Can you describe how vulnerable Freenet is to distributed input flood attacks? I'm particularly concerned about coordinated attacks using large numbers of submissions (to large numbers of Freenet hosts) followed immediately by requests which bump those submissions to the top of the stack. It seems to me that it would be fairly easy (comparable to DDoS attacks we've seen) to completely flush the system of any old submissions in this way.
The FAQ doesn't go into detail about this, nor could I find a discussion in the archives that fully answers this question.
Also, what do you think about this possible solution: a system which offers a fixed amount of storage space to those who provide servers. For example, if I added a server with 4 GB of storage to the Freenet then I would receive a cryptographic token which would entitle me to anonymously store 4 GB (minus quite a bit of overhead) in the system.
There are some obvious hurdles to overcome in order to implement this idea (such as what to do when servers disappear), but I think that the basic idea of tying submissions to storage quotas based on actual storage availability is worth considering.
In addition to all the good information above, especially the Open Group links. It's worth noting that "UNIX" is commonly used to mean "UNIX-like". Thus Linux is often considered a flavor of UNIX, though not officially.
but I've never actually telecommuted full-time. As an IT consultant/contractor, I've found many opportunities to assist clients from my home office. This includes a great deal of system administration work that I've done remotely.
At least one person mentioned above that sysadmins can't get by without physical access. That is simply not true. Many servers can be set up in such a way as to allow full remote sysadmin capability. I do it all the time with HP-UX systems. I've done quite a bit of work for one client whose site I haven't set foot on in over a year.
You need a few things to be able to do this:
on-site network support
a separate hardware support contract and/or the ability for the sysadmin to get to the site in a reasonable amount of time
a remote console system (like HP's Secure (ha!) Web Consoles).
It also helps to have well-designed, sufficiently redundant systems to maintain whatever level of service is required by the end users.
That said, it's almost always a good idea to make an appearance once in a while for some scheduled maintenance or to just let people know you're alive. It helps to let yourself know you're alive too.:-)
There are plenty of companies that can meet the above requirements and hire telecommuting sysadmins. Some of them (especially those with too few servers to justify a full-time position) prefer to hire contractors like me.
The basis of this suit is the notion that people are the products of their environment, which I think is partly true. However, a person's environment consists of some elements which are the individual's choice and other elements over which he has little or no control. For example, I would guess that the young man who killed those three students had a great deal of control over which video games he played but had very little control over how his parents treated him when he was very young. (I could say the exact same thing about myself.)
Placing this kind of blame on environmental factors which were chosen by the individual demonstrates a complete inorance of either the basic existence of free will itself or the distinction I made in the above paragraph.
The real tragedy is that, regardless of the upbringing of the murderer, the parents of all three of his victims are so ignorant.
Additionally, this system has the benefit of providing a finite amount of future-default-score-enhancement for each instance of moderation. (Does that make any sense?) Like the averaging idea mentioned earlier, it rewards quality rather than quantity. For example, if this post gets moderated up, I would gain the ability to boost the score of a later post. If, however, I don't maintain the quality of my contributions, I would run out of bonus points quickly.
On the other hand, the steady state of this system would have excellent posters running out of bonus points even when they have good things to say (assuming that posts with self-boosted scores will not tend to be moderated up even further). I think I would prefer something like the averaging system with the addition of a low score posting option. However, I think this aspect of the score pool idea is worth considering.
>Your system might work if the points awarded >just for posting were included in the >calculation. Then the initial value would just >be an average of all the other posts you've ever >made (not a bad idea, IMHO).
I think that is exactly what was suggested.
I also agree that a system which rewards quality over quantity would be appropriate. After all, it seems that the overall goal of the moderation system is to provide readers with the option to view just the best of the comments (not the opinions of overactive users who may or may not have worthwhile arguments). I think an averaging system as suggested above would reward quality and keep the range of scores quite stable.
I would love to see some sort of user based rating system incorporated into the comment scoring. This would provide a great incentive for people to write consistently good comments. It would also satisfy the need for rapid comment scoring (before the moderators get a chance to read through all the fresh comments on a hot topic).
Possible implementation:
You're already keeping track of the net moderation value (NMV) of each user. Simply have the initial score of a particular user's comments based on something like the following formula (which only works for NMV > 0):
initial score = log(NMV)/log(5)
I'm sure there are plenty of better formulas, (and I'm having a hard time remembering algabraic rules for logarithms:) but the general idea is to make it increasingly difficult to get to higher default scores.
I imagine this has been discussed to death in the past, but I think it's worth suggesting that users be allowed to create anonymous user accounts instead of having to be ACs. I think this would be especially important in the event that any sort of user based scoring is performed. This also allows anonymous users to have their own preferences (which is rapidly becoming more desirable).
To Rob (and other influential/.ers):
I hope you'll come back to this article in a couple days and read through every comment. I know there will be a ton of them, but there are already a huge number of great suggestions and comments. I especially like some of the ideas about scored threading and absolute minimum values for comment scores (and user scores, if implemented).
I haven't worked with a Beowulf cluster, nor do I have any measurable experience with High Performance Computing (MPP, etc.). However, it is my understanding that software must be specifically written (or painstakingly ported) to take advantage of the parallelism of a Beowulf Class Cluster. I'm quite sure that Oracle has not been ported to Beowulf at this time. In fact, I expect that it would be very difficult to create a relational database which takes full advantage of the power of a Beowulf.
Does anyone know if any such databases exist? For that matter, does any significant software exist for the Beowulf that would be useful for businesses (besides R&D)?
The fact that Tom went so far as to use the word, "hypocritical," is precisely why this is news. Finally, a prominent contributer in the open source community has the balls to call RMS what he is.
The FSF gave us the GPL. Perhaps now they should read it.
Slashdot Mirror
Can you describe how vulnerable Freenet is to distributed input flood attacks? I'm particularly concerned about coordinated attacks using large numbers of submissions (to large numbers of Freenet hosts) followed immediately by requests which bump those submissions to the top of the stack. It seems to me that it would be fairly easy (comparable to DDoS attacks we've seen) to completely flush the system of any old submissions in this way.
The FAQ doesn't go into detail about this, nor could I find a discussion in the archives that fully answers this question.
Also, what do you think about this possible solution: a system which offers a fixed amount of storage space to those who provide servers. For example, if I added a server with 4 GB of storage to the Freenet then I would receive a cryptographic token which would entitle me to anonymously store 4 GB (minus quite a bit of overhead) in the system.
There are some obvious hurdles to overcome in order to implement this idea (such as what to do when servers disappear), but I think that the basic idea of tying submissions to storage quotas based on actual storage availability is worth considering.
Thanks for sharing your thoughts!
Mike Ossmann
In addition to all the good information above, especially the Open Group links. It's worth noting that "UNIX" is commonly used to mean "UNIX-like". Thus Linux is often considered a flavor of UNIX, though not officially.
but I've never actually telecommuted full-time. As an IT consultant/contractor, I've found many opportunities to assist clients from my home office. This includes a great deal of system administration work that I've done remotely.
At least one person mentioned above that sysadmins can't get by without physical access. That is simply not true. Many servers can be set up in such a way as to allow full remote sysadmin capability. I do it all the time with HP-UX systems. I've done quite a bit of work for one client whose site I haven't set foot on in over a year.
You need a few things to be able to do this:
It also helps to have well-designed, sufficiently redundant systems to maintain whatever level of service is required by the end users.
That said, it's almost always a good idea to make an appearance once in a while for some scheduled maintenance or to just let people know you're alive. It helps to let yourself know you're alive too. :-)
There are plenty of companies that can meet the above requirements and hire telecommuting sysadmins. Some of them (especially those with too few servers to justify a full-time position) prefer to hire contractors like me.
Michael Ossmann
Ossmann Consulting
The basis of this suit is the notion that people are the products of their environment, which I think is partly true. However, a person's environment consists of some elements which are the individual's choice and other elements over which he has little or no control. For example, I would guess that the young man who killed those three students had a great deal of control over which video games he played but had very little control over how his parents treated him when he was very young. (I could say the exact same thing about myself.)
Placing this kind of blame on environmental factors which were chosen by the individual demonstrates a complete inorance of either the basic existence of free will itself or the distinction I made in the above paragraph.
The real tragedy is that, regardless of the upbringing of the murderer, the parents of all three of his victims are so ignorant.
Additionally, this system has the benefit of providing a finite amount of future-default-score-enhancement for each instance of moderation. (Does that make any sense?) Like the averaging idea mentioned earlier, it rewards quality rather than quantity. For example, if this post gets moderated up, I would gain the ability to boost the score of a later post. If, however, I don't maintain the quality of my contributions, I would run out of bonus points quickly.
On the other hand, the steady state of this system would have excellent posters running out of bonus points even when they have good things to say (assuming that posts with self-boosted scores will not tend to be moderated up even further). I think I would prefer something like the averaging system with the addition of a low score posting option. However, I think this aspect of the score pool idea is worth considering.
I'll Stop Rambling Now,
Mike
>Your system might work if the points awarded
>just for posting were included in the
>calculation. Then the initial value would just
>be an average of all the other posts you've ever
>made (not a bad idea, IMHO).
I think that is exactly what was suggested.
I also agree that a system which rewards quality over quantity would be appropriate. After all, it seems that the overall goal of the moderation system is to provide readers with the option to view just the best of the comments (not the opinions of overactive users who may or may not have worthwhile arguments). I think an averaging system as suggested above would reward quality and keep the range of scores quite stable.
I would love to see some sort of user based rating system incorporated into the comment scoring. This would provide a great incentive for people to write consistently good comments. It would also satisfy the need for rapid comment scoring (before the moderators get a chance to read through all the fresh comments on a hot topic).
:) but the general idea is to make it increasingly difficult to get to higher default scores.
/.ers):
Possible implementation:
You're already keeping track of the net moderation value (NMV) of each user. Simply have the initial score of a particular user's comments based on something like the following formula (which only works for NMV > 0):
initial score = log(NMV)/log(5)
I'm sure there are plenty of better formulas, (and I'm having a hard time remembering algabraic rules for logarithms
I imagine this has been discussed to death in the past, but I think it's worth suggesting that users be allowed to create anonymous user accounts instead of having to be ACs. I think this would be especially important in the event that any sort of user based scoring is performed. This also allows anonymous users to have their own preferences (which is rapidly becoming more desirable).
To Rob (and other influential
I hope you'll come back to this article in a couple days and read through every comment. I know there will be a ton of them, but there are already a huge number of great suggestions and comments. I especially like some of the ideas about scored threading and absolute minimum values for comment scores (and user scores, if implemented).
mossmann
I haven't worked with a Beowulf cluster, nor do I have any measurable experience with High Performance Computing (MPP, etc.). However, it is my understanding that software must be specifically written (or painstakingly ported) to take advantage of the parallelism of a Beowulf Class Cluster. I'm quite sure that Oracle has not been ported to Beowulf at this time. In fact, I expect that it would be very difficult to create a relational database which takes full advantage of the power of a Beowulf.
Does anyone know if any such databases exist? For that matter, does any significant software exist for the Beowulf that would be useful for businesses (besides R&D)?
The fact that Tom went so far as to use the word, "hypocritical," is precisely why this is news. Finally, a prominent contributer in the open source community has the balls to call RMS what he is.
The FSF gave us the GPL. Perhaps now they should read it.