Encryption simply protects data in transit from interception and alteration. It dosn't verify the data being sent actually is the data it claims to be.
Public/Private key encryption is an excellent form of authentication. Check out PGP. Or better yet, GPG.
this proposal is vaguely interesting to me. I need more info to run it through a security model though.
This was my take, as well.
One detail you omitted to mention is that the system will have access to many different government databases. It is not obvious to me how this offers any additional advantages in the way of verification (other than the obvious check to make sure that the subject is still alive), but it does set off my "major privacy concerns" alarm.
The article seemed to suggest that an ID number used by the power company would be used as a sort of "universal id", but didn't offer any details as to how this would work (and why it would offer any more protection than any other kind of identifier). What's to keep someone from digging through somebody's garbage to obtain their ID from their electric bill? And what about people who don't have their own electric accounts?
It seems to me that with all the nifty encryption technology now available, Big Brother attempts like this could do a better job of preventing fraud than just coming up with another global id scheme.
Anybody have any pointers to more detailed descriptions of this plan?
I'm not bothered which is the best solution, the point is there's no mailserver side tricks being employed at the moment.
Sure there are! Everything from RBLs and phony IP addresses to source address and header analysis. Believe me, sysadmins are definitely into punishment!
You think "scumbag" is a bit harsh
Not at all;-)
Nobody will risk the stability of their servers by kludging together 4 or 5 spam systems together now will they?
Actually, I wasn't necessarily referring to combining systems, but rather to combining algorithms. Even so, some of the systems I've seen are extensible: Tarpit, for example, will let you hook up your own classifier. SpamAssassin can work with a Vipul's Razor system and now also includes bayesian filtering.
Also, with a flexible system like qmail it's pretty easy to modify the part of the system that receives messages without risking the stability of your server. It should be pretty straightforward to hack together something that does combine several approaches, including realtime throttling of suspected spammers. In fact, I've lately been considering doing something like that on my company's mailserver.
This is a fix for a particular symptom of the problem. It handles only the case of one agent delivering lots of messages to the same server.
Like the man said, spammers vs. anti-spam solutions is an arms race - spammers will find a way to work around methods to keep them out. In the case that you have proposed, the work-around is simple: don't deliver all your messages to the same host in close proximity.
A better solution based on a similar concept is Vipul's Razor. This is based on the idea that spammers usually send the same message to thousands of recipients, so if the same message is received by a bunch of different and apparently unrelated accounts, it's probably spam. [and of course, the work-around for this is to vary your message slightly for each recipient]
Another issue is that all of the solutions that are now in use (except possibly the Tarpit solution) only shield the end user from spam: they don't address the burden placed on the network infrastructure.
So bottom line is, there's lots of little tricks like the one that you have suggested that can be used (separately and combined) to mitigate this problem, but (as you've indicated) they won't solve it.
I don't think so.. I think the author is basically saying that people choose conservatively and are annoyed by innovations that don't actually add value
The author points to two examples (microchannel bus and Motorola 68K) which did, in fact, add value but were not widely accepted because of the cost of adopting an incompatible new technology.
More generally, he also discusses how it is easy to introduce innovation that improves a technology given the experience of that technology (the 20/20 hindsight rule) and talks about the circumstances in which an incompatible standard has produced a market shift. That said, this article appears to me to be about the trade-off of innovation versus established standards, a concept that should be pretty obvious to most/. readers.
But you're right about there being nothing about "pointless innovation" in the article, which gets back to the part of the point I was originally trying to make: where the hell did this headline come from?
You can deviate, but only if you don't force people to throw away everything else to get there.
There's also the issue of introducing innovations that "pollute" the standard in an attempt to hijack it, as one company often discussed on/. has been prone to do.
... that/. now has on the same page a report of the 50 year anniversary of the discovery of DNA and another report of the construction of a super-computer from DNA.
50 years from discovery to super-computer technology. Can you say "accelerating returns"? Can ya? Sure you can!
... I've started reading this book and it's pretty damned good. It is reminiscent of Varley or Gibson in terms of the possibilities that it presents for extending humanity, although the writing is a little weak.
I personally have spent a lot of time pondering the question "how do we become gods and what do we do when we get there," it's clear to me that Mr. Williams has also and I'm enjoying reading this particular manifestation of that idea.
Haven't read the Ellison book, but I agree with you on "Colossus".
In retrospect, I think the Colossus books (the sequel was _The Fall of Colossus_, describing how Colossus was ultimately undermined by aliens working with the creator of Colossus) were pretty insightful for their time (late 60's early 70's). Or maybe they were just a reaction to the introduction of computers to the general consciousness and a fear that computers would take over the world.
As Eliezer Yudkowsky wrote (speaking specifically of nanotech but in the context of a paper on the Singularity):
The problem with people expounding their Utopian visions of a nanotech world is that their consequences aren't wild enough. Looking at stories of instantly healing wounds, or any material object being instantly available, doesn't give you the sense of looking into the future. It gives you the sense that you're looking into an unimaginative person's childhood fantasy of omnipotence, and that predisposes you to treat nanotechnology the same way. Worse, it attracts other people with unimaginative fantasies of omnipotence. There's no better way to turn into a bunch of parlor pinks, sipping coffee and planning the Revolution without actually doing anything.
(see the complete article which puts forth a good case for why the Singularity is inevitable and why we should try to hasten it)
It's like dogs speculating that if they were as smart as humans they could plant more trees to piss on.
I wish that were true, but I'm afraid it will take longer than one day. These systems are networks... that means that if one person upgrades, he either becomes incompatible with everyone else (if the new system supports only SSL) or just as vulnerable to snooping as the result of non-SSL peers (if the system supports both SSL and the original unencrypted protocol).
SSL versions of POP and IMAP have been around for years now, but in every case I've seen, people are using the unencrypted versions of the protocol. Unfortunately, most people don't see the value of encryption.
OTOH, in the smaller context of a University, it would be much easier to rally around the goal of encrypted p2p, especially when threatened by surveillance.
Lot's of parents plot their kids in front of the household baby sitter the good ole' T.V. Imagine walking in to the room and seeing some cartoon say "Sweet Zombie Jesus!".
Except that this is during their "Adult Swim" cartoon time, throughout which parents are "strongly cautioned" about the adult content of the programs.
There's lots of material during these shows that could be considered offensive, why single out "taking the Lord's name in vain?"
The statement that If you have an institution managing a common resource, then it's not a commons is not consistent with the standard usage of the term, at least as it used by academics and public policy analysts.
Perhaps not, but the definition that you have offered is not consistent with what most people seem to mean when we talk about "the tragedy of the commons". Specifically, we are talking about resources that are "open access" - like a field for grazing - in which it benefits every player to try to get the most for himself, regardless of the fact that their collective action is not in anyone's best interest.
As to the benefits of introducing market-mechanisms into the internet, I would pose the following question: how many viruses, worms, etc. would we expect to see released in an environment where there was a potential monetary payoff for such actions?
First of all, there are already market mechanisms on the internet. My company is right now in the process of switching ISPs, discarding a more expensive alternative for what we believe will be a cheaper one. Many believe that introducing these mechanisms into the underlying protocols will create further incentive to build more bandwidth. If you are concerned about this creating an incentive for bandwidth providers to engineer worms to cause their customers to use more of their bandwidth, I would point out that there are a huge number of cases where customers are already being charged based on bandwidth consumed and there is no evidence that bandwidth providers are doing these kinds of things now.
Enron made a huge mess of the electricity markets in California, partly through fraud and deceit, but mainly because the people who designed the rules of the market didn't think the problem through.
Not because they (the California Government) didn't think it through (they clearly did plenty of thinking) but because in fact they didn't deregulate the electric market. They placed price caps on the consumer end while allowing energy producers to raise their prices, they forbade the production of new power plants, they forbade the formation of contracts between producers and carriers and then when the whole thing went to hell they turned around and blamed the companies.
Please do not cite the California electric markets as an example of free markets (and don't cite the new Russia either - hard to do business when you are still stuck between the Mafia and the Bureaucrats).
what is needed is institutions that effectively manage common resources
If you have an institution managing a common resource, then it's not a commons: it is a resource that is effectively owned by the institution.
be very very careful when introducing monetary incentives into a system that has previously relied on cooperation and cultural norms.
The internet may have been small enough to rely on cooperation and cultural norms at one time, but I submit that this has not been so in many years.
Communal approaches to management of shared resources tend to be adopted by very small communities - in cases like these, everybody knows everybody else and if you screw up you're going to hear about it from your neighbors (or tribal chieftans).
Market-based systems, by contrast, are much more scalable - they tend to work better in situations where you have millions of neighbors because instead of relying on altruism (which tends to thin out after 2 degrees of separation), they rely on self interest (which pretty much stays constant no matter who you're dealing with). What kind of system do you think will work best for the global internet?
What you want is to be able to call people up using a hostname. Constructing host names from a phone number is practically a step backwards.
One reason why we use host names instead of IP addresses is that most people find them easier to remember.
Another reason is that IP addresses (much like telephone numbers) are subject to change - by using a host name we are isolating ourselves from a more volatile part of the system.
I want to be able to contact people no matter what phone number they're attached to through a name, just as I would their web page. There's no good technical reason at this point not to view telephony as any other network service.
Programmers have to consider subsystems as abstractions: there's a limit to how many things the brain can deal with at one time. We know that this kind of thinking produces cleaner designs which are less susceptible to bugs and security holes.
Knowing the limitations of the "black box" and what will break the abstraction is the product of lots and lots of experience. I don't believe there's any way to teach this - it's something that you just have to live through.
That's why senior level developers can continue to justify their existence (and higher price tags)!
Hello World written in Java2 requires 9M for this most basic support infrastructure. By comparison, this is slightly larger than automountd on Solaris8. The Python runtime required to execute Hello World is roughly 1.6M.
I found this interesting because this is a key reason why I personally favor Python over Java for my own projects.
I'm also curious as to how the IEEE article came up with a "rough parity in performance". Java > 1.3 seems to be more on par with compiled-to-machine-code languages in terms of speed.
One consideration with Python is that a lot of the computationally intensive operations are implemented in the underlying C code - for example, I did one benchmark once that showed massive amounts of string concatenations to be much faster under Python.
This concept is applicable for lots of python code - essentially, we do "manual hot-spot optimization" by rewriting the heavy stuff in C.
Re:Python is distributed?
on
.NET or CORBA?
·
· Score: 1
So would this patent apply to video/audio streamed over a hardware compressed modem?
From the abstract, it doesn't look like it should apply to compression over IP at all: it describes a system for compression video/audio over standard telephone, cable or satellite broadcast channels.
Slashdot Mirror
Encryption simply protects data in transit from interception and alteration. It dosn't verify the data being sent actually is the data it claims to be.
Public/Private key encryption is an excellent form of authentication. Check out PGP. Or better yet, GPG.
this proposal is vaguely interesting to me. I need more info to run it through a security model though.
This was my take, as well.
One detail you omitted to mention is that the system will have access to many different government databases. It is not obvious to me how this offers any additional advantages in the way of verification (other than the obvious check to make sure that the subject is still alive), but it does set off my "major privacy concerns" alarm.
The article seemed to suggest that an ID number used by the power company would be used as a sort of "universal id", but didn't offer any details as to how this would work (and why it would offer any more protection than any other kind of identifier). What's to keep someone from digging through somebody's garbage to obtain their ID from their electric bill? And what about people who don't have their own electric accounts?
It seems to me that with all the nifty encryption technology now available, Big Brother attempts like this could do a better job of preventing fraud than just coming up with another global id scheme.
Anybody have any pointers to more detailed descriptions of this plan?
I'm not bothered which is the best solution, the point is there's no mailserver side tricks being employed at the moment.
;-)
Sure there are! Everything from RBLs and phony IP addresses to source address and header analysis. Believe me, sysadmins are definitely into punishment!
You think "scumbag" is a bit harsh
Not at all
Nobody will risk the stability of their servers by kludging together 4 or 5 spam systems together now will they?
Actually, I wasn't necessarily referring to combining systems, but rather to combining algorithms. Even so, some of the systems I've seen are extensible: Tarpit, for example, will let you hook up your own classifier. SpamAssassin can work with a Vipul's Razor system and now also includes bayesian filtering.
Also, with a flexible system like qmail it's pretty easy to modify the part of the system that receives messages without risking the stability of your server. It should be pretty straightforward to hack together something that does combine several approaches, including realtime throttling of suspected spammers. In fact, I've lately been considering doing something like that on my company's mailserver.
This is a fix for a particular symptom of the problem. It handles only the case of one agent delivering lots of messages to the same server.
Like the man said, spammers vs. anti-spam solutions is an arms race - spammers will find a way to work around methods to keep them out. In the case that you have proposed, the work-around is simple: don't deliver all your messages to the same host in close proximity.
A better solution based on a similar concept is Vipul's Razor. This is based on the idea that spammers usually send the same message to thousands of recipients, so if the same message is received by a bunch of different and apparently unrelated accounts, it's probably spam. [and of course, the work-around for this is to vary your message slightly for each recipient]
Another issue is that all of the solutions that are now in use (except possibly the Tarpit solution) only shield the end user from spam: they don't address the burden placed on the network infrastructure.
So bottom line is, there's lots of little tricks like the one that you have suggested that can be used (separately and combined) to mitigate this problem, but (as you've indicated) they won't solve it.
I don't think so.. I think the author is basically saying that people choose conservatively and are annoyed by innovations that don't actually add value
/. readers.
The author points to two examples (microchannel bus and Motorola 68K) which did, in fact, add value but were not widely accepted because of the cost of adopting an incompatible new technology.
More generally, he also discusses how it is easy to introduce innovation that improves a technology given the experience of that technology (the 20/20 hindsight rule) and talks about the circumstances in which an incompatible standard has produced a market shift. That said, this article appears to me to be about the trade-off of innovation versus established standards, a concept that should be pretty obvious to most
But you're right about there being nothing about "pointless innovation" in the article, which gets back to the part of the point I was originally trying to make: where the hell did this headline come from?
You can deviate, but only if you don't force people to throw away everything else to get there.
/. has been prone to do.
There's also the issue of introducing innovations that "pollute" the standard in an attempt to hijack it, as one company often discussed on
The gist of this article seems to be that it is innovations that deviate from established standards, rather than innovation per se, that are harmful.
This is pretty much a no-brainer at this point in time.
... that AOL would launch an online music system that didn't involve mailing out CD's, did you?
... that /. now has on the same page a report of the 50 year anniversary of the discovery of DNA and another report of
the construction of a super-computer from DNA.
50 years from discovery to super-computer technology. Can you say "accelerating returns"? Can ya? Sure you can!
... I've started reading this book and it's pretty damned good. It is reminiscent of Varley or Gibson in terms of the possibilities that it presents for extending humanity, although the writing is a little weak.
I personally have spent a lot of time pondering the question "how do we become gods and what do we do when we get there," it's clear to me that Mr. Williams has also and I'm enjoying reading this particular manifestation of that idea.
Haven't read the Ellison book, but I agree with you on "Colossus".
In retrospect, I think the Colossus books (the sequel was _The Fall of Colossus_, describing how Colossus was ultimately undermined by aliens working with the creator of Colossus) were pretty insightful for their time (late 60's early 70's). Or maybe they were just a reaction to the introduction of computers to the general consciousness and a fear that computers would take over the world.
So, what you're saying is: John Carmack is the singularity!
Hmmmm... The possibilities for what post-singularity existence will be like just got significantly more disturbing.
As Eliezer Yudkowsky wrote (speaking specifically of nanotech but in the context of a paper on the Singularity):
The problem with people expounding their Utopian visions of a nanotech world is that their consequences aren't wild enough. Looking at stories of instantly healing wounds, or any material object being instantly available, doesn't give you the sense of looking into the future. It gives you the sense that you're looking into an unimaginative person's childhood fantasy of omnipotence, and that predisposes you to treat nanotechnology the same way. Worse, it attracts other people with unimaginative fantasies of omnipotence. There's no better way to turn into a bunch of parlor pinks, sipping coffee and planning the Revolution without actually doing anything.
(see the complete article which puts forth a good case for why the Singularity is inevitable and why we should try to hasten it)
It's like dogs speculating that if they were as smart as humans they could plant more trees to piss on.
This new technology will last for about 1 day.
I wish that were true, but I'm afraid it will take longer than one day. These systems are networks... that means that if one person upgrades, he either becomes incompatible with everyone else (if the new system supports only SSL) or just as vulnerable to snooping as the result of non-SSL peers (if the system supports both SSL and the original unencrypted protocol).
SSL versions of POP and IMAP have been around for years now, but in every case I've seen, people are using the unencrypted versions of the protocol. Unfortunately, most people don't see the value of encryption.
OTOH, in the smaller context of a University, it would be much easier to rally around the goal of encrypted p2p, especially when threatened by surveillance.
Lot's of parents plot their kids in front of the household baby sitter the good ole' T.V. Imagine walking in to the room and seeing some cartoon say "Sweet Zombie Jesus!".
Except that this is during their "Adult Swim" cartoon time, throughout which parents are "strongly cautioned" about the adult content of the programs.
There's lots of material during these shows that could be considered offensive, why single out "taking the Lord's name in vain?"
The statement that If you have an institution managing a common resource, then it's not a commons is not consistent with the standard usage of the term, at least as it used by academics and public policy analysts.
Perhaps not, but the definition that you have offered is not consistent with what most people seem to mean when we talk about "the tragedy of the commons". Specifically, we are talking about resources that are "open access" - like a field for grazing - in which it benefits every player to try to get the most for himself, regardless of the fact that their collective action is not in anyone's best interest.
As to the benefits of introducing market-mechanisms into the internet, I would pose the following question: how many viruses, worms, etc. would we expect to see released in an environment where there was a potential monetary payoff for such actions?
First of all, there are already market mechanisms on the internet. My company is right now in the process of switching ISPs, discarding a more expensive alternative for what we believe will be a cheaper one. Many believe that introducing these mechanisms into the underlying protocols will create further incentive to build more bandwidth. If you are concerned about this creating an incentive for bandwidth providers to engineer worms to cause their customers to use more of their bandwidth, I would point out that there are a huge number of cases where customers are already being charged based on bandwidth consumed and there is no evidence that bandwidth providers are doing these kinds of things now.
Enron made a huge mess of the electricity markets in California, partly through fraud and deceit, but mainly because the people who designed the rules of the market didn't think the problem through.
Not because they (the California Government) didn't think it through (they clearly did plenty of thinking) but because in fact they didn't deregulate the electric market. They placed price caps on the consumer end while allowing energy producers to raise their prices, they forbade the production of new power plants, they forbade the formation of contracts between producers and carriers and then when the whole thing went to hell they turned around and blamed the companies.
Please do not cite the California electric markets as an example of free markets (and don't cite the new Russia either - hard to do business when you are still stuck between the Mafia and the Bureaucrats).
Then when those who rely on the commons take up arms to keep out people who want to use them differently, what do we call them?
;-)
Homeowners organizations!
what is needed is institutions that effectively manage common resources
If you have an institution managing a common resource, then it's not a commons: it is a resource that is effectively owned by the institution.
be very very careful when introducing monetary incentives into a system that has previously relied on cooperation and cultural norms.
The internet may have been small enough to rely on cooperation and cultural norms at one time, but I submit that this has not been so in many years.
Communal approaches to management of shared resources tend to be adopted by very small communities - in cases like these, everybody knows everybody else and if you screw up you're going to hear about it from your neighbors (or tribal chieftans).
Market-based systems, by contrast, are much more scalable - they tend to work better in situations where you have millions of neighbors because instead of relying on altruism (which tends to thin out after 2 degrees of separation), they rely on self interest (which pretty much stays constant no matter who you're dealing with). What kind of system do you think will work best for the global internet?
Yes, we call those institutions "governments".
We call them "governments" when they stand around the commons with guns and tell everyone what they can and cannot do.
When they arise spontaneously out of agreements between those who rely on the commons, we call them "free markets".
What you want is to be able to call people up using a hostname. Constructing host names from a phone number is practically a step backwards.
One reason why we use host names instead of IP addresses is that most people find them easier to remember.
Another reason is that IP addresses (much like telephone numbers) are subject to change - by using a host name we are isolating ourselves from a more volatile part of the system.
I want to be able to contact people no matter what phone number they're attached to through a name, just as I would their web page. There's no good technical reason at this point not to view telephony as any other network service.
... but the lack of experience.
Programmers have to consider subsystems as abstractions: there's a limit to how many things the brain can deal with at one time. We know that this kind of thinking produces cleaner designs which are less susceptible to bugs and security holes.
Knowing the limitations of the "black box" and what will break the abstraction is the product of lots and lots of experience. I don't believe there's any way to teach this - it's something that you just have to live through.
That's why senior level developers can continue to justify their existence (and higher price tags)!
One other point from the article:
Hello World written in Java2 requires 9M for this most basic support infrastructure. By comparison, this is slightly larger than automountd on Solaris8. The Python runtime required to execute Hello World is roughly 1.6M.
I found this interesting because this is a key reason why I personally favor Python over Java for my own projects.
I'm also curious as to how the IEEE article came up with a "rough parity in performance". Java > 1.3 seems to be more on par with compiled-to-machine-code languages in terms of speed.
One consideration with Python is that a lot of the computationally intensive operations are implemented in the underlying C code - for example, I did one benchmark once that showed massive amounts of string concatenations to be much faster under Python.
This concept is applicable for lots of python code - essentially, we do "manual hot-spot optimization" by rewriting the heavy stuff in C.
And that's not to mention a host of less common Distributed Object systems (some python only, some not).
;-).
DOPY is my personal favorite
So would this patent apply to video/audio streamed over a hardware compressed modem?
From the abstract, it doesn't look like it should apply to compression over IP at all: it describes a system for compression video/audio over standard telephone, cable or satellite broadcast channels.