A kid's day in the Wired (or Wireless) City illustrates a broad range of issues that a truly cyber-integrated culture needs to deal with. Many of the illustrated activities would be impossible with a desktop computer and difficult on a laptop. A handheld machine with a big screen, like the Nokia 770, is ideal for this story.
Yes, Mom, I'm not a little kid any more. If I say I'll go get shots, then I'll do it. Yes, Mom, I'll update my calendar to let you know where I am. And I'll study, not chatter; I'm doing well in my lessons, right? You can go to your work, and you can trust me to do mine. Bye now.
I'm signed up at eleven for the shots, but for sure I'm going to be doing something or other then that I'll not want to interrupt. The building medic will open up in a few minutes; can I squeeze in now? On my big-screen PDA I open up their appointment page, the page for the nurse who gives shots -- and the first slot is open! I mark it, and check the box for rescheduling. I'd better move fast to get down there on time.
Did he write his name on the form? No. In the Wired City everyone has the right to a name and identity certified by the government in the form of a X.509 certificate. The web software got the kid's name and serial number from this certificate that his browser automatically presented. The web browser needs to be told the passphrase (and/or biometric data like a fingerprint) for his secret key; because a challenge string encrypted with the certificate key could be decrypted by the secret key and sent back, the remote end knows that whoever sent in the certificate is the person named therein (or has a keystroke logger on that person's machine).
If the handheld device is physically stolen while the browser or other key agent has the key unlocked, that could be a real problem. Security issues are discussed separately.
There you are, Mipo, bright and early. Just climb up on the table while I take a look at your chart. No allergies marked; good. The appointment says a flu shot, right? Wait just a moment while I get the vaccine.
And just where did this chart come from? In the Wired City there is major infrastructure behind that casual peek.
Today's doctors have multiple cubic meters of paper charts (on thick paper) which get munched by silverfish, dissolved in hurricanes, and incinerated in wildfires. And, the patient's chart is accessible only to the doctor who has physical custody. A database, i.e. a small set of tables for the particular patient, is much more accessible, is much less bother for all the doctors, and can be backed up in survivable form.
The doctor or nurse is going to resist dragging a 3 Kg laptop around for chart viewing. The handheld device is much more practical for that, particularly if the screen is large like the Nokia 770. But writing on the chart involves a lot of text entry. Are the intrinsic input methods up to that? Would a separate Bluetooth keyboard fit in the doctor's pocket? Perhaps the office should have a stationary machine with a big flat panel for viewing X-ray images and for extensive text entry, while the handheld machine would be used for viewing text and less detailed images, and for discussing it with the patient.
Who has physical custody of the chart? Three possibilities come to
mind, not mutually exclusive: the person's current doctor,
a commercial web hosting company or the
person's own in-house server. Tech-savvy citizens who fully participate
in the Wired City will have the server and will have the knowledge to
set it up with reasonable security (or will buy a distro which sets this
up by default). Old fogies stuck in the 20th century will outsource.
In either case, medical personnel would find the server hosting the chart via a
DNS CNAME or A
record
in the patient's personal domain.
Who has permission to read or write on the chart? I would suggest an ACL incorporating by reference a group of emergency medical personnel (by name, not role accounts). I would insist that the list be maintained by the local government, not delegated to a county medical association. Beyond that, the physicians, nurses and other providers that the person normally deals with would need to be given write access: perhaps another group reference to all the medical office personnel, maintained by that office. And of course the person him/herself must have at least read access. A minor's parents would also have access.
Whenever online medical records are discussed, someone always brings up
Windows viruses and spybots. In the 1920's many people were under
(ineffective) treatment for syphilis and gonorrhea, and they would have been
very embarrassed in their hoity-toity social circles had word leaked out about
their sexual infidelity; this is the origin of the high value placed on privacy
of medical records. Today sex can be safer, and STDs can be treated with less footprint on the
records (except AIDS). Even so, with today's scandals about cheating by
insurance companies, it's important to restrict access carefully.
With an open source operating system, web server and database
engine it's much easier to certify that it will deliver the data reliably to
people on the ACL and will not
deliver it at all otherwise. A tightly integrated proprietary suite may have
optimizations
which squeeze out the last BogoMips of performance, but
backdoor data paths (which cannot be documented publicly because they're trade
secrets or they're just too baroque) have to be assumed to be exploitable by
hostile users.
Ouch, this had better be worth it! This costs twenty bucks, right? My mom will pay me back; we worked it all out yesterday. Mail me the transaction record... There, I got it, and here it is back, signed, with my account information. See you, I hope not too soon.
When the vendor has advance information who the client/payor is, it's relatively easy for him to get paid, for example by mailing the bill to the client's normal mailbox. On the other hand, with multiple anonymous payors like in a supermarket, you need a short range or tight beam link over which the vendor can present the bill to the specific client responsible for it. The transaction is consummated when the vendor appends his account information and mails the transaction record to his bank.
However the bill is delivered, we need a simple GUI which, with one mouse click, can append to a bill the payor's bank routing number and his digital signature, by which the paying bank knows that the account holder actually authorized the transaction. In the story bills go through e-mail, and the payment program would be a plug-in for the mail reader.
Who keeps track of the account balance and keeps records of transactions? Both the bank and the person's house server should keep records, oriented to their separate purposes. The bill pay software would show the account balance, getting that information from the house server, not the bank. Very few people would be on the ACL for that query.
Checking accounts for kids? That's how it would have to work in the Wired City, if we want to push information technology to its ultimate limit. To get repaid, Mipo would send his mother a bill :-)
Now I'm going to study with my friend Yasmin. But where is she? (Click.) Yasmin, you want to study together this morning? Where are you? OK, see you there in five minutes.
In this instant message scenario there's more hidden infrastructure.
It is possible for a person's computer to keep track of his or her point of physical presence, by GPS or by triangulating access points or cell towers. But there are good privacy reasons for not broadcasting that information to the general public. A kid, on the other hand, might well make his current location available to his parent automatically.
Today there's a wide variety of instant message services (plus cell phone text messages), all characterized by a central server and jealously guarded and segregated herds of clients. Much more scalable and libertarian is for each family to run an instant message daemon on its home server. Using his PDA, Mipo contacts Yasmin's home server, to which she has a persistent connection over which she is alerted to her friend's message.
How does Mipo know Yasmin's home server, besides memorizing it? Citizens in the Wired City need two items: a unique name, and a standard directory, for which I suggest DNS, to translate this name into a variety of Internet services. Just as today you have a phone number which is unique in the whole world, you (or your parents) would pick a unique spelling for your personal name, and you would get a differentiating number to append to it, making it unique within an administrative domain such as your county of birth, whose name would be part of yours. For example, my unique name might be James_Carter_17.id.ho.tx.us. Upon looking up this DNS record one would find a NS record pointing to my house server, which would have a DNS server for my personal domain, with records pointing to the servers handling my various services such as instant messaging, e-mail (MX), and medical records. If I outsourced some or all of my services, the servers might well all be different.
The story works just as well if communication is by VOIP, still involving the house server. The issues are identical.
Yasmin, what lesson are you doing? Math? I finished chapter 6 yesterday. How hard is chapter 7? Is there anything really tricky about prime factorization that I should know ahead of time?
Web delivery of lesson content is a dream as yet; many pilot projects have been done, and in niche markets web delivery is taking hold, but large-scale conversion of public schools is not happening. Yet.
Yasmin and Mipo are close in lesson progress, studying fractions, but are not identical. This lack of synchrony is the biggest advantage of web lessons. Even the small progress skew described here would be intolerable in a conventional classroom, and a student who can't go as fast as the others falls further and further behind and finally gives up, whereas most of the students are bored with the slow pace and don't pay attention, instead getting into trouble and missing important parts. Yasmin and Mipo will both do excellently in their math studies, though one will finish before the other. The excellence is important; the finish time isn't.
In conventional public or private schools the paradigm is a computer
lab
with about 30 (if you're lucky) desktop-type machines, 30 being the
number of students in a typical class (ignoring overcrowding). In the Wired
City each student has his or her own machine, with a screen big enough to
show lessons and a chassis small enough that the student can easily carry the
thing everywhere. The Nokia 770 is ideal for this kind of service, except
for the input method.
The most efficient teaching machine so far is the book. However, a web-based lesson can include locally scripted interactive elements. For example in math, a series of random problems can be generated, e.g. ten subtractions each having just one borrow (negative carry). A common technique in automated teaching is to ask the student a multiple-choice question, giving him the opportunity to make various common errors, which are explained and corrected on the page where you end up if you choose that answer. Web-based lessons can also keep a record of the student's progress.
While walking to the building where Yasmin is, Mipo went well out of range of his own building's net and must have changed IP addresses four or five times. How did he maintain his persistent TCP connections? The easiest way is a VPN to his home server, which then acts as a NAT box. Yasmin talks to Mipo via his home server (and vice versa) wherever Mipo goes. In case of IP address changes OpenVPN, at least, will re-establish the connection without interrupting tunneled traffic; so will FreeS/WAN.
I'm going to do writing first. I got a flu shot this morning and I'm going to write a paragraph about that. Can't waste a good topic; I can make something good come out of getting a shot. And after that I'll work on my art project. Then I'll do math after those two.
Both Microsoft and Google are offering services where your files can reside on their server, accessible over the web from any machine in the world if you log in. There has been much concern in the media recently about privacy issues with Google. Perhaps a competitor asked pointed questions, the pot calling the kettle black? But anyone with serious privacy concerns such as a commercial enterprise will host such services on his own machine. In the Wired City, Mipo's essay and art project reside on his home server. It's an implementation detail whether he works on a local file which is copied back to the server periodically, or whether the server passes out the file block by block via NFSv4 or AFS.
The larger screen size of the Nokia 770 is a big advantage over a conventional PDA or cell phone if you're doing the lessons described. However, writing an essay would be a challenge. Let's hope for some serious work on the input methods for handheld devices.
Software for almost all of the services described is off the shelf. What isn't even on the shelf are certified names for the participants, content for the lessons, and banks willing to accept transaction records off the net.