天下书楼
会员中心 我的书架

Chapter 10

(快捷键←)[上一章]  [回目录]  [下一章](快捷键→)

this chapter is dedicated to anderson's bookshops, chicago's legendarykids' bookstore. anderson's is an old, old family-run business, whichstarted out as an old-timey drug-store selling some books on the side.

today, it's a booming, multi-location kids' book empire, with some in-credibly innovative bookselling practices that get books and kids togetherin really exciting ways. the best of these is the store's mobile book-fairs,in which they ship huge, rolling bookcases, already stocked with excel-lent kids' books, direct to schools on trucks — voila, instant book-fair!

anderson's bookshops: 123 west jefferson, naperville, il 60540 usa+1 630 355 2665what would you do if you found out you had a spy in your midst?

you could denounce him, put him up against the wall and take him out.

but then you might end up with another spy in your midst, and the newspy would be more careful than the last one and maybe not get caughtquite so readily.

here's a better idea: start intercepting the spy's communications andfeed him and his masters misinformation. say his masters instruct him togather information on your movements. let him follow you around andtake all the notes he wants, but steam open the envelopes that he sendsback to hq and replace his account of your movements with a fictitiousone. if you want, you can make him seem erratic and unreliable so theyget rid of him. you can manufacture crises that might make one side orthe other reveal the identities of other spies. in short, you own them.

this is called the man-in-the-middle attack and if you think about it,it's pretty scary. someone who man-in-the-middles your communica-tions can trick you in any of a thousand ways.

of course, there's a great way to get around the man-in-the-middle at-tack: use crypto. with crypto, it doesn't matter if the enemy can see your129messages, because he can't decipher them, change them, and re-sendthem. that's one of the main reasons to use crypto.

but remember: for crypto to work, you need to have keys for thepeople you want to talk to. you and your partner need to share a secretor two, some keys that you can use to encrypt and decrypt your mes-sages so that men-in-the-middle get locked out.

that's where the idea of public keys comes in. this is a little hairy, butit's so unbelievably elegant too.

in public key crypto, each user gets two keys. they're long strings ofmathematical gibberish, and they have an almost magic property.

whatever you scramble with one key, the other will unlock, and vice-versa. what's more, they're the only keys that can do this — if you canunscramble a message with one key, you know it was scrambled with theother (and vice-versa).

so you take either one of these keys (it doesn't matter which one) andyou just publish it. you make it a total non-secret. you want anyone in theworld to know what it is. for obvious reasons, they call this your "publickey."the other key, you hide in the darkest reaches of your mind. you pro-tect it with your life. you never let anyone ever know what it is. that'scalled your "private key." (duh.)now say you're a spy and you want to talk with your bosses. theirpublic key is known by everyone. your public key is known by every-one. no one knows your private key but you. no one knows theirprivate key but them.

you want to send them a message. first, you encrypt it with yourprivate key. you could just send that message along, and it would workpretty well, since they would know when the message arrived that itcame from you. how? because if they can decrypt it with your publickey, it can only have been encrypted with your private key. this is theequivalent of putting your seal or signature on the bottom of a message.

it says, "i wrote this, and no one else. no one could have tampered withit or changed it."unfortunately, this won't actually keep your message a secret. that'sbecause your public key is really well known (it has to be, or you'll belimited to sending messages to those few people who have your publickey). anyone who intercepts the message can read it. they can't change130it and make it seem like it came from you, but if you don't want peopleto know what you're saying, you need a better solution.

so instead of just encrypting the message with your private key, youalso encrypt it with your boss's public key. now it's been locked twice.

the first lock — the boss's public key — only comes off when combinedwith your boss's private key. the second lock — your private key — onlycomes off with your public key. when your bosses receive the message,they unlock it with both keys and now they know for sure that: a) youwrote it and b) that only they can read it.

it's very cool. the day i discovered it, darryl and i immediately ex-changed keys and spent months cackling and rubbing our hands as weexchanged our military-grade secret messages about where to meet afterschool and whether van would ever notice him.

but if you want to understand security, you need to consider the mostparanoid possibilities. like, what if i tricked you into thinking that mypublic key was your boss's public key? you'd encrypt the message withyour private key and my public key. i'd decrypt it, read it, re-encrypt itwith your boss's real public key and send it on. as far as your bossknows, no one but you could have written the message and no one buthim could have read it.

and i get to sit in the middle, like a fat spider in a web, and all yoursecrets belong to me.

now, the easiest way to fix this is to really widely advertise your pub-lic key. if it's really easy for anyone to know what your real key is, man-in-the-middle gets harder and harder. but you know what? makingthings well-known is just as hard as keeping them secret. think about it— how many billions of dollars are spent on shampoo ads and othercrap, just to make sure that as many people know about something thatsome advertiser wants them to know?

there's a cheaper way of fixing man-in-the-middle: the web of trust.

say that before you leave hq, you and your bosses sit down over coffeeand actually tell each other your keys. no more man-in-the-middle!

you're absolutely certain whose keys you have, because they were putinto your own hands.

so far, so good. but there's a natural limit to this: how many peoplecan you physically meet with and swap keys? how many hours in theday do you want to devote to the equivalent of writing your own phonebook? how many of those people are willing to devote that kind of timeto you?

131thinking about this like a phonebook helps. the world was once aplace with a lot of phonebooks, and when you needed a number, youcould look it up in the book. but for many of the numbers that youwanted to refer to on a given day, you would either know it by heart, oryou'd be able to ask someone else. even today, when i'm out with mycell-phone, i'll ask jolu or darryl if they have a number i'm looking for.

it's faster and easier than looking it up online and they're more reliable,too. if jolu has a number, i trust him, so i trust the number, too. that'scalled "transitive trust" — trust that moves across the web of ourrelationships.

a web of trust is a bigger version of this. say i meet jolu and get hiskey. i can put it on my "keyring" — a list of keys that i've signed with myprivate key. that means you can unlock it with my public key and knowfor sure that me — or someone with my key, anyway — says that "thiskey belongs to this guy."so i hand you my keyring and provided that you trust me to have ac-tually met and verified all the keys on it, you can take it and add it toyour keyring. now, you meet someone else and you hand the whole ringto him. bigger and bigger the ring grows, and provided that you trustthe next guy in the chain, and he trusts the next guy in his chain and soon, you're pretty secure.

which brings me to keysigning parties. these are exactly what theysound like: a party where everyone gets together and signs everyoneelse's keys. darryl and i, when we traded keys, that was kind of a mini-keysigning party, one with only two sad and geeky attendees. but withmore people, you create the seed of the web of trust, and the web can ex-pand from there. as everyone on your keyring goes out into the worldand meets more people, they can add more and more names to the ring.

you don't have to meet the new people, just trust that the signed key youget from the people in your web is valid.

so that's why web of trust and parties go together like peanut butterand chocolate.

"just tell them it's a super-private party, invitational only," i said. "tellthem not to bring anyone along or they won't be admitted."jolu looked at me over his coffee. "you're joking, right? you tell peoplethat, and they'll bring extra friends."132"argh," i said. i spent a night a week at jolu's these days, keeping thecode up to date on indienet. pigspleen actually paid me a non-zero sumof money to do this, which was really weird. i never thought i'd be paidto write code.

"so what do we do? we only want people we really trust there, and wedon't want to mention why until we've got everyone's keys and can sendthem messages in secret."jolu debugged and i watched over his shoulder. this used to be called"extreme programming," which was a little embarrassing. now we justcall it "programming." two people are much better at spotting bugs thanone. as the cliche goes, "with enough eyeballs, all bugs are shallow."we were working our way through the bug reports and getting readyto push out the new rev. it all auto-updated in the background, so ourusers didn't really need to do anything, they just woke up once a week orso with a better program. it was pretty freaky to know that the code iwrote would be used by hundreds of thousands of people, tomorrow!

"what do we do? man, i don't know. i think we just have to live withit."i thought back to our harajuku fun madness days. there were lots ofsocial challenges involving large groups of people as part of that game.

"ok, you're right. but let's at least try to keep this secret. tell them thatthey can bring a maximum of one person, and it has to be someonethey've known personally for a minimum of five years."jolu looked up from the screen. "hey," he said. "hey, that wouldtotally work. i can really see it. i mean, if you told me not to bring any-one, i'd be all, 'who the hell does he think he is?' but when you put itthat way, it sounds like some awesome 007 stuff."i found a bug. we drank some coffee. i went home and played a littleclockwork plunder, trying not to think about key-winders with nosyquestions, and slept like a baby.

sutro baths are san francisco's authentic fake roman ruins. when itopened in 1896, it was the largest indoor bathing house in the world, ahuge victorian glass solarium filled with pools and tubs and even anearly water slide. it went downhill by the fifties, and the owners torchedit for the insurance in 1966. all that's left is a labyrinth of weatheredstone set into the sere cliff-face at ocean beach. it looks for all the worldlike a roman ruin, crumbled and mysterious, and just beyond them is a133set of caves that let out into the sea. in rough tides, the waves rushthrough the caves and over the ruins — they've even been known to suckin and drown the occasional tourist.

ocean beach is way out past golden gate park, a stark cliff lined withexpensive, doomed houses, plunging down to a narrow beach studdedwith jellyfish and brave (insane) surfers. there's a giant white rock thatjuts out of the shallows off the shore. that's called seal rock, and it usedto be the place where the sea lions congregated until they were relocatedto the more tourist-friendly environs of fisherman's wharf.

after dark, there's hardly anyone out there. it gets very cold, with asalt spray that'll soak you to your bones if you let it. the rocks are sharpand there's broken glass and the occasional junkie needle.

it is an awesome place for a party.

bringing along the tarpaulins and chemical glove-warmers was myidea. jolu figured out where to get the beer — his older brother, javier,had a buddy who actually operated a whole underage drinking service:

pay him enough and he'd back up to your secluded party spot with ice-chests and as many brews as you wanted. i blew a bunch of my indienetprogramming money, and the guy showed up right on time: 8pm, agood hour after sunset, and lugged the six foam ice-chests out of hispickup truck and down into the ruins of the baths. he even brought aspare chest for the empties.

"you kids play safe now," he said, tipping his cowboy hat. he was a fatsamoan guy with a huge smile, and a scary tank-top that you could seehis armpit- and belly- and shoulder-hair escaping from. i peeled twentiesoff my roll and handed them to him — his markup was 150 percent. nota bad racket.

he looked at my roll. "you know, i could just take that from you," hesaid, still smiling. "i'm a criminal, after all."i put my roll in my pocket and looked him levelly in the eye. i'd beenstupid to show him what i was carrying, but i knew that there weretimes when you should just stand your ground.

"i'm just messing with you," he said, at last. "but you be careful withthat money. don't go showing it around.""thanks," i said. "homeland security'll get my back though."his smile got even bigger. "ha! they're not even real five-oh. thosepeckerwoods don't know nothin'."134i looked over at his truck. prominently displayed in his windscreenwas a fastrak. i wondered how long it would be until he got busted.

"you got girls coming tonight? that why you got all the beer?"i smiled and waved at him as though he was walking back to histruck, which he should have been doing. he eventually got the hint anddrove away. his smile never faltered.

jolu helped me hide the coolers in the rubble, working with little whiteled torches on headbands. once the coolers were in place, we threwlittle white led keychains into each one, so it would glow when youtook the styrofoam lids off, making it easier to see what you were doing.

it was a moonless night and overcast, and the distant streetlightsbarely illuminated us. i knew we'd stand out like blazes on an infraredscope, but there was no chance that we'd be able to get a bunch of peopletogether without being observed. i'd settle for being dismissed as a littledrunken beach-party.

i don't really drink much. there's been beer and pot and ecstasy at theparties i've been going to since i was 14, but i hated smoking (though i'mquite partial to a hash brownie every now and again), ecstasy took toolong — who's got a whole weekend to get high and come down — andbeer, well, it was all right, but i didn't see what the big deal was. my fa-vorite was big, elaborate cocktails, the kind of thing served in a ceramicvolcano, with six layers, on fire, and a plastic monkey on the rim, butthat was mostly for the theater of it all.

i actually like being drunk. i just don't like being hungover, and boy,do i ever get hungover. though again, that might have to do with thekind of drinks that come in a ceramic volcano.

but you can't throw a party without putting a case or two of beer onice. it's expected. it loosens things up. people do stupid things after toomany beers, but it's not like my friends are the kind of people who havecars. and people do stupid things no matter what — beer or grass orwhatever are all incidental to that central fact.

jolu and i each cracked beers — anchor steam for him, a bud lite forme — and clinked the bottles together, sitting down on a rock.

"you told them 9pm?""yeah," he said.

"me too."135we drank in silence. the bud lite was the least alcoholic thing in theice-chest. i'd need a clear head later.

"you ever get scared?" i said, finally.

he turned to me. "no man, i don't get scared. i'm always scared. i'vebeen scared since the minute the explosions happened. i'm so scaredsometimes, i don't want to get out of bed.""then why do you do it?"he smiled. "about that," he said. "maybe i won't, not for much longer.

i mean, it's been great helping you. great. really excellent. i don't knowwhen i've done anything so important. but marcus, bro, i have to say… "he trailed off.

"what?" i said, though i knew what was coming next.

"i can't do it forever," he said at last. "maybe not even for anothermonth. i think i'm through. it's too much risk. the dhs, you can't go towar on them. it's crazy. really actually crazy.""you sound like van," i said. my voice was much more bitter than i'dintended.

"i'm not criticizing you, man. i think it's great that you've got thebravery to do this all the time. but i haven't got it. i can't live my life inperpetual terror.""what are you saying?""i'm saying i'm out. i'm going to be one of those people who acts likeit's all ok, like it'll all go back to normal some day. i'm going to use theinternet like i always did, and only use the xnet to play games. i'm goingto get out is what i'm saying. i won't be a part of your plans anymore."i didn't say anything.

"i know that's leaving you on your own. i don't want that, believe me.

i'd much rather you give up with me. you can't declare war on the gov-ernment of the usa. it's not a fight you're going to win. watching youtry is like watching a bird fly into a window again and again."he wanted me to say something. what i wanted to say was, jesus jolu,thanks so very much for abandoning me! do you forget what it was like whenthey took us away? do you forget what the country used to be like before theytook it over? but that's not what he wanted me to say. what he wanted meto say was:

"i understand, jolu. i respect your choice."136he drank the rest of his bottle and pulled out another one and twistedoff the cap.

"there's something else," he said.

"what?""i wasn't going to mention it, but i want you to understand why i haveto do this.""jesus, jolu, what?""i hate to say it, but you're white. i'm not. white people get caught withcocaine and do a little rehab time. brown people get caught with crackand go to prison for twenty years. white people see cops on the streetand feel safer. brown people see cops on the street and wonder if they'reabout to get searched. the way the dhs is treating you? the law in thiscountry has always been like that for us."it was so unfair. i didn't ask to be white. i didn't think i was beingbraver just because i'm white. but i knew what jolu was saying. if thecops stopped someone in the mission and asked to see some id, chanceswere that person wasn't white. whatever risk i ran, jolu ran more.

whatever penalty i'd pay, jolu would pay more.

"i don't know what to say," i said.

"you don't have to say anything," he said. "i just wanted you to know,so you could understand."i could see people walking down the side trail toward us. they werefriends of jolu's, two mexican guys and a girl i knew from around, shortand geeky, always wearing cute black buddy holly glasses that madeher look like the outcast art-student in a teen movie who comes back asthe big success.

jolu introduced me and gave them beers. the girl didn't take one, butinstead produced a small silver flask of vodka from her purse andoffered me a drink. i took a swallow — warm vodka must be an acquiredtaste — and complimented her on the flask, which was embossed with arepeating motif of parappa the rapper characters.

"it's japanese," she said as i played another led keyring over it. "theyhave all these great booze-toys based on kids' games. totally twisted."i introduced myself and she introduced herself. "ange," she said, andshook my hand with hers — dry, warm, with short nails. jolu introducedme to his pals, whom he'd known since computer camp in the fourth137grade. more people showed up — five, then ten, then twenty. it was aseriously big group now.

we'd told people to arrive by 9:30 sharp, and we gave it until 9:45 tosee who all would show up. about three quarters were jolu's friends. i'dinvited all the people i really trusted. either i was more discriminatingthan jolu or less popular. now that he'd told me he was quitting, it mademe think that he was less discriminating. i was really pissed at him, buttrying not to let it show by concentrating on socializing with otherpeople. but he wasn't stupid. he knew what was going on. i could seethat he was really bummed. good.

"ok," i said, climbing up on a ruin, "ok, hey, hello?" a few peoplenearby paid attention to me, but the ones in the back kept on chatting. iput my arms in the air like a referee, but it was too dark. eventually i hiton the idea of turning my led keychain on and pointing it at each of thetalkers in turn, then at me. gradually, the crowd fell quiet.

i welcomed them and thanked them all for coming, then asked them toclose in so i could explain why we were there. i could tell they were intothe secrecy of it all, intrigued and a little warmed up by the beer.

"so here it is. you all use the xnet. it's no coincidence that the xnet wascreated right after the dhs took over the city. the people who did thatare an organization devoted to personal liberty, who created the networkto keep us safe from dhs spooks and enforcers." jolu and i had workedthis out in advance. we weren't going to cop to being behind it all, not toanyone. it was way too risky. instead, we'd put it out that we weremerely lieutenants in "m1k3y"'s army, acting to organize the localresistance.

"the xnet isn't pure," i said. "it can be used by the other side just asreadily as by us. we know that there are dhs spies who use it now.

they use social engineering hacks to try to get us to reveal ourselves sothat they can bust us. if the xnet is going to succeed, we need to figureout how to keep them from spying on us. we need a network within thenetwork."i paused and let this sink in. jolu had suggested that this might be alittle heavy — learning that you're about to be brought into a revolution-ary cell.

"now, i'm not here to ask you to do anything active. you don't have togo out jamming or anything. you've been brought here because we knowyou're cool, we know you're trustworthy. it's that trustworthiness i wantto get you to contribute tonight. some of you will already be familiar138with the web of trust and keysigning parties, but for the rest of you, i'llrun it down quickly —" which i did.

"now what i want from you tonight is to meet the people here and fig-ure out how much you can trust them. we're going to help you generatekey-pairs and share them with each other."this part was tricky. asking people to bring their own laptopswouldn't have worked out, but we still needed to do something hellacomplicated that wouldn't exactly work with paper and pencil.

i held up a laptop jolu and i had rebuilt the night before, from theground up. "i trust this machine. every component in it was laid by ourown hands. it's running a fresh out-of-the-box version of paranoidlinux,booted off of the dvd. if there's a trustworthy computer left anywherein the world, this might well be it.

"i've got a key-generator loaded here. you come up here and give itsome random input — mash the keys, wiggle the mouse — and it willuse that as the seed to create a random public- and private key for you,which it will display on the screen. you can take a picture of the privatekey with your phone, and hit any key to make it go away forever — it'snot stored on the disk at all. then it will show you your public key. atthat point, you call over all the people here you trust and who trust you,and they take a picture of the screen with you standing next to it, so theyknow whose key it is.

"when you get home, you have to convert the photos to keys. this isgoing to be a lot of work, i'm afraid, but you'll only have to do it once.

you have to be super-careful about typing these in — one mistake andyou're screwed. luckily, we've got a way to tell if you've got it right: be-neath the key will be a much shorter number, called the 'fingerprint'.

once you've typed in the key, you can generate a fingerprint from it andcompare it to the fingerprint, and if they match, you've got it right."they all boggled at me. ok, so i'd asked them to do something prettyweird, it's true, but still.

先看到这(加入书签) | 推荐本书 | 打开书架 | 返回首页 | 返回书页 | 错误报告 | 返回顶部