I've seen several instances of this attack described, so I feel like I should address it briefly:
You pay for the storage you use in OceanStore. Read the paper, especially the part about Responsible Parties and the utility model. If you keep uploading random data into the system, you will end up with a large OceanStore bill at the end of the month.
Also, someone mentioned banding together with a bunch of friends and creating a little private OceanStore of their own. This is a great idea, and one that I (personally) am very fond of. Each of you give up two-thirds of your 200 GB disk (they'll be here in no time), and you get reliable, fault-tolerant, highly-available storage in return. In this case, if someone fills up the shared space, you and your other friends kick him out of the group.
Finally, you could take a MojoNation-type approach an introduce an arbitrary currency to pay each other for storage.
Our recently published paper, OceanStore: An Architecture for
Global-Scale Persistent Storage describes the system in more detail
and can be found on our publications
page.
The cost of data storage isn't the physical capacity - its the
management.
As one of the graduate students working on OceanStore, I should add a
little to this discussion.
Your point about data management being more expensive than the storage
itself is absolutely correct. OceanStore addresses this issue in several
ways:
First, we use replication and coding algorithms to ensure the integrity and
durability of data. Documents that are actively being written to are
managed by a group of servers participating in a Byzantine fault-tolerant
algorithm. This ensures that despite machine failure or compromise (of up
to approximately a third of the machines), your data is safe from loss and
corruption. It also provides availability, since from the algorithm's
point of view a failing server and an unavailable server are the same.
Data that is not actively being written is stored in Erasure-coded form
and spread across the system. A rate N Erasure code breaks an
object into Nb pieces, where b is the number of blocks in the
object. If any arbitraryb of these pieces can later be
recovered, the entire document can be reproduced. For example, with a rate
2 Erasure code, a 1 MB document will be broken into a number of blocks
totaling 2 MB in size, such that if any 1 MB of them can be recovered, the
whole document can be reproduced. Since each block can be stored on a
different server, this gives tremendous durability to data. It also takes
nice advantage of the fact that storage is cheaper than the management of
storage. I should also mention that we include algorithms which verify the integrity of the reconstructed data.
Second, OceanStore has an introspection system which manages the placement
of data throughout the system. While replication and coding keep data
safe, introspection moves data around for optimal locality. If your data
is across the world from you, you may not care that it is correct or
durable, since it takes so long to get at it. Introspection uses pattern
recognition techniques to discover what data is important to you and move
it or cache it near your current location. This removes the necessity of
paying administrators to discover this information and move the data
manually in order to improve the performance of the system.
Finally, in order to locate all of this constantly moving information,
OceanStore employs a two-tier location system which provides fast access to
nearby data and availability to far-away data.
Our recently published paper, OceanStore: An Architecture for
Global-Scale Persistent Storage describes these issues in more detail
and can be found on our publications
page.
I really just wrote an article about how security is hard, and involves a lot more than just software. User interfaces are particularly important. Anyway, I gave it a very doomsday title just to get more people to read it. I really wish I had something new to say.
...I'm sure this will sound redundant, too, but why not Latex? If you are currently using Word and Framemaker, Latex will give you all the same features without the bit rot. It converts to HTML as well as the other two, it has WYSIWYG interfaces (Lyx), and it is available on all platforms (AFAIK). If you use it with truetype fonts, it even looks a lot like the output you get from Framemaker and Word, except that your document will most likely be better structured. It does graphics, tables, and indices. It allows for multiple source files, all in plain text, meaning that it works great with CVS--a real benefit for development by a group. Perhaps best of all, you can use PDFlatex, which will turn the output into a PDF, including searchable text. Since (almost) all OSs can view PS or PDF, this gives you two great portable, printable output formats, and latex2html gives you a web version. Sounds like a winner to me.
...is that it's quoted in the academic literature on distributed systems. The original "worm" paper quotes it several times:
"The 'Worm' Programs--Early Experience with a Distributed Computation". John F. Shoch and Jon A. Hupp.
Communications of the ACM. Vol. 25, No. 3 (March 1982), pp. 172-180.
Even more fun, this line of research lead directly to the Morris Internet Worm, so the book actually predicts an event that eventually occurred on the real Internet. Crazy.
This is great news--an example of why it pays to have companies behind at least some of the distros. Now it's time for the community to do its part: keep lobbying all of the web sites using WMP and Quicktime to switch to RealPlayer. Even if they don't all change over, it shouldn't take many of them supporting Real to force Micro$oft and Apple to realize that they need to start supporting the Linux platform, too.
I have worked as a programmer for IBM and for Motorola, in both cases in the CAD departments, and I never felt worse off for not being a PE. If you want to work for the government, it's important, but other than that it's just a waste of your time and money. The exam has nothing to do with your job, and your employer knows it.
Everytime I see some Christian say "What does this have to do with the 10 Comandments?... Even if you are not a Christian, most of that stuff still applies. Murder is against the law..." etc., I wonder when the last time they actually read the Ten Commandments was. So, just to clear up the misunderstanding that seems to exist between us, I think I'll post them (from the KJ version, slightly shortened):
From the Book of Exodus:
20:3 Thou shalt have no other gods before me. 20:4 Thou shalt not make unto thee any graven image... 20:7 Thou shalt not take the name of the LORD thy God in vain... 20:8 Remember the sabbath day, to keep it holy. 20:12 Honour thy father and thy mother... 20:13 Thou shalt not kill. 20:14 Thou shalt not commit adultery. 20:15 Thou shalt not steal. 20:16 Thou shalt not bear false witness against thy neighbour. 20:17 Thou shalt not covet...
Now, I guess it is true that "most" of these apply to all of us (Americans at least), since the intentions of numbers 5-10 are more or less covered by our civil and criminal laws, but what about the first four?
Number 1: "Thou shalt have no other gods before me." -- What if I'm not Jewish, Christian, or Muslim? Aren't there something like 600 million Hindus in the world?
Number 2: "Thou shalt not make unto thee any graven image..." -- Hindus, again.
Number 3: "Thou shalt not take the name of the LORD thy God in vain..." -- What if he's not MY Lord? Does an atheist even have a "Lord"?
Number 4: "Remember the sabbath day, to keep it holy." -- Same objections at to 1-3.
So, given that many of the people reading this web page are non-Judeo-Christian-Muslim, I think it is true that MOST of these may apply to us, but at around 40% of them do not.
Other than your careless words in the first paragraph of your post, you seem to be a rather level-headed person. But it is the "most of that stuff still applies" attitude that gets the Ten Commandments posted on the walls of our state-separate-from-religion courts and school houses. Sure, we should teach kids that murder/adultery/theft/lying/jealousy are wrong and that listening to their parents is good, but do we need to do so in a "Thou shalt have no other gods before me." context? This may seem like nitpicking to some people, but anyone who is a member of any minority knows how different it feels to be on the other side--for the atheists and Hindus of us out here (not to mention the countless others of non-Judeo-Christian-Muslim origins), asking us to just live with the Ten Commandments solely on account of their second half is total crap. I'm not asking you to put up with the words of my gods (or lack thereof) posted in public places--don't ask me to put up with yours.
The IDC folks are only counting the number of Linux systems sold. What I'm wondering is whether this includes only those sold directly by Redhat, Caldera, etc., or whether they are also counting, say Debian shipments through LinuxMall, for instance. Anybody know?
"But the real reason I'm making an issue of this is not personal -- it's because we need to learn not to pull this kind of immature crap in public any more."
Maybe it's just me, but I like the fact that our community "pull[s] this kind of immature crap in public". As an employee of several companies which pulled it in private, let me tell you the public way is better. One of the best things about the way our hacker culture views software vis-a-vis the way Microsoft sees it is that we see it as a scientific enterprise, whereas they see it only as it effects their bottom line.
As a company, you want to present a unified face to the public, to look like everything is peachy and reassure the stockholders that their money is well invested. Science doesn't forgive that sort of crap, however. Science demands that you tell the truth, if you don't, other people will notice and call you on it.
I don't think Eric has sold us out. Certainly I don't think he intended to sell us out. But what I do think happened was that he became quite caught up in the (very) exciting prospect of Apple (of all companies) releasing the source code to OSX. I'm excited about that prospect, too. But the scientific rigor our community rightly prides itself for demands that we not give in to the power of our excitement.
Eric is not evil. But he did make a small mistake, and RMS and Bruce rightly called him on it. While keeping these kinds of things under the covers may make us look better in the popular press, secrecy will ultimately reduce us to being no better than the proprietary models we are fighting against. Only scientific rigor and openness will allow us to deliver a system that kicks the pants off Microsoft, et al.
I think it's sad that ESR is calling the APSL an Open Source (tm) license, even though it contains a termination clause which clearly violates the Open Source definition. We can clearly no longer trust the Open Source label.
Slashdot Mirror
You pay for the storage you use in OceanStore. Read the paper, especially the part about Responsible Parties and the utility model. If you keep uploading random data into the system, you will end up with a large OceanStore bill at the end of the month.
Also, someone mentioned banding together with a bunch of friends and creating a little private OceanStore of their own. This is a great idea, and one that I (personally) am very fond of. Each of you give up two-thirds of your 200 GB disk (they'll be here in no time), and you get reliable, fault-tolerant, highly-available storage in return. In this case, if someone fills up the shared space, you and your other friends kick him out of the group.
Finally, you could take a MojoNation-type approach an introduce an arbitrary currency to pay each other for storage.
Sean
Our recently published paper, OceanStore: An Architecture for Global-Scale Persistent Storage describes the system in more detail and can be found on our publications page.
Sean
As one of the graduate students working on OceanStore, I should add a little to this discussion.
Your point about data management being more expensive than the storage itself is absolutely correct. OceanStore addresses this issue in several ways:
First, we use replication and coding algorithms to ensure the integrity and durability of data. Documents that are actively being written to are managed by a group of servers participating in a Byzantine fault-tolerant algorithm. This ensures that despite machine failure or compromise (of up to approximately a third of the machines), your data is safe from loss and corruption. It also provides availability, since from the algorithm's point of view a failing server and an unavailable server are the same.
Data that is not actively being written is stored in Erasure-coded form and spread across the system. A rate N Erasure code breaks an object into Nb pieces, where b is the number of blocks in the object. If any arbitrary b of these pieces can later be recovered, the entire document can be reproduced. For example, with a rate 2 Erasure code, a 1 MB document will be broken into a number of blocks totaling 2 MB in size, such that if any 1 MB of them can be recovered, the whole document can be reproduced. Since each block can be stored on a different server, this gives tremendous durability to data. It also takes nice advantage of the fact that storage is cheaper than the management of storage. I should also mention that we include algorithms which verify the integrity of the reconstructed data.
Second, OceanStore has an introspection system which manages the placement of data throughout the system. While replication and coding keep data safe, introspection moves data around for optimal locality. If your data is across the world from you, you may not care that it is correct or durable, since it takes so long to get at it. Introspection uses pattern recognition techniques to discover what data is important to you and move it or cache it near your current location. This removes the necessity of paying administrators to discover this information and move the data manually in order to improve the performance of the system.
Finally, in order to locate all of this constantly moving information, OceanStore employs a two-tier location system which provides fast access to nearby data and availability to far-away data.
Our recently published paper, OceanStore: An Architecture for Global-Scale Persistent Storage describes these issues in more detail and can be found on our publications page.
Sean
I really just wrote an article about how security is hard, and involves a lot more than just software. User interfaces are particularly important. Anyway, I gave it a very doomsday title just to get more people to read it. I really wish I had something new to say.
-- Seifried
...I'm sure this will sound redundant, too, but why not Latex? If you are currently using Word and Framemaker, Latex will give you all the same features without the bit rot. It converts to HTML as well as the other two, it has WYSIWYG interfaces (Lyx), and it is available on all platforms (AFAIK). If you use it with truetype fonts, it even looks a lot like the output you get from Framemaker and Word, except that your document will most likely be better structured. It does graphics, tables, and indices. It allows for multiple source files, all in plain text, meaning that it works great with CVS--a real benefit for development by a group. Perhaps best of all, you can use PDFlatex, which will turn the output into a PDF, including searchable text. Since (almost) all OSs can view PS or PDF, this gives you two great portable, printable output formats, and latex2html gives you a web version. Sounds like a winner to me.
Debian still supports SPARC, see
http://www.debian.org/releases/stable/.
Even more fun, this line of research lead directly to the Morris Internet Worm, so the book actually predicts an event that eventually occurred on the real Internet. Crazy.
This is great news--an example of why it pays to have companies behind at least some of the distros. Now it's time for the community to do its part: keep lobbying all of the web sites using WMP and Quicktime to switch to RealPlayer. Even if they don't all change over, it shouldn't take many of them supporting Real to force Micro$oft and Apple to realize that they need to start supporting the Linux platform, too.
For what it's worth, I'm using the Debian version of ssh, installed from ssh 1.2.26-1.2 out of stable, and ssh -V reports:
SSH Version 1.2.26 [i586-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
So all of you with a stock Debian slink install should be okay. Does anyone know about the ssh version in potato (unstable)?
Sean
I have worked as a programmer for IBM and for Motorola, in both cases in the CAD departments, and I never felt worse off for not being a PE. If you want to work for the government, it's important, but other than that it's just a waste of your time and money. The exam has nothing to do with your job, and your employer knows it.
Sean
specifications are elegant and graceful, by necessity
You must be reading different specifications than the one I've been reading...
Sean
Everytime I see some Christian say "What does this have to do with the 10 Comandments? ... Even if you are not a Christian, most of that stuff still applies. Murder is against the law ..." etc., I wonder when the last time they actually read the Ten Commandments was. So, just to clear up the misunderstanding that seems to exist between us, I think I'll post them (from the KJ version, slightly shortened):
... ... ... ...
..." -- Hindus, again.
..." -- What if he's not MY Lord? Does an atheist even have a "Lord"?
From the Book of Exodus:
20:3 Thou shalt have no other gods before me.
20:4 Thou shalt not make unto thee any graven image
20:7 Thou shalt not take the name of the LORD thy God in vain
20:8 Remember the sabbath day, to keep it holy.
20:12 Honour thy father and thy mother
20:13 Thou shalt not kill.
20:14 Thou shalt not commit adultery.
20:15 Thou shalt not steal.
20:16 Thou shalt not bear false witness against thy neighbour.
20:17 Thou shalt not covet
Now, I guess it is true that "most" of these apply to all of us (Americans at least), since the intentions of numbers 5-10 are more or less covered by our civil and criminal laws, but what about the first four?
Number 1: "Thou shalt have no other gods before me." -- What if I'm not Jewish, Christian, or Muslim? Aren't there something like 600 million Hindus in the world?
Number 2: "Thou shalt not make unto thee any graven image
Number 3: "Thou shalt not take the name of the LORD thy God in vain
Number 4: "Remember the sabbath day, to keep it holy." -- Same objections at to 1-3.
So, given that many of the people reading this web page are non-Judeo-Christian-Muslim, I think it is true that MOST of these may apply to us, but at around 40% of them do not.
Other than your careless words in the first paragraph of your post, you seem to be a rather level-headed person. But it is the "most of that stuff still applies" attitude that gets the Ten Commandments posted on the walls of our state-separate-from-religion courts and school houses. Sure, we should teach kids that murder/adultery/theft/lying/jealousy are wrong and that listening to their parents is good, but do we need to do so in a "Thou shalt have no other gods before me." context? This may seem like nitpicking to some people, but anyone who is a member of any minority knows how different it feels to be on the other side--for the atheists and Hindus of us out here (not to mention the countless others of non-Judeo-Christian-Muslim origins), asking us to just live with the Ten Commandments solely on account of their second half is total crap. I'm not asking you to put up with the words of my gods (or lack thereof) posted in public places--don't ask me to put up with yours.
Thanks,
Sean
For a group of people who make a living largely because of the GPL, the O'Reilly folks sure seem ungrateful these days.
When will they freely license their manuals?
The IDC folks are only counting the number of Linux systems sold. What I'm wondering is whether this includes only those sold directly by Redhat, Caldera, etc., or whether they are also counting, say Debian shipments through LinuxMall, for instance. Anybody know?
"But the real reason I'm making an issue of this is not personal -- it's because we need to learn not to pull this kind of immature crap in public any more."
Maybe it's just me, but I like the fact that our community "pull[s] this kind of immature crap in public". As an employee of several companies which pulled it in private, let me tell you the public way is better. One of the best things about the way our hacker culture views software vis-a-vis the way Microsoft sees it is that we see it as a scientific enterprise, whereas they see it only as it effects their bottom line.
As a company, you want to present a unified face to the public, to look like everything is peachy and reassure the stockholders that their money is well invested. Science doesn't forgive that sort of crap, however. Science demands that you tell the truth, if you don't, other people will notice and call you on it.
I don't think Eric has sold us out. Certainly I don't think he intended to sell us out. But what I do think happened was that he became quite caught up in the (very) exciting prospect of Apple (of all companies) releasing the source code to OSX. I'm excited about that prospect, too. But the scientific rigor our community rightly prides itself for demands that we not give in to the power of our excitement.
Eric is not evil. But he did make a small mistake, and RMS and Bruce rightly called him on it. While keeping these kinds of things under the covers may make us look better in the popular press, secrecy will ultimately reduce us to being no better than the proprietary models we are fighting against. Only scientific rigor and openness will allow us to deliver a system that kicks the pants off Microsoft, et al.
Honest men have nothing to fear from the truth.
Sean
I think it's sad that ESR is calling the APSL an Open Source (tm) license, even though it contains a termination clause which clearly violates the Open Source definition. We can clearly no longer trust the Open Source label.
> Well. . . If Intuit would ever port Quicken!!!!
Try out GnuCash sometime. Not bad functionality and imports QIF files.