Tom Marble's Blog

Check out:

See also all posts and comments

fossy ssi

fossy ssi

Yesterday I had the pleasure of presenting my talk Challenges in open, self-sovereign identity at FOSSY.

It was great to see folks in person again and I'm grateful for the audience discussion and participation! There was a great deal of interest in how open hardware in the form of Betrusted / Precursor might help users maintain their own private key material.

I'll update this post with a link to the video once it becomes available.


I would like to thank Kaliya, Pamela Dingle and Christopher Allen for contributing ideas and links on the subject of identity.


a minimal matrix cli client

a minimal matrix cli client

In building the software for Betrusted our goal is to start with a minimal Matrix client: specifically one built intentionally for the command line with no extras to keep the memory footprint as low as possible.

This will prepare us for the secure client on the actual device we will be running in a highly constrained user interface environment, with application code written in Rust on top of the Xous operating system.

Betrusted Simulation in renode
Betrusted Azerty Keyboard

Shown: very early Betrusted simulation running in renode

The rationale for choosing the Matrix protocol for the first chat application is that it: 1) is an open protocol, 2) supports federated (decentralized) organization, 3) has multiple, independent, open source implementations, and 4) supports multiple interoperability bridges.

Choosing a Matrix reference client

Looking for inspiration from existing Matrix clients we find Fractal is written in Rust, but is a very complex GUI application and it does not have encryption support. The Weechat client is actually a plugin for Weechat, is written in Python, and further from being a stand alone application. Gomucks is a more minimal client, but it is written in Go, has many "missing features", and fails to build. There are very old and unmaintained projects matrix-cli and matrixcli.

A very promising, even if "work in progress", client is ruma-client as it is written in Rust and designed to be minimal. Another potential source of inspiration is Matrix IRCd as it is written in Rust and curated by the Matrix foundation. So stay tuned for the initial Betrusted Matrix command line client which will benefit from these prior works.

Web Content Accessibility Guidelines

We are developing for an international and diverse set of users and want to take into consideration guidance established for the web from the Web Content Accessibility Guidelines.

However, Betrusted is very intentionally not a web browser. In fact the display is very simple: 336 × 536 pixels, black-and-white, 200 ppi resolution LCD.

Here are things we will keep in mind while considering accessibility (based on the WCAG checks):

  • Page Title We can show "titles", but there will not be "windows", per se Betrusted (at least initially) will not have a screen reader.
  • Image Text Alternatives: In the context of the chat application the first "images" to be used will be for emojis. We may provide an alternative, textual representation for these images, e.g. :smiley: for :)
  • Text
    • Headings Betrusted will not have heading structure (like a web browser)
    • Contrast ratio This is easy: Betrusted only works at maximal contrast: black-and-white
    • Resize text Betrusted should allow users to resize text (insomuch as rendering different font sizes does not consume memory exorbitantly)
  • Interaction
    • Keyboard access and visual focus Betrusted (at least initially) will not have assistive technologies.
    • Forms, labels and errors Following the guideline "Labels, keyboard access, clear instructions, and effective error handling are important for forms accessibility." is appropriate for Betrusted
  • General
    • Moving, Flashing or Blinking Content For the chat application we do not expect blinking content.
    • Multimedia alternatives For the chat application we do not expect multimedia (at least initially).
    • Basic Structure Check The goal of "linearization of content" will likely not be an issue for Betrusted as the screen is so small it will be impractical to have more than one column in any given presentation.

Thus evaluating Bestrusted for Accessibility will require certain adaptations.


The Betrusted Software project is made possible with financial support from NLnet and the ING10 Privacy & Trust Enhancing Technologies Fund.

Betrusted Software

Betrusted Software

I am thrilled to announce that I will be collaborating with bunnie and xobs on the betrusted project with a focus on software.

Betrusted aims to provide a user verifiable, trustworthy device for secure communications. That's why the device is intentionally limited in functionality.

Betrusted Azerty Keyboard

This means that Betrusted is not a "smartphone": it can’t browse the web; it has no “app store”; it won’t hail rides for you; and it can’t help you navigate a city. However, it will be able to keep your private conversations private, give you a solid second factor for authentication, and perhaps provide a safe spot to store digital currency.

Betrusted software is the application project companion for the Betrusted hardware device. Going beyond just end-to-end encryption the Betrusted project ensures that Human-Computer Interaction is also secure from key loggers and screen grabbers. The software will include an input method editor to facilitate entering text in both Latin (French Azerty keyboard layout shown above) and Asian languages as well as a graphics toolkit for the ultra low power display. This project will develop a secure messaging application on top of these input/output libraries while meeting the constraint that all software must fit in an extraordinarily small memory footprint (4 MiB RAM).

Later today in Leipzig at the 36th Chaos Communication Congress bunnie will present Open Source is Insufficient to Solve Trust Problems in Hardware.

Stay tuned for further updates on the Betrusted hardware, OS and software projects.

The Betrusted Software project is made possible with financial support from NLnet and the NG10 Privacy & Trust Enhancing Technologies Fund.



I've just pushed the first version of my new Clojure wrapper for Selenium called webica.

The reason I need webica is that I want to do automated browser testing for ClojureScript based web applications. Certainly NodeJS, PhantomJS, Nashorn and the like are useful... but these can't quite emulate the full browser experience. We want to test our ClojureScript web apps in browsers -- ideally via our favorite automated continuous integration tools.


My new approach with the webica library is to do full Java introspection in the spirit that amazonica does for the AWS API. In fact I wanted to take it a step further by actually generating Clojure source code via introspection that can be used by Codox to generate nice API docs (which you don't get with amazonica). That, alas, was a little trickier than expected due to pesky Quine-like problems :) .

If you load the library on the REPL you can get a feeling for each namespace by calling the show-functions function.

I realize this approach of aggressive introspection, playing fast and loose with types and application level dynamic dispatch are crazy antipatterns. In my defense I started out playing around to see "if I could do it". After seeing the result in the form of a shell script in Clojure -- imitating lmgtfy -- perhaps webica will actually be useful!

I plan to talk about webica tonight at -- hope to see you there!


J'ai gagné le Tour de Crosstown 2016!

Everyone knows that today the finish line for Le Tour de France was crossed on Les Champs-Élysées in Paris... And if you haven't seen some of the videos I highly recommend checking out the onboard camera views and the landscapes! Quel beau pays

I'm happy to let you know that today I won the Tour de Crosstown 2016 which is the cycling competition at Lifetime Crosstown inspired by and concurrent to Le Tour de France. There were about twenty cyclists competing to see who could earn the most points -- by attending cycling class bien sûr. I earned the maillot jaune with 23 points and my next closest competitor had 16 points (with the peloton far behind). But that's just part of the story.

Tour de Crosstown 2016

For some time I've been coming to Life Time Fitness at Crosstown for yoga (in Josefina's class) and playing racquetball with my friend David. The cycling studio is right next to the racquetball courts and there's been a class on Saturday's at the same time we usually play. I told David that it looked like fun and he said, having tried it, that it is fun (and a big workout). In early June David got busy and then had an injury that has kept him off the court ever since. So one Saturday morning I decided to try cycling.

I borrowed a heart rate monitor (but had no idea what it was for) and tried to bike along in my regular gym shorts, shoes and a t-shirt. Despite being a cycling newbie I was immediately captured by Alison's music and enthusiasm. She's dancing on her bike and you can't help but lock in the beat. Of course that's just after she tells you to dial up the resistance... and the sweat just pours out!

I admit that workout hit me pretty hard, but I had to come back and try the 5:45 am Wednesday EDGE cycle class (gulp). Despite what sounds like a crazy impossible time to get out and on a bike it actually works out super well. This plan requires one to up-level one's organization and after the workout I can assure you that you're fully awake and charged for the day!

Soon I invested in my own heart rate monitor. Then I realized it would work so much better if I had a metabolic assessment to tune my aerobic and anaerobic training zones. While I signed up for the assessment I decided to work with May as my personal trainer. In addition to helping me with my upper body (complementing the cycling) May is a nutritionist and has helped me dial in this critical facet of training. Even though I'm still working to tune my diet around my workouts, I've already learned a lot by using My Fitness Pal and, most importantly, I have a whole new attitude about food.

Pour les curieux, la nutritioniste maison s'est absentée en France pendant le mois de juillet.

Soon I would invest in bike shoes, jerseys and shorts and begin to push myself into the proper zones during workouts and fuel my body properly afterwords. All these changes have led to dramatic weight loss \o/

A few of you know that the past two years have involved a lot of personal hardship. Upon reflection I have come to appreciate that things in my life that I can actually control are a massive opportunity. I decided that fixing my exercise and nutrition were the opportunities I want to focus on. A note for for my Debian friends... I'm sorry to have missed you in Cape Town, but I hope to join you in Montréal next year.

So when the Tour de Crosstown started in July I decided this was the time for me to get serious. I want to thank all the instructors for the great workouts (and for all the calories I've left on the bike): Alison, Kristine, Olivia, Tasha, and Caroline!

The result of my lifestyle changes are hard to describe.. I feel an amazing amount of energy every day. The impact of prior back injury is now almost non-existent. And what range of motion I hadn't recovered from the previous summer's being "washing machined" by a 3 meter wave while body surfing at the beach in Hossegor is now fully working.

Now I'm thinking it's time to treat myself to a new bike :) I'm looking at large touring frames and am currently thinking of the Surly Disc Trucker. In terms of bike shops I've had a good experience with One on One and Grand Performance has come highly recommended. If anyone has suggestions for bikes, bike features, or good shops please let me know!

I would encourage everyone here in Minneapolis to join me as guest for a Wed morning 5:45am EDGE cycle class. I'm betting you'll have as much fun as a I do.. and I guarantee you will sweat! The challenge in waking up will pay off handsomely in making you energized for the whole day.

Let's bike allons-y!


Is SFLC Shooting Open Source in the Foot?

The academic article by SFLC about ZFS is troubling and may unintentionally shoot free software licensing in the foot.

When I was at Sun (as part of the team that released the Java Programming Language by starting the OpenJDK project) I often heard community concerns about the CDDL license. At the time the big complaint was about the "Choice of Venue" clause.

I got involved because Sun had developed many essential Java libraries and distributed them under CDDL. The community requested a more permissive license and I was able to convince internal project leaders (and Sun's lawyers) to make a licensing change for a handful of these projects. And there was much rejoicing.

Based on my experience in helping Java to become open source I came to appreciate the legal hacks on copyright which make open source possible. It's the free software license which uses copyright to enable sharing (vs. the default of disabling sharing).

Open Source Licenses

And so I have appreciated many of the writings and speeches from SFLC on the mechanisms of software freedom. I was particularly moved by the talks about the "Freedom Box" concept.

That's why this SFLC post on ZFS sounds so off key: if open source works because of free software licenses it seems weird to weaken that foundation by prioritizing the "equity" (or intended spirit) of the license.

Allow me to mention that as I do most of my computing these days on GNU/Linux I miss the super cool features of ZFS from Solaris. I did try an early version of btrfs and was quite disappointed (but that's another story).

In this happy case the source code for ZFS is available, but what about the future, when we aren't so lucky and someone asserts in court that the "you know, the software license was really about the spirit of sharing and that means we are allowed to use it -- and not be held to the pesky details as written in the license".

A lawyer I respect called this out: "Equity" has no place in US law. The point is that for lawyers software licenses work because they have clear, written rules to guarantee the spirit is upheld; but spirit doesn't work in front of a judge -- clear rules do.

Free and open source software has made so much progress in all facets of life why on earth would we second guess the licensing tools that made it possible? And why would SFLC try to shift the spotlight (and in this case the legal burden) to "a good-faith belief that the conduct falls within the equity of the license". Especially given the earlier comment which clearly states "[the combination] is inconsistent with the literal meaning of GPLv2 section 2(b)."


The entire raison d'être for open source software licenses was so that developers (and users) would have clarity and wouldn't have to ask permission to use the software!!!

As stated elsewhere (and like I did with those Java libraries) the easy solution is to have the ZFS copyright holder (now Oracle) reclicense (or dual license) the code under a compatible license (permissive or copyleft). If OpenSolaris was still a thing I might understand some hesitancy, but why not liberate ZFS now?

So we have to wonder what could possibly be motivating this odd "spirit of the license" position on the part of SFLC? Fortunately charities that enjoy non-profit status are required to make public filings of their income in something called a "Form 990". The latest SFLC 990 I could find shows SFLC getting 78% (or just over $5 million) from "non public support" (see page 14).

A number with "two commas" would even be interesting to for-profit companies. Just whom is making these "donations" and what exactly do they get in return? Apparently I'm not the only one wondering about this question.

On one hand it's important to know if SFLC as a non-profit is, indeed, acting in the public interest (as the IRS requires). Yet the even bigger issue here is would "asking for a consensus about the spirit" trump the written copyright license and set a scary precedent for open source software in general?

Testing 1 2 3

Testing 1 2 3

Does anyone use RSS anymore?

This is just a test post to make sure all the machinery is still working!


M41LZ in Tails

Here is the background on my workshop presentation M41LZ in Tails: securing e-mail at Code Freeze 2015. Currently the slides are under heavy development -- stay tuned as they are updated in anticipation of v1.0.0 on January 14, 2015. Of course the slides alone don't provided the extra commentary and personal experiences -- you'll have to come to Code Freeze for that!

Code Freeze 2015


Tom Marble is best known for being the first "OpenJDK Ambassador" on the Sun Microsystems core team that open sourced the Java programming language. Tom has a Masters degree in Electrical Engineering from the University of Minnesota where he worked under Otto H. Schmitt. He has combined his EE and community experiences in open source hardware projects such as USB TRNG and his software and intellectual property experiences by organizing a legal and policy issues track at Europe's largest open source conference, FOSDEM. Tom's passion for Free Software is demonstrated by frequent speaking at conferences such as O'Reilly's Open Source Convention, JavaOne, the Debian conference, Software Passion (Sweden), Fórum Internacional do Software Livre (Brazil) and Linux Conf Australia.

Mr. Marble is committed to increasing diversity in technology (especially in open source) by volunteering as an organizer for ClojureBridge Minneapolis -- a weekend workshop for women to learn the Clojure programming language -- as well as the GNOME Outreach Program for Women on behalf of the Debian project.

Tom is the founder of Informatique, Inc.: a consultancy which leverages his hardware, software and legal engineering background for client projects as diverse as telematics for electric vehicles, probabilistic model checking, autonomous cyber defense, and multiplayer online gaming.


We are stuck between knowing that our Internet communications are vulnerable and using overly complex crypto tools. This workshop will explain, step by step, how to use open source encryption available in a live USB drive based system to secure e-mail. Along the way you will learn about threats to anonymity on the web and how to harness the Web of Trust. We'll then explore the next steps to making secure e-mail more practical for everyday use.


The presentation can be viewed live at

The source for the presentation is at


Please let me know how I can improve this presentation!



Today I've made some modest changes to my CV, LinkedIn and various online profiles. The theme has been "less is more" and I want to highlight my interest consulting in Clojure, security and embedded hardware.

Why corp-to-corp consulting? I regularly get asked this question by companies that want to fill permanent, full-time positions. Having worked for big companies, small companies and even having founded a Silicon Valley startup from Minnesota (just think of the miles!) I've come to realize that consulting is a great fit for me. I can carefully chose clients projects that have really interesting problems and at the same time invest continually in personal development (e.g. conference organizing, working to increase the participation of women in open source software). One of the nice fringe benefits for clients is I can share best practices that I've learned in my travels with each engagement.

Let me know if your project could use some extra hands!



Yesterday I had a blast presenting my talk Security not by chance: the AltusMetrum hardware true random number generator at DebConf14.

DebConf 14

USB TRNG is a collaborative effort with AltusMetrum to create a completely open hardware and Free software true random number generator.

In my talk I mention the rationale for gathering more entropy: The Linux urandom boot-time entropy hole as described in the paper Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.

I also mention some of the difficulty in assessing RNG quality for security applications as highlighted by Matthew Green in his blog post How do you know if an RNG is working?.

I've been lucky to work on this design with Bdale Garbee and Keith Packard.

If you'd like to learn more you can...

  • Download the presentation (see below)
  • Check out the web page for USB TRNG
  • Join us on IRC OFTC #altusmetrum
  • Join the trng mailing list

Let me know if you'd like to get involved!


This blog is powered by ikiwiki