No, they bridge Ethernet Datagrams. Address tables for each switch/bridge interface are built by autodiscovery and initial flooding. The MAC address space is flat.
allowing for a hierarchical network based structure, much like TCP/IP.
Unless there is a loop, which works hunkadory with a hierarchial address space like IP but blows up in your face in a flat address space like Ethernet. Hence the need for spanning tree protocol.
If someone has a duplicate MAC address on a large Ethernet network, the automatic discovery will cause chaos as routers assign the same destination to multiple ports.
Not chaos for the network, but chaos for the two unlucky ethernet interfaces which happen to have the same MAC.
You have to looks at the ISPs side, which is that many people can be using one DSL or Cable internet connection, when normally each would have their own connection, that would at least be dial up.
It is neither my nor your responsibility to protect the business model of others.
If an ISP thinks it is a problem that their customers run public APs they should put something about it in the service contract or AUP.
True, and those that do that should be forced to bungee-jump with a rope tied to their balls. B-O
But still, since there are people out there that are willing to let other people use their APs and since it is fairly trivial to erect a WEP 'no trespass' sign, I feel that it should not be considered trespass if someone happens to use a non-secured AP.
That is, I don't condone digital breaking and entering but at the same time I don't want people to be afraid of using my open AP.
Yeah. But even if WEP is a shoddy fence, it is still a fence and anyone breaking the key can't reasonably claim with a straight face that he thought it was a public AP.:)
128bit WEP, MAC address checking and an IPSEC gateway as the only thing on the other side of the AP should do the trick for people that feel the need for barbed wire instead of a simple 'no trespass' sign.
Anybody who comes up with any kind of estimate is an idiot, and is obviously being "funded" by some interested party.
Most of the reports I have read concerning Napster have been exactly that way.
However, an economist with the name Leibowitz(sp?) seems to have done a thorough job. He started out with the expectation that P2P would have a serious impact on CD sales (Not an unreasonable guess. Given enough people with broadband, P2P everywhere and lots of people with CD burners, P2P download + burn should in economic terms be expected to be a direct replacement for CD sales). Then he started looking at sales numbers for the last 30 years, the impact of recession/boom on sales, other factors like people maybe spending more on DVDs and less on CDs, vinyl and cassette being replaced by CD, etc. When compensating for any other factor he could identify, the numbers show that P2P has a likely negative impact on CD sales but not as much as he had initially expected. Probably because a considerable amount of Napster users (also) use it for browsing and then buying, and the free advertising effect. Anyway, we won't know for sure until the numbers for 2002 and 2003 are in.
Anyway, I'm suspecting that the industry will make more money on online sales - once they get over the current DRM paranoia - than they lose on CD sales due to P2P. And even more if, as you say, they start pushing good stuff instead of the manufactured boy/girlbands.
in a format you are confident will be playable in 10 years? that's a tall order.
This is seriously off-topic, but anyway:
The book on my bookshelf can easily survive at least an order of magnitude longer. Why should I expect less just because it is digital? I should actually expect more, since it should be much easier to make perfect backups on all sorts of media.
The public should have the ability to preserve history, and in the digital environment that includes the right to make personal copies and format conversions. That's one of the main reasons why I find client side DRM to be an abomination.
The argument from the media industry is that they need some protection, and are pushing technology like TCPA/Palladium and laws like DMCA and EUCD down our throats. I can understand why they are scared, but that kind of control on formats and the tools used to play the content will cause a lot of collateral damage. I believe that the dangers of P2P can be heavily reduced, or even completely removed if the industry spent their energy on providing services that people want instead of inventing digital straight jackets.
Yeah, and Napster was about sampling songs by unknown bands before you bought their CDs, not about leeching free music.
That's exactly what I used Napster for, but it seems like I'm in the minority.
I'm not saying that Napster is good. According to the latest numbers I've seen from economists that have looked at the impact of P2P on CD sales the current guesstimate is that sales will drop about 20% due to online copyright infringement. On the other hand, the music business has yet to provide legitimate Pay-Napster services. I'll pay cold hard cash to the first major label that starts selling music online in a format that I know I'll be able to play on my equipment 10 years down the line (that is, MP3, OGG or raw format).
emusic.com is, afaik, the only one doing the right thing at the moment and they don't seem to lack customers even though Gnutella and Kazaa are out there.
Re:Good God, are you Clueless?
on
WiFi Triangulation
·
· Score: 5, Insightful
Anyway, 128-bit WEP (actually just 104 bits) isn't safe.
We all know that. But an AP with WEP enabled is the digital equivalent of a "no trespass" sign, while an AP with no security at all is either set up by a clueless newbie or is deliberately left open to allow other people to get Internet access (which I'll do once I go wireless in my apartment).
In order to promote public accesspoints, I'd prefer that the law doesn't consider it trespass to use an unsecured AP for Internet access.
My god, don't these people realize that everything is supposed to be free? (That's "free" as in I-should-be-free-to-take-whatever-I-want-without- paying-for-it", of course).
That's not what warchalking is about. It is about marking open access points, not about breaking into networks.
It should be legal to plug an AP into my DSL line, put a chalk mark on the side of the building and allow people nearby to use my connection for checking mail or the occational browsing.
Is it shoplifting or trespass if your neighbour put a radio in the window and you listen to it while relaxing in your yard?
Securing an AP is fairly trivial, and people who don't want the occational stranger to access their network should take the 30 seconds needed to enable WEP or password/MAC security.
..then enable some security on your AP! Even the cheapest APs available today support at least WEP, and it should take you about 30 seconds to enable it.
What this says to me is that copyrights should be non-transferable...which would also make US copyright law more in line with european droite d'auteur/creator's right laws.
Allowing people to freely copy works would essentially abolish copyrights and kill the financial incentive.
That's the problem. We're not that far away from a world where John Doe has the technical means to duplicate at low cost, and the knee-jerk reaction from the industry is that We Need DRM!
I happen to think that copyright is a good idea, but that the current implementation is buggy. A financial incentive must be preserved in the digital world, but how can we do that without creating a DRM nightmare?
One option is to find alternative methods of funding instead of pay-per-copy. Say, for example, that publishers go to a subscription system. I'm not optimistic, though, because it seems likely that most of those models won't generate a reasonable amount of income.
With no monetary benefit from creating works, very few people would choose to do it. (Just look how many OSS developers there are compared out of the total number of developers in the world, I think that is a good analogy) It is a fundemental of economics that gift economies are never as large as monetary ones.
OSS is not really a strict gift economy, since it doesn't remove the secondary commercial incentives. A simple example is IBM. IBM wants to sell hardware and services, so it is in their commercial interest that Linux runs on their hardware and has the features their customers ask for (and also the added benefit that MS has less power over IBM when there is an alternative platform in the marketplace). Still, removing the direct monetary incentive does have an obvious effect on what kind of software that is developed as OSS - general desktop software is one of the weaker areas of OSS.
Also, secondary incentives is probably stronger in the software market than in, say, music and movies.
Then let the people who want to make those large initial investments pay for it.
In the pre-copyright days, that was the normal way of funding - patronage or pay-per-opera.
That system is also possible today, but in addition you also have the system enabled by copyright - someone covers the initial expenses and hope to make their money back by selling copies in the marketplace.
I happen to think that copyright is fine as long as it serves the original purpose, "To promote the Progress of Science and useful Arts". However, the term of copyright should be sensible - life+70 or 90 years is just plain silly, there must be sensible "fair use"/"fair dealings" holes, and Digital Restriction Management is just crazy.
Yes, that's right Jack.. And when VCR's came out, we were in the theaters bootlegging a million movies a day.:rolleyes:
Reading the hill hearings and movie exec testimony around the time of the Betamax case produce a heavy feeling of déjà vü. Most - if not all - of the arguments used now were used then also. The only difference is that they were playing on anti-jap sentiments then while they are attacking spotty teen-age swashbuckling pirate nerds today. (video tapes will magically be able to store 100 hours of video, fast-forward through commercials is theft, people won't go to the cinema no more, etc...)
No. Initial connects and file transfers now use random ports on the gnutella network as long as the user is running a client that supports it. Gnucleus, for example, does. (Yay open source!)
Read the very last paragraph I wrote in my original post. ISPs couldn't reliably execute MITM attacks without borking all non-p2p traffic.
How does the gnutella client start to build a host cache without connecting to a well-known source? Or rather, how does it connect to this source without making it possible for the ISP to MITM.
Sorry, I must be low on coffee. X-I It's actually very easy if you distribute a public key with the client.
Anyway, I'd love an URL or two with more information about the future direction of gnutella.
Since the Berman bill gives them a (somewhat) blank check to break "hacking" laws in pursuit of this goal as long as they notify the gov't first, I think they will end up doing exactly that.
"... a copyright owner shall not be liable in any criminal or civil action for disabling, interfering with, blocking, diverting, or otherwise impairing the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader."
It's a get out of jail free card for tampering with the network for stopping copyright infringement, but it does not cover tampering with files on your computer.
It's not a "license to hack [your computer]".
514(b)(1)(A) seems to rule out DoS attacks or any measures that have a serious effect on the sharing of non-copyrighted works on the P2P network.
So.. I just don't understand why this law is necessary, since - if we are to believe Berman's claims that it is only intended as a narrow safe harbour for self-help - it seems like it only leaves forms of chaffing - which should already be legal.
Anyway. If I put on my tinfoil hat, I would suspect a conspiracy between MS, Berman and *AA hiding in the expression "without authorization" combined with the latest EULA changes from MS regarding DRM/Media Player, giving MS the right to disable software on your computer.
It a user downloads the entire file from them, the client program, upon completion of the download, will report an error since the hash that the file should have does not match the hash of the downloaded data. Not too serious - just some wasted downstream bandwidth on the part of the user. This kind of attack also costs the ??AA mega$ as they are the only source for the file:
Simple chaffent:
Collect a list of (filename, filesize, hash) we want to fake. Reply when someone is searching (both name search and hash search). Allow connect from clients and start serving bogus data. Disconnect the transmition after a little while. Add the client IP to a ~30min blacklist (maybe shared by all chaffents). Don't answer any reconnect requests from that IP as long as it is on the blacklist.
For the user, this should look just like someone that was online for a while and then disconnected. The user will try to resume the download from other sources, but the file is already broken.
In other words, the ??AA won't be able to corrupt your downloads unless they out-bandwidth the rest of the p2p community.;)
Or rather - out-search-request-answer if done as above.
This obviously won't work once you start using segment hashes, though.
The problem, essentially, is that you don't know if the metadata reported about the file (title, resolution, length, etc...) is accurate.
[snip explanation]
Sounds like a good approach for ensuring metadata integrity.
Anyway, I get this image of FBI busting someone and discovering the private key of a notorius release group on his computer. This could actually make it easier to track down the really big copyright infringers.;-D
The second issue is eavesdropping and bandwidth throttling by ISPs
Considering that P2P traffic is something like 80% of the total Internet traffic at the moment, ISPs wanting to do bandwidth throttling is not exactly surprising.:)
In many situations you actually want to do bandwidth shaping in order to keep the network running smoothly. You don't want your P2P traffic to hog so much bandwith that the responsiveness of your interactive SSH sessions go south.
If all communications on p2p networks started with a raw exchange of public keys, the first (for example) 2048 bits of p2p connections would be different from client to client.
Smells like overkill to me, but anyway.
Ports used for (at least gnutella) p2p are already random, btw.
At least the initial connect is to a well-known port, no?
If your ISP really wants to spend a lot of time and resources to track you, they could play man-in-the-middle from the initial connect with the gnutella network. Not that it would ever be worth the effort, but anyway.
Media companies have legal permission to crack into your computer and delete files as long as they tell the gov't about it first.
No, they don't. While I think that the Berman bill is bad, it does not allow media companies to hack into your computer. It does not provide a safe harbour that allows the *AA to delete or alter any files on your computer.
The purpose of the bill is to create a safe harbour for 'content owners' that use technology to impair the sharing of copyrighted content on P2P networks.
Berman claims that the bill is not supposed to legitimise general attacks on P2P networks. The confusing thing is that I'm hard pressed to think about any attacks on P2P networks that:
1) Is not already legal today (For example, filling the network with bogus Britney mp3s), or 2) Impacts only illegal sharing of copyrighted material instead of killing the whole - or parts of the P2P network itself.
They can't fake the _hashes_ on files.
I'm not up to date on current P2P protocols, so Rambling_Mode=On.
What if the RIAAntiKazaa chaffing servent simply lies about the hash. You can't check that the hash is correct before you have downloaded the file anyway. Besides, with segmented downloading you only need to download one segment of a file from the chaff servent to destroy the file.
If you do SHA (or similar secure hashes) on segments of the file, it would be possible to discard only the bad segments instead of the whole file.
You could create a known_bad list of IP adresses that the RIAA chaffer clients use. Hmm.. If some of the clients connect through dial-up ISPs with dynamic adresses, you might have to blacklist the entire netblock - not nice.
Additionally, it is very possible to accelerate SSL in hardware. In fact, the Sun project page [sun.com] itself talks about integrating ECC and SSL support into a hardware accellerator.
I basically picture some system which will grant you a unique cert. You can then attach your personal information to it, or not.
I think the problem is more or less solved by being able to get anonymous certs. Of course where you use them from will tag them forever in some government database somewhere, so you do have to be careful about that still. But I'd like them to be cheap enough to get by spare-changing... say, a buck? No more than five dollars, though.
As for who I'd trust, it can only be some sort of global consortium of top technology companies, with all data mirrored in all countries, and a key server picked via a genuinely random method. Or at least the best we can get. That way all the various companies and nations can keep tabs on each other.
Then what's the point? Then all I know when I receive a message signed by someone is that this someone has spent 5$ for the privilege to claim that he is the one that he claims to be.
The only thing I can know (apart from the fact that someone paid 5$ for something that is the equivalent of a non-signed PGP key) is that if I receive several messages signed by the same key then the sender(s) have access to this key.
So we have this megagovernmentcorp-thingy with loads of checks and balances whose only mission in life is to give out blank signed signature keys at 5$ a pop.
*scratch head*
Now try to sell this to the people that screamed bloody murder when Intel decided that it was a good idea to put a unique serial number in each processor.
I'm really talking about this as a very special purpose thing solely for the translation of file types. This thought came out of the revelation a while back that in AmigaDOS the filesystem driver was actually written to the partition.
Translate to what? How does the binary that is bundled with the data know how to represent the data in a format that is intelligible for the target system? Perhaps you are thinking about a data displayer instead of a data translator. What if you are sending a picture to a device with a text display only. I think it is a lot better to have a few properly defined data formats instead of turning data and executable into an opaque blob.
With the file system handlers in AmigaOS, the operating system knows that the handler is a special case of a library which contains functions for open, close, write, etc. That is, it knows how to use the binary to turn the data into something that is meaningful. (Where are my RKRMs when I need them?)
At the barest minimum I would be happy with a system which would let me know that someone was the same person for the duration of a session.
There are several ways for doing that without creating a full-blown CA/PKI system.
A unique session cookie over HTTPS, for example.
Or a self-signed SSL certificate.
Or a self-signed PGP key.
Or if the session can be implemented as a single TCP session, you can cross your fingers and hope that the TCP/IP stack is intelligent enough to implement properly unguessable ISNs.
I guess I was mostly envisioning something with a whole boatload of cache per CPU... But then that's what you're saying, right? Some local memory, etc.
4mb of L3 per CPU ought to do, whatever's cheap in the SRAM department will be fast enough. Barring that, I'll accept 8 or 16 MB of SDRAM in place of L3:)
Mno, local memory and local cache must be handled differently. A cache is a copy, while memory is the real thing. In a garden variety UMA/SMP system all memory is shared by all processors. If one processor writes to memory, all processors see the change immediately.
Now, what happens in a 31 CPU system with 31 sets of L1, L2 and L3 cache if one of them writes to memory? If a copy of that memory location is cached in some of the other CPUs' L1/2/3 cache, it must be updated (or the cache line invalidated) before any instruction executed on those CPUs read from that memory location. For every write to memory you have to check that no other processor is caching that memory.
Even worse - what if we are using a write cache? That is, a write is not written directly to ram but is stored in the CPU's cache for a while hoping that more writes will happen to memory locations in the same area so that you can burst a larger chunk of data back to RAM in one operation. Then you must have a system that makes sure that every write to a cache line in one of the processors is reported to all the other processors also caching that area of memory.
Making sure that this works correctly is called cache coherency. And from what little I know about big iron, it sounds like it is a Nasty Problem to make this scale to more than a few processors if you insist on a UMA architecture.
You also have to think about stuff like motherboard layout and total memory bandwith. The longer wires, the harder to run the bus at high speed and even with deep caches you still need to read and write to memory and in a UMA all processors are sharing the total memory bandwidth.
That is why big iron tends to have memory architectures that seem quite exotic if you are used to think of RAM as one big chunk of storage space shared by all processors in the box.
After all, each CPU has its own memory controller, right?
Yup. I don't claim to know how the memory architecture of a huge Hammer box will look like, but I know that you will run into scaling problems somewhere between 8 and 64 processors if you insist on using a UMA model.
Then we got like a zillion things from nVidia.
I kind of expected that, but wasn't sure.
I despise the unnecessary price distinction between models but people continue to pay, and they continue to sell.
The computer business has always been like that, and as long as there is a segment of the market that is willing to pay a premium for the top of the line model that won't change.
Only the ones where the admin is *nix enough to install cygwin to get bash and MCSE enough to do a full install of cygwin instead of only installing the pieces he needs.;-)
Well I think the trick is [..] to design for security before all else.
Do you see any signs of that happening at the protocol level today? One of the big selling points of SOAP is "we'll tunnel this over HTTP so those inconvenient firewalls can't stop us".
Some of this is, as you correctly point out, a mindset problem.
A lot of the Internet protocols were designed at a time when noone really cared that much about security - and this worked ok because most of the users obeyed normal netiquette, and the few who didn't received a stern warning from the university admin. SPAM could have been a smaller problem today if SMTP had been designed with authentication from day one.
(A different issue is that a heavy crypto/authenticated version of SMTP could have been rejected by the general users/admins at the time - one of the issues with protocol design is that it doesn't matter how good or sane or technically correct the protocol is if people are unwilling to use it.)
You want to be able to make sure that people are who they say they are, so cryptography is an absolute must. Really, all communications should carry some kind of cryptographic signature, at least those between nodes.
I don't really know what I feel about mandatory signatures, because there are good arguments both for and against it.
First of all, do we want to make it impossible to be anonymous? There are a lot of good reasons for why it should be possible - government whistle blowers, chinese freedom fighters, tips to amnesty international, people dealing with the after effects of sex abuse/battering/whatever on support groups, etc. If we make traceable signatures a requirement for new protocols, we have a major problem there. On the other hand, police and national security have a legitimate interest in being able to track down lawbreakers and fundamentalist nutcases.
Secondly - how do I know that a message signed by drinkypoo really is from drinkypoo? You need a trusted third party or some other system that allows you to match a signature to a person, otherwise I could just create a new signature for each and every message I send. There are, AFAIK, two general ways of doing this - the PGP "web of trust" or PKI. I don't think a web of trust will work on a large scale, which leaves us with PKI. With PKI you get the sticky question of who will control the CA. Should the US government run it? Verisign? Microsoft? Who does the entire world trust enough to allow that entity to control the root of identity in this new set of secure protocols?
I'm not so worried about encryption, some data will need to be encrypted, some won't.
I think end-to-end encryption in general is a good thing, and many current protocols should be upgraded to support opportunistic encryption (see for example opportunistic IPSEC and SMTP STARTTLS).
There is one interesting issue, though - it makes it kind of hard for your firewall and network intrusion detection system to see what is happening. If/when end-to-end encryption becomes the norm, the intrusion detection and firewall must become a part of the endpoint instead of a centralised server. How can you know that the endpoint is telling the truth when it reports 'all is well'?:)
some kind of sandboxed system for accepting a java (or similar) binary (or script) to do file type conversions
Why not tell the sender which file types you support and let him do the translation instead?
[...] if your sandbox is good enough it's not a problem anyway. I know that my last sentence is both a "duh" and an "as if" but I firmly believe that it is possible.:P
I believe that it is perfectly possible to create an unbreakable sandbox. VmWare, Java or any decent emulator out there implement virtual machines that are - at least in theory - unbreakable by software running inside the sandbox. The question is whether people are willing to use the sandbox because it is going to trade convenience for security. You will want the nifty Java word processor to get access to the data from your Java calendar and Java spreadsheet so you can print bills to your clients automatically at the end of each week. To do anything useful, you need to punch some holes in the sandbox.
I'm screaming security problem not so much because it is impossible to create secure systems (it is possible), but because noone out there is going to want to use truly secure systems and because ubiquous wireless and powerful handheld devices will make it even easier for our imaginary black hat to discover vulnerable systems.
I'd recommend Bruce Schneier's "Secrets and Lies" if you are interested in this.
I think there's room for both itanium and hammer.
Dunno. The desktop market in particular has a very powerful network effect. Unless all desktop software is shipped in both Itanium and Hammer versions one of the platforms is eventually going to get the upper hand, and 60%/40% quickly becomes 95%/5%.
So it has to have more memory bandwidth than god's dreams
If AMD stays with (DDR/DDR II) SDRAM, it seems like Intel is going to win on the bandwidth front. While RDRAM was too expensive compared to the performance you got out of it 1-2 years ago, it seems like Intel was right when they claimed that Rambus would scale better than SDRAM in the future.
31 CPUs or something? Without any more trouble (in terms of the hardware) than supporting two. The bus is supposed to allow for a whole mess of chips, and I want to see that.
That sounds more like a nerd's idea of a centerfold than something you're going to see on an desktop anytime soon.;-)
Anyway, when you're talking more than a couple of CPUs you have to radically change the memory interface. A few CPUs can share the same memory bus (UMA - Uniform Memory Architecture), but with more than that you have to use something like a star topology or let each processor have some local memory and a bus/mesh/link to the others. I think AMD is shooting for an 800MHz HyperTransport mesh, but don't quote me on it.
It does look like AMD is playing ball with Microsoft just the way they want them too.
I think MS is using AMD to control Intel. That is, if Intel does something MS doesn't like then Windows will somehow magically support Hammer better than Itanium.
It seems like Intel is starting to run away in performance on the 32bit side again, so Hammer is a make or break for AMD. That does put Microsoft in a strong position.
I wonder if nVidia will turn out to be too big for Microsoft to swallow?
Just a few random thoughts:
I don't think MS is interested in swallowing nVidia. After they gained the upper hand on the desktop, MS' game plan has always been to control and protect the software platform. They've never been interested in owning the hardware side as long as they have sufficient power to keep the hardware companies in line. As long as there are more than one manufacturer of the hardware platform(s), the Windows software platform is the point of control.
Think of it as a puzzle, if you are the only manufacturer of a critical piece of the IT puzzle you control the entire board. It is in MS' interest to make sure that there are at least two manufacturers of each of the other pieces, and that they are the only manufacturer of the software platform piece. (That's exactly why MS fought Netscape and Java and why Linux is so scary to them.)
Besides, if MS gets too cozy with one of the combattants in the fiercely(sp?) competitive 3D graphics card market they might find themselves in a new antitrust lawsuit.
MS wants to be able to keep selling new versions of Windows and Office, so they have to provide some new features that people will be willing to pay for - such as a new 3D user interface in Longhorn.
MS and nVidia have to march in lock-step with regards to new versions of DirectX and new features in next generation graphics hardware. It won't harm MS much if they break the lock step and the next version of DirectX turns out to be closer to next generation ATI hardware, but it can harm nVidia a lot.
As long as ATI and other video chip manufacturers can keep up somewhat with nVidia, MS won't feel any particular threat.
The graphics card market is an open market - anyone is free to make a graphics card (as opposed to, say, the Intel/AMD processor slot/socket situation). The only requirement for making a graphics card is to support AGP and VESA and write a DirectX driver - none of which are jealously protected/patented.
I don't know how cozy MS and nVidia are on DirectX. nVidia might try to pull a stunt by putting some features in DirectX that is hard to implement without violating an nVidia hardware patent. Could easily become a PR nightmare, though.
nVidia is the current (well, once the NV30 comes out) performance king, but remember that the high-end market is only a small part of the entire market. Other companies are making decent amounts of money on the lower end and in the OEM market, and any one of them might do a high-end come-back.
Unless I'm missing something, I think nVidia is the weaker party in this relationship. At the same time, it doesn't seem like MS would gain much by trying to control nVidia.
Slashdot Mirror
a network of pure ethernet switches route packets
No, they bridge Ethernet Datagrams. Address tables for each switch/bridge interface are built by autodiscovery and initial flooding. The MAC address space is flat.
allowing for a hierarchical network based structure, much like TCP/IP.
Unless there is a loop, which works hunkadory with a hierarchial address space like IP but blows up in your face in a flat address space like Ethernet. Hence the need for spanning tree protocol.
If someone has a duplicate MAC address on a large Ethernet network, the automatic discovery will cause chaos as routers assign the same destination to multiple ports.
Not chaos for the network, but chaos for the two unlucky ethernet interfaces which happen to have the same MAC.
Does Australia have a DMCA?
Australia does have a somewhat similar anti-circumvention law.
Unlike the DMCA and the EUCD, the Australian Digtal Agenda Act does not cover acts of circumvention, it only covers circumvention devices.
See this Gigalaw article for the short version of the story.
You have to looks at the ISPs side, which is that many people can be using one DSL or Cable internet connection, when normally each would have their own connection, that would at least be dial up.
It is neither my nor your responsibility to protect the business model of others.
If an ISP thinks it is a problem that their customers run public APs they should put something about it in the service contract or AUP.
My absolute favourite is the good old DOS message if your key-board wasn't connected
While I'd love to blame BillG for that snafu, the message is displayed by the BIOS during POST.
IBM and the early BIOS clone writers are the ones to blame here.
True, and those that do that should be forced to bungee-jump with a rope tied to their balls. B-O
But still, since there are people out there that are willing to let other people use their APs and since it is fairly trivial to erect a WEP 'no trespass' sign, I feel that it should not be considered trespass if someone happens to use a non-secured AP.
That is, I don't condone digital breaking and entering but at the same time I don't want people to be afraid of using my open AP.
And about 30 seconds to get through it too :P
:)
Yeah. But even if WEP is a shoddy fence, it is still a fence and anyone breaking the key can't reasonably claim with a straight face that he thought it was a public AP.
128bit WEP, MAC address checking and an IPSEC gateway as the only thing on the other side of the AP should do the trick for people that feel the need for barbed wire instead of a simple 'no trespass' sign.
Anybody who comes up with any kind of estimate is an idiot, and is obviously being "funded" by some interested party.
Most of the reports I have read concerning Napster have been exactly that way.
However, an economist with the name Leibowitz(sp?) seems to have done a thorough job. He started out with the expectation that P2P would have a serious impact on CD sales (Not an unreasonable guess. Given enough people with broadband, P2P everywhere and lots of people with CD burners, P2P download + burn should in economic terms be expected to be a direct replacement for CD sales). Then he started looking at sales numbers for the last 30 years, the impact of recession/boom on sales, other factors like people maybe spending more on DVDs and less on CDs, vinyl and cassette being replaced by CD, etc. When compensating for any other factor he could identify, the numbers show that P2P has a likely negative impact on CD sales but not as much as he had initially expected. Probably because a considerable amount of Napster users (also) use it for browsing and then buying, and the free advertising effect. Anyway, we won't know for sure until the numbers for 2002 and 2003 are in.
Anyway, I'm suspecting that the industry will make more money on online sales - once they get over the current DRM paranoia - than they lose on CD sales due to P2P. And even more if, as you say, they start pushing good stuff instead of the manufactured boy/girlbands.
in a format you are confident will be playable in 10 years? that's a tall order.
This is seriously off-topic, but anyway:
The book on my bookshelf can easily survive at least an order of magnitude longer. Why should I expect less just because it is digital? I should actually expect more, since it should be much easier to make perfect backups on all sorts of media.
The public should have the ability to preserve history, and in the digital environment that includes the right to make personal copies and format conversions. That's one of the main reasons why I find client side DRM to be an abomination.
The argument from the media industry is that they need some protection, and are pushing technology like TCPA/Palladium and laws like DMCA and EUCD down our throats. I can understand why they are scared, but that kind of control on formats and the tools used to play the content will cause a lot of collateral damage. I believe that the dangers of P2P can be heavily reduced, or even completely removed if the industry spent their energy on providing services that people want instead of inventing digital straight jackets.
Yeah, and Napster was about sampling songs by unknown bands before you bought their CDs, not about leeching free music.
That's exactly what I used Napster for, but it seems like I'm in the minority.
I'm not saying that Napster is good. According to the latest numbers I've seen from economists that have looked at the impact of P2P on CD sales the current guesstimate is that sales will drop about 20% due to online copyright infringement. On the other hand, the music business has yet to provide legitimate Pay-Napster services. I'll pay cold hard cash to the first major label that starts selling music online in a format that I know I'll be able to play on my equipment 10 years down the line (that is, MP3, OGG or raw format).
emusic.com is, afaik, the only one doing the right thing at the moment and they don't seem to lack customers even though Gnutella and Kazaa are out there.
Anyway, 128-bit WEP (actually just 104 bits) isn't safe.
We all know that. But an AP with WEP enabled is the digital equivalent of a "no trespass" sign, while an AP with no security at all is either set up by a clueless newbie or is deliberately left open to allow other people to get Internet access (which I'll do once I go wireless in my apartment).
In order to promote public accesspoints, I'd prefer that the law doesn't consider it trespass to use an unsecured AP for Internet access.
My god, don't these people realize that everything is supposed to be free? (That's "free" as in I-should-be-free-to-take-whatever-I-want-without- paying-for-it", of course).
That's not what warchalking is about. It is about marking open access points, not about breaking into networks.
It should be legal to plug an AP into my DSL line, put a chalk mark on the side of the building and allow people nearby to use my connection for checking mail or the occational browsing.
Is it shoplifting or trespass if your neighbour put a radio in the window and you listen to it while relaxing in your yard?
Securing an AP is fairly trivial, and people who don't want the occational stranger to access their network should take the 30 seconds needed to enable WEP or password/MAC security.
..then enable some security on your AP! Even the cheapest APs available today support at least WEP, and it should take you about 30 seconds to enable it.
What this says to me is that copyrights should be non-transferable. ..which would also make US copyright law more in line with european droite d'auteur/creator's right laws.
Allowing people to freely copy works would essentially abolish copyrights and kill the financial incentive.
That's the problem. We're not that far away from a world where John Doe has the technical means to duplicate at low cost, and the knee-jerk reaction from the industry is that We Need DRM!
I happen to think that copyright is a good idea, but that the current implementation is buggy. A financial incentive must be preserved in the digital world, but how can we do that without creating a DRM nightmare?
One option is to find alternative methods of funding instead of pay-per-copy. Say, for example, that publishers go to a subscription system. I'm not optimistic, though, because it seems likely that most of those models won't generate a reasonable amount of income.
With no monetary benefit from creating works, very few people would choose to do it. (Just look how many OSS developers there are compared out of the total number of developers in the world, I think that is a good analogy) It is a fundemental of economics that gift economies are never as large as monetary ones.
OSS is not really a strict gift economy, since it doesn't remove the secondary commercial incentives. A simple example is IBM. IBM wants to sell hardware and services, so it is in their commercial interest that Linux runs on their hardware and has the features their customers ask for (and also the added benefit that MS has less power over IBM when there is an alternative platform in the marketplace). Still, removing the direct monetary incentive does have an obvious effect on what kind of software that is developed as OSS - general desktop software is one of the weaker areas of OSS.
Also, secondary incentives is probably stronger in the software market than in, say, music and movies.
Why wouldn't I just copy the damned DVD myself, since, well, duplication wouldn't be illegal.
Cost and convenience. Unlike us slashdotters, many people don't have broadband, a DVD burner and time to spend downloading and burning.
That's what makes the net so much better than a music or software store, because bandwidth is cheaper than media
Perhaps some day, but not yet. Mass production of prerecorded media and shipping is still cheaper per unit than broadband and rewritable media. "Never underestimate the bandwidth of a station wagon filled with magtape"
Then let the people who want to make those large initial investments pay for it.
In the pre-copyright days, that was the normal way of funding - patronage or pay-per-opera.
That system is also possible today, but in addition you also have the system enabled by copyright - someone covers the initial expenses and hope to make their money back by selling copies in the marketplace.
I happen to think that copyright is fine as long as it serves the original purpose, "To promote the Progress of Science and useful Arts". However, the term of copyright should be sensible - life+70 or 90 years is just plain silly, there must be sensible "fair use"/"fair dealings" holes, and Digital Restriction Management is just crazy.
Yes, that's right Jack.. And when VCR's came out, we were in the theaters bootlegging a million movies a day. :rolleyes:
Reading the hill hearings and movie exec testimony around the time of the Betamax case produce a heavy feeling of déjà vü. Most - if not all - of the arguments used now were used then also. The only difference is that they were playing on anti-jap sentiments then while they are attacking spotty teen-age swashbuckling pirate nerds today. (video tapes will magically be able to store 100 hours of video, fast-forward through commercials is theft, people won't go to the cinema no more, etc...)
No. Initial connects and file transfers now use random ports on the gnutella network as long as the user is running a client that supports it. Gnucleus, for example, does. (Yay open source!)
Read the very last paragraph I wrote in my original post. ISPs couldn't reliably execute MITM attacks without borking all non-p2p traffic.
How does the gnutella client start to build a host cache without connecting to a well-known source? Or rather, how does it connect to this source without making it possible for the ISP to MITM.
Sorry, I must be low on coffee. X-I It's actually very easy if you distribute a public key with the client.
Anyway, I'd love an URL or two with more information about the future direction of gnutella.
Since the Berman bill gives them a (somewhat) blank check to break "hacking" laws in pursuit of this goal as long as they notify the gov't first, I think they will end up doing exactly that.
;)
;-D
:)
According to the Berman bill:
"... a copyright owner shall not be liable in any criminal or civil action for disabling, interfering with, blocking, diverting, or otherwise impairing the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader."
It's a get out of jail free card for tampering with the network for stopping copyright infringement, but it does not cover tampering with files on your computer.
It's not a "license to hack [your computer]".
514(b)(1)(A) seems to rule out DoS attacks or any measures that have a serious effect on the sharing of non-copyrighted works on the P2P network.
So.. I just don't understand why this law is necessary, since - if we are to believe Berman's claims that it is only intended as a narrow safe harbour for self-help - it seems like it only leaves forms of chaffing - which should already be legal.
Anyway. If I put on my tinfoil hat, I would suspect a conspiracy between MS, Berman and *AA hiding in the expression "without authorization" combined with the latest EULA changes from MS regarding DRM/Media Player, giving MS the right to disable software on your computer.
It a user downloads the entire file from them,
the client program, upon completion of the download, will report an error since the hash that the file should have does not match the hash of the downloaded data. Not too serious - just some wasted
downstream bandwidth on the part of the user. This kind of attack also costs the ??AA mega$ as they are the only source for the file:
Simple chaffent:
Collect a list of (filename, filesize, hash) we want to fake.
Reply when someone is searching (both name search and hash search).
Allow connect from clients and start serving bogus data.
Disconnect the transmition after a little while.
Add the client IP to a ~30min blacklist (maybe shared by all chaffents).
Don't answer any reconnect requests from that IP as long as it is on the blacklist.
For the user, this should look just like someone that was online for a while and then disconnected. The user will try to resume the download from other sources, but the file is already broken.
In other words, the ??AA won't be able to corrupt your downloads
unless they out-bandwidth the rest of the p2p community.
Or rather - out-search-request-answer if done as above.
This obviously won't work once you start using segment hashes, though.
The problem, essentially, is that you don't know if the metadata reported about the file (title, resolution, length, etc...) is accurate.
[snip explanation]
Sounds like a good approach for ensuring metadata integrity.
Anyway, I get this image of FBI busting someone and discovering the private key of a notorius release group on his computer. This could actually make it easier to track down the really big copyright infringers.
The second issue is eavesdropping and bandwidth throttling by ISPs
Considering that P2P traffic is something like 80% of the total Internet traffic at the moment, ISPs wanting to do bandwidth throttling is not exactly surprising.
In many situations you actually want to do bandwidth shaping in order to keep the network running smoothly. You don't want your P2P traffic to hog so much bandwith that the responsiveness of your interactive SSH sessions go south.
If all communications on p2p networks started with a raw exchange of public keys, the first (for example) 2048 bits of p2p connections would be different from client to client.
Smells like overkill to me, but anyway.
Ports used for (at least gnutella) p2p are already random, btw.
At least the initial connect is to a well-known port, no?
If your ISP really wants to spend a lot of time and resources to track you, they could play man-in-the-middle from the initial connect with the gnutella network. Not that it would ever be worth the effort, but anyway.
Media companies have legal permission to crack into your computer and delete files as long as they tell the gov't about it first.
No, they don't. While I think that the Berman bill is bad, it does not allow media companies to hack into your computer. It does not provide a safe harbour that allows the *AA to delete or alter any files on your computer.
The purpose of the bill is to create a safe harbour for 'content owners' that use technology to impair the sharing of copyrighted content on P2P networks.
Berman claims that the bill is not supposed to legitimise general attacks on P2P networks. The confusing thing is that I'm hard pressed to think about any attacks on P2P networks that:
1) Is not already legal today (For example, filling the network with bogus Britney mp3s), or
2) Impacts only illegal sharing of copyrighted material instead of killing the whole - or parts of the P2P network itself.
They can't fake the _hashes_ on files.
I'm not up to date on current P2P protocols, so Rambling_Mode=On.
What if the RIAAntiKazaa chaffing servent simply lies about the hash. You can't check that the hash is correct before you have downloaded the file anyway. Besides, with segmented downloading you only need to download one segment of a file from the chaff servent to destroy the file.
If you do SHA (or similar secure hashes) on segments of the file, it would be possible to discard only the bad segments instead of the whole file.
You could create a known_bad list of IP adresses that the RIAA chaffer clients use. Hmm.. If some of the clients connect through dial-up ISPs with dynamic adresses, you might have to blacklist the entire netblock - not nice.
Sounds like some japanese anime cuteness hell.
Additionally, it is very possible to accelerate SSL in hardware. In fact, the Sun project page [sun.com] itself talks about integrating ECC and SSL support into a hardware accellerator.
And there are lots of companies that sell stand-alone SSL accellerators.
Desade, mind if I forward that thing to a bunch of places? (Oh, and the list you sent it to two years ago - was it the beef noodle soup thingie?)
I basically picture some system which will grant you a unique cert. You can then attach your personal information to it, or not.
:)
I think the problem is more or less solved by being able to get anonymous certs. Of course where you use them from will tag them forever in some government database somewhere, so you do have to be careful about that still. But I'd like them to be cheap enough to get by spare-changing... say, a buck? No more than five dollars, though.
As for who I'd trust, it can only be some sort of global consortium of top technology companies, with all data mirrored in all countries, and a key server picked via a genuinely random method. Or at least the best we can get. That way all the various companies and nations can keep tabs on each other.
Then what's the point? Then all I know when I receive a message signed by someone is that this someone has spent 5$ for the privilege to claim that he is the one that he claims to be.
The only thing I can know (apart from the fact that someone paid 5$ for something that is the equivalent of a non-signed PGP key) is that if I receive several messages signed by the same key then the sender(s) have access to this key.
So we have this megagovernmentcorp-thingy with loads of checks and balances whose only mission in life is to give out blank signed signature keys at 5$ a pop.
*scratch head*
Now try to sell this to the people that screamed bloody murder when Intel decided that it was a good idea to put a unique serial number in each processor.
I'm really talking about this as a very special purpose thing solely for the translation of file types. This thought came out of the revelation a while back that in AmigaDOS the filesystem driver was actually written to the partition.
Translate to what? How does the binary that is bundled with the data know how to represent the data in a format that is intelligible for the target system? Perhaps you are thinking about a data displayer instead of a data translator. What if you are sending a picture to a device with a text display only. I think it is a lot better to have a few properly defined data formats instead of turning data and executable into an opaque blob.
With the file system handlers in AmigaOS, the operating system knows that the handler is a special case of a library which contains functions for open, close, write, etc. That is, it knows how to use the binary to turn the data into something that is meaningful. (Where are my RKRMs when I need them?)
At the barest minimum I would be happy with a system which would let me know that someone was the same person for the duration of a session.
There are several ways for doing that without creating a full-blown CA/PKI system.
A unique session cookie over HTTPS, for example.
Or a self-signed SSL certificate.
Or a self-signed PGP key.
Or if the session can be implemented as a single TCP session, you can cross your fingers and hope that the TCP/IP stack is intelligent enough to implement properly unguessable ISNs.
I guess I was mostly envisioning something with a whole boatload of cache per CPU... But then that's what you're saying, right? Some local memory, etc.
4mb of L3 per CPU ought to do, whatever's cheap in the SRAM department will be fast enough. Barring that, I'll accept 8 or 16 MB of SDRAM in place of L3
Mno, local memory and local cache must be handled differently. A cache is a copy, while memory is the real thing. In a garden variety UMA/SMP system all memory is shared by all processors. If one processor writes to memory, all processors see the change immediately.
Now, what happens in a 31 CPU system with 31 sets of L1, L2 and L3 cache if one of them writes to memory? If a copy of that memory location is cached in some of the other CPUs' L1/2/3 cache, it must be updated (or the cache line invalidated) before any instruction executed on those CPUs read from that memory location. For every write to memory you have to check that no other processor is caching that memory.
Even worse - what if we are using a write cache? That is, a write is not written directly to ram but is stored in the CPU's cache for a while hoping that more writes will happen to memory locations in the same area so that you can burst a larger chunk of data back to RAM in one operation. Then you must have a system that makes sure that every write to a cache line in one of the processors is reported to all the other processors also caching that area of memory.
Making sure that this works correctly is called cache coherency. And from what little I know about big iron, it sounds like it is a Nasty Problem to make this scale to more than a few processors if you insist on a UMA architecture.
You also have to think about stuff like motherboard layout and total memory bandwith. The longer wires, the harder to run the bus at high speed and even with deep caches you still need to read and write to memory and in a UMA all processors are sharing the total memory bandwidth.
That is why big iron tends to have memory architectures that seem quite exotic if you are used to think of RAM as one big chunk of storage space shared by all processors in the box.
After all, each CPU has its own memory controller, right?
Yup. I don't claim to know how the memory architecture of a huge Hammer box will look like, but I know that you will run into scaling problems somewhere between 8 and 64 processors if you insist on using a UMA model.
Then we got like a zillion things from nVidia.
I kind of expected that, but wasn't sure.
I despise the unnecessary price distinction between models but people continue to pay, and they continue to sell.
The computer business has always been like that, and as long as there is a segment of the market that is willing to pay a premium for the top of the line model that won't change.
How many IIS servers have a C compiler installed?
;-)
Only the ones where the admin is *nix enough to install cygwin to get bash and MCSE enough to do a full install of cygwin instead of only installing the pieces he needs.
Well I think the trick is [..] to design for security before all else.
:)
:P
;-)
Do you see any signs of that happening at the protocol level today? One of the big selling points of SOAP is "we'll tunnel this over HTTP so those inconvenient firewalls can't stop us".
Some of this is, as you correctly point out, a mindset problem.
A lot of the Internet protocols were designed at a time when noone really cared that much about security - and this worked ok because most of the users obeyed normal netiquette, and the few who didn't received a stern warning from the university admin. SPAM could have been a smaller problem today if SMTP had been designed with authentication from day one.
(A different issue is that a heavy crypto/authenticated version of SMTP could have been rejected by the general users/admins at the time - one of the issues with protocol design is that it doesn't matter how good or sane or technically correct the protocol is if people are unwilling to use it.)
You want to be able to make sure that people are who they say they are, so cryptography is an absolute must. Really, all communications should carry some kind of cryptographic signature, at least those between nodes.
I don't really know what I feel about mandatory signatures, because there are good arguments both for and against it.
First of all, do we want to make it impossible to be anonymous? There are a lot of good reasons for why it should be possible - government whistle blowers, chinese freedom fighters, tips to amnesty international, people dealing with the after effects of sex abuse/battering/whatever on support groups, etc. If we make traceable signatures a requirement for new protocols, we have a major problem there. On the other hand, police and national security have a legitimate interest in being able to track down lawbreakers and fundamentalist nutcases.
Secondly - how do I know that a message signed by drinkypoo really is from drinkypoo? You need a trusted third party or some other system that allows you to match a signature to a person, otherwise I could just create a new signature for each and every message I send. There are, AFAIK, two general ways of doing this - the PGP "web of trust" or PKI. I don't think a web of trust will work on a large scale, which leaves us with PKI. With PKI you get the sticky question of who will control the CA. Should the US government run it? Verisign? Microsoft? Who does the entire world trust enough to allow that entity to control the root of identity in this new set of secure protocols?
I'm not so worried about encryption, some data will need to be encrypted, some won't.
I think end-to-end encryption in general is a good thing, and many current protocols should be upgraded to support opportunistic encryption (see for example opportunistic IPSEC and SMTP STARTTLS).
There is one interesting issue, though - it makes it kind of hard for your firewall and network intrusion detection system to see what is happening. If/when end-to-end encryption becomes the norm, the intrusion detection and firewall must become a part of the endpoint instead of a centralised server. How can you know that the endpoint is telling the truth when it reports 'all is well'?
some kind of sandboxed system for accepting a java (or similar) binary (or script) to do file type conversions
Why not tell the sender which file types you support and let him do the translation instead?
[...] if your sandbox is good enough it's not a problem anyway. I know that my last sentence is both a "duh" and an "as if" but I firmly believe that it is possible.
I believe that it is perfectly possible to create an unbreakable sandbox. VmWare, Java or any decent emulator out there implement virtual machines that are - at least in theory - unbreakable by software running inside the sandbox. The question is whether people are willing to use the sandbox because it is going to trade convenience for security. You will want the nifty Java word processor to get access to the data from your Java calendar and Java spreadsheet so you can print bills to your clients automatically at the end of each week. To do anything useful, you need to punch some holes in the sandbox.
I'm screaming security problem not so much because it is impossible to create secure systems (it is possible), but because noone out there is going to want to use truly secure systems and because ubiquous wireless and powerful handheld devices will make it even easier for our imaginary black hat to discover vulnerable systems.
I'd recommend Bruce Schneier's "Secrets and Lies" if you are interested in this.
I think there's room for both itanium and hammer.
Dunno. The desktop market in particular has a very powerful network effect. Unless all desktop software is shipped in both Itanium and Hammer versions one of the platforms is eventually going to get the upper hand, and 60%/40% quickly becomes 95%/5%.
So it has to have more memory bandwidth than god's dreams
If AMD stays with (DDR/DDR II) SDRAM, it seems like Intel is going to win on the bandwidth front. While RDRAM was too expensive compared to the performance you got out of it 1-2 years ago, it seems like Intel was right when they claimed that Rambus would scale better than SDRAM in the future.
31 CPUs or something? Without any more trouble (in terms of the hardware) than supporting two. The bus is supposed to allow for a whole mess of chips, and I want to see that.
That sounds more like a nerd's idea of a centerfold than something you're going to see on an desktop anytime soon.
Anyway, when you're talking more than a couple of CPUs you have to radically change the memory interface. A few CPUs can share the same memory bus (UMA - Uniform Memory Architecture), but with more than that you have to use something like a star topology or let each processor have some local memory and a bus/mesh/link to the others. I think AMD is shooting for an 800MHz HyperTransport mesh, but don't quote me on it.
It does look like AMD is playing ball with Microsoft just the way they want them too.
I think MS is using AMD to control Intel. That is, if Intel does something MS doesn't like then Windows will somehow magically support Hammer better than Itanium.
It seems like Intel is starting to run away in performance on the 32bit side again, so Hammer is a make or break for AMD. That does put Microsoft in a strong position.
I wonder if nVidia will turn out to be too big for Microsoft to swallow?
Just a few random thoughts:
I don't think MS is interested in swallowing nVidia. After they gained the upper hand on the desktop, MS' game plan has always been to control and protect the software platform. They've never been interested in owning the hardware side as long as they have sufficient power to keep the hardware companies in line. As long as there are more than one manufacturer of the hardware platform(s), the Windows software platform is the point of control.
Think of it as a puzzle, if you are the only manufacturer of a critical piece of the IT puzzle you control the entire board. It is in MS' interest to make sure that there are at least two manufacturers of each of the other pieces, and that they are the only manufacturer of the software platform piece. (That's exactly why MS fought Netscape and Java and why Linux is so scary to them.)
Besides, if MS gets too cozy with one of the combattants in the fiercely(sp?) competitive 3D graphics card market they might find themselves in a new antitrust lawsuit.
MS wants to be able to keep selling new versions of Windows and Office, so they have to provide some new features that people will be willing to pay for - such as a new 3D user interface in Longhorn.
MS and nVidia have to march in lock-step with regards to new versions of DirectX and new features in next generation graphics hardware. It won't harm MS much if they break the lock step and the next version of DirectX turns out to be closer to next generation ATI hardware, but it can harm nVidia a lot.
As long as ATI and other video chip manufacturers can keep up somewhat with nVidia, MS won't feel any particular threat.
The graphics card market is an open market - anyone is free to make a graphics card (as opposed to, say, the Intel/AMD processor slot/socket situation). The only requirement for making a graphics card is to support AGP and VESA and write a DirectX driver - none of which are jealously protected/patented.
I don't know how cozy MS and nVidia are on DirectX. nVidia might try to pull a stunt by putting some features in DirectX that is hard to implement without violating an nVidia hardware patent. Could easily become a PR nightmare, though.
nVidia is the current (well, once the NV30 comes out) performance king, but remember that the high-end market is only a small part of the entire market. Other companies are making decent amounts of money on the lower end and in the OEM market, and any one of them might do a high-end come-back.
Unless I'm missing something, I think nVidia is the weaker party in this relationship. At the same time, it doesn't seem like MS would gain much by trying to control nVidia.