Group items matching

in title, tags, annotations or url

Basic Myograph for rings and strips 1 $7,385

Many animals use visual observations to decide whether to work with others.

humans are more cooperative when they sense they're being watched.

The feeling of being watched enhances cooperation, and so does the ability to watch others. To try to know what others are doing is a fundamental part of being human

Shame serves as a warning to adhere to group standards or be prepared for peer punishment. Many individualistic societies, however, have migrated away from peer punishment toward a third-party penal system

Shame has become less relevant in societies where taking the law into one's own hands is viewed as a breach of civility.

Many problems, like most concerning the environment, are group problems. Perhaps to solve these problems we need a group emotion. Maybe we need shame.

Guilt prevails in many social dilemmas

It is perhaps unsurprising that a set of tools has emerged to assuage this guilt

Guilt abounds in many situations where conservation is an issue.

The problem is that environmental guilt, though it may well lead to conspicuous ecoproducts, does not seem to elicit conspicuous results.

The positive effect of idealistic consumers does exist, but it is masked by the rising demand and numbers of other consumers.

Guilt is a valuable emotion, but it is felt by individuals and therefore motivates only individuals. Another drawback is that guilt is triggered by an existing value within an individual. If the value does not exist, there is no guilt and hence no action

Getting rid of shaming seems like a pretty good thing, especially in regulating individual behavior that does no harm to others. In eschewing public shaming, society has begun to rely more heavily on individual feelings of guilt to enhance cooperation.

five thousand years ago, there arose another tool: writing

Judges in various states issue shaming punishments,

shaming by the state conflicts with the law's obligation to protect citizens from insults to their dignity.

What if government is not involved in the shaming?

Is this a fair use of shaming? Is it effective?

Shaming might work to change behavior in these cases, but in a world of urgent, large-scale problems, changing individual behavior is insignificant

vertical agitation

Guilt cannot work at the institutional level, since it is evoked by individual scruples, which vary widely

But shame is not evoked by scruples alone; since it's a public sentiment, it also affects reputation, which is important to an institution.

corporate brand reputation outranked financial performance as the most important measure of success

shame and reputation interact

in our early evolution we could gauge cooperation only firsthand

Shaming, as noted, is unwelcome in regulating personal conduct that doesn't harm others. But what about shaming conduct that does harm others?

why we learned to speak.1

Language

The need to accommodate the increasing number of social connections and monitor one another could be

allowed for gossip, a vector of social information.

in cooperation games that allowed players to gossip about one another's performance, positive gossip resulted in higher cooperation.

Of even greater interest, gossip affected the players' perceptions of others even when they had access to firsthand information.

Human society today is so big that its dimensions have outgrown our brains.

What tool could help us gossip in a group this size?

We can use computers to simulate some of the intimacy of tribal life, but we need humans to evoke the shame that leads to cooperation. The emergence of new tools— language, writing, the Internet—cannot completely replace the eyes. Face-to-face interactions, such as those outside Trader Joe's stores, are still the most impressive form of dissent.

what is stopping shame from catalyzing social change? I see three main drawbacks:

Today's world is rife with ephemeral, or "one-off," interactions.

Research shows, however, that if people know they will interact again, cooperation improves

Shame works better if the potential for future interaction is high

In a world of one-off interactions, we can try to compensate for anonymity with an image score,

which sends a signal to the group about an individual's or institution's degree of cooperation.

Today's world allows for amorphous identities

It's hard to keep track of who cooperates and who doesn't, especially if it's institutions you're monitoring

Shaming's biggest drawback is its insufficiency.

Some people have no shame

shame does not always encourage cooperation from players who are least cooperative

a certain fraction of a given population will always behave shamelessly

if the payoff is high enough

There was even speculation that publishing individual bankers' bonuses would lead to banker jealousy, not shame

shame is not enough to catalyze major social change

This is why punishment remains imperative.

Even if shaming were enough to bring the behavior of most people into line, governments need a system of punishment to protect the group from the least cooperative players.

Today we are faced with the additional challenge of balancing human interests and the interests of nonhuman life.

Yet by 2007 the product was such a failure that Michelin had to abandon it.

The company hadn’t confronted the entire ecosystem the tire would rely on

conversion costs

expensive new equipment

legal challenges

Mastery of the ecosystem is the great strength that made Apple the supreme success story of our time,

The iPod

a beginning ecosystem that Jobs enlarged by introducing the iTunes Music Store.

the ecosystem further by opening up the Mac-only device to PC users.

In a world where mobile phone makers sold their devices to operators to sell to consumers, Jobs had such a powerful ecosystem that he could get operators to compete to partner with him: “And here was Apple, offering not just exclusive access to the most talked-about phone in history, but also exclusive access to Apple consumers—the most desirable customer segment imaginable

How do you take the measure of the ecosystem that your innovation will need to be part of and rely on? How do you not miss the blind spots that can lurk almost anywhere?

three main steps to take.

There are terrible pitfalls in the usual progression from prototype to pilot to rollout. It relies perilously on getting everything right from the very start. Often a far wiser and safer approach can be what Adner calls a “minimum viable footprint (MVF) rollout followed by a staged expansion.” In other words, start with a complete ecosystem, but a limited one.

Geographical access control may be enforced by personnel (e.g., border guard, bouncer, ticket checker)

n alternative of access control in the strict sense (physically controlling access itself) is a system of checking authorized presence, see e.g. Ticket controller (transportation). A variant is exit control, e.g. of a shop (checkout) or a country

access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons

can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through technological means such as access control systems like the mantrap.

Physical access control is a matter of who, where, and when

Historically, this was partially accomplished through keys and locks. When a door is locked, only someone with a key can enter through the door, depending on how the lock is configured. Mechanical locks and keys do not allow restriction of the key holder to specific times or dates. Mechanical locks and keys do not provide records of the key used on any specific door, and the keys can be easily copied or transferred to an unauthorized person. When a mechanical key is lost or the key holder is no longer authorized to use the protected area, the locks must be re-keyed.[citation needed] Electronic access control uses computers to solve the limitations of mechanical locks and keys. A wide range of credentials can be used to replace mechanical keys. The electronic access control system grants access based on the credential presented. When access is granted, the door is unlocked for a predetermined time and the transaction is recorded. When access is refused, the door remains locked and the attempted access is recorded. The system will also monitor the door and alarm if the door is forced open or held open too long after being unlocked

Credential

Access control system operation

The above description illustrates a single factor transaction. Credentials can be passed around, thus subverting the access control list. For example, Alice has access rights to the server room, but Bob does not. Alice either gives Bob her credential, or Bob takes it; he now has access to the server room. To prevent this, two-factor authentication can be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted; another factor can be a PIN, a second credential, operator intervention, or a biometric input

There are three types (factors) of authenticating information:[2] something the user knows, e.g. a password, pass-phrase or PIN something the user has, such as smart card or a key fob something the user is, such as fingerprint, verified by biometric measurement

Passwords are a common means of verifying a user's identity before access is given to information systems. In addition, a fourth factor of authentication is now recognized: someone you know, whereby another person who knows you can provide a human element of authentication in situations where systems have been set up to allow for such scenarios

When a credential is presented to a reader, the reader sends the credential’s information, usually a number, to a control panel, a highly reliable processor. The control panel compares the credential's number to an access control list, grants or denies the presented request, and sends a transaction log to a database. When access is denied based on the access control list, the door remains locked.

A credential is a physical/tangible object, a piece of knowledge, or a facet of a person's physical being, that enables an individual access to a given physical facility or computer-based information system. Typically, credentials can be something a person knows (such as a number or PIN), something they have (such as an access badge), something they are (such as a biometric feature) or some combination of these items. This is known as multi-factor authentication. The typical credential is an access card or key-fob, and newer software can also turn users' smartphones into access devices.

An access control point, which can be a door, turnstile, parking gate, elevator, or other physical barrier, where granting access can be electronically controlled. Typically, the access point is a door. An electronic access control door can contain several elements. At its most basic, there is a stand-alone electric lock. The lock is unlocked by an operator with a switch. To automate this, operator intervention is replaced by a reader. The reader could be a keypad where a code is entered, it could be a card reader, or it could be a biometric reader. Readers do not usually make an access decision, but send a card number to an access control panel that verifies the number against an access list

monitor the door position

Generally only entry is controlled, and exit is uncontrolled. In cases where exit is also controlled, a second reader is used on the opposite side of the door. In cases where exit is not controlled, free exit, a device called a request-to-exit (REX) is used. Request-to-exit devices can be a push-button or a motion detector. When the button is pushed, or the motion detector detects motion at the door, the door alarm is temporarily ignored while the door is opened. Exiting a door without having to electrically unlock the door is called mechanical free egress. This is an important safety feature. In cases where the lock must be electrically unlocked on exit, the request-to-exit device also unlocks the doo

Access control topology

Access control decisions are made by comparing the credential to an access control list. This look-up can be done by a host or server, by an access control panel, or by a reader. The development of access control systems has seen a steady push of the look-up out from a central host to the edge of the system, or the reader. The predominant topology circa 2009 is hub and spoke with a control panel as the hub, and the readers as the spokes. The look-up and control functions are by the control panel. The spokes communicate through a serial connection; usually RS-485. Some manufactures are pushing the decision making to the edge by placing a controller at the door. The controllers are IP enabled, and connect to a host and database using standard networks

Access control readers may be classified by the functions they are able to perform

and forward it to a control panel.

Basic (non-intelligent) readers: simply read

Semi-intelligent readers: have all inputs and outputs necessary to control door hardware (lock, door contact, exit button), but do not make any access decisions. When a user presents a card or enters a PIN, the reader sends information to the main controller, and waits for its response. If the connection to the main controller is interrupted, such readers stop working, or function in a degraded mode. Usually semi-intelligent readers are connected to a control panel via an RS-485 bus.

Intelligent readers: have all inputs and outputs necessary to control door hardware; they also have memory and processing power necessary to make access decisions independently. Like semi-intelligent readers, they are connected to a control panel via an RS-485 bus. The control panel sends configuration updates, and retrieves events from the readers.

Systems with IP readers usually do not have traditional control panels, and readers communicate directly to a PC that acts as a host

a built in webservice to make it user friendly

Some readers may have additional features such as an LCD and function buttons for data collection purposes (i.e. clock-in/clock-out events for attendance reports), camera/speaker/microphone for intercom, and smart card read/write support

Open Network

If scientific administrators aspire to accelerate innovation by encouraging team science, they must address this issue. Our university system should reward scientists who are honest and fair in their dealings with fellow investigators.  Specific protocols for guiding research and managing disagreements must be designed. Accurate laboratory records should reflect appropriate credit, and websites sponsored by international scientific organizations should be similarly designed to display accurate attribution of preliminary scientific discoveries. In addition, journals could post final drafts of papers before publication, allowing anonymous comments during a probationary period. If a substantive objection arises, the journal should require revisions or even reject the paper.

A broad statement of the key idea of smart contracts, then, is to say that contracts should be embedded in the world.

And where the vending machine, like electronic mail, implements an asynchronous protocol between the vending company and the customer, some smart contracts entail multiple synchronous steps between two or more parties

POS (Point of Sale)

EDI (Electronic Data Interchange

SWIFT

allocation of public network bandwidth via automated auctions

Smart contracts reference that property in a dynamic, proactively enforced form, and provide much better observation and verification where proactive measures must fall short.

The mechanisms of the world should be structured in such a way as to make the contracts (a) robust against naive vandalism, and (b) robust against sophisticated, incentive compatible (rational) breach.

A third category, (c) sophisticated vandalism (where the vandals can and are willing to sacrifice substantial resources), for example a military attack by third parties, is of a special and difficult kind that doesn't often arise in typical contracting, so that we can place it in a separate category and ignore it here.

The threat of physical force is an obvious way to embed a contract in the world -- have a judicial system decide what physical steps are to be taken out by an enforcement agency (including arrest, confiscation of property, etc.) in response to a breach of contract

It is what I call a reactive form of security.

The need to invoke reactive security can be minimized, but not eliminated, by making contractual arrangements verifiable

Observation of a contract in progress, in order to detect the first sign of breach and minimize losses, also is a reactive form of security

A proactive form of security is a physical mechanism that makes breach expensive

From common law, economic theory, and contractual conditions often found in practice, we can distill four basic objectives of contract design

observability

The disciplines of auditing and investigation roughly correspond with verification of contract performance

verifiability

The field of accounting is, roughly speaking, primarily concerned with making contracts an organization is involved in more observable

privity

This is a generalization of the common law principle of contract privity, which states that third parties, other than the designated arbitrators and intermediaries, should have no say in the enforcement of a contract

The field of security (especially, for smart contracts, computer and network security), roughly corresponds to the goal of privity.

enforceability

Reputation, built-in incentives, "self-enforcing" protocols, and verifiability can all play a strong part in meeting the fourth objective

Smart contracts often involve trusted third parties, exemplified by an intermediary, who is involved in the performance, and an arbitrator, who is invoked to resolve disputes arising out of performance (or lack thereof)

In smart contract design we want to get the most out of intermediaries and arbitrators, while minimizing exposure to them

Legal barriers are the most severe cost of doing business across many jurisdictions. Smart contracts can cut through this Gordian knot of jurisdictions

Where smart contracts can increase privity, they can decrease vulnerability to capricious jurisdictions

Secret sharing

The field of Electronic Data Interchange (EDI), in which elements of traditional business transactions (invoices, receipts, etc.) are exchanged electronically, sometimes including encryption and digital signature capabilities, can be viewed as a primitive forerunner to smart contracts

One important task of smart contracts, that has been largely overlooked by traditional EDI, is critical to "the meeting of the minds" that is at the heart of a contract: communicating the semantics of the protocols to the parties involved

There is ample opportunity in smart contracts for "smart fine print": actions taken by the software hidden from a party to the transaction.

Thus, via hidden action of the software, the customer is giving away information they might consider valuable or confidential, but the contract has been drafted, and transaction has been designed, in such a way as to hide those important parts of that transaction from the customer.

To properly communicate transaction semantics, we need good visual metaphors for the elements of the contract. These would hide the details of the protocol without surrendering control over the knowledge and execution of contract terms

Protocols based on mathematics, called cryptographic protocols, tre the basic building blocks that implement the improved tradeoffs between observability, verifiability, privity, and enforceability in smart contracts

secret key cryptography,

Public key cryptography

digital signatures

blind signature

Where smart contracts can increase observability or verifiability, they can decrease dependence on these obscure local legal codes and enforcement traditions

zero-knowledge interactive proof

digital mix

Keys are not necessarily tied to identities, and the task of doing such binding turns out to be more difficult than at first glance.

All public key operation are are done inside an unreadable hardware board on a machine with a very narrow serial-line connection (ie, it carries only a simple single-use protocol with well-verified security) to a dedicated firewall. Such a board is available, for example, from Kryptor, and I believe Viacrypt may also have a PGP-compatable board. This is economical for central sites, but may be less practical for normal users. Besides better security, it has the added advantage that hardware speeds up the public key computations.

If Mallet's capability is to physically sieze the machine, a weaker form of key protection will suffice. The trick is to hold the keys in volatile memory.

The data is still vulnerable to a "rubber hose attack" where the owner is coerced into revealing the hidden keys. Protection against rubber hose attacks might require some form of Shamir secret sharing which splits the keys between diverse phgsical sites.

How does Alice know she has Bob's key? Who, indeed, can be the parties to a smart contract? Can they be defined just by their keys? Do we need biometrics (such as autographs, typed-in passwords, retina scans, etc.)?

The public key cryptography software package "Pretty Good Privacy" (PGP) uses a model called "the web of trust". Alice chooses introducers whom she trusts to properly identify the map between other people and their public keys. PGP takes it from there, automatically validating any other keys that have been signed by Alice's designated introducers.

1) Does the key actually belong to whom it appears to belong? In other words, has it been certified with a trusted signature?

2) Does it belong to an introducers, someone you can trust to certify other keys?

3) Does the key belong to someone you can trust to introduce other introducers? PGP confuses this with criterion (2). It is not clear that any single person has enough judgement to properly undertake task (3), nor has a reasonable institution been proposed that will do so. This is one of the unsolved problems in smart contracts.

PGP also can be given trust ratings and programmed to compute a weighted score of validity-- for example, two marginally trusted signatures might be considered as credible as one fully trusted signature

Notaries Public Two different acts are often called "notarization". The first is simply where one swears to the truth of some affidavit before a notary or some other officer entitled to take oaths. This does not require the notary to know who the affiant is. The second act is when someone "acknowledges" before a notary that he has executed a document as ``his own act and deed.'' This second act requires the notary to know the person making the acknowledgment.

"Identity" is hardly the only thing we might want map to a key. After all, physical keys we use for our house, car, etc. are not necessarily tied to our identity -- we can loan them to trusted friends and relatives, make copies of them, etc. Indeed, in cyberspace we might create "virtual personae" to reflect such multi-person relationships, or in contrast to reflect different parts of our personality that we do not want others to link. Here is a possible classification scheme for virtual personae, pedagogically presented:

A nym is an identifier that links only a small amount of related information about a person, usually that information deemed by the nym holder to be relevant to a particular organization or community

A nym may gain reputation within its community.

With Chaumian credentials, a nym can take advantage of the positive credentials of the holder's other nyms, as provably linked by the is-a-person credential

A true name is an identifier that links many different kinds of information about an person, such as a full birth name or social security number

As in magick, knowing a true name can confer tremendous power to one's enemies

A persona is any perstient pattern of behavior, along with consistently grouped information such as key(s), name(s), network address(es), writing style, and services provided

A reputable name is a nym or true name that has a good reputation, usually because it carries many positive credentials, has a good credit rating, or is otherwise highly regarded

Reputable names can be difficult to transfer between parties, because reputation assumes persistence of behavior, but such transfer can sometimes occur (for example, the sale of brand names between companies).

Blind signatures can be used to construct digital bearer instruments, objects identified by a unique key, and issued, cleared, and redeemed by a clearing agent.

The clearing agent prevents multiple clearing of particular objects, but can be prevented from linking particular objects one or both of the clearing nyms who transferred that object

These instruments come in an "online" variety, cleared during every transfer, and thus both verifiable and observable, and an "offline" variety, which can be transfered without being cleared, but is only verifiable when finally cleared, by revealing any the clearing nym of any intermediate holder who transfered the object multiple times (a breach of contract).

To implement a full transaction of payment for services, we need more than just the digital cash protocol; we need a protocol that guarantees that service will be rendered if payment is made, and vice versa

A credential is a claim made by one party about another. A positive credential is one the second party would prefer to reveal, such as a degree from a prestigious school, while that party would prefer not to reveal a negative credential such as a bad credit rating.

A Chaumian credential is a cryptographic protocol for proving one possesses claims made about onself by other nyms, without revealing linkages between those nyms. It's based around the is-a-person credential the true name credential, used to prove the linkage of otherwise unlinkable nyms, and to prevent the transfer of nyms between parties.

Another form of credential is bearer credential, a digital bearer instrument where the object is a credential. Here the second party in the claim refers to any bearer -- the claim is tied only to the reputable name of issuing organization, not to the nym or true name of the party holding the credential.

Smart Property We can extend the concept of smart contracts to property. Smart property might be created by embedding smart contracts in physical objects. These embedded protocols would automatically give control of the keys for operating the property to the party who rightfully owns that property, based on the terms of the contract. For example, a car might be rendered inoperable unless the proper challenge-response protocol is completed with its rightful owner, preventing theft. If a loan was taken out to buy that car, and the owner failed to make payments, the smart contract could automatically invoke a lien, which returns control of the car keys to the bank. This "smart lien" might be much cheaper and more effective than a repo man. Also needed is a protocol to provably remove the lien when the loan has been paid off, as well as hardship and operational exceptions. For example, it would be rude to revoke operation of the car while it's doing 75 down the freeway.

Smart property is software or physical devices with the desired characteristics of ownership embedded into them; for example devices that can be rendered of far less value to parties who lack possesion of a key, as demonstrated via a zero knowledge interactive proof

One method of implementing smart property is thru operation necessary data (OND): data necessary to the operation of smart property.

A smart lien is the sharing of a smart property between parties, usually two parties called the owner and the lienholder.

Many parties, especially new entrants, may lack this reputation capital, and will thus need to be able to share their property with the bank via secure liens

What about extending the concept of contract to cover agreement to a prearranged set of tort laws? These tort laws would be defined by contracts between private arbitration and enforcement agencies, while customers would have a choice of jurisdictions in this system of free-market "governments".

If these privately practiced law organizations (PPLs for short) bear ultimate responsibility for the criminal activities of their customers, or need to insure lack of defection or future payments on the part of customers, they may in turn ask for liens against their customers, either in with contractual terms allowing arrest of customers under certain conditions

Other important areas of liability include consumer liability and property damage (including pollution). There need to mechanisms so that, for example, pollution damage to others' persons or property can be assessed, and liens should exist so that the polluter can be properly charged and the victims paid. Where pollution is quantifiable, as with SO2 emissions, markets can be set up to trade emission rights. The PPLs would have liens in place to monitor their customer's emissions and assess fees where emission rights have been exceeded.