wiki:TrustedPhysicalConsole

Version 10 (modified by dkg, 10 years ago) (diff)

--

Trusted Physical Console

CMRG best practices at the moment suggest using a single, well-tuned computer (a "Trusted Physical Console", or "TPC") as your immediate user interface. From this computer, you can connect to any other machine over the network to get done what you need to get done.

Motivation

Security

If you use computers every day, you might want to know for sure that the machine you are using is secure. Given how complicated these machine are, it's not unreasonable to ask:

  • Do i know what software is installed on this machine?
  • Do i have some level of control over this machine?
  • If this machine knows my data or personal information (including passwords and other authentication tokens), can i trust it not to leak that information?

Using a TPC gives you a chance to answer these questions in the affirmative with confidence.

Personalization

You might also be frustrated by using an ever-shifting user interface and user experience:

  • Is it Ctrl+C or Command+C to copy text?
  • Do i click in the upper-left or upper-right of a window to close it?
  • Where are my bookmarks for my web browser?
  • Is $FAVORITE_TOOL already installed and functional here? Is it the version that i expect it to be? Can i rely on it?
  • If i change the settings to my liking, will i be able to recover them the next time i use this machine?

Using a TPC, you can be more efficient in your work, and spend less time guessing about what's happening. Time spent personalizing your TPC to meet your working habits and requirements will be repaid because you know that you'll be able to make use of those personalizations whenever you use the machine in the future.

Best Practices

Free Software

Use Free Software on your TPC to the maximum extent possible. Free software provides you with auditable code, potential for customization for your particular usage patterns, and reduces the extent to which you can be "locked-in" to a vendor with whom you have no shared values, politics, or financial incentives.

Free software also has the advantage that it usually has no explicit monetary cost. This is a technical advantage, because it allows you to evaluate the tools before using them without risking a financial loss. And it also offers a financial advantage if you commit to learning the tool, because you won't need to pay for the initial tool acquisition or upgrades. These financial advantages are slight in comparison with the technical and political advantages of free software, because the majority of the cost of a tool is in your time spent learning how to manipulate it to do what you want quickly, reliably, and conveniently.

When you do find yourself using non-free software, ask yourself:

  • Do i need to use this tool?
  • Are there free tools that can accomplish a given task?
  • If so, what factors are keeping me from using the free tools? Have i communicated those blockers to any development team working on (or with the capacity to work on) those tools?
  • If no such free software is available, what is the closest available free tool? What else does it need to do to meet my needs? Have i communicated those needs to any development team working on those tools?
  • If nothing free even comes close, have i documented and published the fact that i'm using a non-free tool, and would rather use a free one?

Customization

Customize your TPC! It takes a little bit of time investment on your part, but that little bit of time can pay off big if you use a computer as a TPC. Because the TPC is your primary interface to the digital world, you can always count on your customizations and shortcuts to be available to you, so time spent customizing is time you save over the years ahead doing the things you do most often.

If you find yourself doing a task at the TPC that seems boring or repetitive, ask yourself:

  • When was the last time i did something like this?
  • How are these tasks similar? How do they differ?
  • If i could have the computer figure out how to take care of tasks like this, what would i ask it to do? Can i make this framing question fairly concise while keeping it clear?
  • With the above framing question in mind, have i looked for software that meets this need?
  • Have i asked other people for help?
  • If i can't find any such software, have i published my framing question in a forum frequented by people who might do similar tasks?
  • Have i published my framing question in a forum frequented by people who might build such tools?
  • Have i tried to build a similar tool myself?

Community Involvement

Sharing your successful (and not so successful) customizations and work habits -- along with the reasoning behind them -- with other users is a good way to help out and support the community. It also helps other people know what tips you might be interested in, which in turn should make your computing experience more efficient.

As you settle into using your TPC regularly, seek out friends, allies, and neighbors who do similar work, or who use similar tools. Ask for advice, and offer it freely when others ask you. No two people use their computers in the exact same way, but you can build a network of trusted collaborators who enrich each other's experiences with the machines.

Having a circle of friends who work on the same tools is also just plain fun!

Cryptographic Communications

Communicating over a heavily-mediated network opens your communications up to sniffing (people seeing your communications who shouldn't) and spoofing (people pretending to be you, or pretending to be the entity you think you're communicating with). Cryptographic protocols help you to avoid that by offering powerful math designed for privacy (against sniffing) and authentication (against spoofing). But the logic behind them only works when you are actually in full control of your endpoint of the communications channel.

Using a TPC gives you the opportunity to remain in control over your side of the communication, but only if you pay attention to what you are doing. For example:

  • When using ssh to connect to a remote host, you should always make sure you're connecting from your TPC -- don't ssh from one machine to the next in a chain, for example (see also Good practices for using ssh).
  • When connecting to a web site running under HTTPS, connect from the browser running on your TPC, and avoid the use of proxies (unless they only operate at the IP level) or redirection services.
  • Make sure you verify the identity of the remote party in any secured communication! With SSH, this means verifying the host key. The first time you connect, you'll be presented with a fingerprint, which the host's administrator should have supplied you with beforehand. With HTTPS or any other TLS-wrapped service, this means making sure the remote certificate is valid and that you trust the issuer to only issue legitimate certificates.
  • Be aware of the types of cipher used in encrypted communications that you expect to be private. For example, TLS permits a NULL cipher which does not keep the communications private at all. If you don't care about privacy (e.g. when you're accessing a publicly-accessible revision control system -- you want it to be authenticated, but don't care about people seeing what you send or receive), using the NULL cipher is fine. But when you do care about privacy, do you know that your communications are using something more cryptographically sound?

Backups

Back up your TPC. This can't be overemphasized. Because the nature of a TPC indicates that you will be storing confidential information on it (private keys, passwords, and other forms of digital identification, as well as financial and political records), it's strongly recommended that you keep your backups in an encrypted form. There are many ways to do this. Some popular ways include:

System Monitoring

Keep an eye on the vital signs of your TPC. If parts indicate that they're heading toward failure, have a recovery plan ready. In the course of using the TPC, make a mental (or digital) note of what you see happening, even if you don't understand specifically what the signs you're seeing mean yet. The human mind is excellent at pattern recognition, and if you pay attention to enough clues, you may discern a pattern. At least, you'll be prepared to notice a change in pattern, which might indicate that something is going wrong, or is behaving unusually.

Spare Parts

If a part of your TPC fails, you may be in trouble. The customized environment, the skills you've built, and your various forms of personal identification may be unavailable to you until the device is repaired and functional again. You might find it worthwhile to keep a similar machine around for spare parts. If that is not a possibility, try to know beforehand who you might be able to contact locally who might have parts so that you're not completely scrambling when disaster strikes.

Downsides

There are problems with the TPC model of computing, of course.

Expense

Not everyone can afford a portable machine. However, laptops are becoming much cheaper, and cell phones are becoming more powerful. At some point in the not-too-distant future, the development paths of these two candidates for TPC may intersect, putting TPC-style computing within reach of most people.

Inconvenience

At the moment, decent portable computers are still too big and clunky to carry around conveniently. Interestingly, computing power, RAM, and disk capacity (the traditional specs by which computers are measured) are no longer really the limiting factors.

User Interface

For doing solid computing work on a portable machine, nothing beats a decent, reasonably-sized keyboard and at least an XGA (1024x768) video display. But these are big things, and are a pain to carry around with you. Can you think of better interfaces, or ways to make them more convenient for transport?

Durability

The more durable the machine is, the heavier it is. This is a poor tradeoff for folks who want to take their TPC with them everywhere. As new technologies arise, though, some systems can be lighter and more durable. For example, solid-state storage is both lighter and more durable than a traditional hard disk.

Power Consumption and Batteries

Batteries still suck. Modern portable processors and hardware draw less juice than ever before (with the exception of wireless adapters, which need power for their radio transmission), but they can still pull a decent battery down to nothing in a handful of hours. Bigger batteries add to the weight of the machine.

Single Point of Failure

If you use a TPC, don't back it up regularly, and it crashes/dies/falls into the toilet, you could have a long path to recovery. Back up your TPC!

Social Awkwardness

If you use a single machine for much of your interface with the outside world, you use it regularly, and you bring it with you most places, it's not unusual to form some form of bond with the machine. Yes, it's ridiculous. But it's not surprising, given that we're social beings, and that we tend to treat our most familiar tools (clothes, bicycles, cars, etc) as extensions of ourselves. Be prepared for some level of incredulity or social ridicule from people who don't have a comparably close symbiosis with a comparably complicated machine.