CV List View

From Dan Shearer CV
Revision as of 14:17, 5 August 2024 by Dan (talk | contribs) (→‎Legal)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This is a list of topics I'm really passionate about. There is also the CV Category View of the same information.

Open Source

Most of this is related to security, or infrastructure to enable data access.

  • LumoSQL - A relatively tiny but novel twist on embedded database software, adding features of privacy and security. With an average mobile phone having many dozens of copies of SQLite maintaining many hundreds of databases, SQLite is the world's most-used software.
  • Sweet Lies - The source code of the Signal secure chat app has been validated by many people around the world, and it is the most trustworthy way for two people with an ordinary phone to communicate. Despite its good qualities, Signal depends on cloud services from Google and Amazon, and stores metadata (not message content) in ways that other people can detect. Sweet Lies addresses these privacy problems, while at the same time adding some cool features and making it it possible for anyone to run their own equivalent to the Signal service.
  • Not Before Time assembles existing technologies to create a universal way to time-lock information using everyday software tools. The biggest task is cryptanalysis for the system, compared to which the software is straightforward.
  • Samba - Adversarial Interoperability is how open source protected the rights of individuals and everyone else against enormous technology companies before the era of Big Tech, and I co-founded the Samba project in the early 1990s and it is still the foremost example. Adversarial Interoperability stopped Microsoft and the US Government from being the only store for everyone's files, as documented in the official history. I noticed early on that Microsoft was abusing its monopoly position via a public protocol called SMB for sharing files and printers, which later grew to include storage of usernames and passwords. Samba was successful beyond my wildest dreams and I was a Samba Team member for twenty years, including after the extraordinary 13-0 victory in the EU Court of First Instance. Samba also completely failed to meet its goal, and I explain here together with the official Samba history how in 2024 Samba is largely irrelevant to data rights protection while also being used by billions worldwide. Samba taught me that technical leadership is insufficient, and that EU institutions and law are pretty much the only hope the world has of combatting Big Tech.
  • Reversible Computers - still one of the greatest promises in Cybersecurity, and despite some progress still one of my greatest disappointments. Today in 2024 it is possible to rewind applications and entire systems backwards, and then trace them forwards again to find complicated bugs and security problems. But it is not mainstream.
  • Not Forking - This tool addresses a difficult area in software reproducibility and reliability. It is common to duplicate the source code of one project within another project, where the projects are external to each other, and where the use of libraries or other techniques may lead to even more problems. Not-forking largely automates change management in ways that version control systems such as Git, Fossil or GitHub cannot.
  • Open Source to Chemical Rockets explains how I first found open source concepts.

Legal

I explore the question How do laws about Privacy and Intellectual Property affect Computer Science? What does this mean for society?

  • My Analysis of GDPR Article 28 reveals how the legal language describes precise Computer Science. This Computer Science requires something after the style of a blockchain. GDPR enforcement is intended to get tougher each year, which means there is a need for a new kind of cloud business implementing this blockchain.
  • This Analysis of EU-US Privacy Shield documents how and why US cloud companies such as Amazon and Google are being ruled illegal to use for some purposes in Europe, and why that is an opportunity. There is nothing new here - I have been consulting on this since 2017, but now in 2024 we can see that even the giant marketing budgets of US cloud companies cannot obscure the facts. As of March 2023 I counted 50 or so court decisions at various levels in Europe that are forcing this matter.
  • There are embedded Human Rights, Maths and Computer Science in 6 EU Laws. This family of laws comprises the GDPR and its now more than five siblings, and are all about security and privacy.
  • Automating Facts in EU Privacy and Security Legislation is possible, because the 6 relevant EU laws define measurable items such as IP addresses and acceptable versions of network languages. It is possible to detect and enforce safer behaviours if we automate the requirements of legislation.
  • I have done a lot of work on Software Patents, which remain a problem software developers need to defend against in their work. The risk is less than it was prior to 2019, but is still changing at regular intervals.
  • I have been employed to look at Data Mobility Post-Brexit. The options are becoming clearer, although the legislative and political situation is still very fluid.

General Technology, Medical and BioTech

  • An IT-mediated Medical Snapshot System is based on principles of timeshifting as applied to medical testing in order to improve health and reduce costs. This concept has had some degree of theoretical validation.
  • Technology developments from 2010 make a commercial case for Renewable Energy Consumed to Excess
  • I went to the Neuroscience Institute in Trondheim to propose a technological and empirical approach to the fundamental problem of Brain Capacity per Cubic Centimetre.
  • I had some energy consulting in practical CNG and H2 in 2021 and 2022. If you know what these are, let's talk.

Along The Way...

  • I developed a concise Code of Conduct for Open Source projects after witnessing repeated serious incidents of aggression and intimidation. I started from the Mozilla Participation Guidelines, which were written using community participation and expert legal review. I shrunk them down to the bare essentials suitable for ordinary open source projects a lot smaller than Mozilla.
  • How do Security Standards and Certifications relate to each other? This is the results of my investigations into the are about the practical application in UK industry of ISO27001, CyberEssentials Plus and GDPR compliance.
  • Fossil - Git is ubiquitous but with some difficult-to-fix design flaws that hold back development for most projects. Fossil is very mature but needed to be easier to access, and to have a technical strategy for avoiding Git-type lockin. I contributed to these improvements so my projects could abandon Git/GitHub for Fossil.
  • I have created some Teaching Exercises in the areas of CyberSecurity/CompSci and Technology.
  • The short VM Creation script is my best way of explaining how VM orchestration is fragile, heavyweight and clumsy for small deployments. A Cybersecurity team, students or a developer on a laptop all need something lightweight and with fewer things to go wrong.

Lectures and Talks

These are my current topics in 2024 that are about the future. Older lectures and topics by definition are overtaken by time and so are not listed here.

  • Fine-grained data control - it is not just innovations like row-level RBAC in SQL that matter. We have existing tech that lets us know where every bit of data under management has come from and gone to, but so far is rarely built in to modern architectures.
  • Reversible Computers - How does it work practically in 2023, and what is the future for both infrastructure and debugging? How does this affect reliability and complexity issues?
  • Complexity creeps up imperceptibly, and covers much more than gigantic numbers of lines of code. Even the best of decomposed design and service architectures are fragile. Engineering Cybernetics helps identify the problems. I propose then inverting the logic and keeping just those parts which evidence suggests are both essential and correct.
  • Privacy law - combining human rights with CompSci and mathematics, privacy law appears to be turning the first twenty years of giant Internet cloud services upside-down, starting in Europe. This improves services for individual users, and reduces barriers to new cloud entrants and culture-specific solutions.
  • IP law and 21st Century Knowledge - combatting climate change requires scientific output to be increased, free-flowing and perhaps above all reproducible. There are several strategies that combat the artificial IP wall that prevent reproducibility (which is not the same as reusability) - which ones are most likely to work?
  • Physical hardware and IP rights - this is a special case of the previous point. There are IP experts who focus on the theory of this topic, while I am more interested in the practical day-to-day applications of keeping IP available to all with its integrity intact, where the potential is for it to be overwhelmed with poor quality or dangerous knockoffs in a way that does not apply to software-only IP.