EOF - Driving Markets from Our Own Kernels
At the Internet Identity Workshop (IIW) a couple months ago, I sat at a table where a couple guys discussed whether certain code belonged in kernel space or user space. I missed the details, but it seemed meaningful to me that the IIW is a workshop for developers of user-centric identity management systems. All the IDM (identity management) communities represented at IIW—OpenID, Higgins, CardSpace, OSIS, Oauth, ClaimID, Bandit, Liberty and so on—grew out of the need for users to be in control of their identity-based relationships, rather than to be controlled within the walls of “relationships” defined by the kind of “identity providers” whose cards fill our wallets.
Later it occurred to me that there's a similar distinction between our own kernel and user spaces—that is, between the core capabilities we bring to the world and the way those capabilities are put to use, especially in the marketplace.
Think for a minute about how clothing works in a society. In a way, it drives how we work in the world. Whether practical or merely symbolic, our clothing qualifies us to fly a commercial airplane, argue a case before a judge, rivet girders in a high-rise, look presentable in a business meeting or geek-out amongst fellow engineers.
Now, think about how wallets work. They not only carry currency, but various forms of identification as well. These, however, differ from clothing in one important way: nearly all forms of identification are provided for us by outside organizations. This goes for our driver's licenses, our credit and debit cards, our membership cards and insurance cards. In terms of clothing, these cards are little rectangular uniforms. So, even if they have our names on them, they are not ours. They are issued, and belong to, entities outside ourselves—entities that enable but also control and restrict how we deal with a range of uses.
Except for sole-proprietor business cards, none of the rectangles in our wallets are ours. Yet, they contain the means by which we perform in the marketplace. Here's another way of looking at it: the cards in our wallets are like proprietary drivers in our kernels.
What would happen if we had our own relationship drivers inside our own kernels? These drivers would not be written and provided by outsiders as ways of driving us as customers and citizens, but rather written for us (and by us) as ways we can drive relationships with governments, retailers, health-care providers, service organizations and other entities that could actually benefit by not having to control everything.
For example, we could have “preference drivers” that express market logic, such as, “If I'm calling for tech support, then you can't give me a promotional message.” We might even add an incentive, such as, “And I'll pay you $.50 for getting me to a human being in less than a minute.”
We could have “request drivers” that support the expression of demand for goods and services, such as, “We need a stroller for twins, sometime in the next five hours, from any retailer within five miles of Highway 70 between Salina and Kansas City.”
We could have “trust drivers” that support the expression of our own usage and license agreements. These could say, “Here's all you need to know to trust me, with automated links to one or more verifying trust-assurance organizations, so we can both be spared any wasted effort.” These could selectively disclose relevant memberships, credit worthiness, past dealings and so on—all on a need-to-know basis, without requiring us to fill out forms or even reveal our names.
These kinds of blue-sky scenarios are prevented only by business defaults set to regard the customer as a dependent and subordinate entity rather than an independent and equal one. Preserving this kind of caste system traditionally has been seen as a business requirement, but it's not. Free customers can be a lot more valuable than enslaved ones.
So, why aren't we free? Why are we dependent variables instead of independent ones? Because markets are programmed and driven by vendors and other large organizations that treat us as devices to be driven, rather than the drivers in our own right. Or, in tech terms, they pack us full of proprietary drivers that enforce dependency and wear blinders to the benefits of customer independence.
Customers need to drive and not just be driven. We don't yet know what forms the driving code will take, but there's a hole where it should go, and it's in ourselves—or in the layer of code and protocols by which we address the connected world. This is a huge frontier, and so is the huge new market that will open for commercial facilitators of customer independence.
The need for a self-hack was highlighted nicely by Facebook when it launched its “Beacon” advertising system last November. As I write this, Facebook has attracted more than 55 million users (not customers, or the company might be more accountable to them) into its walled garden. Everything went fine until Facebook found ways to track, expose and monetize users' relationships, by following and in some cases exposing the crumb trails they leave on the Web. A great cry went up, much news was made, and Facebook made adjustments that I'm sure it's still tweaking as you read this.
But, nothing it does will change the basic problem, which is a lack of native power on the users' side. So, in that absence, all the rules for relating to, and within, Facebook are controlled by the company. This is the way things have been for every B2C company, since the dawn of the Required Agreement.
Does it have to be this way? No. We don't need Required Agreements any more than we need proprietary operating systems and software. Relationships should be mutually respectful and agreeable. Much more will get done that way, more cheaply, with much better code and much less wasted effort.
So, to sum up, we won't have market relationships worthy of the label until market space becomes user space. Until then, the markets we call “free” will still too often consist of “your choice of walled garden”.
We've broken out of that conceptual trap before. We can do it again.
Doc Searls is Senior Editor of Linux Journal. He is also a Visiting Scholar at the University of California at Santa Barbara and a Fellow with the Berkman Center for Internet and Society at Harvard University.
Doc Searls is Senior Editor of Linux Journal
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- Open-Source Project Secretly Funded by CIA
- BitTorrent Inc.'s Sync
- New Container Image Standard Promises More Portable Apps
- The Death of RoboVM
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide