Slashdot Mirror
AT&T Labs Backs Publius, A Freenet-Like System
joseph writes: "This article on C|Net announces Publius, a system similar to Freenet, meant to battle censorship on the Internet. What makes this approach interesting is its backing from AT&T Labs. Of particular interest in the article are the safeguards against the common opposition to such projects, like their use for piracy. Publius features no search utility and a maximum file size of 100k."
This strikes me as a serious shortcoming. Since it's not searchable, you can only get a file if you got the URL through other channels--in which case, you could just get the file itself through those same channels. Unless, of course, the project includes the URL in their directory--which itself exposes them to legal sanctions (eg court orders to remove certain URLs from directory), so they might as well just host the file directly. Publius does have some nice redundancy features, but that seems to be its only advantage.
Either a medium is censorable or it's not. You can't give yourself the ability to censor porn, without also giving yourself the ability to censor political speech.
You create a gzipped tar file of MozillaR16, MozillaR16.tar.gz. You use a simple utility to seperate it out into 100K pieces:
piece00000 through piece99999 (10 gigs of data there, in 100K pieces!)
If you abandoned these on Publius they'd be useless, there's no information on reassembling them into a whole and unless you're very careful there can be ambiguity in what fragment of the archive goes with what other fragment of the archive.
You calculate the MD128 hash of each piece and rename it with the hash as part of the information:
MozillaR16-0x01234567012345670123456701234567 and so on.
You append all these filenames into a file
MozillaR16.build
Now if you want the files in MozillaR16 you get the MozillaR16.build file. Your client sends out queries for the various 100K packages that build up MozillaR16.tar.gz.
This could be truely distributed in that there isn't the necessity that any one site contains the whole list of fragments needed to build an archive. You could add in a translation layer so that any individual file is a cross section of the overall archive itself such that by itself it contains little or no information. Think of grabbing 100K bytes of the archive at random and inserting them into files with offset information. Any single file would not contain any distinguishable information. It might be a safety feature against being accused of carrying certain types of information.
Why? Why would you want to use something like Publius for that? If you already own the track, then encode it yourself. If you haven't, then you're only interested in pirating it, right? If you had a legitimate use (e.g., evaluating a band before deciding to buy it) you wouldn't need the full 20 minute epic, and a 2 minute sampler should suffice, and may even fit in the 100K limit at low quality. If you like it, go and buy the CD...
"The invisible and the non-existent look very much alike." -- Delos B. McKown
That's a fascinating point, and you may be right. But in MLK's day, how would he have gotten the word out other than being in front waving a standard? For good or ill, this provides another way for people to communicate, and predicting the effect on society is a crap shot.
An interesting analogy, actualy, is the Kilroy story. I'm not familiar w/ the details but (I believe it was during one of the world wars?) the phrase "Kilroy was here" started showing up in bathroom stalls and such all over the world in an entirely anonymous way. Peaple simply saw it in one place, and put it up someplace else. Whatever the reason, it captured people's imagination -- and isn't that all you need to do to effect social change?
Wow, I'd love to use this system to publish the Publius PDF. That way people could anonymously learn how to set up their own censorship resistant networks.
Oh wait, the PDF is 233k...
--
Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
But sad to say, plain .TXT is not
much of a marketing tool these days. Tom Paine's
handprinted manifestos lit the fire of revolution;
today, only a multimedia manifesto would catch
the public attention. We are a society of Web surfers and couch potatoes. The revolution had better be televized, or it's not gonna fly.
(It's offtopic, but those televised images of the Bosnian prisoner camps that TMiB mentions are a great example. It turns out they were faked (there's an article and even a video with the skinny on how it was done. But they sure built up a lot of sympathy for the Bosnian Muslim separatist movement, didn't they?!)
But pirate radio and TV transmitters are easy to jam and track down. That leaves computers. Freenet is not going to be a speed demon, and Publius will enforce this 100k limit. So the single most important way for people of limited means to disseminate controversial information is, I would argue, the Web. And, in fact, just about any political or controversial group you'd care to name has a Web site by now.
Once the Web becomes truly a mass medium worldwide, I predict that we will soon start seeing national governments go after the Web sites of movements they don't like. Thing is, some of those sites will be backed by other national governments. I wonder what the 'net will look like then. More firewalls like China's? Special agents attacking server rooms? ISP workers getting threatened like judges in South America?
No, it is not useless. It is designed for people with a REAL reason for being anonymous, yet wanting to spread information. For example, whistlerblowers, or people in countries with a less than perfect track record of censorship.
Except that, without the ability to do searches, no one will be able to find the material in question. Giving out the precise key is tantamount to publishing, so anonymity is preserved at one level, but possibly compromised at another.
Furthermore, whistleblowers and the like often need audio-visual proof of what has happened, such as audio recordings (ideally compressed with ogg or mp3 format for space), images, and even video footage. How is one going to reasonably publish that kind of important evidence of wrongdoing with a 100K filesize limit? By breaking up the files into 100K chunks? Then why not get rid of that limit to begin with.
It is not designed for pirates who want their MP3's (go to freenet for that sort of stuff).
This is a very unfair characterization of freenet and downright slandorous.
Freenet is intended to do precisely the same thing as publius, with the exception that freenet make no judgement whatsoever about content. Publius may make use of some better algorithms, but has also clearly made policy choices which make it less than ideal for dissidents to skirt censorship (such as the lack of searchability and the filesize limit, and worse: a philosophy of passing judgement on material and what is "fit" to be protected from censorship and what is not, with who deciding such criteria an open question). FreeNet can always adopt better encryption and storage approaches now or in the future, without making the same kinds of misguided compromises.
FreeNet remains IMHO the most promising approach to thwarting censorship of all kinds, today and in the future.
The Future of Human Evolution: Autonomy
Of particular interest in the article are the safeguards against the common opposition to such projects, like their use for piracy. Publius features no search utility and a maximum file size of 100k.
An admirable effort, but this just means that someone will circulate a third-party utility that does indexing and can reassemble fragmented files from 100k packets.
Still, it should cut down on the number of people storing CD images.
Until they haul in UCITA, and show that you couldn't have installed their software without agreeing to their licensing agreement, which happen to prohibit benchmarking, profiling, comparisons, or any other mention of their product without their express permission.
And before you state how silly that is... MS, Oracle, and I'm sure other database vendors routinely put these kind of restrictions in their licenses, today, without having the 1000-pound gorilla of UCITA to back them up. I seem to recall MS, at least, trying to enforce it in one case.
"Great men are not always wise: neither do the aged understand judgement." Job 32:9
Agreed, but there is also a perfect method already in place to spread information (well, almost) called FreeNet. Not only does it have search capabilities, but it imposes no limit on what you can spread.
Finkployd
Wrong, I have a couple hundred MP3s, and all of them downloaded from napster. I also own the equivilant CD for every song on my PC. Why didn't I just rip them myself? I'm lazy. :)
Finkployd
When you can get Pink Floyd's Echoes (a good 20+ minute song) in some format (perhaps mp5) and compressed to under 100k, then I'll sit up and take notice :)
Seriously, what does this offer over freenet aside from "let's make those whining children over at the RIAA happy" type restrictions? If it's the same as freenet, but with a strict set of rules, then freenet will eventually beat it no matter how much corporate money it has backing it.
Finkployd
Let's test how serious they are by publishing a list of AT&T calling card numbers :)
--
--
Mod up a post Rob doesn't like and you'll never mod again
Here's a simple example. Suppose we have three servers that store information (n=3). We want to store a number on the servers such that each server individually doesn't know the number, but any two servers taken together are enough to reconstruct the number (k=2). The system we can use is to encode the number as an angle. Draw a line at that angle to horizontal, and choose three random points on the line. Send a single point to each server. Each server knows one point, but it can't figure out the angle of the line. But if you put the information from two servers together, you get two points which lets you draw the original line (and hence figure out the angle and get the information). Of course with bigger n and k you need real cryptographic systems (and not just lines).
Now, I'm not here to debate the ethics of filesharing. I think there can be a good case made for the legitimacy of mp3s under certain circumstanes, but that's besides the point. Whether or not you believe mp3 sharing is right has nothing to do with whether or not it is illegal. And if it is considered illegal (which it almost certainly will be, seeing how the RIAA 0wnz Congress), then the RIAA can attack systems like Freenet and possibly even get them declared illegal. Now here we have an alternative which can accomplish the legitimate and considerably more important use of Freenet without being attacked by the RIAA.
I am not an idiot. Please use my name to email me.
"That's right, I'm quoting myself."
-Upsilon
AT&T also started funding my BlackHoleNet project. See, what you do is you send a file (less than 100K, so break that MP3's into 100 files!) and BlackHoleNet sends it to a special device (/dev/null). Later, when you want to get a file out it is retrieved from a different special device (/dev/random). The only remaining bug in my system is that the process of traversing the wormhole from /dev/null to /dev/random is somehow scrambling the files. I just need some funding to get over this last hurdle.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
On a side note, they can, if they wanted, create a key that can unlock if x% of they total key is present. Thus data won't be lost by on person losing the key.
---
-
ping -f 255.255.255.255 # if only
It's all in the words folks. The Chinese Government doesn't give a toss about its citizens downloading MP3s. It *does* care a lot about what they read...
--- Hot Shot City is particularly good.
The newsgroups will only allow so many lines, I believe...So they have many utilities which will break up 20 meg posts into 93 parts, and then piece them together later...
But with other services that do the same thing, who will use this?
I just gave it a shot and it's kind of weird to use. I like the idea... but What good is the free speech if it's nearly inaccesible?
Apparently to read a document you have to know the full URL which is HUGE. And since there is no search You can't find things on the subject of say... "Search and Seizure." You would have to wade through the web and find a link to the Publius Document.
The encryption and the anonymity are great. And i understand not having a search function... but I think that it is at the expense of ease of use and actually getting the free speech "heard".
these systems are very important...i wonder if they have thought of the p[rotection against spammers angle ? especially now that the first spammer (flatplanet.net) has surfaced on gnutella networks.
Limiting the file size to 100kB will drastically hurt this systems ability to support the freedom of speech. Unlike the days of the original Publius and the Federalist papers, not all speech today is, or can be, in the form of text.
Next time Will Smith gets a video of the NSA killing a Senator he will be able to upload it to Freenet. Will he be able to place it on Publius?
Does it say something about the sick influence of money in our world that they are willing to tolerate the usage of the system by child pornographers, but not by people who don't feel like giving money to the RIAA?
It's called an Information Dispersal Algorithm, or IDA.
See: http://www.acm.org/pubs/citations/journals/jacm/1
I'm wondering just how that cryptography is implemented, whereby having less than n of n shares still permits us to read the document. The pdf on their site seems to involve MD5 hashes in the process, but I was wondering if someone more cryptographically inclined could elaborate. Of mathematical note, they generate d*ln(d) shares, where d is the number of servers. This has something to do with the coupon collector problem, and that if you check d*ln(d) servers you get to every "unique" server.
All in all it seems a really good system; hopefully the common carrier concept will be better applied. Since the pages can be retrieved with special (CGI based I think) URLs, they could probably be indexed by standart search engines such as Google. I hope this works out
Q:Doctor, how many autopsies have you performed on dead people?
A:All my autopsies have been performed on dead peop
Anonymity may breed distrust, but if you're not anonymous, they sue you into the ground. Piss off someone with money, or a powerful lobby, or a big corporation, and you might as well be dead. They'll make sure no one hears you. This is the age of the frivilous lawsuit, where anyone wishing to silence someone else may do so simply by making it horribly expensive to exist.
Say I write an article, saying in effect that DB2 bites in comparison to Oracle. IBM doesn't like this, and sues me for slander, libel, and false claims harming their business. None of those claims are true, and are in fact laughable, but I still have to hire a laywer and spend huge amounts of money just to get the judge to not rule by default against me for a huge sum. In the mean time, no other publisher is going to hire me or take my works for fee because of the lawsuit. And what if the judge dismisses? Well, that doesn't happen. IBM drops the suit, and refiles next week.
Pretty soon I'm 20K in the hole, the article was pulled so no one ever saw it, and IBM offers to drop the suit if I retract my statements and only write 'the truth', as their marketing dept sees fit to spin it..
You know what? I'd do it too.
.sig: Now legally binding!
The trouble is, it cannot carry any warez, or MP3, and that puts it waaaay behind Freenet and similar efforts.
The totally distributed PTP type network model like Freenet will be the next Internet killer app. And watch entrenched institutions like RIAA, MPAA, FBI, MI5, MI6 etc turn blue as they try to regulate and control.
Once you get this sort of PTP nettech together, imagine wireless networks getting together, all communicating as mini routers, DNS etc, you basically have a network that is pretty hard to compromise... I think the Nomad Mobile Research Centre has something to say about this... Interesting reading...
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
The issue I see with this being like the "Snow Crash" repository is that it's artificially limited. The "Snow Crash" repository had voice and video feed, as well as extensive AI.
A better bet would be a system that is not at all limited, like Freenet. While it may eventually host a fair % of pirates, that's not the point of the system, it is built to provide a network of anonymous and ubiquitous data availability without allowing for contentious files to be deleted. Publius, on the other hand, is psuedo limited to text (although posting multipart fragments of a warez file is still entirely possible).
Unbreakable toys can be used to break other toys.
Here we are at /. discussing a tool that has obviously been crafted to help encourage online collaboration without enabling the D00DZ who want to distribute WAREZ. What are the first reactions?
It sucks cuz I can't distribute illegal files
It just makes the suits who are concerned about abuse say "See: we told you so. All they want to do is abuse it."
That's entirely the point. If you want to distribute LEGAL files then you don't need a system like this. You're assuming that a file being illegal means that it is a "bad" file. This is not necessarily the case, as what is legal may be dictated by malevolent (or at least not benevolent) forces.
Unbreakable toys can be used to break other toys.
Slashdot Article Lots of info.
--
Never trust anyone over 90000.
We just need a few bytes to index the starting and ending digits in pi where the song is located. Since pi is infinite and random, it's gotta be in there somewhere.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This is refreshing for 2 major reasons, it is actually backed by someone with major clout, namely AT&T.
Second, this system is out to provide a safehouse for truly free speech, and not to provide a safehouse for rampant piracy.
With the right development, I wouldn't be suprised if this could be developed into a robust information repository (Like the library in SnowCrash?) However, it will be interesting to see if it becomes popular because it won't attract those who are really just in it for the warez and mp3z.
-cpytel
- "Where did you here that?"
- "A bloke in the Publius told me."
Titter.(Quick reminder for the slow of brain a Pub is like a Bar, but British)
Thad
Thad
Since the pages can be retrieved with special (CGI based I think) URLs, they could probably be indexed by standart search engines
Many search engines (such as webcrawler) automatically throw out all URLs containing a ? because they don't want to waste the resources to index CGI.
---------------Adopt a bird today!
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
Yeah, this story was already posted...
Of all the comments to this story, the ones that get to me are the ones complaining about the lack of MP3s. People, we have enough Napster-like clones out there, we don't need any more! File-sharing programs are a Good Thing(tm), but because of programs like Napster, Gnutella, and Freenet, people see this programs as only being useful to MP3 traders and warez kiddies. The great thing about Publius is that it implements true free speech, i.e. the sharing of sensitive and critical information without fear of reprisal, without worrying about MP3 traders and warez kiddies. And because of that, maybe some people will get turned on to the idea of file-sharing programs, and will see them as something more than another road for piracy. It'll be interesting to see how this program will function down the road, and I hope it continues to develop.
Remember, just because you can't download a copy of AutoCAD or a Britney Spears CD from it doesn't make Publius useless. There's plenty of Napster-like programs out there, don't make Publius into another one.
--
--
The real Raunchola isn't cool enough to have any imposters
Ha-ha... well, then, it's perfect for porn!
(Trade secrets, product rumors, & illegal device compatibility descriptions - like DeCSS - will fit nicely, too.)
--
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
I love reading slashdot. It combines links to interesting, newsworthy articles WITH commentary. But I don't read all 500 posts about .NET, or DeCSS, or whatever. I read the highest scores first, because my time is valuable.
If Publius is to be effective, ie. getting me to read it as part of my routine, it NEEDS indexing, searching and moderating. The most valuable resource in the 21st century is going to be the attention of humans, specifically wealthy and educated humans. Think about it, that is what advertisers pay Billions of dollars a year for.
How is Publius going to attract and keep attention?
From their discussion of preventing "Denial of Service" attacks on Publius, which would also be effective against spammers:
"Publius, like all Web services, is susceptible to de-
nial of service attacks. An adversary could use Publius
to publish content until the disk space on all servers
is full. This could also affect other applications run-
ning on the same server. We take a simple measure of
limiting each publishing command to 100K. A better
approach would be to charge for space.
An interesting approach to this problem is a CPU
cycle based payment scheme known as Hash Cash
(http://www.cypherspace.org/~adam/hashcash/).
The idea behind this system is to require the publisher
to do some work before publishing. Thus, it becomes
difficult to efficiently fill the server disk. Hopefully,
the attack can be detected before the disk is full. In
Hash Cash, a client wishing to store a file on a par-
ticular server first requests a challenge string c and
a number, b, from that server. The client must find
another string, s, such that at least b bits of H(c . s)
match b bits of H(s) where H is a secure hash function
such as MD5 and "." is the concatenation operator.
That is, the client must find partial collisions in the
hash function.
The higher the value of b, the more time the client
requires to find a matching string. The client then
sends s to the server along with the file to be stored.
The server only stores the file if H(s) passes the b bit
matching test on H(c . s). Another scheme we are
considering is to limit, based on client IP address, the
amount of data that a client can store on a particular
Publius server within a certain period of time. While
not perfect, this raises the bar a bit, and requires the
attacker to exert more effort. We have not imple-
mented either of these protection mechanisms yet."
This will probably be considered a flame but I think it needs to be said.
/. readers say it key to the internet. No doubt eventually someone will make a wrapper so that mp3s and such can be put on Publius but that is not really a good thing.
Finally someone has produced a product that uses the technology Napster and Gnutella are based on to do something good. Despite what many proponents of Napster and Gnutella say, the main use of those programs is to get around having to pay for music and other electronic info like videos.
Some of the posts already on this board say "What is the use of this program?" Now we just have to split the mp3s into lots of little files. The people saying this apparently totally miss the purpose of this program. It is NOT to get music without paying for it. It is to help people communicate in an anonymous and secure way. Which many of the
I think it is great that a major corporation has helped to produce a product like this. Especially one that goes against what many government agencies want, that being anonymous, encrypted communications across the internet.
Just my $.02
Rich
No, it is not useless. It is designed for people with a REAL reason for being anonymous, yet wanting to spread information. For example, whistlerblowers, or people in countries with a less than perfect track record of censorship. It is not designed for pirates who want their MP3's (go to freenet for that sort of stuff).
There is also going to be a list of files which is found to be "interesting". I hope that there will be some way for users to decide what is interesting enough to be listed (possibly a moderation system?), but even if not, there will be a list of some sort. Yes, it will be eventually abused, but it's primary purpose isn't piracy, unlike certain other programs out there which will remain nameless.I actually think the 100k file limit is a good move. Yes, it's trivial to work around, but only for those with more nous than the average user of this sort of system.
Of the millions of Napsterites, I would guess that a very large percentage indeed wouldn't have the knowledge or - more importantly - the patience to take a really big file apart for posting or to bother to track down the whole thing and put it back together. Napster's great strength for copyright violation was that it was very, very easy to use indeed.
Adding a significant amount of ballsaching effort (whether assembling a dispersed file by hand or writing the script to do it) to the process of getting an MP3 or big piece of software is going to discourage the casual pirate, just as the trouble of getting through locked doors and windows and an alarm system will discourage the opportunist burglar.
In effect, it's likely to head Napster-style legal trouble off at the pass.
-- AndrewD
A Maze of Twisty Little Laws, All Different.
Okay, my first thought is about censorship.
It works a bit like Slashdot commenting, except the Publius people do the modding, not the users. They get this giant collection of anonymous pages, and they pick out a few and label them "interesting." Somebody posted in the C-Net article that this doesn't remove censorship, it merely transfers it to the Publius staff, allowing them to censor something by labeling it "uninteresting." Is this really true? Can you only reach the "interesting" sites? Or are "uninteresting" sites reachable but not advertised? Because the latter doesn't seem to be censorship to me, but the former clearly is.
My other thought is Filtering. They claim that this technology prevents censorship. Does the prevention lie in the fact that you can't filter these sites, or in the fact that you can't delete them, or what? Because they can easily be filtered, you just have to have a filtering program that interprets what it reads, like your browser does, then filters the end result, rather than the inital scripting. As for deletion, if the US wants it deleted, they can order AT&T to delete it just as they could if it was hosted normally. So what is it that they are actually accomplishing? I'm missing something.
As an Internet publisher myself, I'm a bit miffed as to what's going on here. Sure, I publish stuff about sports, which is not exactly Earth-shattering in terms of societal impact (though I can argue for its societal worth, mind you), but what seems weird to me is that this is a way to hide behind the computer screen.
Looking at the root of the name of Publius -- familiar with the Federalist Papers myself, because I have to soon explain why we made all those changes in the UAH SGA last year anyway -- I see their point, but societal change is more often brought about by grassroots efforts led by out-in-front, standard-bearing individuals.
To demonstrate my point, could the American Civil Rights movement have progressed without someone like Rev. Dr. Martin Luther King, Jr., marching? Sure, he could have sat in Atlanta (or Memphis, or Selma, or . . .) and written beautiful works on what was wrong with the oppression of "Negroes" in American society. I dare say his impact was strengthened by his visible action.
Heck, to take it to a whole other level, Jesus Christ himself could have just written a bunch of stuff, but I guarantee fewer people would be affected by Christianity -- whether you have a positive or negative view of it -- without some decisive action in there.
Anonymity breeds a small hair of distrust. If you're going to take over the world, you've got to have people's trust.
--
<><
-- Geof F. Morris
michael was here.
--
Secure servers: It is publicly known who runs the servers, but it can be kept private what server has what. In order to download something, I need to know where to get the key shares. The server doesn't know that. Also, a server can't know what it's hosting without the ability to download it. However, things are less secure in that all this means that if I know how to get something I know who is hosting it, and a govt. etc. could use an attack based on such. So servers are both more and less secure.
The last two are really just based on the document format and software architecture.
This was all written without knowledge of the code, and is jst my interpretation of the web site.
---
This is the kind of reaction that fuels the fires of distrust.
Here we are at /. discussing a tool that has obviously been crafted to help encourage online collaboration without enabling the D00DZ who want to distribute WAREZ. What are the first reactions?
It just makes the suits who are concerned about abuse say "See: we told you so. All they want to do is abuse it."
We shouldn't mindlessly rally around the suits just because they think it's cool. But, we shouldn't snub it because it's not made for warez distributors. Let's judge it on some other basis.
Paco is an employee of Tovaris, Inc. who speaks his own mind and not theirs.