Domain: suprasphere.com
Stories and comments across the archive that link to suprasphere.com.
Comments · 7
-
New corporate entries in the Mozilla camp
Out with the old, in with the new. Perhaps that leaves some room for new entries Spicebird and SupraSphere:
http://mozillalinks.org/wp/2007/12/spicebird-brings-mozilla-based-collaboration/
http://www.suprasphere.com/
It seems like anything to start earning market share has to do something different than just being a clone. Even though Netscape was the original and cloned into oblivion, it lost the leadership position and wasn't able ever to establish itself as doing anything innovative that others would want to clone. -
"Personal Cloud"
We are pursuing a different strategy, which admittedly, will take some time before it is ready for end users. We have built on Mozilla and java open source technologies an integrated, enterprise social networking platform. You can read about it at http://www.suprasphere.com./
It's different because, rather than every social website out there, we want to create a personal cloud of data, where social websites federate around it rather than the current situation, where individuals are forced to federate around data grids/information silos trying to become their "home base" on the Internet.
You can read about the overall vision here:
http://www.suprasphere.com/Project_Vision.pdf
It's open source, of course. We welcome all developers.
David -
"Personal Cloud"
We are pursuing a different strategy, which admittedly, will take some time before it is ready for end users. We have built on Mozilla and java open source technologies an integrated, enterprise social networking platform. You can read about it at http://www.suprasphere.com./
It's different because, rather than every social website out there, we want to create a personal cloud of data, where social websites federate around it rather than the current situation, where individuals are forced to federate around data grids/information silos trying to become their "home base" on the Internet.
You can read about the overall vision here:
http://www.suprasphere.com/Project_Vision.pdf
It's open source, of course. We welcome all developers.
David -
Re:Application level encryption
This only verifies the importance of application level encryption. Every socket communication should be encrypted so that security doesn't rely on the network connection itself.
And one very easy way of encrypting "every socket communication" is via IPsec. And, guess what, you don't need to hack every application to do it. Nor, for that matter, do you need
Suprasphere encrypts all socket communication using a dynamically generated Diffie-Hellman key exchange. This is much better than SSL because it does not require using a CA so you can set it all up without any administrative overhead.
OK, so you are putting in a blatant plug for a commercial product. Why not give a URL? Are you afrad the ridiculous web design at suprasphere.com would scare people away?
As for not requiring a CA, ssh and SSL do not require a CA either. The ability to use a CA just gives you additional functionality that you simply cannot achieve without a CA. -
Check out suprasphere.com
It is a hybrid threaded discussion server and instant messaging system. You can publish IM transcripts and then highlight specific sections of a transcript to reply to it. This is really nice when you miss an IM session and you want to be able to comment on a specific point that was mentioned. When you click on a reply in the thread it will highlight the section of transcript the person wanted to comment on.
Also, it supports most of the features of IM, like file transfer, but it can also do revision control and has support for moderation of transcripts and comments through a voting mechanism. It's like being able to use instant messaging for workflow. It's kinda hard to describe even, but go to suprasphere.com and get the beta. I just asked for the beta and they gave it to me even though they said they have an official program. -
Suprasphere
Check out Suprasphere. In particular look at the screen shots and the new user interface it has. One of my friends who has the beta showed it to me, and I thought it was quite impressive. It's Java, so it has the cross platform support, and encrypts all traffic. If you initiated the IM session, you can publish the transcript into a thread.
-
Zero knowledge
I implemented a single-sign on solution quite easily for my own side project (see suprasphere). It uses a zero-knowledge proof called the "Secure Remote Password Protocol" done by Thomas Wu of stanford. My solution is full Java, but there are other implementations, some of which I think even work for SSH.
The way it works is that the password is never sent to the remote host, ever. Instead, it only proves that you know the password beyond a statistical reasonable doubt. The advantage to this, is that I can use the same password "verifier" many places without having to trust them.
Just for the heck of it, I decided to provide a way to use a 1024 bit random integer as the basis for a roaming profile. You can use a human memorizable passphrase to login one place (such as your PC), and then pick up the large random number that will be used to prove yourself to all of the sites where you have an account. Assuming you use the 1024 bit number for verification, there's virtually no chance that someone will be able to forge your identity.
This is no different than using a private key in conjunction with a public key, but it's nice because it also works with human passwords, with a nice migration path to using more secure authentication means. Furthermore, since you in theory don't know if a verifier was created using a human password or a big integer, it makes it highly improbable to try to brute force guess using either an offline or online dictionary attack.
Also, I just came across this IBE solution, also from Stanford that works for regular email, which suprasphere doesn't support yet. (see Stanford IBE Crypto) My email is david@suprasphere.com if you want to contact me.