| << return to blog entries
2010-10-27 08:50:29 (5090 views) We're about to make a modification to the web platform as follows. Rather than allowing permissions to be set on both devices and individual user accounts (messy), permissions will refer to devices only.
If an administrator A has some permissions on a device, they will have access to that device regardless of which account is used to log into the DL Uplink application. Essentially log in credentials on the Uplink side become irrelevant - they will be used for online presence reporting only and may even disappear at some point, making the USB device the "passport" by which the male enters the system (or by which the owner starts the receiving machine and activates the DL2K-LINK).
Another way of looking at this is that one device will be tied into a single male account just like it's tied into a single owner account.
Let's analyze a few use cases and check the pros and cons:
SIMPLEST CASE - SINGLE MALE, SINGLE DEVICE
No difference here except that you may end up not needing to sign up - just start the uplink application and plug in your DL2K-LINK and you're online, people can see who the device belongs to and the associated male profile. If the owner and purchaser is the administrator, again no change - plug in your device and lock your old windows laptop somewhere and you're ready for remote management.
SINGLE MALE, MULTIPLE DEVICES
Let's say you need to use two DL2K-LINK devices (ex. home and work). You may have to give permissions to third parties twice. On the other hand, you may in fact want someone to have access to the home device only, in which case this is actually more flexible. A method will be provided to optionally associate secondary devices to a single male profile so that online user presence can be kept consistent, though there has to be a main device that serves as the passport and is directly linked to all prior activity and records.
SINGLE MALE, MULTIPLE DEVICES "ON THE GO"
A drawback exists in scenarios in which a male wants to use devices in locations unfamiliar to him (Male Training Cafe???). Until the device becomes very popular there seems to be no need to plan for this scenario, at any rate something can be worked out in software for this eventuality.
MULTIPLE MALES, SINGLE LOCATION
In case multiple males are sharing a physical space and need to be administered independently, with the new method multiple DL2K-LINK devices can be used. At some point we will enable the Uplink application to manage multiple USB peripherals.
The USB devices will transmit using different radio unique IDs as they already do. The receivers will be set to listen to the appropriate transmitter as usual (through the LEARN process described in prior blog posts and available in the documentation now being written). "Broadcast to all" will be an interesting function one can implement in software.
There is a drawback here in terms of cost, because you won't be able to use a single USB device to manage multiple males, but the other side of the coin (safety and security) is more important. Consider that if we were to allow single device/multiple male interaction, there would have to be an option somewhere in the software (exposed or hackable) to change and define the unique radio ID of the device for each male.
Having this is unsafe, because one could try all IDs until they can activate the neighbor's receiver! Considering the range of the DL2K-LINK, the fact pulses can be customized, and the fact one could be war-driving with this and potentially cause big trouble to wearers driving a vehicle, it is imperative to keep one device locked into a single radio ID derived from the hardware ID, and implement this lockage in the firmware, so that the learn mode on the receiver can be used reliably to listen to selected devices only and the system cannot be hacked by messing with the software.
But, read the last section on "hacks".
ADVANTAGES - ESTABLISHING HIERARCHY AND REPUTATION
With this "One male, one device" principle (sounds a bit like a government program, we know), we can base the portal on the assumption that every male will have a different DL2K-LINK device.
The greatest advantage aside from keeping permissions simple is that this allows us to provide *real traceability* of male behaviors and records since each male will have a male id connected to the hardware's unique ID. Creating a pool of trustworthy, well trained males with a "Pedigree" and a course completion record is one of the motivating factors in attracting new administrators and trainers and spreading our lifestyle.
Sure, nothing prevents a male from purchasing another DL2K-LINK to "clean up his act" so you may wonder whether traceability really exists. But we have ways to counter this in software (all techniques normally used for copy protection), and by associating course completion to the hardware ID. Purchasing a new DL2K-LINK will have a double cost deterrent (device + courses). And, the sign-up date will tell a lot. This is definitely a lot better than where we are today, where males act anonymously and with impunity and can create new profiles whenever they please - with bad consequences for those serious about their training, who can't establish proper status and recognition.
A "male ID for life" will enable real male hierarchy and status to emerge, which in turn will motivate males to compete for status based on the qualities of teachability and deference to the administrators and trainers.
It is possible part of the training will eventually be outsourced to the male themselves when an elite of males with the equivalent of a PhD in obedience has emerged - the highest level males will be able to keep the newcomers in check with basic function activation when their owner is not present. Optional.
LOST DEVICES
Last issue: what if you lose your USB device? In that case we'll be able to deactivate that hardware ID from the system, send you a new DL2K-LINK, pair up the new hardware ID with your account and get you operational again. Log in credentials will be required to issue the request, so the system is still secure.
HACKS and tech notes
The DL2000 is a complex product and you don't need to know a lot to benefit from it, but there's always a new creative way to put together its functions and achieve a new interesting result.
Despite all we've said, it's still possible to use the receiver's LEARN feature to associate the receiver to any transmitter. This could be useful in temporary situations like house parties, rent-a-male programs, swaps, whatever, because multiple males can be set to respond to the same ID (one remote control to rule them all, or, remote group management, or, just setting the receiver to listen to a foreign device).
The difference between using this hack to set multiple receivers to listen to the same device (DL2K-LINK or a remote control) and having multiple males with multiple DL2K-LINK devices is that if you use learn mode then all receivers will always respond to the learned transmitter, and it won't be possible to activate just one receiver.
As far as the web platform is concerned, remember the system only knows what's connected to the USB, not what the receiver's set to listen to - the web platform only concerns remote activation of USB devices.
So if you play with learn mode you will want to restore the device to its original configuration by re-learning the right DL2K-LINK and remote control IDs at some point.
Also keep in mind that without access to the DL2K-LINK's admin panel, the receiver can only be reset by opening it and disconnecting and reconnecting the battery. Learn mode can only be entered from a device reset, so messing with learn mode entails the male tampering with the hardware, screws, waist band etc. (xref earlier discussions on tamper evidence).
24 hours for feedback, opinions welcome. We need to get this platform completed before the hardware's done.
Comments
Post new comment
 |
Some quick comments:
* While I see the benefits of a central "tracking" database for males, this brings in issues of privacy that might actually hurt sales or cause legal issues (the EU has stricter privacy laws than the US, which is ironic and sad).
* Your idea of being able to "track" males by the ID# seems workable, but I'm not sure it is in reality. The cell phone industry ran into this. Each phone may have a burned-in serial number, but using that is not as simple as it seems. What if someone wants to sell their device on eBay? That ID# will now belong to a different male. So the "history" kept in your central system will be first for one male then for another male.
* Males may be less likely to buy and use your product if they feel their privacy is invaded. I really don't want anything about my device usage logged centrally. Period. I understand that in the fetish-idea of a world in which males are managed and controlled that this would be the case. But we are far from there and it is very arguable that we ever will be. So focusing on the current customer base might be more important (and viable as a company plan). Remember that there is presently a degree of voluntary participation.
* If male history information IS logged in a central server, I certainly don't want it available to all users. Only to my "owner" female, perhaps.
* I was very concerned about the "war driving" aspects of this. I think for now, at this point in time, things are fine as implemented. But if this type of device ever became as popular as you envision, you're going to have to upgrade to encryption and a much bigger set of IDs (presuming that the ID set is presently small and open to brute force attack, as implied by your posting).
We're going to open up the web portal and let you download the application as soon as the demo mode is ready (lets you preview client-server communication without a DL2K-LINK attached).
Privacy is of paramount importance. We are never going to store people's names in a database, ideally we won't even have them since the fulfillment house guys are going to do the package sending. All we would keep is username, password and device ID which is a random ID burned on the chip. We don't need IP address history, cookies or anything like that. If one could view that information they would see "Completed male training course 101 in 720 seconds, total 20 questions, answers follow... blah blah" - let's just say it's not information of general interest :)
Do you feel this is an invasion of privacy considered there's no way to trace the data back to the person's name?
About second hand selling, let's say we come up with a version 2 at some point. The DL2K-LINK will most likely still be compatible - so one could keep it and just sell the receiver and remote. Not sure how to handle the case in which someone wants to just sell everything and quit training. We think that allowing determined people to have a credible history online (how many courses they have taken, what their scores were, etc) is quite valuable for prospective owners wishing to choose a male. Look at what happens today on some sites where everyone is complaining about everyone else... we want high quality people to be able to stand out.
War driving: (tech stuff) the unique ID we can use is 6 bytes long (281,474,976,710,655 combinations), but we compact it down to 2 bytes (65536 combinations) to keep packets small, latency low, and battery consumption low. There is a speed limit to how quickly you can scan the ID range because of the duty cycling. You only have a certainty to reach the receiver if you transmit a burst of packets for about half a second. So it takes 9 hours to send out data with all possible IDs 0 to 65535. If the firmware creates the unique ID instead of the software and the software can't change that ID, then things are much more secure (you can't read the chip's program as it's protected). So altogether we think this will be pretty secure... but if people want one USB to have multiple IDs then the ID must be set via software and now you can use our hardware to wardrive, as opposed to having to get involved with hardware, packet spoofing and more to do the same thing. Consider that dog shock collars some people use for male training purposes have only a few channels, some are single-channel, and a lot more people use those.
So, we're keeping you safe.
When the DL2000 (receiver) receives a packet that is valid but comes from an unknown device it briefly flashes with a particular color. If this kept happening for hours you'd know someone's sending lots of packets on that channel and you'd configure the product to use a different channel.