Setup a private DropBox for you and your friends

Expel Big Brother from your life with Phosphorus Five

One of the really kick-ass features of Phosphorus Five is its Sulphur Five application. Sulphur Five is a secure web file sharing system, that allows you to share your files, with your colleagues and/or friends, securely and private. Combined with the Peeples module, this allows you to create as many user accounts in the system as you wish, and have all of these users, securely and privately, share files with each other, as they see fit. Basically no espionage, no “big brother”, and only you and your friends will ever know what you’re sharing, and with whom you are sharing it with.

Interested in hearing more about this? I can set it up for you, such that you basically just pay my fee, and after a couple of hours, you can start using your own private and secure DropBox. If you’re interested in hearing more about this, shoot me an email using the form below.

Advertisements

Home Cloud Systems

Imagine if you could simply keep your laptop on, create a simple firewall/router rule, forwarding 443 port requests to your laptop, and have your own private web server, in your home. Basically, your own personal home cloud system. What would this do for you?

Well, you don’t need to imagine, because I have imagined this for almost 10 years! And I am soon ready to release it into the public domain, for the main stream market. Allowing anyone to simply install a simple “app”, which actually turns your laptop into a web server, allowing you to reach it from where ever you are in this world – Assuming you’ve got a static IP address in your home.

It’s called privacy, because it’s yours!

Cyber Security, the canary bird in the coal mine oath

An extremely large portion of big software companies and projects today, are being coerced into cooperating with intelligence organisations, to consciously create backdoors into their software, which these intelligence organisations can utilise to gain access to these same systems. As the WikiLeaks Vault7 revelations showed us, this is the by far most important security threat in the world today, since these same backdoors can be used by other organisations. So regardless of whether or not you think for instance the CIA and/or NSA has a right to access your data, which I don’t for the record – This creates backdoors in your IT infrastructure, that other organisations can use to break into these same systems, ipso facto potentially giving Al Qaeda or ISIS access to read your private email, or spy on your wife as she is undressing in your bedroom, which is an actual example taken from the “Weeping Angel” project.

When a software vendor is coerced into cooperating with a government organisation to create such backdoors, they’re always also coerced into signing an NDA, or a non-disclosure agreement, where they’ll have to promise to never publicly speak about these backdoors. These NDAs often has wording such as “if you disclose this agreement to the public, you will be criminally prosecuted, risking life in prison”.

Paradoxically, this simple trait of these NDAs, can be utilised to your advantage. Simply since even though you’re not allowed to speak about such things after it occurs, nothing legally stops you speaking about it before it occurs!

The “canary bird in the coal mine” trick is based upon this simple fact. It is basically a sworn oath you can easily give your customers, that you have not created backdoors in your system, or been contacted and coerced into creating such backdoors. Since they (CIA and NSA etc) can legally force you to signing an NDA when they coerce you to create such backdoors, but not force you (legally) to lie under oath, you can use this simple trait to create a sworn oath, that you have not done such a thing.

And even if they could coerce you into lying under oath, they can still not coerce you into lying convincingly, such that a good psychologists, and/or human behavioural expert would catch your lie. Hence, such an oath, should clearly show the important parts of your body, in a high resolution video, allowing for a psychologist to analyse the video, if necessary.

Every time you later create an update to your software product, or a new version, your customers would expect you to create another such sworn oath for its updated version. If no such sworn oath is released, your customers can basically assume your system has been compromised, by you having been coerced into creating such backdoors. Especially if you’re not willing to give such a sworn oath if asked.

This creates a “canary bird in the coal mine” situation, where once the bird stops singing, its users should abandon the product. And only if another new sworn oath is given by the software vendor, they should upgrade their existing systems. Below is my first such oath, hopefully in a long range of similar oaths, promising that I have not consciously created such backdoors in Phosphorus Five, and/or its related products.

Unless your software vendor is willing to give you similar guarantees, such as I give in the above video, you should not trust it, assuming there are backdoors in the system. Simply since the vendor is not allowed to talk about such backdoors if they exist, while at the same time are also incriminating themselves if they create a sworn oath about that such backdoors do not exists, while such backdoors actually do exist!

Hence, a software vendor who have such a collaboration, and have consciously created such backdoors, might be criminally prosecuted if he or she creates such a sworn oath, and his testimonial is a lie!

I would like to encourage you to demand from your software vendor, that unless he or she is willing to create a similar oath, to the one I gave you above – You will leave your vendor, and find alternative systems and/or vendors. This allows you to “smoke out the Judas” in your IT infrastructure, without forcing anyone to break the law.

Send a link to this article/video to your local software vendor, and demand of him to sing, under the threat of that unless he does, you will leave his products. Then let the world know if your software vendor was not willing to give such an oath! Send a link to your local software vendor, on e.g. Twitter or something, and demand of him to sing!

You should never use a software product, unless your vendor is willing to give you a similar oath, as I gave you in the above video!!

Edit – I sent a link to this article to Brendan Eich on Twitter, and he immediately responded with a reply I’ll accept. Brendan Eich is the inventor of JavaScript, and a titan developer over at Mozilla. Today he’s working on the “Brave” browser, which is a really interesting project. If Brendan Eich can do it, so can you 😉

Phosphorus Five, Zeus – Developer’s preview release

I’ve been known to use big words, sometimes when they were not valid – However, this is truly exiting stuff! Phosphorus Five is now a fully fledged “web operating system”, with its own native App Store (the Bazar), and allows for a ridiculously easy (and secure) distribution model for your apps.

In addition, I can host your apps for you, in my Bazar, for a fee. But if you’d like to setup your own Bazar, this is as easy as changing a single URL, and creating your own private PGP key. At which point, all users of your software, could have an automatic distribution, download and installation process, of whatever apps you choose to host, in your own personal Bazar. Basically, yup – I’ve created an Open Source and Free Software “AppStore”, which you don’t even need your own server to freakin’ host yourself! 😀

If you’d like to test out the latest Zeus release, and its associated Bazar, feel free to download it here. Please notice two things though.

  • This is a developer’s preview BETA release, not intended for the general public.
  • I might choose to change things and implementation details, meaning if you’d like to start creating stuff, be aware of that some features might change in the final stable release.

To put the importance of this release into context, realise that you only have to download Phosphorus Five, and once it starts up, it will show you a “desktop”, with your installed apps. The first time you start it, this desktop will be initially empty, allowing you to open the Bazar. When you open the Bazar, you can download and install Sephia Five, automatically, within a cryptographically secure context, ensuring you’re not installing malicious code into your system. Below is a screenshot of how the Bazar will look like, during installation of Sephia Five.

For the record, you can still use Phosphorus Five together with System42, since during startup, if System42 is installed, it will “override” the main desktop logic. However, I would encourage you to at the very least check out how the environment looks like, when you only install Phosphorus Five. You can also get entirely rid of the main “desktop”, by simply deleting the “desktop” and “bazar” folders, and create your own [p5.web.load-ui] hook, at which point you’d have a completely empty system, allowing you to create your app(s) entirely from scratch, completely bypassing these features.

I’ll create some videos demonstrating this over the next couple of days, but believe me, you should be exited about this!! 😀

In addition, I have started a new tradition as of today, which you can basically see in the YouTube video below. Basically, if I create a release in the future, and I am not giving you the same sworn testimonial as I do in the video below, you should assume that P5 has been compromised, and that it contains consciously created backdoors, which I have been coerced into creating, on behalf of some intelligence organisation.

Bazar rules of engagement

First things first, the Bazar rules of Phosphorus Five, is probably the by far most Nazi rules you have ever encountered in an app store. For instance, I do reserve the rights to not publish your app, simply because it’s Monday! I am in no ways obliged to giving you any explanation for why I choose to reject your app either, and I might choose to do so, simply because I “feel for doing it”. In my Bazar, I am “Der Fuhrer”. Don’t like my rules, feel free to fork my Bazar. It’s Free Software and Open Source after all!

Secondly, if you wish to let me distribute your app, through my Bazar, you’d better make sure it’s secure. Any data you retrieve from a source outside of your own app, should be both properly URL encoded before it’s rendered to the client, in addition to avoiding SQL injection attacks on everything that’s fetched remotely, including your user’s input data. In addition, I will as a general rule, not accept apps that in any ways seems to potentially violate my user’s privacy. Privacy is, after all, the by far most important USP in Phosphorus Five, and its eco-system. Hence, if you create as much as a single remote HTTP GET invocation from your app, to another location, outside of your own little app – Be aware of that this is probably in isolation, enough reasons for me to simply reject it, answering “Monday” as my reasons – Unless your reasoning for doing such, is so strong, and your arguments so sound, that I would allow you to convince me about that your reasons are valid, and accept it …

To put this Nazi regime into context, realise I even HTML encode data retrieved from my own Bazar, which actually is my own GitHub Phosphorus Five repository, before I display it to the user – To avoid HTML injection, by an adversary in the middle, among other things. In addition, I only accept apps that are cryptographically signed with my own private PGP key, and if you try to download another app, from another location, that’s not signed with my PGP key – It simply won’t work, unless you modify by hand your list of “trusted app distributors”. Phosphorus Five is a server system, and if security is compromised, this could potentially lead to a security hole, for thousands of users – Making an iPhone virus seem like a freakin’ fart in the park in comparison! Therefor, what might seem like Nazi regime app store rules, are actually necessary to protect my user’s privacy, and not allow them to unwillingly compromise their server/computer, by installing malicious code, that could potentially jeopardise their server/computer.

As a general rule, I only trust three things; God, PGP, and myself – In that order!

I also do not trust Google, Facebook, Twitter, or any other website out there – Regardless of how “popular” it is in main stream usage. A simple static Facebook image button, loaded from a URL outside of your user’s main root server, or a CDN request – Might be enough for me to reject your app, assuming it’s intruding my user’s privacy, by logging these requests on the server endpoint, from where you fetch your image(s), and/or CSS files!

When your app is to be distributed, or upgraded for that matter, I will demand to scrutinise its entire source code, line by line. When I have done so, and (maybe) accepted it, I will cryptographically sign your .zip file, with my own private PGP key, and allow you to host the zip file any ways you wish. Which of course implies that if the zip file have been tampered with, after I accepted it, it will be rejected during the installation process. Hence, if you choose to create an update for your app, the process starts all over again.

The technical process for allowing me to do this, is to simply send me your zip file, containing all of your code, embedded inside a folder inside of this zip file. Hint, simply zip your entire app’s folder. My email address is thomas@gaiasoul.com. If it is accepted, you can choose for yourself, if you wish to host the cryptographically signed “app manifest file” yourself, or allow me to host it for you. If you choose to host it yourself, you can probably easily setup a log of the number of downloads of your file on your own server, and such at least to some extent, have control over how many users are actually using your app. If you choose to let me host it, you’re simply going to have to trust me. Regardless, I promise you that I will send you 75% (minus PayPal commissions) of any revenue your app is generating, if it is a commercial/proprietary app. For the record, all developers participating in creating a proprietary app, needs a valid proprietary license of Phosphorus Five.

For the record, I will not sign any NDAs with you, as a general rule, before you let me see your source code. I promise though, that I will treat our communication confidential, and that I will not violate your intellectual property. If this is not enough for you, yet again, feel free to fork the P5 Bazar for yourself!

When you send me your app, send me a “manifest” of your app, which you can basically deduct the structure of, by looking at the “/bazar/configuration/apps.hl” file for the Phosphorus root Bazar. You’re allowed to embed one external image into this manifest, which allows you to log if you wish, on your own server, how many users are actually reading the description of your app. If you wish for me to host this image, I am perfectly fine with that, but I will not send you any reports about views or anything, simply since logistically doing such a thing, for potentially dozens, and even possibly thousands of apps, would simply not be possible for me!

Notice, I will also follow up on you, if your app is rejected, and give you feedback – Unless your app is so full of holes, that there is simply no reasons for me to believe you’ll ever be able to create a secure app, without me having to literally teach you coding, from the grounds up! At which point I’ll probably send you a “Monday” email …

Thirdly, make sure you know Hyperlambda well before you start out. You can learn Hyperlambda here for instance. And stay away from “my stuff”. Which implies that I expect you to properly namespace your events, code and files, such that naming collisions are highly unlikely to occur. For the moment, I do not accept code written in any other languages than Hyperlambda, which means that you’re gonna have to exclusively create your app, using nothing but Hyperlambda.

Document your code, excessively, as if it is written for a 5 year old child! And make sure you follow my coding standard. Which can kind of be deducted by scrutinising Sephia Five. Create extremely clean code, easily read by me, and/or the rest of the world. If I feel that your code is somehow not easily understood, I’ll probably send you an email, without a body, and the subject of “Monday”!

Your entire app must be confined to a single folder, which includes your CSS, resources, Hyperlambda, etc. And this folder must be uniquely named, with some intelligently namespace’d name, such as “sephia-five”. “Email” or “files” is *NOT* acceptable! Your app should feature an “uninstall.hl” file, allowing users to uninstall your app. This file is also necessary when your app is updated later, so this is crucial to avoid having “dead active events” laying around. See Sephia Five for an example of such a file. In fact, see Sephia Five for an example of literally everything mentioned in this article!

Now that all the Nazi stuff is explained, I wish you good luck, and would love to accept your app, if it is well written, preferably obey by the design GUI guide line rules, which I have not yet written, but which you can kind of deduct, by examining Sephia Five for yourself. For the record; No ads or marketing. This point is non-negotiable! And preferably, to increase the chances of having your app accepted, don’t even display a logo! And if you do, make it so tiny and small, that it is almost impossible to see! User’s of P5 really don’t care about the name of your company, and/or app – They simply want to get to their data, without being tackled, by huge banners and ads, or dancing bears. If you can’t obey by this, feel free to fork Phosphorus Five and setup your own Bazar! Also make sure you use as little resources as possible – Both on the server itself, in addition to bandwidth.

Phosphorus Five architectural challenges

Phosphorus Five has a couple of architectural challenges. First of all, for lots of users out there, it will simply appear to be an “alternative ‘desktop’ environment within their existing operating system”, allowing them to easily access their P5 apps, from within P5. It will for these people “feel” like a single user desktop type of application environment, and hence no multiple user types of solutions, or architectural design decisions seems to be necessary.

However, it also is a server (multi user) system at its core. This means that a lot of your users, will use it with potentially hundreds, and maybe even thousands of users, at the same time. Make sure your app is thread safe, make sure it works on all core operating systems (Mac OS X, Windows and Linux), and make sure the rendered HTML is standard compliant, and works on each device possible. Make also sure it uses as little bandwidth as possible, since some might want to bootstrap your app, over their local home servers, which often has “crappy bandwidth capacity”. Hundreds of KB of download for your app, is a sure way to get it rejected!

If you intend to create an app which has no value for a desktop type of environment (file sharing comes to mind), please make sure you explicitly explains this fact in your app’s manifest description, such that we don’t end up having some poor individual, pay thousands of dollars, for an app, that will never really add any value for him, since he’s using P5 simply as a desktop app “host”.

If you wish to discuss your ideas for your app with me, before you start coding, for such to reduce the likely-hood of that I reject your app – Feel free to toss me an email at thomas@gaiasoul.com, and explain the idea with a couple of paragraphs. Not too long though! I will not spend multiple emails talking to you, before you show me some code. Sorry, I’ve got better things to do, than to discuss “Fata Morgana” with people, who’ll never be able to deliver the goods. Prove to me that you can code, and that you can deliver though, and we can expand communication at that point …

If you treat security as priority #1, #2 and #3 – And you treat your customers as the Mother of God, and are insisting upon adding value for your customers, not interrupting them with ads and other “crapware”, and protecting their privacy with your life if necessary – You’re probably gonna do very well, and I wish you the best of luck! Just remember these 3 simple rules …

  1. Respect your users privacy
  2. Respect your users privacy
  3. Respect your users privacy!!!!
  4. Respect your users privacy!!!!!!!!!!!!!!!!!!!!!!!!!!!!

And you’ll probably be perfectly fine …

For the record, I do also allow you to distribute your app for a fee, commercially – However, if you’d like to create non-GPL code, you’ll need a proprietary license of Phosphorus Five. If you choose to do such a thing, please give me your app’s price, and I’ll setup a PayPal product page, which redirects the user’s to your cryptographically signed zip file once they’ve paid for it. I will send you a monthly report of how your app has been doing, as long as there is at least one purchase of your app, otherwise I won’t bother. This allows you to log downloads of your app, and for that matter reject any GET requests not being referred to by PayPal, giving you control over its download count, while I control the payment mechanisms.

If you choose to allow me to distribute your app for a fee, through my Bazar, I will charge 25% commission, sending you the rest of the money over PayPal, having you pay any PayPal transferring fees. For the record, I encourage you to charge at least 2-3 orders of magnitude more for your app, than what’s normal to pay for apps in Apple’s AppStore. The Bazar is not the place for thousands of free “flashlight apps”, not adding value to P5’s users in any ways. It is also not a place for games or ads. It is a place where P5’s users can go to get web server applications, that would somehow significantly improve their lives. Sephia Five for instance, is probably the by far most expensive email client in existence today, simply because it is worth it. While I at the same time give it away for free to individuals. And unless your app is worth it, you should probably find alternative distribution channels. And for God’s sake, don’t steal other people’s intellectual property. If I find you have violated the copyright of another individual and/or organisation, I will remove your app, for then to never talk with you again!

Notice, I also do not accept apps that contains unnecessary complex licensing regimes, or requires the user to type in license keys, etc, to make the app work. This implies that “piracy” will occur to some extent, and some will choose to use your app, without paying you – Even if it explicitly is created to be a commercial app, and you require users to pay you, before they install the app. I have attempted to reduce this is much as possible, by for instance never showing to the user himself the link to the cryptographically signed zip file, that contains your app. In addition, I physically delete the app’s cryptographically signed zip file after installation. This means that piracy becomes more difficult, but still, a seasoned hacker, could easily deduct the link to your file, download it manually, and distribute it to his friends. My theory though is, that as long as you provide actual value to your users, most will be happy to pay you to gain access to your app. If it shows that I am wrong in the future, and an extremely high amount of users are using “pirated versions”, I might choose to change this practice. However, no guarantees is given of this! Notice “extremely high percentage of piracy” implies more than 90%! Hackers were patching exe files back in the 80s, and it is simply impossible to guard against. Hence, creating all sorts of hoops and loops to defend against it, is meaningless anyways!

If you’d like to distribute an Open Source app through my Bazar, you’re more than welcome to do that too – However, the rules are still the same, implying Adolf Hitler Nazi rules! I will not accept an app which I feel is intruding my user’s privacy, just because it’s “Open Sauce”

Do what you love, love what you do, and treat your customer’s privacy religiously – And you’ll probably be just fine!

For the record, yet again, if you do not like my Nazi Bazar rules, you are more than welcome to fork Phosphorus Five, and create your own Bazar, with your own PGP key as a “trusted app distributor”, pointing to your own app declaration file(s). Just remember, that if you wish to distribute closed source applications using P5, you’ll still need a license for each developer participating in creating the code for an app you choose to distribute. And make sure all developers who have created apps you distribute in your Bazar are actually legally allowed to do so, by for instance demanding to see their PayPal receipt before you distribute their apps.

If I come across an app, which is being distributed as a proprietary app, and I know for a fact that this app’s developer does not have a valid proprietary license – I might choose to simply distribute the app as GPL, and create a GitHub repository containing its code! I also give no guarantees of warnings in these regards!

Stay legal!!

Creating your own Bazar

If you setup your own Bazar, you are legally obliged to making sure that all app creators in your Bazar have a valid proprietary license for Phosphorus Five, if you are distributing non-GPL software in your Bazar. If you allow users to distribute proprietary software in your Bazar, and the developers who created this software, does not have the right to create proprietary software – You are actually participating in distributing illegal software yourself as the owner of your Bazar. This is easy to verify though, by simply demanding from all your Bazar app creators, that they send you a PayPal receipt for a proprietary license of Phosphorus Five.

Sorry, I too need bread and butter …

PS!
For the record, this blog explains a future feature of Phosphorus Five, which is to be released in the upcoming release of P5. However, if you’d like to get a head start, feel free to start coding!

PPS!
You can expect Micro to be installed. Besides from that, you should not make any assumptions about additional modules being installed, and you must check for any missing other modules and/or apps, and lead users to the Bazar, if these are not installed.

When that is said, creating and consuming events from other apps, and/or components, is considered perfectly valid, and developers are encouraged to not reinvent the wheel, but rather build incrementally upon each others work in these regards. For instance, Sephia Five has several publicly exposed Active Events, which other developers can use. However, if an event is not public, meaning it does not show up in a [vocabulary] invocation, you should *not* consume it, and allow its developer to keep that event alone, as he sees fit for himself.

PPPS!
If you’re dirt broke, and can’t even afford a P5 license, but you have created the best app ever, since the invention of sliced bread, and you wish to sell this app through my Bazar – I *might* choose to give you a license, free of charge, if you ask me nicely. If so, make sure you explicitly ask me about this, as you send me your app’s zip file, for the scrutinisation process. However, if you choose this, you’re going to have to be at the point where you literally need to dumpster dive for food, to not starve to death! And I might choose to demand proves of your lack of finances. And your app better be the best thing ever, since the invention of sliced bread!!

PPPPS!
Everything is up for debate, just remember, I have the first word, and the last word!

The buck stops here!

Ohh yeah, almost forgot. If you’re working for one of those Silicon Valley Judas companies, go fuck yourselves!!

With the powers granted me from God the Almighty, I hereby declare Googleplex *OBSOLETE*!!