodes it. Copyright certainly applies to the data (information can't be copied), while trusted systems have to deal with licensing conditions of information. Quite a difference and relief for the scope of trusted systems, which have no need to understand the sheer concept copying at all..

KnowledgeWorker, KognitiveTechniken,
KommunikationsInfrastruktur, P2P, SoftwareRot, an
essay with some pointers to look behind.  

The InformationSpace is a virtual object by itself. You can percieve it in your head or observe it's effects. You can't "have" it, but you can be part of it. For a library in the InformationSpace it's important not only to imagine it. You want to observe it. That's what the software "Askemos" (AskemosServer) is good for.

Trust and Trade - Ownership and Transfer Rules

PrivatSphaere:information leaks about private data and ways to protect by legal and technical means. Side note: This protection is called anonymity (I learned from my professor). In contrast to what I believed before (and many don't make this rather nonobvious distinction) anonymity does not mean to hide your name from some information you made public. It means to make it impossible to associate you name with a particular information in any way. Though it incorporates all snoofing protection.

IntellectualProperty

The British Library has issued an IP manifesto (with regard to DRM):

• Existing limitations and exceptions to copyright law should be extended to encompass unambiguously the digital environment;
• Licenses providing access to digital material should not undermine longstanding limitations and exceptions such as "fair dealing";
• The right to copy material for preservation purposes "a core duty of all national libraries" should be extended to all copyrightable works;
• The copyright term for sound recordings should not be extended without empirical evidence of the benefits and due consideration of the needs of society as a whole;
• The us model for dealing with "orphan works" should be considered for the uk;
• The length of copyright term for unpublished works should be brought into line with other terms (ie: life plus 70 years).

In other words, copyright law should not change in the digital environment

JFWLicensingNotes

Conclusion

Askemos shall reflect concepts which concern: self preservation (askemos archives itself) and the basic mechanism of understanding, communication and trust (and how to tell the mechanism apart from policy). These mechanism are the basic principles, or common code, of viable (sustaining) communities, societies etc. as expressed in their language, rules and laws. As such it's only loosely connected to software. (To put it different, no sane rule or law contradicts this text. If any did that's a problem/bug of either the rule or this work.)

The Askemos infrastructure must caters to the needs in the computer age as ink, paper and Gutenberg for the last few hundred years.

AskemosTopMenu

• About Askemos
• design notes
• documentation
• download
• On CD
• thanks
• support

BackUp

To backup used with data means to make another copy of the data at some different physical encoding (other physical location, media type or other encoding; sometimes even another brain). The term backup is also used for the physical media where the copy is encoded.

Such a backup is used to secure the encoded information, making it stronger against the threat to be lost.

BALL

Byzantine Askemos Language Layer

Ball is the first implementation of the Askemos distributed virtual machine running on a network of equal peers, which supports "projections" from the abstract space "Askemos" and makes accessiable in standard data formats via standard network protocols.

BetriebsSystem

Was ist ein Elefant? Eine Maus mit einem Betriebssystem.

Das Basissystem von fiXml, Askemos, muß je nach Kontext als Application Server oder Betriebssystem eingeordnet werden. Seiner Funktion nach handelt es sich um ein Betriebsystem. Das verfügbare System ist aus administrativer Sicht ein Application Server, welcher ein Basisbetriebssystem benutzt. Dieser Variante wurde der Vorzug gegeben, um die Einbindung in bestehende Systeme zu erleichtern.

Systemvergleich

Der Vergleich von Betriebssystemen ist gewöhnlich nicht ganz leicht. Das fängt schon mit der Definition an:

Brockhaus, 19. Auflage: "System von Programmen für eine Datenverarbeitungsanlage, die die Ausführung der Benutzerprogramme, die Verteilung der Betriebsmittel und die Aufrechterhaltung der Betriebsart steuern und überwachen."

DIN 44300: ... die Programme eines digitalen Rechensystems, die zusammen mit den Eigenschaften dieser Rechenanlage die Basis der möglichen Betriebsarten des digitalen Rechensystems bilden und die insbesondere die Abwicklung von Programmen steuern und überwachen...

Hoare: Der Zweck eines Betriebssystems besteht darin, die Betriebsmittel eines Computersystems auf eine Anzahl parallel laufender Programme zu verteilen, wobei die Programme nicht vorab definierte Anforderungen an Betriebsmittel stellen. Das Ziel dabei ist:

• die Betriebsmittel maximal auszulasten,
• eine hohe Zuverlässigkeit zu gewährleisten,
• eine bestimmte Bedienungsleistung zu gewährleisten und
• die Nutzung einfach zu gestalten.

Meißt kann man sich auf Aufgaben einigen:

• Steuerung/Prozessverwaltung (Messagesystem)
• Betriebsmittelverwaltung (Ressourcelocking und TrustedCode)
• Schutz/Sicherheit AskemosProtection
• Benutzerschnittstelle (Viewer+Protokolladaptoren)
• Gerätesteuerung (Basisbetriebssystem)

BOSH

Bidirectional-streams Over Synchronous HTTP (BOSH)

http://www.xmpp.org/extensions/xep-0124.html

BRL

BSD

BTW

BUGS

 * XML parser does no validation
 * A stylesheet assigned as the value of an xsl:variable is evaluated
   to compute the value of the variable.  This seems to be the right thing
   (really?) but it's not handy.
 * XPath and XSLT implementations are incomplete
 * apply-templates as value of a top level xsl:variable runs into error - still?

ByzantineAgreement

Byzantine Agreement/Protocol

A fundamental problem of distributed computing is that of simulating a (secure) broadcast channel (see also KommunikationsInfrastruktur), within the setting of a P2P network.

A byzantine aggrement can always be reached, if more than 2/3 of the parties are honest, i.e., cast vote for the correct result according to their actual input (which in turn might be falsified).

If this sound too "technical", here is a real world application/implementation scrutinised.

Byzantine Agreement in Askemos

Askemos deploys atomic broadcast protocol (see Sintra section 2.2) to synchronize ProcessStep's with slight variations:

• A ProcessStep is defined in such a way, that the binary value to agree in the voting (the checksum of state changes during the step) is often deterministic. Therefore the agreement protocol does not need to proceed in (possibly infinit many) rounds.

  "Often deterministic" means here, is deterministic, if it depends exclusive on the input and internal state of the process. But if, for instance, the process reads additional input with "fetch" while processing the message, or depends on local values like the current time, it can become non-deterministic. See the accuracy test for actual measurements of such a case. The BALL implementation could easily proceed in additional rounds as standard byzantine algorithm do. I don't think additional rounds should be made standard behaviour instead we should put that into applications control.

• If the network is fragmented messages can be lost. If nodes miss - one by one - the final ready message in the agreement, the network can get out of sync in such a way, that resynchronisation becomes impossible. The BALL implementation extents the echo/ready messages in such a way, that the last phase can be recovered.

Further Work

Utilizing a setup or preprocessing phase it is possible to lower that requirement to some extend, Y. Lindell, A. Lysyanskaya and T. Rabin show http://www.wisdom.weizmann.ac.il/home/lindell/public_html/composeBA_abs.html upper bounds of utility of that approach.

TODO The 0.7.x version of BALL deploys HTTPS as node-node protocol. Availibility of a second message bus (from the references) is desired feature. The current implementation will be kept readily available and brought forward to protect against anticipated, future security bug in the alternate message bus, to be be deployed at the (accepted) cost of degrading performance until the bug is fixed.

References

Byzantine Generals Problem

Leslie Lamport, Robert Shostak, and Marshall Pease, ACM Transactions on Programming Languages and Systems, Vol. 4(3), July 1982, Pages 382-401

L. Kesteloot: "Fault-Tolerant Distributed Consensus" (1995).

Sintra (16. 4. 2002)

M. Naor and U. Wieder. A simple fault tolerant distributed hash table, 2003

http://citeseer.ist.psu.edu/560557.html

spread

a unified messaging bus (candidate for use in ball implementation).

The recovery algorithm of spread is quite similar to our implementation. The main difference is that when spread delivers a message to the application layer the corresponding Askemos event is the permanent commitment of a transaction (see ProcessStep).

Ensemble

Ensemble another unified messaging bus (candidate for use in ball implementation)

Sintra ( http://www.zurich.ibm.com/~cca/papers/sintra.ps )

A fault tolereant replication architecture based on ByzantineAgreement.

Sitar: http://sitar.anr.mcnc.org/

building intrustion tollerant systems from off the shelf components.

on (broadcast) group membership protocols

http://www.cs.colorado.edu/~mishras/research/papers/pdcs03.pdf

Bft http://pmg.lcs.mit.edu/bft/

A byzantine file system. (No byzantine processes.)

symetric cluster management

http://sources.redhat.com/cluster/faq.html

ibm in Zürich: http://www.zurich.ibm.com/csc/infosec/dti.html
--

http://epubs.siam.org/sam-bin/dbq/article/18708
--
http://www.cs.bham.ac.uk/~dxp/prism/byzantine/
--
A CORBA? based implementation:
http://beta.ece.ucsb.edu/immune/Immune.html
---

A small essay http://szabo.best.vwh.net/coalition.html
see also http://www.google.com/search?q=Byzantine+Generals+Problem

*related notes*
On hardening the underlying host system: http://immunix.org

CAUTION

take that with a grain of salt

ChillOut

Chillout is the Interoperable DRM Platform specification Reference Software, released as Open Source Software under Mozilla Public Licence 1.1.

CodingStyle

Written Standards

I just came across some written standards over there: http://www.kindsoftware.com/ kindly try to adhere. Standard is better than better! Even if we would start to provide our own, we would probably end up with something similar.

Please follow Riastradh's Lisp Style Rules a guide to Lisp style, written by Taylor R. Campbell; parts are focussed on or specific to Scheme.

Coding Habits

First read a bit about eXtreme Programming. I recommend the original book eXtreme Programming explained from Kent Beck ISBN0-201-61641-6 and get a second pair of eyes looking at your source.

I understand that it's not always possible to be two person while coding, moreover coding is sometimes really boring for the 2nd one. So have people close while doing the complicated parts. If nothing else available use email and irc frequently (irc in private channel).

Second please understand, that the implementation is by design somewhat imperfect. (If you did your home work above, that'll be easier.) The implementation shall be good enough and able to perform what Clay Shirky calls Adaptive Radiation (see EvolutionGentechnik) in favor of best of breed and highly specialization.

Third never change two logical independent things at once. If you did, good luck. I'm not going to look at such a diff.

Cosmetic Changes

1. For source files

   Cosmetic changes Should be executed ASAP if they modify API's and deferred until the file in question is to be changed anyway or becomes ununderstandable.

2. Other documentation

   Executed ASAP. Please report all spelling and other bad language.

Comment Tags

There are some tags to classify comments (for grep's sake).

TODO

Things to do. Missing feature visible but harmless.

FIXME

Things to do, but misfeature might cause bugs.

KLUDGE

Good enough for now. Actually not, but whatever...

EXPORT

"Defined" API of the module.

Global Variables and Side Effects

You better have a really good reason for that! Reconfiguration at runtime would be a valid example, if reasonable.

All side effects MUST be commented.

System Dependencies

Are best avoided. E.e., the rscheme module system is quite useful but the code doesn't rely on it even though I'm heavily tempted. The same goes for the object system in the inner kernel.

Those things, which are system dependent anyway or need it for performance are free from this rule.

Naming Conventions

• Names are chosen in a way that they form some understandable text in the context of intended applications. Don't care for the definition context when choosing names. Consequently we'll frequently rename until the API is stable.
• A name shall say what it is meant for, not what the implementation does. (This can easily rule out get-foo and set-bar! style names.)
• Actions are typically verbs, while data objects are nouns. Global data objects prefixed with "the-".
• The larger the scope, the better chosen the name.

  Sometime I choose worse names, when I believe that something does most of what it should do. When the function is later completed I replace step by step all uses of the old version.

• Procedures with side effects end in an exclamation mark!

  A procedure counts as "with side effect" if it's possible to call it in a way that the side effect is visible. Internal uses of set! (and others), cached versions of procedures with internal state etc. Don't count here - but they MUST be commented anyway.

The following naming conventions are only mandatory for the kernel, recommended for all compiled code.

• Even without modules there must be no name clash (portability to other schemes).
• Names prefixed with module.

Complexity

Usually I'm more proud of the implementation details of my programs than of what it does exactly. That's different here, I'm proud of the over all structure and most things are optimized for human understanding. This implies they are implemented "straight forward" and there is some space for optimization for both speed and memory.

All algorithm, which operate on variable size data are (supposed to be) of lowest known complexity (currently this means solved in linear time). This means: optimization efforts can be traded for hardware especially since the software is coded functionality and highly threaded anyway.

Optimizations

Please don't try to optimize for space or speed on the expense of human understanding.

No algorithm may ever trade algorithmic complexity for either size or speed.

CommonCriteria

Common Criteria for Information Technology Security Evaluation

See http://www.bsi.de/cc/index.htm

Tom Adelstein in Linux in Government: Open Source Innovation within the DoD about common criteria certification process for OpenSSL.

ContextViewUsage

The context view (aka site map) displays the links going out from the current page (children) as well as those pointing to this page (parents). Furthermore the "second generation" of both ways is displayed as well. Understand the listing line by line: the left cell shows the pages pointing to the immediate parent, which is displayed in the second cell of the same line; the rest of the line shows a child in the third cell and it's children in the forth.

To switch back to the content view of the page click on the heading on top.

Future versions should use graphviz or something to draw nice graphs of the surrounding nodes.

CoreAPI

The core API defines how applications, (which reside on places) interact wich each other and modify their attributes. See AskemosDVM for definition of the virtual machine. TODO: provide a WSDL description of the core API here.

The Reply Element

In the simple case of a read type request, the reply to be returned from an actors invocation is just the output to the requestor.

Things are more compilicated for write type requests.

A write type request returns an element reply from the XML namespace http://www.askemos.org/2000/CoreAPI#. The children of this element describe the effect of the process step, along the axis

TODO: link from here to detailed information about the list items.

• Hierachical structured data values, the become element.
• interconnection: subscription, naming and growth; (networks, sozietäres Prinzip)
• rights, relations
• entry points: secrets etc.
• sugar; (relations [tables], forwarding, email (TrustedCode etc.)

TODO describe the API from the code. CAUTION small changes ahead.

Data Values

One mandatory child is the become element. It contains the new state of the place. In other words it's the new data value stored conveyed. for example: if the place stores constant data, this data is returned as content of replies given to read requests. Low level slot: mind-body and corresponding xml-parse'd representation body/parsed-xml.

remark The become element is usually the 1st, since it was historically the only positional return parameter. Futhermore an alternate name "continue" is supported, which stems from the Scheme inheritance of the project. However reading http://www-sop.inria.fr/oasis/caromel/TDO/ASP-DistributedCalculi.pdf page 4 (top) was convincing to find "become" the better name.)

Optionally any number of other elements can follow. These effect the other (all but the first) axis.

An element output can be used to specify more details about the output, i.e, narrow it or generate answers with a content type other than XML.

A good application design puts everything, which is efficient decribed by the hierarchial principle (english?) at that axis.

interconnection

TODO subscription (not yet implemented)

read

To resolve the name of a link originating from a place, call the accessor (which is passed as the first argument see ActionDocument) like this: (place name)

To resolve a public name see: public-context

To read data from another place see fetch.

write

• link
• new
• send

The interconnection axis is used to convey information on societal relations.

Rights

protection and capabilities see AskemosProtection. grant rights to other users.

• grant and revoke

entry points

The secret element is used to control credentials for user authorisation.

TODO document EntryPoint? to create new entry points.

Sugar

forward is equivalent to an unchanged data value and a message to send to the next step of the path as decribed by the destination slot of the message. The location in the resulting message extended by an element reflecting this next step.

TODO document let, letseq etc.

See also xsql.

CoreGrant

Synopsis

XML namespace: mind.

<mind:grant xmlns:mind="http://www.askemos.org/2000/CoreAPI">
 <to>receiver specification</to>
 right specification
</mind:grant>

receiver specification

One of

• id: see below

right specification

An xml representation of a right as defined in AskemosProtection.

Syntax:

<mind:right>
 ids ...
</mind:right>
<mind:id>OID</mind:id>

CoreLink

Synopsis

XML namespace: mind.

<mind:link name="name">destination specification
</mind:link>

destination specification

One of

• new
• id

mind:id

Contains the string representation of an OID. See oid->string.

mind:new

<new
 action="ActionDocument Specification"
 initialize="string"
 secret="string"
 protection="Protection Specification"
 >content data
 </new>

All attributes are optional.

Description

For background, keyword "dynamic binding" ( ftp://cui.unige.ch/pub/dami/dynBind.ps.Z ).

CoreSend

Synopsis

XML namespace: http://www.askemos.org/2000/CoreAPI

<mind:send type="read|write"
           xmlns:env="http://www.w3.org/2001/09/soap-envelope">
 <to>target specification</to>
 <env:Body>
  message content
 </env:Body>
</mind:send>

target specification

An path to the receiver (place) of the message. The first element (up to the first slash) is either a string representation of an OID or a name bound in the context of this place.

Sends a soap call along the path.

compatibility note

Before the soap specification the Body element was supposed to be all lower case. This is still accepted, which seem not strictly compliant. Is it?

CurrentVersion

EEA2

EXPORT

used as grepable label for API's.

GDPdU

Grundsätze zum Datenzugriff und zur Prüfbarkeit digitaler Unterlagen

GNU

GnuPG

GPL

Gnu Pulic LicenceFAQ: http://www.gnu.org/copyleft/gpl-faq.htmlat slashdot, http://www.kuro5hin.org/?op=displaystory;sid=2001/6/23/3451/16661

The Askemos server is available under the GPL. The decision to use this license is partially controversal. The analysis of the consequences of the various licensing schemes reveals that secure systems can only be build if the system itself is no secret to the user. This requires at least a open source license. Looking at the long run, the license must grant enough freedom to keep the system working even though the licensor might loose the interest. Therefore the GPL seems to be the license of choice at least for the development time.

If you feel the need to license under other conditions, pleae contact visit http://www.softeyes.net/

GUID

HistoryOfAskemos

The Eary Days - Incentives

The history of Askemos began in 1993. I just spent approximately 13 year with computers as a hobby and later as undergraduate at the university. One observation bothered me: there are so many "computer illiterates" who admit that they don't understand the computer world. Among them people like my own dad, who received two Ph D's and is usually regarded to be a smart man. So I posited that it's not the peoples fault, but the computers, which provide notions which don't fit the concepts people need to think.

It turned out, for instance, that one example of a near miss is the notion of a file, where data typically is kept. If we compare that concept with "things we can write on" as found in history, it compares more to a slate or white board that to a sheet of paper, because we can wipe the text out reuse the space. But slates are only used for special purposes and far outnumbered by text written at paper, which is not reusable. Since paper was invented there where so many cycles of invention that we definately had reusable paper in the stores if that was the better concept. The reason for reusability was scarcity and not the better concept.

A simillar problem exists with the urge to put every idea into a hirarchy on computers, while a network (like a MindMap) fits much better. Once (1999) for instance I did consulting with I B M. The department lost a couple of thousend dollars in effort trying to agree upon a naming scheme for their documentation. My claim that everybody should be able to have their own naming, which fits their job duties was unheard. Finally they decided a scheme but many employees used their own scheme while working and just checked their results in when done - or forgot about it rushing to the next job and causing another loss.

Not too far from this "compulsion problem" was the babylon of programming languages. Virtually all of them are just different expression of the same concept in terms of character sequences. But we can still write bad code in any language. So what are they good for? Representation independance is needed - we have it already, if a human brain can understand the code, or does anybody believe that we store ascii characters in the head?

Distributed Data and Trade - The Market Move

Around 1997 the development of distributed file systems like freenet became visible. Besides beeing concerned with update issues, which could easily beeing avoided if they did not try to resemble a concept invented to deal with the scarcity of hard disk space in 1970, they point towards a different need: The integrity of the data must be ensured and data kept available despite physical attacks, lost devices and DataErosion. Looking closer at the concept, we find it very simillar to the situation of the internet before the advent of the web. A lot of data stored at some point. Before at ftp servers, now at freenet nodes. It's the same situation, we miss the dynamic content. So the decision was to develop a scheme for dynamic content under the assumtion that we already had usable a distributed file system.

Two years later the world moved at a related front to unify their data representation with XML. From the post graduate studies I knew that it's predecessor SGML is already able to represent the three aspects of expressions (data, meta data and context - as the linguists know them). SGML was just too complex, because of superflous concepts. Now we had a repesentation independant data format and knew before that it will win because it fits the purpose and has publicity.

With the development of the web it became visible that not only the computer geeks form their own community on the net. Communities are ultimately defined by the common interest of their members and a way to communicate and exchange. By now we can find plenty of web sites, mail lists and chat rooms. Their users depend ultimately on their service providers. Exchange, or trade activities, can not afford to depend on service providers, they call for fine control over transferable rights to use the property (IntellectualProperty here) in a tamper proofed virtual data cloud. The data cloud may depend on as many service providers as their owner feels needed.

Year 2000 - The Big Step

In March 2000 I felt that I collected enough requirements and background to develop the 0.6 version of the Askemos server. Beeing the 6^th prototype it' now mature enough for actual deployment. (The 0.4 version is still in commercial use, but has shortcommings due to short sighted requirements as mentioned above.) It was finally released to the public at 23^th december 2000. This version solves most of the requirements:

• Provides objects, messages, topology and protection.
• A protection system to be proud of. With no systematic need of administrative power and as many local administrators as needed.
• All objects, ranging from invariants (like deeds) to complex applications, are autonomous (which means "write protected against any other object"). They can be understood as closures of a side effect free function and some data.
• Topology: Objects exists at places in a network. Hirarchies are just a special case.
• Objects answer to messages as an atomic operation.
• Message flow can be formally modelled with petri nets.
• Optimized for XML structured data (which is stored in parsed tree form, not serialized).
• Web user interface

HomesteadingInTheNoosphere

The term noosphere was introduced and illustrated by Eric S. Raymond for the information space it in his essay "Homesteading in the noosphere". (His focus is on the rules of open source projects. This is a special case of synergy drawn from exchanging ideas, while the information space here is not centered around any pre-set concern.)

Speakning of Mr. Raymond here and taking into account that Mr. Raymond views himself like a spokes person I have to add: I value his work cited above. But I disagree with most his comments. Never take his words for my opinnion.

Noospheric Property and the Ethology of Territory

HowToEditThisPage

Editing works similar in most Wikis and so here.

When working with this wiki, you should understand each wiki entry as a mirco structural item (a "News Unit", "Tiddler",...). Those items are composed together into pages.

Some entries are special: they are used implement "additional" features. Additional comes in quotes: the standard formatting is done by a template named "template" (surprise;-). That's already such a special entry.

Basic Handling

To get started, ignore special entries. We'll return to them later.

1. To start editing you should push the edit button. This places a lock at the entry, which makes the button disappear for everyone else.

   Note: If you accidentally skiped this step, don't worry. Editing and even saving works. But if someone else properly placed the lock while you where editing, you will loose your work and the other one wins.

2. Now edit the text.

   Don't change the title or links in the top and left zone nor anything near the bottom where the last change time is. Only the text within the thin black frame is for user modification [1]. The other areas are cut out when you save.

   When done use your WebBrowser's save (with Amaya, openoffice ...) or publish (with Mozilla/Netscape)-button to save your changes.

   Do so whenever you feel it worth. Nobody but you will see your changes until your completed step 4.

   If that failes chances are that you've got a timeout. This happens sometimes in a loosely connected network. Don't panik, try again.

3. If you need another page, name it with a word, which starts with an upper case character and contains at least a second one. Once saved, this will be turned into a link to a new page. (This is a common convention of most abbreviations, WikiWiki etc.).

   Most browsers require you to reload the page to make the link visible.

4. When you're satisfied with your work, push the release button.

Other Functions

Normal editing is only available, for those listed in the author field of the page (explained below). However anybody can add an "sms", a short message of at most 160 characters (longer messages are ruthless cut there).

The listed authors have a button to delete all the sms at once (take care).

If an entry is locked, other registered authors get a chance to break the lock. When a lock is broken, a message is sent to the entry point of the user who owns the broken lock.

TODO: add the discussion board here. One per entry.

Advanced Handling

TODO

You can store a style sheet in any page and use is to format the page by appending "?template=mystyle" to the request. There are already several templates of general utility: source, plain, text (supporting wiki-remote.el [TODO broken for emacs21]), context, htmldoc, Lout and the default template.

Tips

When writing at fresh pages save and reload after a small amount of edits to verify that you're not within the sections, which are cut out. You can also check whether you are at the page source level: alltop level elements, which have a class attribute value of decoration are removed.

The old Netscape is known to submit badly formed pages. This can hide the decoration from the cutting process. Better upgrade.

The From field lists authors, who are responsible for changing content. To add others, put them into a comma separated list (no spaces yet). This form is used when the release button is pushed.

The Protection field (only available to the owner of the scratch pad knowledge base) is used to change the AskemosProtection.

The page named "template" defines the standard layout template. There are more templates. To use another template to presend a page append "?template=source" (with source replaced with the actual template name and no quotes) to the URL of the page. One such template, ASIS is special: no processing is done at all.

The page named metasystems contains a list of scratch pad data bases, which are stacked below the current one. All entries (including templates), which are not defined in the current pad are inherited. But backlinks are found only within one such vocabular module.

Tagging: to categorise your work, you might want attach tags to your entries. A tag is an entry of it's own. Just reference it to attach. You can view all entries, which carry a tag from that tag's entry via "back links" feature. Future versions should attach some attribute to distinguish between tags and back links from "normal" entries.

1. To be technically precise, children of the element with the id attribute value decorationframe are preserved. Failing that, elements with an class attribute of decoration are removed, children of elements with a class attribute of decorationframe are exemined recursively, all other elements are retained.

HTML

HTTP

Hyper Text Transfer Protocol

currently the only usable network protocol with nunu

Currently there is an implementation restriction:

The protocol adaptor SHOULD, but doesn't yet, support server driven updates of the client frame. (We need that: if a place changes state, the client should reflect this. However see BOSH - maybe that's useful here.)

The user might find this a problem, cause the server delivers an older view instead of the expected state. To work around: in doubt just reload the page from you browser.

To avoid this reload step, there is KLUDGE in the HTTP protocol adaptor: the answer is artificially delayed for http-redir-kludge-time milliseconds (which appear to work only in steps of 1000). TODO remove his oddity.

Ther's only a small code change in protocol/http/server.scm. A continuation should be passed to the answer-function instead of calling it. But nevertheless it needs some coding and thinking about the handling of the change signal. It MUST be invisible to the client code. It MAY be visible to a few special places.

Here's a good description how it shoud work. http://www.xmlblaster.org/xmlBlaster/doc/http/http_tutorial.html

HTTPS

HyperText

http://www.cs.colorado.edu/~ostwald/thesis/section5-1.html
http://www.tfh-berlin.de/~siegel/hypermed/Hypert_Gesch.html

InCorruptible

Absolute power corrupts absolutely.

A system of rules about rights shall be called "incorruptible", if it is proven that no individual actor (or group of them) can possibly gain enough rights to overrule all decisions of any other individual.

Remarks: This requirement vetoes any central administration. Currently the minimal known requirements are gathered in AskemosProtection (the principle of the inalienable right).

Note: maybe we should simply say: a system of rules is incorruptible if it is proven, that no individual can be impersonated by any other.

InformationSpace

Informal speaking: equally simple, reliable, durable and doubtless space for communication over distance and time as paper, ink and Gutenberg technology.

The information space is the space, where all information is stored no matter of the physical location where it appear to be presented.

To illustrate a little more: if there was any information in a brain, that part of the brain, where the information is actually stored, is part of the information space. The same applies to transscripts and recordings of speech, again that part of the media, which actually stores the information, is part of the information space. So we better conclude the information space must a conceptual (often called virtual) space.

The presentation of the information, as it can be stored on all sorts of media, is a projection of the information space onto the media filtered by some some encoding function.

Reiterating the above in other words: there is no such thing like copying in the information space. All copies are projections of the same information. Example: If I heared a song today and sang it tomorrow morning in the bathroom, I would still be the same song. Many copies just make the information stronger, not more.

See also HomesteadingInTheNoosphere and an interesting ruling of an american court as reported by The New York Times and commented by slashdot

BTW:Confusion about that little difference between data (an encoded projection from the information space into values from other spaces) and information has lead to many unfortune situations in history where people fought data when they tried to fight information. I'd like to remind here to too many burned books, killed singers, cencorship, DeCSS etc.

INSTALL

1 Install RScheme

1a Install from CVS

Install libgmp, since we are going to compile Rscheme with full numeric tower support.

Run the INSTALLFreshRScheme Script. (TODO: check whether vanilla builds are ok now.)

1b The Packaged Way

Install a recent RScheme version (see SystemRequirements for minimum version number). See the INSTALLFreshRScheme or debian rules script (target "build") how to configure rscheme properly.

2 Compile and Install the Askemos Binary

Now your're ready to install this distribution:

Edit the CFG_* variables at top of the "Makefile" to your needs.

You can always reconfigure those defaults: rename and edit the generated file config.scm, then pass the file as command line argument to the executable.

Do a

make askemos

Do a

# make install

as super user or use the package manager of you system to install the binary runtime files.

3 Create Local Repository

To set up using default protection (simple acl) do:

$ make repository HOSTNAME=host.domain.tld

(If the HOSTNAME= assignment is omitted, it defaults to the output of hostname, which is not always what you want.)

Otherwise for general protection do:

$ make repository WAKEUP=/home/jerry/doc/zettel/wakeup.scm CONFIGURATION=secured.scm

Network Setup

Optional before you start: create three host name aliases for "localhost" in your DNS setup. We will use "a1", "a2" and "a3" here. If you don't do so, you will have to accept some SSL warnings and occationally substitute "localhost" in command lines as given below.

1. make (as decribed in detail above)
2. make repository HOSTNAME=a1 PORTBASE=9000
3. make start HOSTNAME=a1
4. wwwbrowser http://localhost:9081
5. log in using "gonzo" password "oznog"
6. Follow Link "System" and "certs"
7. Find the password field left of the "Create New Key" button, enter the hostmaster password ("exit" by default) and push the button to create a new certificate request for this repesentative.
8. Find the password field left of the "Create New CA" button, enter the hostmaster password ("exit" by default) and push the button to create a new certificate authority for your whole network.
9. Find the password field at the bottom of the "X509 Certificate Management" section, enter the hostmaster password ("exit" by default) and push the button labled "sign" to sign the certificate request for this representative.
10. Find the password field left of the button labled "set host cert", enter the hostmaster password ("exit" by default) and push the button to store the newly signed certificate as this representatives SSL certificate.
11. Copy the text block of the "Certificate Authority Certificate" (right column besides the clear text of the cert; from ---BEGIN CERFITICATE to END CERTIFICATE-----) to the Clipboard.
12. Stop the representative, e.g., press ^C in the terminal, where the "make start..." command runs.
13. make repository HOSTNAME=a2 PORTBASE=10000
14. make start HOSTNAME=a2
15. wwwbrowser http://localhost:10081 log in as user "gonzo" with password "oznog". Note that this user "gonzo" is different from "gonzo@a1": they have different OID's. You may want to modify one or both of your gonzo's to make the difference apparent. Each of them runs on either a1 or a2.
16. Follow Link "System" and "certs"
17. Paste the certificate authority from the clipboard into the text area of the "manage" form (right under the file upload box labeld "CA? Cert File", enter the hostmaster password ("exit" by default) and push the button to accept the certificate authority created at host "a1"
18. Find the password field left of the "Create New Key" button, enter the hostmaster password ("exit" by default) and push the button to create a new certificate request for this repesentative (a2).
19. Copy the text block (right column) of certificate request from the "X509 Certificate Management" section to the clipboard.
20. open a new terminal and do make start HOSTNAME=a1
21. If you have aliase names for your host point your wwwbrowser to https://a1:9443 wwwbrowser otherwise use https://localhost:9443
22. The browser will complain, that it doesn't know the Certificate Authority. No surprise: you just created it yourself. Accept your Certificate (forever).
23. If you don't have alias names, accept you browser complaining once more that "a1" is not the same als "localhost" but the certificate is for "a1", which is actually correct.
24. Follow Link "System" and "certs"
25. Paste the certificate request from the clipboard to the X509 certificate management area and push the "store" button.
26. Enter the hostmaster password ("exit" by default) and push the button labled "sign" to sign the certificate request for host "a2".
27. Copy the text block (right column) of certificate request from the "X509 Certificate Management" section to the clipboard.
28. wwwbrowser http://localhost:10081, follow Link "System" and "certs"
29. Paste the host certificate from the clipboard in the text area in the "Local X509 Certificate" section (right under the file upload box labled "Certificate File" and the "Submit Host Cert" button, enter the hostmaster password ("exit" by default) and push the button to store the certificate as this (a2) representatives SSL certificate.
30. If you have aliase names for your host point your wwwbrowser to https://a2:10443 wwwbrowser otherwise use https://localhost:10443
31. Accept the browsers complaints about your cerfificates.
32. Follow the Link "System" and "network".
33. Enter https://a1:9443 (or https://localhost:9443) in the "connect" field and press enter.

    Now Both your systems should know about each other. Especially the host with local id "a2" should have "a1" as "certified location" in the host map, while "a1" has seen the certification for "a2.

34. At "a1" follow the link "Einstellungen" and "support" and enter "a2" in the "Toggle support" field.
35. At "a2" follow "System" and "entries".
36. Fill in the "create channel" form. Enter a new user id of you choice (we'll use "Fred") in the filed labled "here", "a1" in the field labled "from host" and "gonzo" in the field labled "user". Enter the administrative password ("sesam" by default) and push the "create" button.
37. You should now be able to log into "a2" using user id "Fred" and password "oznog" and control the same user (according to the OID), which now runs on the majority of {a1, a2} - that is only on both representatives at the same time.
38. Repeat the process from "make repository HOSTNAME=a2" for a3.

INSTALLFreshRScheme

   
#!/bin/sh -ex
# Do you feel this scipt is horror?  You are right.  It just wants to show what should be done.

# Please bear with me, that this script is wraped in html.
# Currently there is only limited support for non-xml data in the
# wiki here, and no ressources left.  (Scratching the own itch?...
# ... I'm using that script too, and I hate it.  But I want to
# replace it with a real build procesa and not nurse yet another
# silly helper script.

sourcedir=`pwd`
targetdir=$HOME

distribution=rs-0.7.3.4-b7
stateofinstall=.stateofinstall

if [ -f $stateofinstall ]; then
 state=`cat $stateofinstall | sed '-es% .*$%%'`
else
 state=""
fi

if [ x$state = x ]; then

 echo Press enter at the CVS login promt to continue!
 echo public | cvs -d :pserver:anonymous@cvs.sourceforge.net:/cvsroot/rscheme login || true
 # wget -c http://belnet.dl.sourceforge.net/sourceforge/rscheme/$distribution.tar.gz
 wget -c http://telia.dl.sourceforge.net/sourceforge/rscheme/$distribution.tar.gz
 modules="rscheme-base rscheme-packages library"
 for m in $modules; do
  if [ -d $m ]; then cd $m; cvs up -d; cd ..;
  else cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/rscheme co $m;
  fi;
 done

 eval echo 1 code checked out > $stateofinstall
 exec $0 $*
fi

if [ x$state = x1 ]; then

 cd /tmp

 gunzip -c $sourcedir/$distribution.tar | tar -xf-
 cd $distribution
 make stage1
 cd src
 ./configure --prefix=/tmp
 make all
 make rsc

 cd $sourcedir
 rm $distribution.tar
 eval echo 2 rscheme in /tmp > $stateofinstall
 exec $0 $*
fi

if [ x$state = x2 ]; then

 PATH=/tmp/bin:$PATH
 cd rscheme-base
 rm -f packages
 make distclean
 make RS=`which rs`
 cd src
 ./configure --enable-full-numeric-tower --prefix=$targetdir
 make
 make install-base
 make shell
 make install-shell

 cd $sourcedir
 eval echo 3 rscheme in $targetdir > $stateofinstall
 exec $0 $*
fi

PATH=$targetdir/bin:$PATH

if [ x$state = x3 ]; then
 ln -sf ../rscheme-packages/packages rscheme-base/packages
 ln -sf ../rscheme-base/src rscheme-packages/src

 cd rscheme-base/src
 make rsc
 make packages PACKAGES="general syscalls unixm threads lss rstore fasl calendar"
 make fasl_shell

 cd $sourcedir
 eval echo 4 packages in $targetdir > $stateofinstall
 exec $0 $*
fi

if [ x$state = x4 ]; then

 # make -C library/dev makex
 cd library/dev
 autoconf
 ./configure --with-rs=$targetdir/bin/fshell

 cd $sourcedir
 cd $sourcedir/library/dev/srfi/18 && make
 cd $sourcedir/library/dev/srfi/2 && make

 cd $sourcedir
 eval echo 5 packages in $targetdir > $stateofinstall
 exec $0 $*
fi


  

IntellectualProperty

“If you have an apple, and I have an apple, and we exchange apples, then we both will have one apple each.
But if you have an idea and I have an idea, and we exchange ideas, then we both have two ideas.”
George Bernard Shaw. (1856-1950) Literature Nobel Price 1925.

Intellectual property is roughly spoken the concept of owning an idea or better say being the originator of a thought.

The generalised term "intellectual property" is somewhat questionable, since it subsumes copyright, trademark and patent law, which are all completely different.

Thomas Jefferson, in a letter to Isaac [[McPherson]] (13 August 1813), wrote

If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it.

Magnus Stålnacke

(on "intellectual property") In sweden we do not have that phrase, whenever people try to tranlate it, others start to smile, it sounds really ridiculous. I think we use a better phrase for it, our phrase is: "immateriella rättigheter" wich translates perfectly to "immaterial rights" This describes what it is and doesent bundle patents and copyright in the wrong way. It just says what it is, a "right" (not property) that is given to you (on the expense of others of course).

http://www.guardian.co.uk/technology/2008/feb/21/intellectual.property

Gnu:"According to Professor Mark Lemley, now of the Stanford Law School, the widespread use of the term "intellectual property" is a fad that followed the 1967 founding of the World "Intellectual Property" Organization, and only became really common in the past few years."

In the context of Askemos, the meaning of intellectual property, authors rights, 'distribution' or better say 'usage' rights pertaining to information play a central role. At the same time the act of physical copying looses it's meaning, as different physical encodings are regarded 'same'. The pointers given here supply further backing that this notation of 'immobile', global information (only "accidentally" projected into local, physical data) is actually more practical and logical than a view centered around data copying.

There is an excellent article about copyright and the american law system and constitution: http://www.msnbc.com/news/594462.asp?cp1=1#BODY .

Ernest Miller and Joan Feigenbaum claim in http://www.cs.yale.edu/homes/jf/MF.pdf that the act of physical copying is only instrumental, not purpose of protection.

With Askemos you actually treat that copying issue, which has no sensible meaning in Askemos, for a much stronger global rights management system. The Askemos system has been derived from it's legal and social pattern with the design guiding intent to be in turn applicable in legally binding context (what's that? Range from http://www.research.microsoft.com/research/sv/PennyBlack/ to RousseauSocialContract). In this context it is definately a step into the right direction to provide the people with an undisputable sign of the usage right associated with a particular information as proposed over there.

At this time (2003/2004) there's a lot of political discussion going on concerning several aspects of intellectual property. The experience from several years of research behind the Askemos system allows to define a kind of "lower bound" on DigitalRightsManagement systems. It results in huge damage to the whole socitety, if that border is crossed by rules of law. Since free individuals value their moral above any human defined law, the legal system becomes instable and must either heal itself (costely correcting the error) or it will eventually vanish. TODO:fix the text, I learned since, that this is called "überpositives Recht" (in german) -- probably "super positive" in english?. The basic claim, which I'll back up here is:

No society can alienate any right over natural law and grant them exclusively to any person.

That's a requirement to protect intellectual wellfare of the society, since it could otherwise be bleaded to death on that individuals discretion. While there are no exclusive rights to go with the discovery of natural laws, there is however a need to protect rights of the person for any particular application of those laws the person invented. (A related topic is copyright enforcement, which could also cross the boundary accidentally. Watch http://www.zdnet.com.au/news/business/0,39023166,20281871,00.htm )

Some more points:

• The Netzwerk Neue Medien and creative commons propose to resort to "gema" style compensation for infrmation distributed online.

• At Privatekopie.de people fight to keep the right of private copies. I'm pretty sure that this is "überpositives Recht" anyway: you keep the information, you once received, this is called "memory" or "conscience" - an antropological constant not subject to negotiation. -- And that's probably the reason, why people are that hot about it and outright disregard some of the current legal campains.

  There's more concern: we can't avoid to keep private copies (memories) anyway -- so how much of it might be denied? Going to far would impede the right to gather evidence - how would you proof having received bad quality if you are raided for the private copy before?! The worst fact anyway: the argument that Digital Restriction Management would work is simply not true, it's faced with a fundamentally impossible cryprographic task: deny the receiver of the message access to the message.

• The german ministry of justice asks at Kopien brauchen Originale for a fair regulation. That's the point, where the basic idea behind Askemos (which is actually the well known, old meaning of information) that the information is the actual or original idea while all physical copies are just that: copies. For the computer scientist the borderline is right between the denotation of an algorithmus (inalienable right to reuse by everyone) and binding of free variables to concrete values.

  A real world example: the logarithm was a discovery, which anybody might use, for the sliding rule - it's application - there shoud be patent protection.

  Why? Because algorithm are natural law, which can't be replaced, no matter how smart you are. Invention at the other hand can be done again. A fair chance is left for the future. So there's a balance between the interest of the individual inventor and the general society (the inventor included).

the pitty legal situation

It's a pity since the 22.6.2001 we have the EU-Richtlinie 2001/29/EG, which rules the imoral legal: it's not allowed anymore to apply basic engineering and math knowledge if the thing it is applied to might later be claimed to have been done with a certain intention, the intention to protect against copying. Now we can't help you to gain to your moral rights anymore. But there are four catches (brain twists): a) it's neither ethical nor practical to forbid thinking b) there is absolutely no official need for computer security anymore, because nobody is allowed to circumvent even useless "protection"; therefore useless protection will become the rule, not the exception c) everybody will just go for it, devalueing the laws alltogether and make the world even less secure. d) there are plenty of ideas to abuse this law; nothing to be said about it here, but we'll have fun. German article (Spiegel) explains the situation from the customer point of view: http://www.spiegel.de/netzwelt/politik/0,1518,215555,00.html

Read more more the risks of such neo-dictatorial legislation.

12th April 2003: The story continues http://www.spiegel.de/netzwelt/politik/0,1518,244723,00.html Good bye.

22nd Oct 2003: Did I say (b) "no need for actually working security" and (c) "everybody will just go for it"? Here we go. Even just the plain windows operating system is now a forbidden tool: http://www.spiegel.de/netzwelt/politik/0,1518,270719,00.html (I've always thought of ROT13 as one of the abuse ideas I mentioned as (d) above.)

The IPac groups seeks a sensible regulation for "intellectual property" (see newsforge).

18th Dec 2004: Groklaw has a nice essay on the legal situation regarding computer fraud.

consumer dialog

Related Topics

http://www.ipmall.fplc.edu/hosted_resources/jepson/unit1/aneconom.htm german: http://www.sffo.de/machlup1.htm

Patents http://www.worldforge.org/website/about/patents/

There must be something useful at European Union site.

Free exchange of information is also believed to improove biology http://www.washingtonmonthly.com/features/2001/0207.thompson.html . The question remains: how to compensate the producer?

AHistoryOfFreeAndOpenSource

HomesteadingInTheNoosphere / http://www.tuxedo.org/~esr/writings/homesteading/homesteading/x317.html

A few comments regarding property and scarity as the basis of free markets.

Slasdot comments on a R. M. Stallmann speech about free software.

Giving birth to a (new) thought is either luck or hard work (learn the context/background etc.) hence it calls for compensation *if it's not kept as a secret* (traded).

The hard part comes in, when it comes to bargin. The customer needs to judge whether the value of the product (thought) is worth the compensation - to the consumer (prize is the value of a product as accepted by the society) while the vendor has to decide whether he can make a living from that and maybe whether the customer might want to rip him.

This is not easy with material goods, but even harder with ideas because you can own an idea, but you can't sell it (all you can is share your secret, which is to give away a copy).

A simple point we made for many years is now backed up with at least one court ruling in the united states. Programm code is an expression for human and machine consumtion. As such it's protected as free speech: http://www.eff.org/IP/Video/DVDCCA_case/20011101_eff_fap_bunner_pr.html

One can imagine funny sketches, if exchanging intelletual property was understood as the exchange of data: http://www.pigdogs.org/art/adobe.html But simply understanding the joke doesn't save the world. Using DigitalRightsManagement the wrong way puts high risk at the values you just wanted to protect. beeing largely missunderstood or missused (depending on your point of view) puts chains on the rights what to do with your own information. At least the western countries (at the time of writing the only whose need to be concerned about the topic) used to deem this unconstitutional.

See also spain going harder after copyright infringement and proposing fees on media. Fees on (storage) media are strange: artist and authors are expected to pay anonymous royalities. Next those, who store data for their clients pay. Both are essential roles to support (create and host) information, supporters now pay while they should actually receive. (Consumers pay too, but that's considered ok here.)

The missconception is rooted in a wrong focus: Legally the focus should consider the works of authors and actors as abstract information and their interests as rights to harvest from their creation (license to play/view/execute).

Fees ougth to be left to the freedom of contract between producers and consumers. This freedom is impeded by flat fees on the media, especially since many producers don't participate on the fee.

Even worse: fees on media impedes freedom of since and expression (art).

Fees on media might be an intermediate escape from the conflict between the legal system's requirements to set up enforceable rules and procedures and the lack of quality, uniform and standard meta data support on digital media.

Such support would allow to leave contract negotiation with the respective parties and free the underlying media from an unjust cost.

Usually it's claimed that p2p software would impact the income of artists. Seems untrue: http://firstmonday.org/issues/issue10_4/geist/

Still thinking... http://www.thestandard.com/article/display/0,1151,16071,00.html

http://slashdot.org/article.pl?sid=00/06/22/1242217=nested

Let's see if this will work.

IntrusionResistant

A system is called "intrusion resistant", if it, as a whole, continues to adhere to it's predifined rules even in case of a part of the system components violate these rules (accidentally or by malicious intent).

The aim of intrusion resistance is to counter-ballance for the consequences of continued operation of an embraced device under violation of normaly system-guaranted assumtions (e.g., forged data, access rights).

Known ways to achieve that goal are tamper proofed hardware and systems based on ByzantineAgreement.

Remark: Eventually there is no such thing like tamper proofed hardware, just more complication to do so.

ISBN

some text about isbn - in some WikiWiki implementations one could just add the isbn number and a link would be created to amazon,
which would be easy to to but not too good, because it's not a general solution and instead features a single company.

ISO

International Standard Organisation

"ISO is a non-governmental organization: its members are not, as is the case in the United Nations system, delegations of national governments. Nevertheless, ISO occupies a special position between the public and private sectors. This is because, on the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations."

"No matter what the size or strength of that economy, each participating member in ISO has one vote."

"A member body of ISO is the national body "most representative of standardization in its country". Only one such body for each country is accepted for membership of ISO. Member bodies are entitled to participate and exercise full voting rights on any technical committee and policy committee of ISO."

List of members:

http://www.iso.org/iso/en/aboutiso/isomembers/MemberCountryList.MemberCountryList

JDBC

Java Data Base Connectivity

http://www.javasoft.com/products/jdk/1.2/docs/api/java/sql/package-summary.html

Folien http://java.rrzn.uni-hannover.de/jdbc/folien/

JerrysDreamAbstract

This section was one o the first pages in this wiki. I haven't modified it since early 2000 or so.

Now I do, because a) I noticed that the owner of the page got lost and I don't want more spam and b) I stumbled over a reference to Henry G. Baker Critique of DIN Kernel Lisp definition version 1.2, which I have not (yet) read, but which argues in favor of a lot of features we included into BALL over those years.

So, here this pages content from 2000-2008:

- Root less object network model.
- Persistent data.
- Not data specific, XML optimized.
- Flexible name space management.
- Object autonomy.
- ACID transactions.
- Simple messaging concept.
- Any extension language feasible.
- Lightweight threads at my fingertip.
- The sheer concept of a dead lock is a bug altogether.
- Many network protocols supported.
- API for backing store adaptors supporting freenet, gnutella etc.
- Distributed Virtual Machine (DVM).
- A frame work for object to sustain at least 15 years.
- Something for document management as Perl is for tasks like system
  administration.  Would have to be sort of an application server,
  but none could deliver the needed features.
- Few dependencies, small footprint.

JFWVirtualMachines

A loose collection of different concepts of virtual machines.

Every ProgrammingLanguageScheme has one, somehow.

Idel is a virtual machine to run and restrict code in a sadbox similar to Java, just better.

http://nekovm.org/ Neko has a compiler and virtual machine. The Virtual Machine is both very lightweight and extremely well optimised so that it can run very quickly. The VM can be easily embedded into any application and your libraries are directly accessable using the C foreign function interface.

The llvm is a Low Level Virtual Machine forth

http://www.parrotcode.org/parrot is a continuation (rather than stack) based virtual machine, originally intented for perl6, which comes with a variety of language implementations

plex86.org

ivm.

java: minimal port probably simple because of kawa. I need details about persistancy. kissme : GPL java vm.

TODO look at artyomr.narod.ru, LGPL persistense layer for java

msil microsofts answer to java. The more I read about C# (which is rarly rocket since but just different) the more I'm skeptic on the actual advantages.

Anyway it backs up the choice of (R)Scheme (which already compiles into bytecode and C). Adding another byte code back end won't be a seroius problem.

TODO:there should be a .net strategy paper laying out the facts.

JKomG

JKomG

früher www.bundesgerichtshof.de/gesetzesmaterialien/Justizkommunikation/Jkomg-index.htm

Justizkommunikationsgesetz -JKomG (Auszug)

BGBl?. 2005 Teil 1 Nr. 18 S.837, ausgegeben zu Bonn am 29. März 2005

Gesetz über die Verwendung elektronischer Kommunikationsformen in der Justiz
(Justizkommunikationsgesetz -JKomG)

Vorn 22. März 2005

Der Bundestag hat das folgende Gesetz beschlossen:

Artikel 1
Änderung der Zivilprozessordnung

Die Zivilprozessordnung in der im Bundesgesetzblatt Teil III?, Gliederungsnummer 310-4, veröffentlichten bereinigten Fassung, zuletzt geändert durch Artikel 5 Abs. 21 des Gesetzes vom 15. Dezember 2004 (BGBI?. 1 S. 3396), wird wie folgt geändert:

...

Artikel 5
Änderung des Arbeitsgerichtsgesetzes

Das Arbeitsgerichtsgesetz in der Fassung der Bekanntmachung vom 2. Juli 1979 (BGBI?. 1 S. 853, 1036), zuletzt geändert durch Artikel 6 des Gesetzes vom 22. Dezember 2004 (BGBI?. 1 S. 3675), wird wie folgt geändert:

1. In § 11a Abs. 4 und § 46a Abs. 8 Satz 1 und 2 wird das Wort „Vordrucke" jeweils durch das Wort „Formulare" ersetzt.

2. Dem § 46b Abs. 1 wird folgender Satz angefügt:
„Ist ein übermitteltes elektronisches Dokument für das Gericht zur Bearbeitung nicht geeignet, ist dies dem Absender unter Angabe der geltenden technischen Rahmenbedingungen unverzüglich mitzuteilen."

3. Nach § 46b werden folgende §§ 46c und 46d eingefügt:

"

4. In § 50 Abs. 1 Satz 1 wird das Wort „Übergabe" durch das Wort „Übermittlung" ersetzt.

5. In § 60 Abs. 4 Satz 3 und 4 wird das Wort „übergeben" jeweils durch das Wort „übermitteln" ersetzt.

6. § 63 wird wie folgt geändert:
a) In der Überschrift wird das Wort „Übersendung" durch das Wort „Übermittlung" ersetzt.
b) In Satz 1 werden nach dem Wort „übersenden" die Wörter „oder elektronisch zu übermitteln" eingefügt.
c) In Satz 2 werden nach dem Wort „Urteilsabschriften" die Wörter „oder das Urteil in elektronischer Form" eingefügt und das Wort„übersenden" durch das Wort „übermitteln" ersetzt.

Artikel 6
Änderung der Strafprozessordnung

Die Strafprozessordnung in der Fassung der Bekanntmachung vom 7. April 1987 (BGBI?. 1 S. 1074, 1319), zuletzt geändert durch Artikel 2 des Gesetzes vom 11. Februar 2005 (BGBI?. 1 S. 239), wird wie folgt geändert:

...

Artikel 7
Änderung des Gesetzes über Ordnungswidrigkeiten

Das Gesetz über Ordnungswidrigkeiten in der Fassung der Bekanntmachung vom 19. Februar 1987 (BGBI?. 1 S. 602), zuletzt geändert durch Artikel 18 des Gesetzes vom 9. Dezember 2004 (BGBI?. 1 S. 3220), wird wie folgt geändert:

1. In der Inhaltsübersicht werden nach der Angabe „Elfter Abschnitt. Entschädigung für Strafverfolgungsmaßnahmen" folgende Angaben eingefügt:
„Zwölfter Abschnitt
Elektronische Dokumente
und elektronische Aktenführung
§ 110a Erstellung und Einreichung formgebundener und anderer elektronischer Dokumente bei Behörden und Gerichten
§110b Elektronische Aktenführung
§ 110c Erstellung und Zustellung elektronischer Dokumente durch Behörden und Gerichte
§ 110d Aktenausdruck, Akteneinsicht und Aktenübersendung
§ 110e Durchführung der Beweisaufnahme".

2. § 49b wird wie folgt geändert
a) In Nummer 3 wird das Wort „und" durch ein Komma ersetzt.
b) In Nummer 4 wird nach dem Wort „tritt" der Punkt durch das Wort „und" ersetzt.
c) Folgende Nummer 5 wird angefügt:
„5. § 478 Abs. 3 Satz 1 der Strafprozessordnung mit der Maßgabe anzuwenden ist, dass für die Übermittlung durch Verwaltungsbehörden über den Antrag auf gerichtliche Entscheidung das in § 68 bezeichnete Gericht im Verfahren nach § 62 Abs. 1 Satz 1, Abs. 2 entscheidet."

3. In § 49d Satz 1 Halbsatz 1 werden die Wörter„der Verwaltungsbehörde" gestrichen und nach dem Wort „Wiedergabe" die Wörter „inhaltlich und bildlich" eingefügt.

4. § 51 Abs. 5 Satz 3 wird wie folgt gefasst:
„Für die Heilung von Zustellungsmängeln gilt § 9 des Verwaltungszustellungsgesetzes."

5. Dem § 107 Abs. 5 wird folgender Satz angefügt:
„Wird die Akte elektronisch geführt und erfolgt ihre Übermittlung elektronisch, beträgt die Pauschale 5 Euro."

6. Nach § 110 wird folgender Zwölfter Abschnitt eingefügt:

"

Artikel 8
Änderung des Beurkundungsgesetzes

Das Beurkundungsgesetz vom 28. August 1969 (BGBI?. 1 S. 1513), zuletzt geändert durch Artikel 5 Abs. 20 des Gesetzes vom 15. Dezember 2004 (BGBl?. 1 S. 3396), wird wie folgt geändert:

...

Artikel 9
Änderung der Insolvenzordnung

Die Insolvenzordnung vom 5. Oktober 1994 (BGBI?. 1 S. 2866), zuletzt geändert durch Artikel 5 Abs. 22 des Gesetzes vom 15. Dezember 2004 (BGBI?. 1 S. 3396), wird wie folgt geändert:

...

Artikel 15d
Änderung des Gesetzes über das gerichtliche Verfahren in Landwirtschaftssachen

§ 48 Abs. 2 Satz 1 des Gesetzes über das gerichtliche Verfahren in Landwirtschaftssachen in der im Bundesgesetzblatt Teil III?, Gliederungsnummer 317-1, veröffentlichten bereinigten Fassung, das zuletzt durch Artikel 5 des Gesetzes vom 21. Dezember 2004 (BGBI?. 1 S. 3599) geändert worden ist, wird wie folgt gefasst:
„§ 19 dieses Gesetzes ist entsprechend anzuwenden." 

Artikel 15e
Änderung des Gesetzes betreffend die Einführung der Zivilprozessordnung

Nach § 29 des Gesetzes betreffend die Einführung der Zivilprozessordnung in der im Bundesgesetzblatt Teil III?, Gliederungsnummer 310-2, veröffentlichten bereinigten Fassung, das zuletzt durch Artikel 2 des Gesetzes vom 24. August 2004 (BGBI?. 1 S. 2198) geändert worden ist, wird folgender § 30 angefügt:
㤠30

Für Artikel 1 Nr. 2a und 3a des Justizkommunikationsgesetzes vom 22. März 2005 (BGBI?. 1 S. 837) gilt folgende Übergangsvorschrift:
Ist einer Partei vor dem Inkrafttreten dieses Gesetzes für einen Rechtszug Prozesskostenhilfe bewilligt worden, so ist für diesen Rechtszug insoweit das bisherige Recht anzuwenden. Maßgebend ist das Datum des Bewilligungsbeschlusses. Eine Maßnahme der Zwangsvollstreckung gilt als besonderer Rechtszug."

Artikel 16 
Inkrafttreten

(1) Dieses Gesetz tritt am ersten Tag des auf die Verkündung folgenden Kalendermonats in Kraft.

(2) Artikel 11 tritt am ersten Tag des 13. auf die Verkündung folgenden Kalendermonats in Kraft.

Die verfassungsmäßigen Rechte des Bundesrates sind gewahrt.
Das vorstehende Gesetz wird hiermit ausgefertigt. Es ist im Bundesgesetzblatt zu verkünden.

Berlin, den 22. März 2005

Der Bundespräsident
Horst Köhler

Der Bundeskanzler
 Gerhard Schröder

Die Bundesministerin der Justiz
Brigitte Zypries

KLUDGE

KommunikationsInfrastruktur

Please don't care about this page!

It was used to collect some notes and remarks.

Somehow some spammer likes to use the comment feature to push it up in the rss feed.

Aufgabe

"Das Tool für den KnowledgeWorker". Muß seine Techniken und Werte des KnowledgeManagement stützen.

Was ist ein Application Server: http://dataquest.ciol.com/content/enterprise/datatech/100051502.asp

Messaging System

The messaging system is based on evolutionary strong mechanism for exchanging messages. The fact of beeing evolutionary strong is to weight out technical perfection.

See byzantine agreement for deployed messaging environments. Furthermore we found SMTP, NNTP and HTTP strong. SOAP and XMLRPC are other candidates.

Messaging environments more research http://www.cs.colorado.edu/~mishras/research/ especially Da|Agents and member ship protocols.

The Jabber http://www.jabber.org what's that? and Gale http://gale.org/ messaging systems are somewhat interesting.

Another option could be SILC, http://silcnet.org/, which is a "secure irc".

http://www.dp2.org/ : The Dropped Pomegranate Project (`dp2') is working on event-based programming systems and a distributed message passing interface. "We feel that software should be transparantly distributable, reusable, and heavily intertwingled." As such it seems a perfect fit, but evolutionary strong?

Some articles claim that spectrum capacity increases in distributed multi user environments. http://slashdot.org/article.pl?sid=02/06/02/1251233 Good news for distributed systems? At least facts to remember!

The oxygen project http://www.oxygen.lcs.mit.edu/ of MIT has some visions.

 Verteilt.  Jede Nachricht muß (für gewisse Zeit) an beiden Enden einer
 Verbindung /wiederherstellbar/ sein.

 Unidirectional, asynchronous messages RPCisBrokenByDesign,
 FanOut:1000-10000

 Related Work: WrapBit nochmal: http://aachen.amergin.org/
               20000315: Habe heute von Xanadu gehört!

 http://www.infowin.org/ACTS/ANALYSYS/PRODUCTS/THEMATIC/BROKERAGE/semper.html

 Address-Event Protocol neral modeled analog VLSI chip interconnections
   http://www.ini.unizh.ch:80/%7Eamw/scx/aeprotocol.html

High Level Design

The structure shall be simillar the RelatedProjects. It's detailed in OverviewAbstract.

größtenteils serverseitig, prefered ->BSD (GNU / Linux ist eher Desktop) (really?)

 Datenmodellierung Anforderungen vgl. DokumentArchive

 Als Proxy
    Konsumentenbindung
    transparent
    stärker benutzt

  * Effiziente Implementation Squid&*BSD, http://slashdot.org/article.pl?sid=00/02/29/2138248
  * Large scale caching and fine grained sharing
    about network storage systems
    http://www.pmg.lcs.mit.edu/areas/caching.html

 weiche Replikation (kann getrennt werden)
    kaskadierbar
    RPC (CORBA-interface? via orbit/gnome) Vorsicht: RPCisBrokenByDesign,
    R5RS,  C ggf. DSSSL / XSL-Tranfomationen (in ApacheCocoon?)
    Datenkonvertierungsschritt sehr ähnlich
    http://www.gingerall.com/charlie-bin/get/webGA/act/charlie.act ,
    http://him.newmail.ru/ - Hirarchical Marshalling Library
   attempt to build tree data structures in memory and dump into binary
   files.  Other alternatives: RScheme's pstore,
   FramerD storage system (which wasreplaced by pstore),
   libxmldb.

 SOAP became the winner in askemos , http://www.technocrat.net/964783607/index_html
  auch in SCWM
  vgl: http://www.cs.sunysb.edu/~maxim/OpenGRiD/ ,

CORBA:TAO / ACE v. Woshicton University

Transportprotokoll/virtuelles Speichermedium
  FreeNet, entropy http://entropy.stop1984.com/
   ( http://f27.parsimony.net/forum66166/messages/6150.htm ) ,
  gnunet http://www.ovmj.org/GNUnet/ ,
  (more http://www.mail-archive.com/devl@freenetproject.org/msg10651.html )
  Publius http://cs1.cs.nyu.edu/waldman/publius/ ,
  about the storage capacity of network protocols:
    http://isec.pl/papers/juggling_with_packets.txt
  OceanStore:http://oceanstore.cs.berkeley.edu/publications/
    concernd with data storage; first read shows that it's based on the same assumtions
    no missonceptions about data protection and trustworhty of infrastructure
  XMLStore (simillar implementation)
  Netmess http://netmess.multimania.com/
  Gnutella http://www.gnutelliums.com/ ,
  http://gnutella.wego.com/go/wego.pages.page?groupId=116705=page=119598=116767=-1=view  ,
  http://www.umr.edu/~jjp/
    gPulp  http://www.gpulp.tvhttp://www.gpulp.com/  Gnutella protocoll next generation
    finally J. Ritter took his time to analyse it:
      http://www.monkey.org/~dugsong/mirror/gnutella.html
  Gnutella2 addresses issues http://www.gnutella2.com/
  rfc2338 (vrrpv2 take over protocol) http://freshmeat.net/projects/vrrpd/homepage/
  napry Napster/irc proxy http://melkor.dnp.fmph.uniba.sk/~garabik/napyrc.html ,
  http://cubicmetercrystal.com/alpine/ - ressource discovery and location
  http://www.filerogue.com , http://www.junglemonkey.net ,
  http://konspire.sourceforge.net/ and a rant http://www.shmoo.com/story/20000717-dist-client.shtml
  How about a protocol based on BXXP?
  Have an eye at http://bitconjurer.org/BitTorrent/index.html , which
  spreads download over other clients.

Kommunikationskanal "Pagefault"
  http://www.staff.city.ac.uk/~sh392/multics/timing-chn.html

Related Tools

http://www.mediate.se/index.xim?part=inline=noveltyserver=Specifications
Browser mozilla und http://galeon.sourceforge.net/ , http://developer.mediate.se/
Nachteil: imperative programmierung ist fehleranfällig
(locking an Nonegeeks schwer vermittelbar)

KondratieffWerk

He has forseen something.

LGPL

LISP

LISP is an old, powerful programming language, which developed a lot of dialiects like ProgrammingLanguageScheme and DSSSL.

LLD

Low Level Design - Implementation Decisions

Architecture

Details

1. http://www.openspice.org/ seems interesting; came quite late, I'll see once I've got some free time again

2. The Askemos server is similar in structure to the "proposed" xml management system here (german) and transmorpher: http://transmorpher.inrialpes.fr/ .

3. The TUNES [[http://tunes.org/new/HLL/architecture.html|architecture]] provides further information of the internal structure.
4. CodingStyle How to make sure that it will not stink http://www.chc-3.com/pub/beautifulsoftware.htm

5. Why Scheme instead of Java, C, C++, Perl, Python...?

   Scheme pretty good as an abstract virtual machine (as opposed to a concrete and never will be ideal vm). It has been found feasible to implement a distributed virtual machine using a pure functional subset of Scheme for restartable calculations and synchronise assignement.

   Thanks to Richard Fateman for this article don't miss the LtU-article, where I found it. TODO remove the rubbish talk here instead of a consise sentense pointing to http://scala.epfl.ch/docu/rationale.html , http://www.rescomp.berkeley.edu/~hossman/cs263/paper.html (for the desires and downsides) http://www.italianacademy.columbia.edu/pdfs/lectures/eco_dream.pdf (for the background, why there are so many useless language wars) http://cm.bell-labs.com/cm/cs/who/wadler/steele-oopsla98.pdf (for introduction of the way to avoid the lock in) and LtU for all the know how.

6. XML modelling We are still looking for a XML parser and XSLT implementation, which could be easier reused or translated than rolling our own (from 1998) any further. Those evaluated implement something like the DOM? (as static data structure), which is the worst idea since adam eat the apple. (TODO evaluate chances to useXerces+Xalan from http://xml.apache.org/ ). Because a DOM? tree can not be created (as a single object) without side effect, the model simply does not meat the quality standards set for Askemos. This is actually a real drawback for DOM? based software. If there is a huge part of the tree, which should be reused in another tree, the whole part must be copied (thereby creating a redundancy and update problem) instead of sharing the structure. There is however hope, because we can provide a "virtual DOM?" consiting of several objects to provide the same information.

   Furthermore we need a language, which lets us manipulate complex data structures and XML directly, both manual and computational. This calls for a mixture of literal XML syntax '''and''' SXML, pattern matcher and functional transformers. (See also Gregory V. Wilson on the topic.) SQL is nice to have (though read operations must be restricted to side effect free subset of SQL; basically just SELECT? statements).

7. ByzantineAgreement (KommunikationsInfrastruktur, RPCisBrokenByDesign)
8. StorageAdaptor (the hierarchical ordering above protocol is accidental: storage can be at remote locations, in which case notations and protocols are required to convey the data)

9. Memory Access control happens on the language level. Richts management happens at the information level, - not at the data level. But anyway, Askemos might me prior art for upcoming things under DigitalRightsManagement

Note: Microsoft copies many of our ideas with singularity.

LtU

mind:output

mind:send

MAY

A "grepable" text marker used as in RFC's.

MD5

"Message Digest 5" is an often used cryptographic check sum.

I has been found vulnerable: http://developers.slashdot.org/article.pl?sid=04/12/07/2019244 and is effectively dead since it has been possible to create two meaningful documents of entirely different content, which produce an identical md5 has value.

It's possible to actually exploit (german) that vulnerability:

http://www.win.tue.nl/~bdeweger/CollidingCertificates/

http://it.slashdot.org/article.pl?sid=05/11/15/2037232

collision soure code http://www.stachliu.com.nyud.net:8090/collisions.html made it possible to create arbitrary X.509 (SSL) certificates see Heise (german).

Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5 'For abusing a chosen-prefix collision on a software integrity protection or a code signing scheme, the attacker should be able to manipulate the files before they are being hashed and/or signed. This may mean that the attacker needs insider access to the party operating the trusted software integrity protection or code signing process.' - Which is clearly not the case in Askemos implementations.

MIME

MIMEConverter

Converting MIME types

(mime-cast to-type'from-type) =>converter

to-type

String; MIME type returned from converter

converter

String; MIME type of converter input

converter

function to convert from from-type to to-type The converter function should check whether the input is given as XML structure or plain string / bytevector data. The latter shall be treated as serialised form (as read from files).

Registering [[MIME]] converters

New MIME converters need to be registered with the converter selection system.

(register-mime-converter! to-type'from-type'converter)

Examples

implementation howto (german DTAUS)

The Converter Table

MindMap

KognitiveTechniken
Graph of ideas, just draw a graph with the nodes here connected
by arcs which are labled by the mixed case words.
Maybe add a few pictures for the main ideas and you're done.
for computer representation see TopicMap
ISBN 3-442-10926-4
Tony Buzan; Kopftraining

http://freemind.sourceforge.net/
http://lambda-the-ultimate.org/node/view/1202
http://www.linux.com/feature/118336

Protégé-2000 is an integrated software tool used by system developers and domain experts to develop knowledge-based systems.

Open Knowledge Base Connectivity is an application programming interface for accessing knowledge bases stored in knowledge representation systems (KRSs).

ModuleStructure05

app - user applications to test, teach and explore features; all
   taste no principles
     + xslt-latch     - keeps the data of last write message
     + xslt-user      - entry point, sees some http
     + xslt-addrdb[2] - simple address data base demo
     + xslt-edit[2]   - Web-Editor
     + stylelib       - Wiki content with code samples

 policy - "common code"; code of stuff users usually agree upon because
   "it's normal"; social mechanism for communication; that's what's
   all about; Yang; still looking for better description;
     + nu                 - text, draft and name space handling, a
                            cross between wikiweb and wrapbit.
                            Parts: nu.*, NuNu*and nunu-edit.scm
     + bopcntrl           - ball operation control (web) interface
     + trstctrl           - X509 certificate management
     + metaview/metactrl  - "standard debug support"
     + jerry-notes        - askemos.org wiki content
     + create-entry       - create new local user entry point

 mechanism - "low level" source code; not "point of view" specific; no
   social, philosophical ideas here; Yin.
     + util (stuff, which did not fit elsewhere)
     + timeout (application level restrictions)
     + srfi (srfi implementations if not provided by uderlying scheme)
     + notation - parsers and formatters
                + lalr parser generator
                + xml -
                      + render
                      + parse (fast, sloppy, non-validating, html)
                + htmlprag http://www.neilvandyke.org/htmlprag/ .
                + sgml (using nsgmls)
                + lout (TextFormattingSystem)
                + mime (including htmldoc support)
                + xpath
                + rfc822
     + function - interpreters/ transformers, functions
                + scheme  - quasi-DSSSL environment
                + interp  - general, language independant intepreter core
                + xslt    - XSLT and quasi-DSSSL implementation
                + xsql
                + memoize - caching of computations
     + protocol - network etc. protocols
                + http + webdav
                + smtp
     + storage - data storage adaptors
               + pstore   - rschemes persistent store
               + fsm      - FileSystemMirror
               + freenet  - FreeNet FCP adaptor (comming)
     + tree               - build and walk tree data DSSSL alike, SXPath
     + place              - The place abstraction, messaging and transactions
     + nunu               - meta data at work most of the CoreAPI
     + methods            - find actions action.dtd conform documents
     + step               - voted computation ByzantineAgreement
     + main.scm           - high level utilities,
                            operation control thread,
                            debug access (evaluate expressions
                            inside the running program)

 rscheme - rscheme specific code
     + askemos-boot - rscheme system image source
     + heartbeat.c  - driver wraper and watchdog
     + dns          - asynchronous dns resolution
     + match-*      - rscheme port of A. Wrights match syntactic extension
     + lalr*        - parser generator (bison port)
     + library      - required parts from the rscheme/library source

 chicken - chicken specific code (separate distribution)
     + extend       - macros to be loaded via "-extend extend.scm"
     + srfi-34.scm  - SRFI34
     + srfi-35.scm  - SRFI35
     + environments - envt's for evalutors
     + sslsocket    - ssl client/server via separate sslmgr binary
     + timeout      - time restricted execution

MUST

A "grepable" text marker used as in RFC's.

MVC

NameSpaceDSSSL

The DSSSL Name Space

URIhttp://www.askemos.org/2000/NameSpaceDSSSL

The DSSSL name space is available in XSLT stylesheets. It has a long way to go to become fully DSSSL compliant and probably never will. (I see assumtions in the DSSSL standard, which I, personally, regard questionable.)

The reason for it's existence are a) that the XSLT transformation is not yet completed and b) many features are simply practical.

This vague definition makes it:

1. volatile, unusable for long living objects
2. the base for prototyping and temporary fetures

Elements

XSLT Counterparts

Element names which also exist in the XSLT namespace behave at least basically as the XSLT counterpart would do. They can be mixed with XSLT elements.

copy-of

The select attribute copy-of element can either contain a DSSSL style sheet, an Scheme/DSSSL expression oder the literal value #CONTENT. The latter means that the content of the element will be used instead of the select attribute.

form

Other Elements

All elements not described so far are short hands for the often repeated sequence element, xsl:attribute, dsssl:copy-of.

This short form can specify attributes to elements. All elements from the namespace, which are have no other definition, are inserted literally into the output, except that their attributes from this namespace are created without namespace and their value is computed as an expression of the atttribute value.

Expression Language

All expressions support:

• Scheme
• a subset of dsssl
• several srfi
• additionall library stuff

NameSpaceDSSSLindex

Askemos functions

• entry-name
• fetch
• find
• read-locator, write-locator
• public-context
• service-level

General

(levenshtein-distance s1 s2) => number

(levenshtein< s1 s2 number) => boolean

[The "edit distance", or "close string compare", see http://www.merriampark.com/ld.htm ]

Since the levenshtein algorithm is quadratic, computing big distances is a sure way to exceed any time limit. It's often possible to avoid an exact calculation of the difference, if it's only interesting, whether that difference is below limit. levenshtein< does just that.

(md5-digest s), (sha256-digest s), ...

NEWS

News

19-09-2003

12-08-2003 fixed fatal typo in Makefile. The tarball distributed so far was broken. Sorry.

30-07-2003 Version 0.7.1 beta 5: bug fixes and new features in rscheme, more precise byzantine aggreement, improved replication. A forum is coming (thanks to Christoph).

04-06-2003 Aproaching new version utilizing rscheme's pstoregc, which is a bit buggy at the moment. Nevertheless the current snapshot uses it. If you want to try the Askemos-server for the first time, do yourself a favor and give us another week or two until the source is stable.

29-05-2003 Version 0.7.1 adds asynchronous dns lookups, supressing some unfortune delays.

27-05-2003 A nasty bug anywhere in rscheme lets us introduce a more elaborate heartbeat mechanism. 0.7.0 should not be released at all, we'll have a better version these days. Updates to the patent page (german version) referencing interesting economical studies and the manuscript of the talk "patents agains democracy" of Jörg F. Wittenberger.

16-05-2003 Fixed several bugs. Forget any source older that from today.

09-04-2003 Another 9 lines of code and byzantine agreement now also for the Wiki (this website).

01-04-2003 Added some support for persistent connections and SSL client.

17-03-2003 Build process changed because of BSD problems with use of mmap(2) MAP_FIXED in rscheme/fshell.

08-03-2003 Added support for SRFI34.

24-02-2003 Builds with rscheme build 0.7.3.2-b22.

22-02-2003 Moved some rscheme specific code to the rscheme repository. You might experience build problems.

03-02-2004 Added and-let* (SRFI-2) support.

27-01-2003 Some optimization made the chicken version mostly comparable to the rscheme version. There are still some issues left. See PerformanceConsiderations.

16-01-2003 The chicken port is completed. For yet unknown it's horribly slow, not ready to be released.

03-12-2002 ByzantineAgreement up and running for the xslt-method.

20-11-2002 Chicken port got stuck: the chicken compiler needs a fix.

18-10-2002 News reported lag behind reality. Askemos was sucessfuly presented at the ssgrr 2002s and node 2002 conferences and a few universities. The Askemos paper is now also available in German. A port of the Askemos-Server onto the chicken Scheme compiler is in the works. Several cooperations to advance the Askemos have been started.

25-05-2002 Several changes for xslt modes and parameters.

29-04-2002 Several small bug fixes, which prevented old distro to work at all. Big sorry folks. Finished paper draft

18-04-2002 A bug fix in the xslt implementation and some additions to the xpath code. Otherwise a paper is forthcoming.

06-04-2002 Several changes while activating actual xpath parser. Still only a small subset of the expressions is supported: node tests and predicates with attribute matches (even those only if the attribute is named lefthand and the value at the righthand side).

25-03-2002 Minor bug fixes. Sxpath fixes.

10-03-2002 No modifications, but more RSchemePatches, new binaries.

08-03-2002 Added modified SRFI-19 support. Bugfix in fsm. Freshmeat is out of sync - made release 0.6.13

07-03-2002 Completed the binary distro and new readme. Release verion 0.6.12

24-02-2002 Made sxpath work and added garbage collection to the fsm module. Askemos has now replaced apache behind port 80. Mailing list opened.

20-02-2002 Several news did not make it into the changelog. There is support for SXPath (incomplete) now and some xpath parser. several templates fixed due to data model changes and fsm support. A new slot potentialities was introduced for "saved capabilities", which the user does have, but does not want to use at the moment. Bug fix in adopt:; places created with lesser capabilities could before adopt with all the active capabilities of the server, which was too much. Added support for virtual hosts. (Too long change log entries call for bug track systems. ;-)

01-02-2002 After a major fight, we changed the data model to ease the resuse of the sxpath code. Than we moved the persistant repository including the running applications. Several fixes to caching code fsm etc.

14-01-2002 The fsm StorageAdaptor works now also as primary storage adaptor. See StorageAdaptor for a comparison with pstore! The nunu has a new command: release-all.

10-01-2002 xslt fix (added xslt:comment) and bugfix release 0.6.12

29-12-1001 added pcre support and call-with-values

27-12-1001 bug fix in nu.scm and performance optimizations in xml rendering (giving 40% in real world example).

18-12-2001 released 0.6.11 several bug fixes, added examples tour

13-12-2001 connection pooling for xsql. Default user page now created from stylelib.

11-12-2001 several fixes over the past days. Wiki-remote needs work. nsgmls is now optional. A usage example comparing to PHP. New primitives for protection conversion. A simple role management app now (cgia) which shows the SOAP mapping was added to the stylelib.

01-12-2001 added emacs support based on wiki-remote.el

30-11-2001 fixed bug: no granting did work anymore, extended handling for "layered WikiWiki", now experimenting with the design.

26-11-2001 minor fix for none-xml handling, parse/render cache fixes

22-10-2001: release 0.6.9 added XSQL query for mysql.

20-10-2001: Stupid complexity bug fixed, backported into yesterdays release.

19-10-2001: Release bugfix version 0.6.8; Fixed same bug again, version 0.6.7 could still break your repository. mysql support forthcoming.

10-11-2001: Release bugfix version 0.6.7; warning don't use 0.6.6, it can kill your repository.

01-11-2001: MoneyDemo to show an idea of use

29-10-2001: released version 0.6.6; mayor bug fixes and a work around for the long standing bug in the xml store.

21-10-2001: Released version 0.6.5; Added support for htmldoc, added web mail tool, minor bug fixes.

18-09-2001: Relieve: legal thread is over. Released version 0.6.4; Improves mime handling for non-xml.

25-08-2001: legalthreat; there will be no legal problem in the long run. We did nothing wrong. But there could be a temporary ruling. Given the nature of court cases, this can take for ever. Besure - get you copy now. Details: FEAR20010825

10-08-2001: Version 0.6.2 adds distributed operation. Web site totally outdated now. Please come back soon.

30-06-2001: Trusted code interface added.

11-02-2001: Worked around the bug; multithreaded again.

04-02-2001: Rscheme-bug revealed. Now we must miss the multithreading until it's fixed.

06-01-2001: Development of version 0.6.1 started.

04-01-2001: Makex was not available when the demo installation was build...

27-12-2000: Demoinstallation fixed. I had cron start/stop it for logfile rotation once a day. That is, actually just stop it.

State Of Development (2001-08-08)

The current version (0.8.6) of the software is in beta state.

The mechanism is out of prototyping, no basic design changes expected. Currently bussy implementing voted computations.

Some prototypes are in productive applications for various features. And there are features which are not yet integrated and only available from those prototypes (at all levels, especially policy).

Few "nice to have"'s and syntactic sugar, too few interfaces implemented. Many features are only partially implemented and some basic standards are not completely supported. For instance the XSLT is sketchy: it's very unlikely that a complete implementation can introduce significant slow downs or break applications. But the current purpose is merly to demo how to implement yet another extention language, not yet to compete with other implementations.

Applications are demos, not to be used as is, not ready for end users but usable for friendly developers (I couldn't live without).

So to say it's currently more a framework like FramerD which makes it easy to build Zope-alike application environments.

pre version 0.6 news

 - Current extension languages: XSLT (incomplete) and a DSSSL-alike scheme.
 - Rendering to PDF, PostScript and plain text via Lout (2000-10-02)
   (see comments in the Lout template for usage information)
 - HTTP server and client with some TODO,
   SMTP client (error handling needs work).
 - Parsing (especially XPath) needs work.
 - DVM only conceptually distributed.
 - Too few storage adaptors.
 - still buggy
 - lack of high level documentation still questions understanding

NewsAndOlds

The news section has been moved.

HistoryOfAskemos

BUGS

NLayerArchitecture

The Askemos operating system has a multi layer architecture. It consists of a Unix compatible base system to conquer the nodes hard ware and the Askemos server to confederate them in a net.

While the base primarly used as a hardware abstraction layer its services can be acessed from the Askemos layer if they are configured as TrustedCode. For security reasons the base system should be choosen as a secure as possible and configured not to run any services not needed to support the Askemos server.

For all layers there are (at least should be!) alternative implementations, in case a vulnerability is dicovered.

NuNu

About

The software "askemos" is an incorruptible and intrusion resistant agent operating system. It forms the basic infrastructure (TCB) required for the project Askemos. The AskemosDesign defines an autonomous, virtual machine on document level, which works synchronous among distributed, independant components (companies, departments etc.).

NYI

Not Yet Implemented

These concepts are for some reason not yet implemented:

globally uniqueness of OID's

derived from the value of (public-oid) and the local OID as implemented; just do it.

oid2string

ODBC

O Data Base Connectivity http://www.microsoft.com/data/odbc/

http://freshmeat.net/search.php3?link=freshmeat.net=ODBC

see JDBC

http://www.unixodbc.org/

C++ lib to communicate with Oracle http://ocicpplib.sourceforge.net/ worth the hassle of C++ or better unixodbc driver?

http://orcane.net/freeodbc++/http://users.ids.net/~bjepson/FreeODBC/

http://www.easysoft.org/

ODBC Socket Server http://odbc.linuxave.net/ - is an open source database access toolkit that exposes Windows nt ODBC data sources via an XML-based TCP/IP interface. The base distribution includes a 32-bit multi-threaded Windows nt Service and clients written using COM (Windows C ), Perl, php, Python, and C (Linux). All include source code, and everything is very well documented in an easy to read PDF manual.

jfw dazu: "small is beautyful", sauber.

ODF

Open Document Format

ISO IEC 26300 since 2006-05-03 http://www.consortiuminfo.org/standardsblog/article.php?story=20060503080915835

Native data format of OOo.

• [http://www.infoworld.com/article/06/10/03/HNfrenchodf_1.html|French gov't recommends standardizing on ODF]]
• Bruce Schneier: OpenDocument Format and the State of Massachusetts about it's security merits over with M$ XML

• Daniel Geer's warning in Massachusetts assaults monoculture about software monoculture came true http://www.consortiuminfo.org/standardsblog/article.php?story=20060523181724678

• groklaw's Comparision with M$ XML and a dissection of Microsoft's "Patent License" relevant here.
• groklaw on irregularities surrounding the swedish vote on open xml, which was invalidated 3 days later for that reason
• Belgium's Council of Ministers last month approved a proposal that requires federal government departments to use open file formats for exchanging documents. http://trends.newsforge.com/article.pl?sid=06/07/03/1936224
• Texas:stating the goal of requiring Texas State agencies (including the executive branch, the legislature, the courts and the schools) to conduct their work in an open document format

OGSA

Open Grid Service Architecture

A nice introduction to grid computing by Thomas Myer.

OID

Object Identifier.

The describing entity of a place. A universally unique identifier.

This identifier is, in conceptual contrast to names, always choosen automatically. (TODO refer to (german) tax law's archival demands and others)

TODO oid's are "endpoint references" in the sense if web service addressing;

Furthermore OID's are self-certifying identifiers. The OID value allows to verify that the so called deed-slots have never been tampered with.

(define deed-slots
  '(dc-creator       ; creator-OID see Dublin Core
    dc-date          ; creation date
    action-document  ; behavior
    body             ; serialized content
    ))

Rationale behind those deed-slots: creator, date and body are exactly the same as for paper documents. (see also "self archiving") For processes we need to acertain the behaviour in time, the action-document. The equivalent of certificates (as in "paper") is a special case of such a process: the constant process, which raises an exception for any kind of modification attempt. NameSpaceDSSSL there's a function public-place we're using for that purpose.

TODO document link table handling (as attachment and thus handled along with the content.

OO

short for Object Oriented

Friedmann on object systems: http://www.cs.indiana.edu/hyplan/dfried/dfried/ooo2.pdf

OOo

Acronym for OpenOffice.org.

Openoffice is a full featured office applications suit.

The open office file format has been endosed as standard by OASIS called ODF. http://opendocument.xml.org/

Ooo speaks the WebDAV protocol and is therefore predestinated as client application to talk to Askemos agents.

The Wiki-Agent happend to work with OOo. Unfortunately started recent versions of the OOo html editor to destroy the document structure, especially drop id attributes! Your milage may vary. Try to save you changes; if the html is correctly stiped, you version is ok, otherwise check: load a html document with id attributes, modify, save and see if the id attributes are intact. TODO:the server should understand the native OOo data format. (Not a big deal.)

The European Commision considers (german and english news), the OOo file format ODF is an ISO standard.

working with OOo, hacking OOo dictionaries, OOoBasic crash course,2

connecting OOo to databases

To be able to use OpenOffice.org as a conversion engine, you have to start it as a service.

ProOOo Box

german ooo Suchmaschine

odt2txt converts to "markdown"

odtwriter http://www.rexx.com/~dkuhlman/odtwriter.html converts reStructured Text to ODF.

OpenBSD

OpenBSD is a Unix kompatible OperatingSystem, which is focused on reliable security. At this time the system has a record of 4 years without remote exploidable security hole. This is more than any other comparable system can show.

For more Information visit http://www.openbsd.org/

OpenID

Introduction

OpenID is about users proofing to each other, that the individual controls a URL. OpenID does not specify how the users ensure that they control the URL.

In fact most users don't do that at all: The URL is usually hosted at some web server and at least the administrators of that server farm have factually more control of the end users URL than the users themself. Let alone that the administrators often enough don't know how little of their own control is left over, when intruders evaded the servers.

Askemos empowers users factually own and control their URL's in the presence of byzantine failure of their web host providers as long as the majority of servers doesn't fail at once.

Links

http://www.linux.com/article.pl?sid=07/03/07/1910221

https://www.myopenid.com/directory

OperatingSystem

see BetriebsSystem (german)

tech details under Operating System

OperationTips

Access http://localhost:7080/ (or whatever you configured) anonymous or http://localhost:7081/ with user name "gonzo" password "oznog".

• Better keep it on a terminal to watch log output for now.
• Start with understanding the applications in the "app" directory.

• Exploring the system inside (only recommended if you need to debug the server, not your applications - but "sparse" error messages might still force app developers to know how to do it):

  $ telnet <host> 7070
  

  (The number 7070 is the "Control Port" defined in the config file and controlled via the system control panel.)

  See the prompt ";; Nu". Type valid scheme expressions at the next line. Be careful, doing so might corrupt your data base if you accidentally keep references to objects in the data base over garbage collection time in the persistent store. If you don't understand what I'm talking about: just explore it but refrain from modifying the data base and you're safe.

  You M U S T N O T run the debug access at any production system! you definitely don't want to do that, it breaks each and every safety measurement.

• Useful command on the debug console:

  enable-warnings	boolean	log more warnings and include stack trace with exceptions
  $broadcast-debug-proposal	lambda (OID this message result)	traces AskemosDVM step by step through the procedure.

• (X)Emacs uses want to customize wiki-remote (see SystemRequirements) it really eases the edit/test cycle. xemacs+wiki-remote are not SSL aware. As a work around it is recommented to use ssh port forwarding with plain http.

OSI

OverviewAbstract

About

The software "askemos" is an incorruptible and intrusion resistant agent operating system. It forms the basic infrastructure (TCB) required for the project Askemos. The AskemosDesign defines an autonomous, virtual machine on document level, which works synchronous among distributed, independant components (companies, departments etc.).

Data Structure

A set of frames ist persistently stored in a software transactional memory. One slot, the body, contains an arbitrary data unit (there is no exact definition what the units are, but XML document are prefered). The system maintains meta data about the body in the other slots of the frame. We call such an object a place in Askemos.

Autonomy of Places, Presentation and Manipulation

At the places live autonomous objects or agents. One of the meta data slots of a place is a so called action, which is the code executed by the agent. (From a OO point of view, body + bodies'meta + action = object.) This action is (essentially) the only function, which can modify the slots of the place.

The read operation (MVC terminology: View) delivers the data at the place, possibly transformed by a function (side effect free!). A write operation (MVC terminology Controller) changes all data slots at the place in one transaction using the result(s) of another function.

It helps to understand that a place comparable to stream as described in SICP (Abel, Sussmann). The head of the stream compares to the actual state of the agent (the data currently stored in the slots of the place), while a transaction - advancing the agent to it's next state - stores the result of the tail operation at the same place. Instead of the "head" and "tail" operations there are two kind of operations, a read and a write type.

Context and Topology

Each place has a set of mappings from names to OID's (strong links). That way it can keep connections and address those other places symbolically.

An operation can send out messages (partially restricted at types) to all places it can address (absolute or symbolically). Read operations can be performed as calls, that is, the sender can wait (at any time) for the operation to complete and use the result. Write operations are always send out asynchronous (read operations can be as well) at the end of a successful transaction. Besides being a technical requirement, this is an important design decision.

Rights

One dimension, or axis, of information are the rights which are accociated with a place.

The default protection system is a simple access control list. But the mechanism can easily model very complicated cases.

Distribution and Reliability

Operations of the Askemos distributed virtual machine are synchronized using byzantine agreement over the majority of a quorum. Therefore Askemos can cope with malicious components of it's own; it should be pretty hard to stop it working.

There are only a few requirements for the storage system. It's expected, that most distributed file systems and data bases can be utilized.

Sugar and Fashion

One action defines XSLT documents (implemented as server extension). Their program and data are just one style sheet (possibly distributed over multiple places). If a XSLT document wants to change state, it must recreate itself with state elements replaced.

Different data base adaptors have different strength. And distributed object data bases can not beat the performance of specialized relational data bases when searching large relational tables while they are superior at less structured data. Relational data bases are accessed by XSQL.

plain

public-context

QScheme

http://www.sof.ch/dan/qscheme/index-e.html

(Modifie le 23/06/2000 00:19:30)

depends on

• http://www.haible.de/bruno/packages-ffcall.html
• pcre
• gmp

referencelist

service-level

source

support

SAML

See also the case of OpenID in the old application development forum.

SGML

SHA1

SHA1

broken cryptographic hash algorithmus http://www.schneier.com/blog/archives/2006/09/notes_from_the.html

It's even possible to find meaningful messages with identical hash code. http://www.heise-security.co.uk/news/77244

Widely used. Caveats ahead.

You can read "Finding Collisions in the Full SHA-1," by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, here.

see also MD5, SHA256

SHA256

"replacement" for SHA256 see also NameSpaceDSSSLindex

SHOULD

SICP

The MIT Electrical Engineering and Computer Science Series

Harold Abelson and Garald Jay Sussmann with Julie Sussmann,
Structure and Interpretation of Computer Programs, 1985

On Video
http://swiss.csail.mit.edu/classes/6.001/abelson-sussman-lectures/

The MIT Press, 1985
ISBN 0-262-01077-1 (MIT Press)
ISBN 0-07-000-422-6 (Mc Graw-Hill)

SILC

http://silcnet.org/

SIP

- http://en.wikipedia.org/wiki/Session_Initiation_Protocol

- RFC 3261 http://www.ietf.org/rfc/rfc3261.txt?number=3261

- P2P file sharing using sip: http://www.research.earthlink.net/p2p/

SlashdotArticle200003151131229

SMTP

Simple Mail Transfer Protocol

RFC 2821 http://www.stafford.uklinux.net/libesmtp/

Push technology.

There's a simple xml representation, see http://xml.coverpages.org/xmtp.html822/1423 (mime) mail.

something more about Borden's XMTP?:http://www.xml.com/pub/a/98/12/consult98b.html , further details for pgp/mime: http://www.bretschneidernet.de/tips/secmua.html

hato a MTA? in Scheme (chicken)

• AMTP?. http://www.ietf.org/internet-drafts/draft-weinman-amtp-02.txt
• MTP?. http://www.ietf.org/internet-drafts/draft-danisch-email-mtp-00.txt

• S / MIME and PGP? / MIME. http://www.imc.org/smime-pgpmime.html

SOAP

By AskemosDesign communication (between places) in the Askemos is based on unidirectional asynchronous messages. Soap is web based standard for just that, hence message eachange can be conceptually understood as soap ( http://www.w3.org/TR/SOAP/ ) messages. It's said to be conceptually, because several redundant information (envelope and headers) is not actually generated until it's really needed.

SOAP considered canonical (lambda weblog, still need to read it actually)

Bidirectional (request/response) models can be build on unidirectional messages with easy (and this is what's going to happen). There is not standard yet found, but microsoft is pushing for soap-rp: http://msdn.microsoft.com/library/en-us/dnsrvspec/html/ws-routing.asp?frame=true , which will be taken as base model for the time being.

further on soap: SOAP and RDF: http://www-106.ibm.com/developerworks/webservices/library/ws-soaprdf/ also

http://msdn.microsoft.com/xml/general/soaptemplate.asp

SoftwareRot

The title is taken from:

http://www.clueless.com/jargon3.0.0/software_rot.html
http://www.tuxedo.org/jargon/html/entry/software-rot.html

What I actually mean is anyandall data loss due to outdated machines, migration of software versions, lost media as well as the effect of service providers stepping out of contract for any reason.

The Askemos projects looks into reliably reproducing information over very long period of time.

SOX

An alternativ XML syntax, wich is easier to type: http://www.langdale.com.au/SOX/ TODO such a syntax would fit perfectly with Askemos!

There are more and more alternatives upcoming... e.g.:

• YAML

• JSON the "JavaScrip Object (Notification"-Language.

  This one is almost SXML except for minor encoding -- but those are pretty harmful, they droped the attribute/content distinction, which is requird to distinguish denotational focus from meta level.

  JSON is beeing used for json-rpc

SQL

Standard Query Language

A functional programming language designed to query and mainpulate tables of a relational data base.

See also ODBC and JDBC for ways how to use S Q L from other programming languages.

For a way to integrate SQL with Scheme see http://lambda.weblogs.com/discuss/msgReader$4236

SQLITE

sqlite in available as a user level language in both current Askemos implementations.

For ProjectsOnThePlace: use the new http://www.sqlite.org/c3ref/vfs.html os sqlite3 to map SQL table into either the WebDAV file system of BALL or whatever to combine byzantine replication with a SQL for users sake.

SRFI

Scheme Request For Implementation

See http://srfi.schemers.org/

The Askemos server supports currently:

• From srfi 1: append-reverse list= cons* filter remove delete partition fold take take-right drop drop-right unzip2 alist-cons
• http://srfi.schemers.org/srfi-2/srfi-2.html (and-let*)
• http://srfi.schemers.org/srfi-8/srfi-8.html (receive)
• http://srfi.schemers.org/srfi-19/srfi-19.html (date and time, modified as 'locale' doesn't have a defined meaning in a global network) See also WhatIsTime regarding different kinds of time.
• http://srfi.schemers.org/srfi-13/srfi-13.html (string library, partial support only because of copyright issue)
• 34 exception handling raise, guard(See srfi34).
• srfi49 "python-like" Syntax. (note: This syntax is often regarded to be not the best idea under the sun, but it's handy for short expressions, command lines and large SXML-HTML structures with little nesting).
• 43, the vector library

Note (to be moved somewhere): in http://srfi.schemers.org/srfi-40/mail-archive/msg00030.html is a simple and clear implementation of stream alike things, which is very close to the style used in the current (2003) Askemos code. Just the posting is much, much clearer. The only difference is in the conventions. No exception is raised at the end of a stream. Instead #f is returned as first value instead of the closure producing the rest of the stream.

SRFI34

http://srfi.schemers.org/srfi-34/srfi-34.html

Askemos did not have any exception handling system for quite some time, because exception handling is not strictly nessesary. But it is a practical thing and hence it's there.

Beginers beware: use exceptions with care. Never have the normal computation raise any exceptions. Normal cases should be handled with normal code. Exceptions are intented to mark parts of the code (the exception handler) as "seldom used" and optimize the body part.

SRFI35

http://srfi.schemers.org/srfi-35/srfi-35.html

Funny multiple inheritance in codition types.

See remarks about "neccessary" in SRFI34. ;-)

SRFI49

SRFI 49 defines some "Python-like" whitespace sensitive syntax. For example straight from the proposal:

let
 group
  foo
   + 1 2
  bar
   + 3 4
 + foo bar

Denser equivalents using more traditional S-expressions:

let
 group
  foo (+ 1 2)
  bar (+ 3 4)
 + foo bar

Both those expressions above are equivalend to the standard Scheme syntax of:

(let ((foo (+ 1 2))
      (bar (+ 3 4)))
  (+ foo bar))

I strongly believe that such a syntax is much more useful, especially for Scheme beginners but even more for editing small code portion in textareas as one does often in Askemos/BALL.

Beware however:the srfi is not yet final and the discussion seems to have dried up. Future versions will implement the srfi-defined rules, i.e., if worst comes to worst and those change, your precious code will break. But that's kind of unlikely, especially if you use if for small code portions or the large structure and keep some emergency code in standard syntax only, which should be able to bootstrap you code upgrade process.

Beware of tabulators:please see the srfi discussion archive. Tabulators cause major headache. Currently they count as one space. Better don't use them at all, it might even be disabled until the srfi is finalised.

SSAX

An XML parser an XPath processor (without parser),
which was envisioned as a replacement for Askemos' internal one.
http://ssax.sourceforge.net/
Tests results (see PerformanceConsiderations) show
Askemos' parser approximately 8 times faster.  Hence I keep it

Here a turtorial:

http://www-106.ibm.com/developerworks/library/x-matters31.html

another API is defined by http://www.saxproject.org
and find a pull parser specification at
http://www.xmlpull.org/

SSL

StandardML

A functional ProgrammingLanguagehttp://www.smlnj.org//sml97.html

STM

software transactional memory

See http://www.cl.cam.ac.uk/users/kaf24/lockfree.html

StorageAdaptor

fsm (working)

FileSystemMirror, keeps places in a canonical xml representation in the file system. (should [does it] work with http://www.redhat.com/software/rha/gfs/ ) Scales well in size, but is as slow as any other, which requires xml serialization internally.

pstore (working with restrictions)

The pstore stores objects "as they are".

DataDraw

looks nice

feedtree

Might become an interesting option.

http://pdtp.org/

2nd April 2004: I just read about it. Absolutely no time to read details (I should earn my living and go to Brussels for software patent campaign, if I can manage at all.) But this looks in a way like the storage adaptor we need. Please use the comment feature at the bottom to inform me.

http://sourceforge.net/projects/avf

This looks even better

iFolder http://forge.novell.com/modules/xfmod/project/?ifolder .

A Mono/DotNet file sharing tool. It might be a good idea to use that connector to end user applications on the platforms supported by iFolder.

webcache

The long wanted (since original design) web cache storage adaptor came surprisingly close! Even better: it already includes the DNS redirection code we've just been planning. See the P2P for the web cache "coreal". See also ProjectsOnThePlate we wish to retrieve an extended "fsm" via corel.

Freenet

Using the FCP it will soon be possible use FreeNet (which is like a distributed crypto raid) instead of a file system.

dbxml

might be interesting to connect to http://www.dbxml.org/ but by begin of 2002 it's jut a slower alternative to Askemos, which can't handle documents as big as Askemos can.

others

see virtuelles Speichermedium, distributed revision control systems should all be a good base, see http://www.regexps.com/ and http://subversion.tigris.org/

SupportArea

We at , the "company behind Askemos", are keen to provide any kind of help and partnership for commercial projects.

Meet us on channel #askemos at irc.pitcom.net .

To support the development of Askemos we offer a complete evaluation version, including full source code and all development tools we use ourself, for 10,- € (including shipping within Europe, please inquire for oversea rates).

Installed on this CDROM is the whole askemos.org web site and some more applications, which are not available online. It is based on the Ubuntu boot system and our own selection of debian packages, featuring network connectivity, office tools and our development environment at the expense of games and gimmicks. You can use it safely to run and test Askemos on any standard PC without any installation on hard disk and no prior knowledge at all, or install on your hardware, which will require minor Linux knowledge.

Hardware requirements (recommended): CPU 500MHz, RAM 256MiB only for optional hard disk installation: 3.5GB.

We lost the development machine to a lightning. Since we are not fully satisfied with knoppix as the base system, we'll consider other options. Until we recover, our CDROM is not available.

SVG

http://www.siliconpublishing.org/svgfaq/

all text PNG? http://sourceforge.net/projects/sng/

SXML

See also http://www196.pair.com/lisovsky/xml/index.html This code needs myenv-rscheme.scm and catch-error.scm

(C) public domain - see: http://www.geocrawler.com/archives/3/15235/2002/1/0/7705636/

BALL makes SXML is available in NameSpaceDSSSL. When DSSSL expressions return SXML conformant data these are expanded in the internal representation. Please note, that the expansion incures an additional traversal of the data. This and the prefix-embedding of SXML might incure undesired preformance loss. SXML elements may only ever occure as return value, not mixed as "inner" data structures. To expand the latter use (sxml sxml-tree). However it is possible to mix ordinary XML result tree fragments, e.g., as returned by make element or xsl-variable among SXML nodes.

For turtorial see: http://schematics.sourceforge.net/scheme-uk/xml.html and http://sjamaan.ath.cx/temporary/sxslt.pdf Note: be careful the sxpath functions are not optimal. When in doubt concerning performance try to get along with the DSSSL functions. They are faster.

Bugs

The sxml implementation in ball failes on annotations (namespace declarations) given at the document root (*TOP*) level: namespace declarations for these declarations are only included in the result tree, if the position of the annotations is specified:

(sxml '(*TOP*
        (@ (*NAMESPACES* (foo "http://foo.org/foobar")))
        (foo:bar (@ (@))
          (zoo:baz (@ (@ (*NAMESPACES* (zoo "http://foo.org/foobaz"))))))
        ))

results in

<foo:bar xmlns:foo="http://foo.org/foobar">
 <zoo:baz xmlns:zoo="http://foo.org/foobaz"></zoo:baz>
</foo:bar>

while

(sxml '(*TOP*
        (@ (*NAMESPACES* (foo "http://foo.org/foobar")))
        (foo:bar (@)
          (zoo:baz (@ (@ (*NAMESPACES* (zoo "http://foo.org/foobaz"))))))
        ))

is beeing serialised as (note the missing namespace foo)

<bar>
 <zoo:baz xmlns:zoo="http://foo.org/foobaz"></zoo:baz>
</bar>

Since those declarations could go there anyway, it's recommended to put declarations always in the attributes list of the document element.

future of xml

Beware: the XML standard version 1.1 will break SXML, since "Unicode will continue to grow past version 4.0, further changes to XML can be avoided by allowing almost any character, including those not yet assigned, in names".

SXPath

XPath engine in Scheme. For usage and examples, please refer to http://www196.pair.com/lisovsky/query/ .

The code in the Askemos sources has been modified to become more data model agnostic and more efficient. Besides the Askemos data model, it should still work with SXML.

TODO The adantage of the SXPath engine is it's clear source code structure. At the other hand it's too straight it does eager evaluation and lot of superflous calls and eventually violates document order (see here).

XLink

See http://modis.ispras.ru/Lizorkin/ for XLink extensions to SXPath.

Please Note

• These are not yet integrated with the main ball code.
• The traverse:: axis corresponds roughly to DSSSLfetch.

webscaperhelp

A nice tool to craft sxpath queries http://www.neilvandyke.org/webscraperhelper/ .

SystemRequirements

Essential

1. RScheme version 0.7.3.4-b7 or above. (local copy)

   On debian don't forget to install the required -dev packages, e.g., zlib1g-dev for compressed repositories.

   There's a port to Chicken Scheme (chicken 4, aka hygienic chicken) on the way; but not yet ready to be released (we need some basic fixes in chicken until it handles the load).

2. http://www.gnupg.org/ (debian package libgcrypt11-dev)
3. OpenSSL. (Used to be semioptional; Askemos works with degraded security for humans who are not allowed, to use cryptography and signatures. However the current build depends on it. Will become optional again.)
4. PostgreSQL client library.

5. MySQL client library from http://www.mysql.com/ . Tested with version 3.23.43-3 to 5.0.18 (TODO make this a configure time option).

6. SQLite library version 3.3.8 or above
7. The pcre library from with utf-8 support enabled (TODO make this a configure time option).
8. libmagic
9. A ntp server http://www.ntp.org (nodes need resonable synchronized time). optional recommended

10. on FreeBSD cups-base package (for /usr/local/etc/cups/mime.types)

Optional

1. optional: htmldoc http://www.htmldoc.org/
2. optional: zip/unzip
3. optional: fusedav; bus use our fixed version for now
4. optional: Jeff Kingston's Lout as formatting engine

template

TargetPlatform

A plattform is ... essentially a (virtual) machine _or_ scheme implementaion.

A port is the minimal set of compatible modifications required to run the code on the platform.

A port is minimal, if the kernel produces the same results as the original and the port supports at least one (network) access protocol supported by another plattform. (This means it can't exist on just one platform and refuse to communicate to other plattforms.) A port is complete, if it's minimal and supports at least one storage adaptor.

Notes on possible targets

Other Scheme Implementations

1. Chicken http://www.call-with-current-continuation.org : the port almost works
2. Guile http://www.gnu.org/software/guile/guile.html : has gotten momentum since Askemos was implemented. Port to the implementation strategy "libxml2 + libxslt + guile" should be easy with the existing chicken code.
3. bigloo: my beloved, fast bigloo: too many global variables --> no preemptive threads, C stack used --> partial call/cc. Update: new version seems to support pthreads and asynch i/o. Port to bigloo schould be retried.
4. DrScheme?: due to C++ interface in DrScheme? there's some chance that the texas persistant store might work there. In the latter case a complete port should be simple.

Virtual Machines

TCB

Trusted Computing Base

remark see also RelianceSet, which includes the human operators as well.

A TCB consists of a set of hardware and software mechanism which guarantee that security will not be violated under any circumstances.

A TCB is must be formally proven to be correctly implemented. (Paying attention to the Trusting Trust issue.)

The /. article of 18th Aug 2004 introduces http://www.rpow.net/ a second TCB based on a slightly different approach.

See also http://www.dtcp.com/

Current approaches try to provide a cryptographic check sum (in hardware), which is updated after a certain amount of processing has been done. (E.g., after the boot loader has been executed, after the operating system has been loaded etc. This is also how thecurrent BALL implementation computes the opaque part of the version slot of a place.

open tc aims to provide a free implementation, focusing on linux.

As of 2003/4 there are concerns about bad designs for secure hardware under the names TCPA and TCG. Read more on http://www.eff.org/Infra/trusted_computing/20031001_tc.php An good faq on the usual problems accociated with central control http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html especiall interesting the last question concerning the DoD definition of trust: "a trusted system is one, which can break the security policy" - which is correct in so far, as the the ability to break the policy is what requires client to trust the system not to do so. For "anonymity" - which means the guarantee not to let untrusted parties to spy on secrets - this definition is correct. Integrity however is a different thing, there is no such thing like a correct system, which can break the correctness property aka. "security policy". To avoid confusion we better don't call such systems "trusted". But what else? Correct? http://www.cypherpunks.to/TCPA_DEFCON_10.pdf

The main concern is that users are not be in 100% control of their own environment. (This groklaw article illustrates the problem from a legal background. I'm not yet sure that this could happen on the platform.) If such a system would run after a some non-obvious software was loaded "in the name" of a user (e.g., if it was possible to load an encrypted bios or system kernel) than that user was already impersonated. Since the structure of those plattforms is equivalent to "botnets", they are highly vulnerable to abuse nnd therefore basically useless for lawful purposes. Once ebmraced it could no longer incure legally binding consequences.

some critical voices: http://www.protectprivacy.org/ , http://www.notcpa.org/

The german computer magazine publisher heise reports chaos computer club critism on the dangers of "trusted computing" http://www.heise.de/newsticker/meldung/54655 .

There are more computer related uses of the acronym: see folddoc. The one I like most: Trouble Came Back

TCP

Transport Control Protocol

TeX

Add on tools

http://w3.mecanica.upm.es/metapost/

http://getfo.sourceforge.net/index.html

http://stexme.sourceforge.net/

http://getfo.org/texml/

TextFormattingSystem

Software, to put text on a sequence of sheets of paper. To some extend visual rendering systems might count as the same.

See also the jade DSSSL engine, which produces actually only input to various TextFormattingSystem's.

Notes on useable systems

pdfxmltex + passivetex

pdfxmltex can be used as backend formatter

<output xmlns="http://www.askemos.org/2000/CoreAPI"
        media-type="application/pdf"
        method="x-pdfxmltex>
 <fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format">
 ...
 </fo:root>
</output>

xmlroff

Xmlroff

is supported as the (intented) primary means to produce [[PDF]] from [[XSL]]-[[FO]],
though it's not yet widely used, while the historical alternatives are.
To render an fo element by xmlroff, return an output
element enclosing the [[FO]] element like this:

<output xmlns="http://www.askemos.org/2000/CoreAPI"
        media-type="application/pdf"
        method="x-xmlroff>
 <fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format">
 ...
 </fo:root>
</output>

Note: using xmlroff is slow even for small pages (furthermore, for the sake of security, such a huge amount of unsafe code (written in C) is better beeing run as an unpriviliged user, which deters performance even more), so don't stress it too heavily. PDF files from xmlroff (of version 0.2.4) are huuuge and too many features are missing.

CSS

CSS a [[W3C]] standard, supported by many browsers. there's a command line tool css2xslfo (java) which produces decent PDF - TODO that should get support here.

TeX / LaTeX

TeX / [[LaTeX]] Supported yet completed. See cpan. http://www.tei-c.org.uk/Software/passivetex/ forthcoming.

Lout

integrated, see lout template. Unfortunately Jeff Kinston decided not to maintain the PDF backend anymore.

Lout backend for jade http://www.multimania.com/jbn/software/oj_patch.zip

roff in it's various forms nroff, troffm, groff etc.

used by the man subsystem

htmldoc

supported see htmldoc template, fast, simple, easy to use, much less features than lout.

THANKS

There are too many people, whose ideas went into Askemos1. Special credit to those, whose contributions made it possible at all:

• Raphael Heinrich
• Peter Hochgemuth
• Donovan Kolbly
• Frank Müller
• Eberhard Richter
• Christian Schaller
• Hans-Jürgen Stüber
• Felix Winkelmann
• Tom-Steve Watzke
• Jörg F. Wittenberger
• Werner Wittenberger
• Christoph Zurnieden

[[|[1]]]

Just follow the links from this wiki to find a part of them...

TheJail

Operations to revoke rights are the only transactions which are executed without asking consent from the place in question.

There are two operations relevant here. The normal revoke operation and i-call-you!, which is not yet exported.

i-call-you! is good if a place runs wild for any reason. If we can avoid it's use alltogether (except for the setup, where is has the crucial role to create the basic right relation) that would be a good thing.

This function is not yet available outside at the client code level. Until that you need to start with debug-access enabled and prepare the call by hand.

ThePatent

Deutsch das Patent

The Idea

1. legal protection for utilization and derivation of benefit from some invention
2. letter of appointment
3. authenticated licence for certain professions

Patents are granted for new inventions (as opposed to discoveries) which allow for commercial utilization and benefit. with the exception of:
a) Inventions which applications would contradict morality
b) Food, luxury foodstuff and medicine
c) chemical compounds
whereby for (b) and (c) the manufacturing process for the materials may be patentable, while the material itself is clearly not.

Inventions are only patentable, if they are a noteworthy enrichtment of the state of the art. The don't count as new if they are not described or used within the last 100 years in such a way that an expert of the specific field could apply them.

A patent grants a monopoly to any commercial use of the invention such as keeping for sale utilization.

Patent laws exist since the industrial revolution, when mankind started to combine the principles of natural laws in several ways.

It's important to note that for a reason:Patents are always granted for the combination of natural laws. Never for the laws themself.See also: http://swpat.ffii.org/papers/eubsa-swpat0202/prop/index.de.html#mensmat

Inventing in the sense of patent law means harnessing the forces of nature, which do not follow the rules of intellectual creation and must be verified by experimentation (letting nature answer questions) rather than by mathematical proof (letting the human mind answer). Only in this field can there be a macro-economid justification for granting a 20 year monopoly on a novel teaching.== public risk== Patents are sort of a deal between the general public and a private body. As with any deal there's the risk of deceit. See http://www.pubpat.org/ . There's also an article about the imperfections of the current american patent law.

history

By 2006 the European Union has EPLA? on stage, which has horrible problems with souvereignity.

1. remember European Banana Union Day.
2. http://www.patent.gov.uk/patent/history/fivehundred/origins.htm .

Software Patents

Since software became somehow patentable in the USA?, patent protection hinders and substitutes research and development but make a great tool to safe taxes (shaping the profit margin). See http://www.researchoninnovation.org/swpat.pdf and an analysis by Jan Hofmann of Deutsche Bank, who found patents harmful to software.

Remember proofs are programms.

http://righttocreate.blogspot.com/2006/06/reforming-software-patents.html

2004: the german government has broken it's promise to vote at 18th May in european councel to protect data processing from patent monopols or at least define precicely what consitutes a "technical contribution". For details see: http://kwiki.ffii.org/?Cons040518En . This brings Europe closer to a dangerous situation of legal incertainty. Will the use of electronic media become illegal for legaly binding processes? (See also DefineInsecureModeFalse.)

2006 Lehman: TRIPS?http://dooooooom.blogspot.com/2006/03/lehman-trips-was-mistake.html

http://www.bailii.org/ew/cases/EWHC/Ch/2006/705.html

IBM? position derived by in-depth consultation rightfully rejects business method patents.

Medical Knowledge (e.g., Gene) Patents

Gene patents are as wrong as any patent on expressions is. Patenting genes seems to be a case where patent law infringes with very basic rights like the choice of food you eat. We all (lawmakers, layers and everyone on theirs own) have to decide which law is the higher value (HoeheresRecht [german]). Recommented reading: http://www.etcgroup.org/article.asp?newsid=398 , http://downloadaborted.blogspot.com/2004/06/open-source-life_21.html

This essay breaks the law.

Patent law failed for medicine.

Econimoc studies

interesting study ... also has a lot to say about the dangers of monopolies and some things about the influence on patents:

With regards to innovation, it may be useful to compare the role of FLOSS?, which in its nature supports diffusion of knowledge, to patents that are justified for, among other things, promoting disclosure of knowledge and resulting innovation. In fact, patents have been found empirically to be a poor means of promoting disclosure. Arora et al (2003) find that "patent disclosures appeared to have no measurable impact on information flows from other firms, and therefore no measurable effect on R&D productivity". ...

Relevant Laws

Germany

Patengesetz 5. 5. 1936

European Union

The great confusion. Everything is in flux. http://swpat.ffii.org/ read how we could gain a patent monopoly on democracy using the 20th Feb 2003 software patent directive and some positive argument towards patentable processes in software.

Collected Remarks

These remarks where added to the page from outside. But I did not come around to review them.

wired 2004/08/06,
http://taint.org/2004/08/20/024522a.html ,
http://www.ipsummit.info/3questionscq.php

Novel's position http://www.novell.com/company/policies/patent/ .

http://www.tbray.org/ongoing/When/200x/2004/10/12/PatentTheory

Beuprez paper explains this very thouroghly: http://www.beauprez.net/softpat/defence.html .

Groklaw http://www.groklaw.net/article.php?story=2005041208505337 !!!
Erik Josefsson http://www.ffii.se/erik/NLOPEN/http://wiki.ffii.org/FfiiEpp0506En .

http://righttocreate.blogspot.com/2005/11/patents-chilling-science.html ,
http://www.ipjur.com/2005/12/uk-cipa-on-patent-infringement-should.php3 ,
http://money.cnn.com/2006/01/25/news/newsmakers/davos_blackberry.reut/index.htm?section=cnn_tech ,
http://www.ovum.com/go/content/c,377,62989 ,
http://news.com.com/Static+over+RFID/2100-1008_3-5357189.html

22th Oct 2007: Let's Make a Deal - The MS?-EU Settlement

ThePlace

A place is the possibility to store something. That's what my dictionary says. It's the same here:the possibility to store information. (In particular a location in STM to hold an object aka agent aka continuation. TODO move: a gentle intro to continuations for C programmers elsewhere It should be noted that one should not think about that place as some media. Media is used to store plain data. Information, in contrast, is stored in the InformationSpace, which is a conceptual (or virtual) space. Example: "The presentation (or projection) of a place in the address space of the server is implemented in place.scm."

TheReflection

"Tuning back to itself".

In Computer Science, Reflection is the domain of programs that (effectively or potentially) describe and manipulate themselves.

TIFF

TODO

Things to do. See also BUGS and ProjectsOnThePlate

1. find the suspicious kernel hang (make watchdog magic obsolete); this seems to be solved, but who knows?
2. Bring a bug tracker into place. Either actually use sourceforge for that, or, better, develop it out of the the forum code and run in inside Askemos.

The XSLT implementation is sketchy at best.

TopicMap

topic maps ISO 13250

http://www.topicmaps.org/xtm/1.0/

http://www.diffuse.org/TopicMaps/schema.html
http://www.hightext.com/tnm/psjan98.htm
http://www.ornl.gov/sgml/wg8/document/1937.htm
http://www.ornl.gov/sgml/wg4/document/1984.htm
http://www.topicmap.com/
http://www.ontopia.net/ontopia/texts/product-wp.html
http://www.oasis-open.org/cover/topicMaps.html

TPM

"technological protection measure"

(Sometimes referred to as access control enforcement facility.)

Physical or digital(TCB) measure to protect against unintentional (trans)actions.

In the (narrow) context of copyright legislation these transaction are copying or attending/accessing.

In this context non-technological things like encryption codes and passwords might be included as in this austraian draft.

(For clarity "encryption software" should be replaced by "encryption code" or "encryption password" to point out that's the secret part is the measure, not the public accessiable software [be it binary or clear text]. Note the exception for private copies for the purpose of keeping evidence "online privacy".)

TrustCenter

Funktion

Ein Trust Center soll die Zurechenbarkeit einer elektronischen Signatur zu einer natürlichen Person sichern. (Authentifizierung, Identitätsversorger, ID-Provider).

Der Akzeptant einer Nachricht vertraut auf die Authentizität des Absenders im Rahmen der vom Trust Center bei der Zertifikatsausgabe betriebenen Prüfleistungen.

Natürlicherweise hat der Einzelne das höchste Vertrauen nach persönlichem Augenschein. Insofern kann es die auf wikipedia angesprochene nichtauthorisierte Person auf höchster Vertrauensebene gar nicht geben. Diese vom SigG fortgeschritten genannten Signaturen unterliegen daher der freien Beweiswürdigung.

Für den administrativen Verkehr (im Geschäftsverkehr die letzte Stufe im Rahmen der Vollstreckung) ist die persönliche, "fortgeschrittene" Signatur natürlich ungeeignet. Das Amt akzeptiert nur Signaturen die von Zertifikaten anerkannter (qualififzierter) Trust Center signiert wurden. Im Geschäftsverkehr ist es vorteilhaft nur durch das SigG anerkannte Signaturen zu akzeptieren, weil dies die Vollstreckung erleichtert. Notwendig ist dies jedoch keineswegs.

Praxis und SigG

Insbesondere Zertifizierungs- und Zeitstempeldienste müssen, wie alle mit Rechtsfolgen behafteten Vorgänge durch leicht und öffentlich nachprüf- und analysierbare offene Standards realisiert werden. -- Nur wo stehen die entsprechenden Bestimmungen im Signaturgesetz?

( ursprüngliche Fassung 2001 )

"Einfache" elektronische Signaturen nach SigG können als nicht relevant abgetan werden. Ihnen kann im Rahmen der freien Beweiswürdigung keinerlei Wert eingeräumt werden.

"Fortgeschrittene" Signaturen entstehen typischerweise durch cryptographische Verfahren. Auch die Anmeldung an an einem Askemos-Netzwerk, selbst wenn diese mit Nutzername/Passwort erfolgt, erfüllt die Anforderungen nach SigG §2 Punkt 2. BALLfiXml implementiert die notwendigen cryptographischen Algorithmen.

Signaturen von den Servern eines Askemos-Netzwerkes können als "qualifiziert" eingestuft werden, wenn

1. Auf qualifiziertem Zertifikat beruhen (§7) und von Zertifizierungsdiensteanbieter gemäß §§ 4-14 oder §23 erfüllen:

   • Zuverlässigkeit und Fachkunde
   • Deckungsvorsorge lt. §12 250000 €, versicherbar?
   • § 24 1,3,4

2. der Server entsprechend § 2 Punkt 3 als "sichere Signaturerstellungseinheit" gilt. Das sind Soft- oder Hardware-Einheiten, welche die folgende Anforderungen lt. §17 oder §23 erfüllen:

Offensichtlich wurde der Aufwand, symetrische Verfahren vorzuscheiben als zu hoch eingeschätzt. Dadurch sind Vorgaben entstanden, welche Lücken offen lassen. Diese können jedoch leicht geschlossen werden.

Das wesentliche Problem ist der Fakt, daß bereits eine einzelne Signatur eines einzigen Identitätsversorgers zur sicheren Identifikation akzeptiert wird. Dies reicht jedoch nur aus, wenn Trust Center und Rechtsträger identisch sind. Um handelseinig werden zu können braucht es in diesem Fall die byzantinische Einigung mindestens zweier, sich gegenseitig zertifizierender Paare aus Rechtsträger und Trust Center.

Das Problem kann leicht gelöst werden, wenn mehrere Signaturen unterschiedlicher und administrativ unabhängiger Trust Center gleichzeitig angebracht werden. Dann wird der Rechtsträger vom einzelnen Trust Center unabhängig. Der Rechtträger erhält durch diese Freiheit eine qualitativ höhere Rechtssicherheit und gleichzeitig können die Anforderungen an die einzelnen Trust Center gesenkt werden. Während nämlich die kurzzeitige Verletzung der Vertrauenswürdigkeit des Trust Centers (Schlüsselverrat) in der gegenwärtigen Regelung sämtliche Signaturen invalidiert, kann der byzantinische Verbund den Totalausfall des einzelnen Trust Center störungsfrei verkraften und einen konsistenten Zustand auf einem Ersatz Trust Center wieder herstellen.

Aufgaben des Tust Centers

TODO:Vergleiche mit SigG, ob die genau so vorgeschrieben sind, oder ob ie angemerkten Probleme im Rahmen der bestehenden Verordnung geklärt werden können.

1. Erzeugung von Schlüsselpaaren.
2. Identifikation der Schlüsselinhaber.
3. Zertifizierung des öffentlichen Schlüssels.
4. Einbringen des privaten Schlüssels in einen sicheren Träger (Chipkarte).
5. Unterrichtung der Schlüsselinhaber.
6. Entgegennahme von Sperrungen von Schlüsselpaaren.
7. Bereitstellung von Sperrlisten (elektronisch, 24 Stunden, 7 Tage pro Woche).
8. Möglichkeit der Einzelabfrage (elektronisch, 24 Stunden, 7 Tage pro Woche).
9. Bereitstellung eines Zeitstempeldienstes (freiwillig).

DasVertrauen

Die Enttäuschung vom Vertrauen

DoD definition of trust: "a trusted system is one, which can break the security policy"

1. Wer erstellt den öffentlichen und den privaten Schlüssel ?

   Das zum Elektronischen Signieren verwendete Schlüsselpaar wird von einem Trustcenter erstellt. Jedes Schlüsselpaar darf es nur einmal geben. Niemand, auch nicht das Trustcenter selbst, darf Kenntnis von dem privaten Schlüssel erlangen. Deshalb wird dort der private Schlüssel nach dem Einlesen in die Signaturkarte gelöscht.

   Damit ist der Begriff "Zentrum des Vertrauens" leider gerechtfertigt.

   Ein vollwertiges System muß sicherstellen, daß das Schlüsselpaar vom Schlüsseleigentümer erzeugt und nur der öffentliche Schlüssel einem dem Kommunikationspartner genehmen Zertifizierer zur Unterzeichnung vorgelegt wird.

   Der Prozeß ist natürlich zu kompliziert. Alternativ kann ein Massenzertifizierer annonyme Zertifikate ausgeben, welche erst nach ihrem Erwerb personalisiert werden.

2. Welche Aufgaben erfüllt der Verzeichnisdienst?

   Der Verzeichnisdienst erteilt vertrauenswürdig Auskunft, ob das Signaturschlüsselzertifikat existiert, gültig und nicht gesperrt ist.

   Vertrauenswürdig:Auch hier gilt, es darf - jedenfalls in einer Demokratie - keine einzelne Instanz geben, welcher der Rechteinhaber total vertrauen muß. Im Streit zu unterwerfen ist der einzelne Bürger nur dem durch Recht und Gesetz gefaßten Volkswillen.

   Ein vollwertiges System muß derartige Verzeichnisdienste im Askemos anbieten. D.h. in irgendeiner Weise durch byzantinische Abstimmung des Verzeichnises in administrativ unabhängigen Kopien. (Eigenwerbung: besonders einfach ist das natürlich, wenn alle Kopien von BALL-Servern bereitgestellt werden.)

   Wiederum ist es zu aufwändig, jedem Bürger den Betrieb eines eigenen Servers zuzumuten. Massenversorger können den Betrieb jedoch wiederum annonym anbieten. Der einzelne Bürger wählt sich sodann ein Quorum passend zur Aufgabe. Das Restrisiko, daß bei der Mehrheit der Massenversorger eine Fälschung zungunsten einzelner erfolgt, ist absehbar gering, ergo versicherbar und somit ist es ökonomisch vernünftig akzeptierbar.

3. Was ist ein Zeitstempeldienst?

   Für viele elektronische Daten ist es wichtig, den Zeitpunkt Ihrer Entstehung rechtsverbindlich feststellen zu können. Für solche Fälle stellt das Trustcenter einen Zeitstempeldienst bereit. Die Kurzform (Hash-Wert) der Daten wird mit einer verbindlichen, amtlichen Zeitangabe nach Zeitgesetz versehen und von dem Trustcenter mit einem speziellen Zeitstempelschlüssel elektronisch signiert.

   Für alle vorgänge mit Rechtsfolge ist der entsprechende Zeitstempel notwendig. Deswegen führen wir im Askemos den Zeitstempel mit jeder Nachricht mit.

   Für den Anwender ist dies eine erhebliche Erleichterung. Spezielle Zeitstempeldienste gehören der Vergangenheit an. Der Zeitstempel ist Teil des Interpreters und damit der Programmiersprache. (Vgl. WhatIsTime)

4. Warum erhält man die PINs von vielen Zertifizierungsdiensteanbietern in zwei Teilen? Die PIN kommt aus Sicherheitsgründen in zwei Teilen. Nur aus beiden Teilen der PIN kann man die endgültige PIN ermitteln, d.h. geht ein Teil verloren, kann mit diesem Teil kein Missbrauch erfolgen.

5. Was sind die gesetzlichen Grundlagen der Elektronischen Signatur ?

   Die gesetzliche Grundlage für Elektronische Signaturen bildet in Deutschland das Gesetz zur Elektronischen Signatur (SigG). Dieses Gesetz ist am 22.05.2001 in Kraft getreten und regelt für Deutschland die Erstellung, die Verteilung und Administration von elektronischen Signaturen. Die dafür notwendige Infrastruktur wird PKI (Public Key Infrastructure) genannt. Auf der Grundlage des SigG wurde weiterhin die Signaturverordnung erlassen und Maßnahmenkataloge geschaffen, die insbesondere die technischen Anforderungen weiter spezifizieren. Gleichsetzung der Elektronischen Signatur und der eigenhändigen Unterschrift: Zivilrecht Änderung des § 126 BGB in § 126 a BGB (01.08.2001). Das deutsche Signaturgesetz entspricht der Europäischen Signaturverordnung.

6. Wo erhält man weitere Informationen zu technischen oder rechtlichen Fragen ? Zu rechtlichen und technischen Hintergründen finden sich Informationen auf der www-Seite des Bundesamtes für Sicherheit in der Informationstechnik (BSI unter http://www.bsi.de, beim Bundesministerium für Wirtschaft und Technologie unter http://www.iukdg.de. Die Regulierungsbehörde für Telekommunikation und Post (RegTP) erstellt die Schlüsselpaare und Zertifikate für alle Trustcenter und stellt ebenfalls Informationen unter http://www.regtp.de bereit.Was unterscheidet ein akkreditiertes von einem nicht akkreditiertem Trustcenter ?

   Das SigG2001 sieht 2 Typen von Zertifizierungsdiensteanbietern zur Vergabe von qualifizierten Zertifikaten vor: 1. Angemeldete Zertifizierungsdiensteanbieter. Die Qualität beruht weitgehend auf Erklärungen der Unternehmen. Die Unternehmen bieten Gewähr für die Einhaltung der Rechtsvorschriften. 2. Freiwillig akkreditierte Zertifizierungsdiensteanbieter. Bei diesen Zertifizierungsdiensteanbietern erfolgt eine Prüfung der Einhaltung der im Signaturgesetz festgelegten Regeln und Vorschriften vor Aufnahme des Betriebes durch zugelassene Prüf- und Zertifizierungsstellen. Die einzelnen sicherheitstechnischen, personellen und organisatorischen Maßnahmen sind in einem von der Reg TP gemäß § 12 der Signaturverordnung herausgegebenen Maßnahmenkatalog konkretisiert.

7. Welche Arten von Signaturen werden unterschieden ?

   1. Einfache elektronische Signaturen 2. Fortgeschrittene elektronische Signaturen 3. Qualifizierte elektronische Signaturen 4. Qualifizierte elektronische Signaturen eines akkreditierten Zertifizierungsdiensteanbieters (kurz akkreditierte elektronische Signatur genannt) Gesetzlich festgelegte Rechtsfolgen haben nur qualifizierte elektronische Signaturen und akkreditierte elektronische Signaturen. Alle Signaturen sind verbindlich. Nur die qualifizierten elektronischen Signaturen und akkreditierten elektronischen Signaturen erfüllen alle Formvorschriften und sind bei Gericht ohne Einschränkung als Beweismittel zugelassen. Die beiden anderen Formen der elektronischen Signatur unterliegen der freien Beweiswürdigung des Richters.

TUNES

Tunes

http://tunes.org/ and ftp://ftp.tunes.org/pub/tunes/

Tunes is definately the most simillar project I ever saw when I came across it early november 2001.

It's design goals as well as decisions are very parallel. We'll see integration and comparison here, promised.

First difference: Tunes seems to have stronger focus on beeing an operating system and compleeting all the theory beforehand, while AskemosServer has a focus on it's utility for the whole project (AskemosAbout), which includes delivering an actually usable code base and proof it's usefulnes in practice (i.e., for now just enough theory to be proofable, not proofen).

A second difference derives from the position towards "reality". While TUNES has strong points towards the Web ( http://cliki.tunes.org/TUNES%20vs%20the%20WWW ) for a reason, Askemos has not. Why? Well even though it's true, the W3C tries to reinvent the wheel by dublicating most useful inventions, (in so far agreed with the strong points toward the web) it does so with the focus on standardization. Inevitable some standards will be too bad and superflous. But standard is better than better. Especially when it comes to reality.

While the W3C way might not be the best way technically, it is a) feasable and b) a way to gain utility and compatibility. Askemos would be doomed to fail, if standards where not emphasized even at some cost in implementation effort and computation time. (Yes, many thing could be done better.)

Since 28th July 2003 there is http://max.tunes.org/ coming. A first, superficial review shows that the code of max is very simillar to the internals AskemosServer (which is no surprize at all). I'm curious to watch the evolution of two simillar implementations of the same principles.

UBF

Universal Binary Format

A binary (better ;-) alternative" to XML. http://www.sics.se/~joe/ubf/site/home.html

Good description in paper http://www.erlang.se/workshop/2002/Armstrong.pdf

remarks on that paper

Architectur description in section 3 reveals that ubf also is based on the idea of checked ProcessStep's. As such ubf's contract checker can be understood as a special case of the 'function' producing the 'reply' element for AskemosDVM. The AskemosDVM is more general as 'function' a) also produces the new state and message and b) can create several messages at once.

ubf describes a consise data format and validation language. Both are stack based (highly similar to FORTH?).

future: it might be worth to add pure checking support (as suggested in http://www.softeyes.net:9080/~jerry/Askemos-NODe2002.pdf slide 15) for the AskemosDVM based on ubf.

Related quoting http://lambda.weblogs.com/discuss/msgReader$5185 : The Erlang Bit Syntax extends pattern matching to (de)constructing chunks of binary data, such as the bit-encoded headers in network protocols and file formats. It's an amazingly handy language extension.

The Bit Syntax is a standard part of Erlang now, though it doesn't have all the features of the prototype. For details see The Bit Syntax - The Released version, or Erlang Extensions since 4.4.

The binary-types package or Common Lisp implements a similar extension.

UML

Unified Modelling Language

URI

RFC 2396

IETF (Internet Engineering Task Force) RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax, eds. T. Berners-Lee, R. Fielding, L. Masinter. August 1998.

URL

Uniform Resource Locator RFC

A way to specify an object by means of a destionation path, where the data body can be found.

UTF8

http://unicode.org/reports/tr36/

http://www.decodeunicode.org/

VPN

VSTa

http://www.vsta.org/
(mirrow: http://www.zendo.com/vsta/ )

Andrew now does http://www.forthos.org/

W3C

WAKEUP

A Makefile variable which is set from the make command line to add wakeup time code. For a normal setup this variable is left blank.

WebBrowser

Es wird davon ausgegangen, daß die überwiegende Mehrzahl von Askemos-Anwendungen durch Webbrowser dargestellt werden. Insofern haben Webbrowser alte Formen von Benutzerschnittstellen abgelößt, sie sind sozusagen die Computerterminals der Gegenwart.

Die Mozilla (bzw. Firefox)-Umgebung (die ja weit mehr ist als einfach nur ein Browser im herkömmlichen Sinn) ist konzeptionell als das geeignete Gegenstück auf Client-Seite angelegt um Askemos-Anwendungen zu realisieren. In den meisten Fällen wiederum wird diese Leistungsfähigkeit gar nicht gebraucht werden. Für diese Fälle stehen "leichtgewichtigere" Lösungen zur Verfügung.

Ggf. sollte authentifizierter Zugang grundsätzlich nur über verschlüsselte Verbindungen (SSL) erfolgen. Anonymer Zugang wenn überhaupt vorgesehen (abhängig vom Einsatzfall), solle ggf. (oder nur?) über Anonymisierungsdienste wie z.B. jap erfolgen.

WebDAV

Distributed Authoring Extension to HTTP, RFC 2518

This RFC defines extensions to support some aspects of authoring workflow (like locking and version control). Users might be interested to control Askemos agents using the WebDAV protocol from client software which is readily available (see below).

Starting with version 0.7.3 the HTTP-ProtocolAdaptor of BALL has been extended to accept WebDAV requests.

A Word of Warning

WebDAV has several and severe shortcomings: It has been designed under the narrow assumption of document organization in directed, acyclic graphs (tree). These assumptions incure consequencess, which are eventually at least questionable. Therefore we recommend to consider better alternatives for newly developed client software.

Problems with WebDAV

WebDAV distinguishes only two kinds of agents: leaves resources (aka "documents") and intermediate tree nodes (aka collections, directories). Thereby it makes heavy restrictions on the inner workings of collections and documents.

Default Depth is infinity, who did that? I'm not even inclined to comment on such a sillyness.

WebDAV protocol parameters seem arbitrarily assigned to HTTP headers and -attributes or ~values. The XML-DTD violates well known design rules.

This standard is exceptionally hard to read, though the simple matter doesn't give a reason for this hardship.

Bugs

The mentioned restrictions make WebDAV unsuitable for implementation at BALL kernel level and should be left to the agents themself.

The implementation could use some cleanup and the current plan is to implement only those functions which are actually required for a certain purpose. (See below).

The Wiki-agent (see HowToEditThisPage) has to guess which parts of the document is sensitive text, edited by the user and what is constant decoration (forms, author, date etc). If this guess failes alltogether your saved text will include all the decoration.

WebDAV client software

cadaver

A command line client similar to the well known ftp program: http://www.webdav.org/cadaver/

fusedav

mount dav resources under linux as file system in user space (fuse) http://0pointer.de/lennart/projects/fusedav/ (tested version: 0.2)

Openoffice

http://www.openoffice.org/

Supported Operations

The Wiki Agent (HowToEditThisPage) has been extended to work with WebDAV. You can save pages from your WebDAV enabled software.

Openoffice

Open page like this

$ openoffice http://www.askemos.org/WebDAV

Use the normal save button to update the network. (In case of trouble see OOo.)

cadaver

$ cadaver http://login.softeyes.net/Ad60e3fb123a79b2e5128915116b288f7/

ls
...
get

Related Links

http://lxr.webperf.org/source.cgi/modules/dav/main/mod_dav.c

Atom, an alternative http://bitworking.org/projects/atom/ which runs on application level rather than server level. Maybe that one fits better for our implementation?

CalDAV? calendar extensions to WebDAV http://greenbytes.de/tech/webdav/draft-dusseault-caldav-04.html#urls (I hardly understand why those extennsions are required)

WhatIsTime

We have to distinguish three kinds of time, when reasoning about global interpreters sharing subspaces (as with Askemos):

real time

real time is what we understand as the current date. is a hypothetical thing. In reality only a clock approximately synchronised to a universal time base is possible.

node time

is whatever the clock the machine yields. Nodes need a reasonable synchronised clock, therefore NTP-synchronisation is among the SystemRequirements. Node time is available from SRFI-19 current-time and current-date. Note:node time is not useful for time values stored during transactions. Use virtual time for that!

process time

is the time at which a transaction (see ProcessStep) appears to be performed. It is attached to each message and agreed upon the quorum. (Similar to "official" processes, which often depend of the postmark for time measuerment.) To access the virtual time from NameSpaceDSSSL use (msg 'dc-date).

WikiWiki

The wikiweb ( http://c2.com/cgi/wiki ) was probably the first application, which used mixed case words (wich are common for abbreviations and multiy word identifiers in some programming languages) to automatically create cross references.

This scratchpad application uses the same convention, see HowToEditThisPage and ContextViewUsage for more details. Future versions may support http://www.opml.org/ , please send comments or help, if you would like oplm support.

Somehow the structure of Wiki and hence these pages seems simillar to http://xanadu.com/zigzag/ , http://gzigzag.sourceforge.net/ I just found zigzag in Nov 2001 and did not dive into it.

Thanks to Roland Hjerppe, I've got to know (Oct 2004) about xanadu/udanax aims and internal which bear some simillarities in the aim to server for global hypertext higher level structure (udanax could well be an Askemos application: it's structure has a few properties I'd implement at application level).

Shawn Rutledge wrote: Yes as I mentioned, I wanted to build a wiki. But lately I've been thinking that editing wiki-style text should just be one possible UI. It's hard to say that the wiki syntax is a canonical way of storing web content when nobody can even agree on that syntax (Alejandro's, Felix's, MediaWiki? etc. are all different). So I want to build an object tree that represents a web page and store that, and dynamically generate a wiki-like editing UI. Then an alternative UI could be a Javascript one where you have wordprocessor-style controls rather than having to use wiki syntax; and another would be a full GUI; etc.

OK, that's exactly the thinking behind the wiki style I included in Askemos/BALL. I'd never store syntax, which is hardly readable in 200 years, as Dan Bricklin has put it. It stores plain HTML (as parsed tree in the pstore module and standard XML syntax in the file system) plus some XML for meta data, lock handling etc.

You can edit HTML or wiki syntax. For that to work, the XML tree is serialised in wiki syntax from the template. (template?template=source This might loose information and be vary of round trip problems.) So wiki syntax applies only on the UI.

Other Wiki implementations:

• http://ww.telent.net/cliki/index
• Read about dokuwiki http://applications.linux.com/article.pl?sid=05/01/10/232235 which has many feature we should have on top of Askemos!

XLink

http://www.w3.org/TR/1999/NOTE-xlink-req-19990224/

Support for SSAX here: http://www196.pair.com/lisovsky/download/contrib/xlink/

XML

Nodes, Groves, Hypergroves explained http://www.xml.com/pub/2000/04/19/groves/index.html

Name Spaces

Defined: http://www.w3.org/TR/1999/REC-xml-names-19990114/

URI____________________________________________See.
http://www.w3.org/XML/1998/namespace             XML
http://www.w3.org/1999/XSL/Transform             XSLT
http://www.w3.org/1999/02/22-rdf-syntax-ns#      RDF
http://www.w3.org/1999/xhtml                     HTML
http://dublincore.org/documents/2004/12/20/dces/ DublinCore (formerly http://purl.org/dc/elements/1.0/ )
http://www.askemos.org/2000/NameSpaceDSSSL       NameSpaceDSSSL
http://www.askemos.org/2005/NameSpaceDSSSL/      NameSpaceDSSSL
http://www.askemos.org/2000/CoreAPI#             CoreAPI
urn:mysql-xsql                                       XSQL
nu                                                   NuNu, highly experimental scratchpad wiki
lout                                               TextFormattingSystem Lout

TODO:relative URI's above are to be replaced with a permanent URI.

There is a nice talk that xml sucks but you have to use it anyway. He is right in many things though a some rebutals and corrections are in order.

The decision to go XML is at least for germany made by the parliament. See Justizkommunikationsgesetz.

IMHO the trick is to put the effort into serialiser/parser pairs mapping from "lingua franka" to binary. Same plattforms may negotiate on binary formats, while plattform changes pay the cost of translation for compatibility. None is locked out.

http://www.lmnl.org/,http://www.w3.org/TR/wbxml/ (more efficient binary encoding)

XPath

TODO

The xpath parser (mechanism/notation/xpath.scm) does not yet fit to the SXPath engine in mechanism/tree.scm. Two reasons: a) the parser provides more information than SXPath can deal with, b) see the SXML mailing list, I remember a problem, where SXPath can't deal some namespace problem c) maybe it's not really desirable, those DSSSL function are much more efficient.

http://www.w3.org/TR/2003/WD-xquery-semantics-20030822/

The implementation is still sketchy/prototypical because it was intented to use the same evaluator as for the (also sketchy) XSLT implemenation. However that requires some query rewriting (as reported to be detailed in http://www.pms.informatik.uni-muenchen.de/publikationen/PMS-FB/PMS-FB-2004-1.pdf - 2004-05-07 file missing on server). It appears to be the case that not all xpath queries can be rewritten in a forward only style, therefore we will likely need two distinct evaluators.

XSL

XSLT

XSL-FO

fop
http://www.jfor.org/

XSLT

http://www.w3.org/Style/XSL/http://www.w3.org/TR/xslt

A XSLT transformation can be understood as a function:

result=function(input)

result

generated document (XML, html, plain text or other format)

input

any XML document

function

transformation function denoted in XSLT

Xslt is somehow a successor of DSSSL and there http://www.topxml.com/xsl/articles/fp/ is an Article, which shows that it really is a FunctionalProgramming language. Btw: the length of the examples there suggests somehow, that it was the right decision to provide DSSSL as well and aim at more languages. Philip Wadler has formal approachs to xslt, xquery, xml schema etc: http://citeseerx.ist.psu.edu/viewdoc/summary;jsessionid=11D02BA36D6A9AADDB65C51608DB1E24?cid=107132 also http://lambda-the-ultimate.org/node/view/459 and some more xquery http://lambda-the-ultimate.org/node/view/456 . C. J. Bex, S. Maneth, F. Neven: A Formal Model for an Expressive Fragment of xslt.

Note: http://www.geocities.com/SiliconValley/Monitor/7464/emacs/xslt-process/

XSLT C library for Gnome: http://xmlsoft.org/XSLT/

http://www.exslt.org/

XSLT 2.0 http://www.xml.com/pub/a/2002/04/10/xslt2.html

benchmark: http://www.datapower.com/XSLTMark/

The implementation is sketchy/prototypical. It was derived from an approach to transform SGML documents using only stream transformers (first implementation in jfw, sdc 1993; Caveat in ball those stream are eventually implemented as Scheme lists to ease implementation of the xml data base using the rscheme persistant store. But that's not really relevant and will be changed.). That approach has the advantage of lazyness and efficiency on the expense of a more complicated implementation since chained and intermixed transformers have to be compiled on the fly. The approach has been detailed in http://www.pms.informatik.uni-muenchen.de/publikationen/PMS-FB/PMS-FB-2004-1.pdf

XSLTimplementationin

XSLTMethodExamples

Method Overview

These examples introduce the use of three basic virtual machines as they come with Askemos. The initial setup process installs the corresponding ActionDocument's under public, public/private and public/xslt-method.

public

The public method rejects all modification requests implementing an invariant. Upon read requests the data is delivered a It is most suited for replication as there are no update problems possible. As it is an invariant it's used to base the system protection on it.

private

This is the opposite of a public place. It allow (minus insufficient permissions) to change the data, content type and even the DublinCore slots date and creator. Hence it's practical, but not suited for documents in the legal sense.

xslt-method

The xslt-method evaluates the stylesheet at the place to produce outgoing signals and new state (see CoreAPI). This method is always reflective, as the state includes the xslt program code, and there is no way to get around it if the code at the place doesn't have special support.^[1]

Note: the examples given here are stored in the place, which is linked as /stylelib in the repository created from the distribution. The links at this page go to the stylelib at askemos.org, because it's not possible to predict which oid that place will have in you installation. If you can find the overview here (depends on your setup, e. g., you installed the distribution and use it as user 'gonzo') then you can use the embedded forms. (also note that the formatting might be strange as described there).

Preface: Creating Places

The users login page has a form (inactive source here), which allows to fetch data from any addressable object (using a certain soap message body) and create a place from it. As distributed the form points into the stylelib sending a form to apply a template to extract just the code. The new place has public/xslt-method as ActionDocument. Usually you change these values to your needs.

Hello World

The inevitable hello world example: you simply write the html and create a place from that data.

This example is actually a bad example for the xslt method. It works, but using the evaluating xslt-method, is an overkill for invariant documents. Those documents are better created using the public method, which rejects all modifications

Sending Messages

The most simple example is send to self a test, which sends an empty message to the very same place. Another example is part of the simple rights management interface (all includes resolved here), find the reply here

Ownership Transfer

The well commented MoneyDemo (source) illustrates ownership transfer but give a lot of other hints.

Unfortune: it's not of much use until you have a few users already.

Reflexive Changing the document at place

Actualy it's not the best practice to use reflective techniques to keep track of state. But as a proof of concept that way was used quite a lot. The editor allows you to edit text in a web form or alternativle use the file upload (which let's you create non-xml (picture) content with ease.

The editor was one of the first apps ever written and sometimes it's referenced as "msged", where you can directly link it here:

See alsothis control as a striped down version focusing on variable modification.

Using the Clock

Note: the way the clock has to be configured is a temporary solution, which might change in future versions.

To use the system clock, assign the OID of the designated place to $clock-oid. The place will than receive signals. See this example how to make use of it. When it come to time, beware of pitfalls.

Using XSQL

The xsql test is a simple interface to send sql queries. See XSQL for preconditions to use it.

Using Perl compatible regular expressions

The pcre test is a simple interface to test Perl compatible regular expressions.

A more complex example

The basics of a web calendar.

XSQL

An XML namespace defined by http://www.oracle.com a technical note no longer available. It was at http://technet.oracle.com//tech/xml/xsql_servlet/htdocs/relnotes.htm but became a 404 / not found error over time. You see, that kind of breakage (missing objects which where there) ties Askemos to fight by design.

A good start can be found at http://download-west.oracle.com/otndoc/oracle9i/901_doc/appdev.901/a88894/adx10xsq.htm

For administrative details in Askemos and a short example see also the xsqlexample in the style lib.

Purpose: embedd SQL queries in XSLT style sheets.

XUL

http://www.xulplanet.com

YAML

Yaml Aint (Another) Markup Language

http://c2.com/cgi/wiki?YamlAintMarkupLanguage see also SOX and XML & RDF.

Zope