The author is basically asking for help in writing a P2P spamming and DDoS tool. Leaving aside the legality of this action (which it quite possible is not, particularly as laws start to come down hard on spammers), it begs the question of whether or not there is any place for a "demonstration" when it comes to digital democracy. If you want to demostrate online then I would suggest that you start by demonstrating a bit of responsibility by recongnizing that just because you disagree with someone does not give you the right to silence them -- this "tool" is nothing more than a tool for a few disaffected mobs to silence those whom they disagree with rather than actually participating in the political processes that have been established to deal with these grievances.
I would suggest that the authors stop wasting time working on a thinly disguised DDoS tool and instead actually try to see how political speech and democratic ideals can actually fit together. The past few years have seen the emergence of weblogs, community forums, indymedia, and a host of other digital tools for helping people build communities of discussion and distribute ideas and information that can be used to educate and inform. I would suggest that people actually interested in digital democracy seek out these tools and help to make them better.
There is nothin more immature than a child proclaiming that if people will not listen to what he has to say then he will scream and throw a temper tantrum so that no one else can have a conversation. Grow up!
On the otherhand, does it really matter if people are constituents or not? Is broad public and global opinion more important that those of an individual community, county or state?
Given that it is the legislators job to listen to and represent the views of their constituents (and no one else) then it actually does matter if people sending in email reside in that legislators district or not. That is how the system is supposed to works. Representatives and Senators are elected to represent the interests of the local community within the federal system, so broad public and global opinion is not just less important than local opinion, it is not important at all. Legistlators that start listening to broad public and global opinion soon find themselves out of a nice, cushy job if that broad public and global opinion is contrary to local interests. If the broad public and global interests care so much then they should complain to their own legislative representatives.
Public doesn't mean unregulated
on
Wireless Camouflage?
·
· Score: 3, Interesting
1) WarChalking &| WarDriving are not crimes, the bands used by 802.11 are *public airspace* they belong to *everyone* not *anyone*.
Just because something is public does not mean that rules do not apply to this public space. A park is a public space but there are rules about how you can use it, the unlicensed spectrum used by 802.11b is available for anyone to use but you are still required to follow FCC regulations regarding how you operate within this spectrum. There are rules that dictate how your wireless card operates, how much power it can put into it's signal, etc.
In fact, it might be wise of you to consider this in terms of another user of this particular segment of the spectrum -- cordless phones operating at 2.4 GHz. The signal goes out over the same unlicensed spectrum band, but if you were to create a base station which prevented your neighbors from using their cordless phone handsets (even if it was accidental) you could be fined for violating the FCC rules regarding this slice of the spectrum. If you were to monitor and record a transmission between the base station and remote node you would be breaking the law. If you created a phone handset that masqueraded as your neighbors handset and used his phone base station (and phone line) for your calls you would be breaking the law. Both offenses can bring stiff fines and jail terms, something that aggressive wardrivers and 802.11b access point "borrowers" might want to keep in mind...
You are probably correct as far as how things will play out in the real world (fewer sources of authority, but well-known and trusted sources) simple because of how the background social networks that currently exist can be used as a bootstrapping mechanism by the trusted source solution. Part of my original point is that this solution, as long as multiple sources of authority are allowed to exist, is a part of the general distributed trust solution to the original problem. Distributed trust can be "client-server", "peer-to-peer" or some hybrid of the two.
You only have to take a look around the real world to see that reputations are an efficient and attack resistant mechanism for allowing untrusted parties to exchange info/goods/services. Credit ratings, movie ratings, "best of" lists, gossip, etc. We are surrounded by and enmeshed within distributed trust and reputation systems so completely that most people do not even realize how many times a day they use such a system.
Mr. Chen correctly points out that an attacker can easily forge the hash values it reports to the network. self-verification won't happen until the user has downloaded a good portion (if not all) of the file. At that point the attack has already been successful.
You can send out a bad copy once, but if well-known and trusted copies already exist on the network you are not going to be able to replace these with bad copies, the self-verification does not prevent the single-point attack you describe, it prevents the propogation of this attack throughout the network. If an attacker serves up bad files (ones that do not match the SHA1 hash advertised) then the downloader should treat the host as malfunctioning and query a more reliable source. The downloading agent does not need to unpack the file and see what is inside, it just checks the SHA1 hash and then can simple assume that there was a transmission error and try another source. Eventually the malicious node will be trimmed from everyone else's peer list and a new node identity will have to be generated and the game starts again.
This single attack costs the attacker as much as it does the downloader (and you can bet the RIAA is paying more per MB of data sent than someone downloading the data via a DSL or cable modem line) and a few simple changes to the system like favoring trusted peers (ones who have not given you mismatched hash/payload data) as the first nodes to query and only moving down the local reputation food chain if you need to expand your query or search for alternate sources. Unless an attacker can pretend to be a vast majority of the nodes in the system it is not going to be able to make this attack scale-up in the manner you suggest.
There is a difference between an attack that works on a single download and an attack that would be viable for a network-wide assault. The case you and Mr. Chen bring up here is clearly in the first category, an inconvenience for individual users but not something that will be a significant problem for the network as a whole.
Moderation and peer reputation require some method of recording "ratings" of users on the network. Something not present in the current Gnutella network. But if implemented, it would have to be distributed as well. This means that there, at some point, must be a blind trust between clients to complete these "ratings". That blind trust will lead to poisioning of the ratings system and make it worthless.
"Ring of trust" simply does not work in a distributed environment that is truly open to anyone. Closed distributed environments, or virtually closed environments within an open environment would be the only way. However new users would not be able to enter them and that is how Gnutella keeps itself alive.
Which is why I think that things like Raph Levien's work in reputation systems (and actually coding up working examples of such a system, see refs below) are rather attractive because they solve this specific problem in a rather elegant fashion and make such simplistic attacks much more difficult and expensive to pull off. [Here's a quick hint: Have you ever noticed that most people seem to care about Roger Ebert's opinion rather than yours when it comes to what movies to go see? This is because distributed trust system can deal with voter flooding attacks by limiting how much influence comes from untrusted sources.]
You seem to think, Mr. McCoy, that there are obvious solutions. Yet you really don't present any nor do you present any existing real-world examples.
One of the problems I addressed in the original paper was the fact that it was poorly researched in certain aspects. It seems that everyone is too lazy to actually do any research these days, but since spending five minutes doing google searches on various terms related to reputation systems seems to be too much work for either you or Mr. Chen, here is a quick summary of a few minutes work (although I selected papers that I am familiar with after google returned a hit).
1) For starters look at Google itself. Google is the single biggest distributed reputation system in the internet. That is what a pagerank is, the "repuation" of a particular link for a particular subject using link count as the voting mechanism. It can be attacked and subverted on a small scale as various Google-juicing experiments prove, but it is also very effective at filtering out these attacks (see some of the Scientology google-juicing wars to see how hard it is to really influence a massively distributed reputatioon system implemented my people who know how to pick the best ideas from current research and invent a few of their own.
2) EBay seller rankings. These can also be attacked and tweaked, but even when money is involved (making the incentive for dishonest behavior very high, much more so than any p2p system will ever have to deal with) EBay manages to keep fraud to a manageable level and recent research into seller/buyer identity-blinding and reputation cluster filtering can make the seller ranking system even more attack-resistant.
3) Amazon buyer ratings and recommendations. Yet another example of a real-world distributed trust management system.
4) Advogato is a community forum site that implements some of Raph's Ph.D. work in reputaitons and distrubted trust management to create a flow-constrained reputation system that has some very good attack-resistance characteristics. Raph has been running Advogato using his distrubted trust metric for several years now.
5) Pattie Maes' agents group at MIT, specifically the Yenta reputation clustering system but just about everything to come out of this group is a source of good ideas and practical research in this area.
6) Check out some of the available research bibliographies (like this) and places like citeseer for other research in the subject.
One thing you will notice about these real-world examples is that none of the systems tries to be "perfect", just good enough to get the job done.
If I implied that the problem is "solved" then I was being a bit too enthusiastic about the directions that current research and practice in this area is evolving. There are many different approaches to this problem (distriburted trust management) and the theoretical groundwork is already in place for several "solutions" which deal with the specific applications being described here. The case of "poisoned files" is actually a much simpler subset of distributed trust management problem because it deals with a simple good/bad distinction and it is a case where it is relatively easy to use simple emergent effects like voting can provide effective protection from these sorts of simple attacks upon a p2p system. [Before you jump in with a "but the RIAA can cast millions of votes" please check out the flow-constrained networks Raph Levien is working on and the application of clustering mechanisms to simple reputation systems.]
EBay has also provided a good source of research material and several papers in the past few years have provided in-depth analysis of the effectiveness of existing EBay mechanisms in dealing with semi-anonymous/pseudonymous peer-to-peer transactions where there is a significant incentive for dishonest behavior. In a situation like EBay where real money is changing hands the incentives for cheating is strong, yet simple reputation systems solve the largest class of such problems and simple refinements like cluster matching among those who cast votes. Raph Levien and others have also made significant strides in going beyond the theroetical and into the direct application of reputation and distrubted trust management to distributed peer groups (check out the www.advogato.org trust metric system and Raph's Ph.D. thesis for more info.) I am not denying that there is an elephant in this room as well, but it is a wounded elephant who is soon to be "pining for the fjords" if you catch my drift...
The general case problem of distributed trust management is not solved, there are several tools available to coders that require minimal effort to implement but which can keep the p2p user a step or two ahead of the simple attacks described in the original paper.
I love the smell of undergraduate sophistry in the morning...
The author of this paper seems to suffer from the common practice of those in a hurry to finish their term papers that if they somehow ignore the elephant in the room that disproves their point they might end up getting partial credit for impressing people with how well they can tap dance around the elephant. In this case the well-established practice of using a secure hash function as a self-verifying mechanism to prevent DoS attacks that try to flood a network with garbage files is the elephant.
In his FAQ regarding the paper, Mr. Chen correctly addresses the problem of a lack of centralized authority in using hash functions as distributed/P2P but apparently did not make more than a cursory examination of the subject or else he would have seen the various methods available for solving such a problem. I can only assume this is the case because reputation systems beyond simple moderation are not addressed and flow-constrained trust networks are never mentioned in this section.
As someone who seeks to pass off a "bad" file (this report) as a "good" file, perhaps sooner rather than later Mr. Chen will learn how the distributed moderation and trust system known as peer reputation works. Surely I am not the only one who finds it more than a little ironic that a paper by an author who claims that distributed moderation doesn't work is being submitted to a peer-reviewed journal in an attempt by the author to bootstrap his own reputation?
David Chaum, the inventor of the "blind" signature mechanism that is the core of most digital cash protocols, created an extended variant of this system [Chaum90] that explained how you can accomplish some rather tricky things with unlinkable identity systems. One of the examples he has used in the past a computer controlled library, the "librarian" would let you check out books with an anonymous identity and maintain policies such as "only three books out at any one time", etc. with strong security for the system and complete unlinkability among user transactions as long as they follow the rules.
This system handles the daily mechanics of such a digital library, but it needs an external hook to get a user into the system called an "isa-person" certificate (a cert that you could only get one of, probably biometric, that is a hard link to your meatspace identity) which is used as the stick to prevent people from walking away with your books. If someone checks out books and does not return them they get a negative mark on their isa-person cert that will follow them to around until it is cleared. A deposit of cash, as others have suggested, would probably serve an equivalent purpose.
If you really want a secure, anonymous digital system it is probably going to end up working something like NetFlix. You apply for an anonymous id and put down a cash deposit, the anon id lets you borrow titles with certain restrictions, when you are finished with the account you cancel your subscription and get your deposit back.
Jim
[Chaum90] David Chaum: Showing credentials without identification: Transferring signatures between unconditionally unlinkable pseudonyms; Auscrypt '90, LNCS 453, Springer-Verlag, Berlin 1990, 246-264.
"Dude, you guys are a Slashdot story" is not the best wake-up call one can hope for while spending a few weeks trying to finish up the online info prior to a large-scale test:)
I will try to answer as many of the good questions and points of discussion that have been brought up as I can over the next few hours, but I wanted to shoot out a quick overview of what HiveCache is to try to set the story straight here.
First of all, HiveCache is an enterprise backup utility that uses a parasitic peer-to-peer data mesh as its backup media. Simple enough really. The goal of the software is not to replace tape or other offline backup tools, the goal is to serve as an alternative tool for users to make most file restoration requests ("hey, I accidentally deleted my Powerpoint presentation fo the big meeting that starts in 30 minutes...") a user self-help operation rather than something that needs IT assistance. Users restore most files via the p2p mesh and tape/CD-R is only needed for really old stuff or if the building burns down.
The HiveCache distributed online backup system is currently targetted at small to mid-sized enterprises (100-1000 seats) as a way for these companies to increase the ROI on existing IT investment (they already paid for the disk space, so why not use all of it) and to decrease the burden that daily backup and restore operations place upon IT staff. Right now the clients are win32 but agents that serve up disk space to these clients from OS X and Unix hosts are also available. By using good error-correction mechanisms it is possible to maintain five "nines" of reliability for retrieving any particular file even if 25% of the network drops offline. As the backup mesh grows larger reliability keeps increasing while the data storage burden for adding a new node drops (because the level of redundancy among the nodes grows.)
Lastly, the relationship between HiveCache and MojoNation. Basically, there are two branches off of the work HiveCache (nee Evil Geniuses) did on MojoNation, one early branch went on to become the backup product, a later fork pared off some of the non-essential bits (payment system, etc.) and became MNet. The MojoNation public prototype helped to work out the kinks of the data mesh but for the last year and a half of the life of MojoNation most of our internal coding effort was on behalf of this other project which shared some back-end components with the LGPL codebase we were also supporting. For those who complained earlier that the MojoNation user experience sucked I must humbly appologize, we were spending the cycles working on a different UI. Since the MojoNation project went into hibernation on our side, a former MojoNation coder and several other very sharp people have been continuing the MNet project based upon the open codebase (and with a much nicer UI than we ever provided for MojoNation.) I do appologize if the patent and licensing language appears a bit heavy-handed, it was a cut and paste job from some email with legal counsel and will be made clearer this weekend when the site is updated.
ObPlug: We are still seeking a variety of enterprise environments for our upcoming pilot test and in addition to getting to experience the benefits of the HiveCache system for your company you will also be able to purchase the Q4 release version at OEM prices! Sign up now by sending mail to pilot@hivecache.com
The article mentions distributed backup as a possible application, but in my mind distributed backup is the killer application.
While this is not directly mentioned by David Anderson in his article I know for a fact that this is something that United Devices is interested in because late last year Mojo Nation was in discussion with UD to provide just this sort of service to its users.
This sort of distributed backup is what the current private branch of the Mojo Nation codebase does, with a little taskbar app that sits in the background and distributed backed up files to peers within the enterprise. One major benefit that your post missed is that the majority of the data stored on hard drives within an enterprise is redundant data (e.g. multiple copies of MS Word, etc.) and with a distributed backup system you only need to keep a few copies of such files around for restores. You can back up 99% of your data while only needing 10-15% of the available space on individual PCs.
In what is turning out to be one of life's interesting ironies, the company that was most intrested in this UD/MojoNation pairing was Enron's bandwidth trading group (mostly for storing medical imaging data and distributed corporate backups.) When Skilling left Enron just before the whole accounting scandal started to blow up the Enron guys became "unavailable" so things never moved forward, but you can be certain that this sort of a distributed data storage and backup system will appear again.
Unfortunately, one of the evolutionary steps in Mojo Nation's development has been their abandonment, for the most part, of user-visible and user-configurable economics; they deliberately made it difficult to see how many Mojo are held by the local broker, and relatively unlikely that a broker will be able to earn significant Mojo by careful pricing - recent clients are configured such that the economic brakes on resource usage are sharply curtailed or removed entirely.
This is because strict pricing really does not work. I could point you to some good work by Andrew Odzlyko regarding incremental pricing for computational resources, but the best paper to find that outlines the hard part is "Price-War Dynamics in a Free-Market Economy of Software Agents" by Kephart et al. Computational resources are like electricity, they can't really be stored for future resale so it is relatively easy for suppliers to play games with the market by withholding resources during periods of peak demand. The resources are very time-dependant and they are effectively a zero-cost good so there is a race to the bottom in pricing. Additionally, these resources are difficult to price by users --users expect a constant price for resources contributed and most users have both an inflated expectation of what their resources are worth and little understanding of things like options pricing (e.g. to them Black-Scholes is a vacation destination.)
For Mojo Nation we opted to move to a pricing model closer to Odzlyko's "Paris Metro Pricing" in which resources donated to the system were exchanged for a sort of network karma. If you donated resources during periods of peak demand you could redeem them for enhanced quality of service at a later point. Not as fancy as the "disk space for dollars" model that the cypherpunk dreamers seem to want but a scheme a little more grounded in reality.
Jim
A shallow review of a shallow book
on
Emergence
·
· Score: 5, Informative
It seems that the review of Emergence has about as much substance as the book itself, collecting random bits from a larger body of work to prove an almost unrelated point. A reviewer who finds the lack of a god figure in a book about emergent behavior unsettling? That is the whole point of complex adaptive systems you idiot! Rich and varied macro behovior arises from simple rules applied at the micro level in a massively parallel fashion.
That is not to say that Emergence is a good book. It is an adequate book to give to a lay reader who is completely unfamiliar with the subject matter so that they can at least understand the basics of emergent behavior. On the whole the book is about at the same level as Kelley's Out of Control, cute but nothing of consequence. Anyone who is really interested in this subject should start with the following list:
Turtles, Termites, and Traffic Jams (Michael Resnick)
Emergence (John Holland)
Hidden Order (John Holland)
At Home in the Universe (Stuart Kaufman)
A Self-Made Tapestry (John Ball)
Swarm Intelligence (Bonobeau et al.)
The Computational Beauty of Nature (Flake)
Anything (and everything you can find) by Dawkins, E.O Wilson, and Hofsteader along with the Artificial Life series from the Sante Fe Institute (preceedings from the conference series of the same name)
This is an interesting and important subject area which most Slashdot readers would be well-served to examine and explore. Unfortunately such exploration is not served well by either this review or the book being reviewed.
Yeah I know what you mean, but can you acually substain a company at 40 bucks a pop? I am pretty sure it cost way more to get even.
The advantage of a wireless last-mile is that you can eliminate a lot of the costs involved in providing broadband to users. You do not need to have lots of expensive employees driving around in their little trucks to try to get a wire run into some idiots living room over 90 year old internal wiring. In the bay area you could walk into Fry's, buy a Ricochet modem or PCMCIA card and have it activated by the time you left the parking lot. The Ricochet technology was also rather sophisticated when it came to cell hand-off and bandwidth usage, so Airie can also achieve closer to the theoretical optimum when it comes to making sure that there is enough upstream bandwidth for all of its users.
The only reason the high-bandwidth Ricochet service cost as much as it did was that users were forced to help pay off the debt burden incurred by metricom when it got too ambitious and tried to build a bigger network than it could effectively run. Metricom was also not interested in licensing the back-end equipment to anyone else; they wanted to own all of the pipes but the risk of this sort of strategy is that you do not have anyone else to share the risk with if things do not work out...needless to say, things did not work out according to the plan:)
You would be surprised how many people will pay for a wireless service that runs at near-DSL speed. Back in the days before broadband when Ricochet only ran at 22-28Kbs it was priced to be almost the equivalent of a standard phone line, so lots of people skipped getting a second phone line at home for dialup and instead paid Ricochet for an almost equivalent service that worked just about anywhere local. Tres cool.
Expect to see the new Ricochet aim to place themselves on the telecom offerings list as an alternative to cable modems and DSL in terms of price with the slightly lower bandwidth being offset by the fact that you can drive around with your connection still working:)
Some P2P systems actually steal several good ideas from nature, with ant/swarm optimizations being one of the most common ideas used. When designing Mojo Nation I stole liberally from swarm intelligence techniques and other evolutionary computing techniques I learned while doing AI research.
Foraging techniques (similar to pheremones) are used to propagate meta-info describing how to contact and find other agents within the mesh and the self-organizing, emergent nature of the filesystem owes a debt to random algorithms and similar techniques from ant colonies. The swarm downloading feature we pioneered is also derived from how an ant colony gets food back to the colony, with lots of expendable agents taking individual paths during the delivery task.
While it is sometimes not obvious to casual observers, I think you will find many distributed systems which take their cues from the natural world if you peek under the hood.
Mojo Nation and other swarming apps
on
Shirky On P2P
·
· Score: 2
I think that the sort of systems you are talking about are the so-called "swarming" systems. Pioneered by Mojo Nation, these systems break content up into lots of pieces which can be served in parallel, speeding up transactions as the network gets larger. Other swarming apps are Swarmcast, EDonkey2000, and it looks like Centerspan is going to be pushing a swarming app soon.
I read somewhere (can't find the reference right now, sorry) that some work was being done whereby the genetic programs were being evolved that could themselves create neural networks. Each genetic program could be considered a template for creating a neural network.
The keyword you want to pop into google here is "cellular encoding", the seminal work was done by Frederic Gruau back in the mid-90s (I first saw his presentation at GP-96.) Unlike the GA variant suggested by an earlier reply this method does not just change the weightings of the nodes, it re-arranges the architecture during cross-over and mutation. The basic idea is that you start by viewing a simple ANN as a graph and then perform operations on the edges. Astro Teller presented a paper at GP-98 that performed similar operations upon the nodes, but iirc the end-result was not an ANN (I can't remember what he called his variant.) I always wanted to try to perform node-encoding upon FSMs to try my own variant on cellular encoding but never got around to doing it...
I still use my upgraded MP2000 every day and get quite a kick out of explaining to people just how cool it really is. It is not pocket-sized, but the monster screen size makes up for this. It is a shame that this box was killed because it really was the ultimate student PDA (you could actually _write_ your class notes during class and then go back over the recognition later.)
>Presently United States accounts for 25 % of
>world's carbon dioxide emissions while having
>only less than 5 percent of the population.
And while producing more than 33% of the world's GDP. We emit more pollutants because we produce most of the world's economically valuable products. Perhaps you should start by trying to make the remaining 95% of the world's population a little more efficient and productive rather than bitching about the people who are doing most of the work in producing your Birkenstocks and iMacs...
The anti-market screed that was posted seems to ignore several important facts that should be brought to light. An article from CNET points out that:
"Oxford will own the intellectual property developed under the program, but the university will license it relatively freely."
That means that the big bad corporate nasty that Micahel is complaining about is Oxford University and the American Cancer Society, not quite in the same league as the evil pharmaceutical companies that can do no good in Michael's eyes. Perhaps he would rather that millions of people continue to suffer and die from cancer for the sake of his cynicism and moral outrage.
While it is probably not very important to the people reading this, there be dragons ahead for this project that I do not think the implementor is aware of. We implemented a system very much like this for Mojo Nation to achieve the swarm distribution (parallel downloads) which is one of the key features of our technology. Windows does not like to hold lots of open connections and you quickly eat up local resources and run out of file descriptors. It works like a charm under Linux and other "real" operating systems, but backporting this to make it available to the un-enlightened will be a very, very unpleasant task for whomever tries to actually implement this.
jim
The court made several findings related to this point (you can get to the heart of the result in section 8 of the decision) but it basically came down to this -- Napster is not responsible for keeping pirated stuff off of the service, but if a copyright holder comes to them and demands that something must be removed then Napster has to do so, the judge also indicated that Napster needs to stop pretending that it can't do certain things to prevent this from happening again (possibilities here include things like proactive filters on search requests to prevent users from finding copyrighted tracks, stronger user authentication to track "real names", etc.)
Some interesting points here are the last little caveat in the last paragraph of section eight. The first amendment ("fair use") claim made by Napster and used by many here was completely nuked by the court. It found that Napster users were not fair users and therefore the first amendment protections against prior restraint do not apply here.
In operational terms the modifications to the injunction are also interesting. Basically the court found that the original injunction was too vague because it put all of the burden on copyright policing on Napster. The court pushed most of the burden back to the copyright holder, saying that the RIAA, et al. must notify Napster of a violation to start the process in each case of suspected infringement. Napster then has to follow-through and nuke the content and user, but the court did find that peered content on decentralized systems cannot be held to a higher standard than the safe harbor provisions of the DMCA require given the reality of the architectures of such systems.
Some interesting points here are the last little caveat in the last paragraph of section eight. The first amendment ("fair use") claim made by Napster and used by many here was completely nuked by the court. It found that Napster users were not fair users and therefore the first amendment protections against prior restraint do not apply here.
In operational terms the modifications to the injunction are also interesting. Basically the court found that the original injunction was too vague because it put all of the burden on copyright policing on Napster. The court pushed most of the burden back to the copyright holder, saying that the RIAA, et al. must notify Napster of a violation to start the process in each case of suspected infringement. Napster then has to follow-through and nuke the content and user, but the court did find that peered content on decentralized systems cannot be held to a higher standard than the safe harbor provisions of the DMCA require given the reality of the architectures of such systems.
There was nothing particularly crappy about Xanadu, it just tried to do too much and expected the rest of the world to stop what it was doing for a few years while they finished this uber-cool thing. It goes something like this: Ted Nelson has an idea of the 6 things hypertext "must have" to work and gathers too many mad scientists and not enough hunchback to work on things. A couple of years later Tim Berners-Lee figures out that you only need two of the six "requirements" and creates the web. Five years later Ted presents a variation of the original idea that is trying to find footing against a system (http/html) which is demonstrably inferior, but good enough. The rest, as they say is history...
BTW, if you are looking for the current incarnation of Xanadu, look for zigzag.
Slashdot Mirror
The author is basically asking for help in writing a P2P spamming and DDoS tool. Leaving aside the legality of this action (which it quite possible is not, particularly as laws start to come down hard on spammers), it begs the question of whether or not there is any place for a "demonstration" when it comes to digital democracy. If you want to demostrate online then I would suggest that you start by demonstrating a bit of responsibility by recongnizing that just because you disagree with someone does not give you the right to silence them -- this "tool" is nothing more than a tool for a few disaffected mobs to silence those whom they disagree with rather than actually participating in the political processes that have been established to deal with these grievances.
I would suggest that the authors stop wasting time working on a thinly disguised DDoS tool and instead actually try to see how political speech and democratic ideals can actually fit together. The past few years have seen the emergence of weblogs, community forums, indymedia, and a host of other digital tools for helping people build communities of discussion and distribute ideas and information that can be used to educate and inform. I would suggest that people actually interested in digital democracy seek out these tools and help to make them better.
There is nothin more immature than a child proclaiming that if people will not listen to what he has to say then he will scream and throw a temper tantrum so that no one else can have a conversation. Grow up!
Given that it is the legislators job to listen to and represent the views of their constituents (and no one else) then it actually does matter if people sending in email reside in that legislators district or not. That is how the system is supposed to works. Representatives and Senators are elected to represent the interests of the local community within the federal system, so broad public and global opinion is not just less important than local opinion, it is not important at all. Legistlators that start listening to broad public and global opinion soon find themselves out of a nice, cushy job if that broad public and global opinion is contrary to local interests. If the broad public and global interests care so much then they should complain to their own legislative representatives.
Just because something is public does not mean that rules do not apply to this public space. A park is a public space but there are rules about how you can use it, the unlicensed spectrum used by 802.11b is available for anyone to use but you are still required to follow FCC regulations regarding how you operate within this spectrum. There are rules that dictate how your wireless card operates, how much power it can put into it's signal, etc.
In fact, it might be wise of you to consider this in terms of another user of this particular segment of the spectrum -- cordless phones operating at 2.4 GHz. The signal goes out over the same unlicensed spectrum band, but if you were to create a base station which prevented your neighbors from using their cordless phone handsets (even if it was accidental) you could be fined for violating the FCC rules regarding this slice of the spectrum. If you were to monitor and record a transmission between the base station and remote node you would be breaking the law. If you created a phone handset that masqueraded as your neighbors handset and used his phone base station (and phone line) for your calls you would be breaking the law. Both offenses can bring stiff fines and jail terms, something that aggressive wardrivers and 802.11b access point "borrowers" might want to keep in mind...
You are probably correct as far as how things will play out in the real world (fewer sources of authority, but well-known and trusted sources) simple because of how the background social networks that currently exist can be used as a bootstrapping mechanism by the trusted source solution. Part of my original point is that this solution, as long as multiple sources of authority are allowed to exist, is a part of the general distributed trust solution to the original problem. Distributed trust can be "client-server", "peer-to-peer" or some hybrid of the two.
You only have to take a look around the real world to see that reputations are an efficient and attack resistant mechanism for allowing untrusted parties to exchange info/goods/services. Credit ratings, movie ratings, "best of" lists, gossip, etc. We are surrounded by and enmeshed within distributed trust and reputation systems so completely that most people do not even realize how many times a day they use such a system.
You can send out a bad copy once, but if well-known and trusted copies already exist on the network you are not going to be able to replace these with bad copies, the self-verification does not prevent the single-point attack you describe, it prevents the propogation of this attack throughout the network. If an attacker serves up bad files (ones that do not match the SHA1 hash advertised) then the downloader should treat the host as malfunctioning and query a more reliable source. The downloading agent does not need to unpack the file and see what is inside, it just checks the SHA1 hash and then can simple assume that there was a transmission error and try another source. Eventually the malicious node will be trimmed from everyone else's peer list and a new node identity will have to be generated and the game starts again.
This single attack costs the attacker as much as it does the downloader (and you can bet the RIAA is paying more per MB of data sent than someone downloading the data via a DSL or cable modem line) and a few simple changes to the system like favoring trusted peers (ones who have not given you mismatched hash/payload data) as the first nodes to query and only moving down the local reputation food chain if you need to expand your query or search for alternate sources. Unless an attacker can pretend to be a vast majority of the nodes in the system it is not going to be able to make this attack scale-up in the manner you suggest.
There is a difference between an attack that works on a single download and an attack that would be viable for a network-wide assault. The case you and Mr. Chen bring up here is clearly in the first category, an inconvenience for individual users but not something that will be a significant problem for the network as a whole.
Moderation and peer reputation require some method of recording "ratings" of users on the network. Something not present in the current Gnutella network. But if implemented, it would have to be distributed as well. This means that there, at some point, must be a blind trust between clients to complete these "ratings". That blind trust will lead to poisioning of the ratings system and make it worthless.
"Ring of trust" simply does not work in a distributed environment that is truly open to anyone. Closed distributed environments, or virtually closed environments within an open environment would be the only way. However new users would not be able to enter them and that is how Gnutella keeps itself alive.
Which is why I think that things like Raph Levien's work in reputation systems (and actually coding up working examples of such a system, see refs below) are rather attractive because they solve this specific problem in a rather elegant fashion and make such simplistic attacks much more difficult and expensive to pull off. [Here's a quick hint: Have you ever noticed that most people seem to care about Roger Ebert's opinion rather than yours when it comes to what movies to go see? This is because distributed trust system can deal with voter flooding attacks by limiting how much influence comes from untrusted sources.]
You seem to think, Mr. McCoy, that there are obvious solutions. Yet you really don't present any nor do you present any existing real-world examples.
One of the problems I addressed in the original paper was the fact that it was poorly researched in certain aspects. It seems that everyone is too lazy to actually do any research these days, but since spending five minutes doing google searches on various terms related to reputation systems seems to be too much work for either you or Mr. Chen, here is a quick summary of a few minutes work (although I selected papers that I am familiar with after google returned a hit).
1) For starters look at Google itself. Google is the single biggest distributed reputation system in the internet. That is what a pagerank is, the "repuation" of a particular link for a particular subject using link count as the voting mechanism. It can be attacked and subverted on a small scale as various Google-juicing experiments prove, but it is also very effective at filtering out these attacks (see some of the Scientology google-juicing wars to see how hard it is to really influence a massively distributed reputatioon system implemented my people who know how to pick the best ideas from current research and invent a few of their own.
2) EBay seller rankings. These can also be attacked and tweaked, but even when money is involved (making the incentive for dishonest behavior very high, much more so than any p2p system will ever have to deal with) EBay manages to keep fraud to a manageable level and recent research into seller/buyer identity-blinding and reputation cluster filtering can make the seller ranking system even more attack-resistant.
3) Amazon buyer ratings and recommendations. Yet another example of a real-world distributed trust management system.
4) Advogato is a community forum site that implements some of Raph's Ph.D. work in reputaitons and distrubted trust management to create a flow-constrained reputation system that has some very good attack-resistance characteristics. Raph has been running Advogato using his distrubted trust metric for several years now.
5) Pattie Maes' agents group at MIT, specifically the Yenta reputation clustering system but just about everything to come out of this group is a source of good ideas and practical research in this area.
6) Check out some of the available research bibliographies (like this) and places like citeseer for other research in the subject.
One thing you will notice about these real-world examples is that none of the systems tries to be "perfect", just good enough to get the job done.
If I implied that the problem is "solved" then I was being a bit too enthusiastic about the directions that current research and practice in this area is evolving. There are many different approaches to this problem (distriburted trust management) and the theoretical groundwork is already in place for several "solutions" which deal with the specific applications being described here. The case of "poisoned files" is actually a much simpler subset of distributed trust management problem because it deals with a simple good/bad distinction and it is a case where it is relatively easy to use simple emergent effects like voting can provide effective protection from these sorts of simple attacks upon a p2p system. [Before you jump in with a "but the RIAA can cast millions of votes" please check out the flow-constrained networks Raph Levien is working on and the application of clustering mechanisms to simple reputation systems.]
EBay has also provided a good source of research material and several papers in the past few years have provided in-depth analysis of the effectiveness of existing EBay mechanisms in dealing with semi-anonymous/pseudonymous peer-to-peer transactions where there is a significant incentive for dishonest behavior. In a situation like EBay where real money is changing hands the incentives for cheating is strong, yet simple reputation systems solve the largest class of such problems and simple refinements like cluster matching among those who cast votes. Raph Levien and others have also made significant strides in going beyond the theroetical and into the direct application of reputation and distrubted trust management to distributed peer groups (check out the www.advogato.org trust metric system and Raph's Ph.D. thesis for more info.) I am not denying that there is an elephant in this room as well, but it is a wounded elephant who is soon to be "pining for the fjords" if you catch my drift...
The general case problem of distributed trust management is not solved, there are several tools available to coders that require minimal effort to implement but which can keep the p2p user a step or two ahead of the simple attacks described in the original paper.
I love the smell of undergraduate sophistry in the morning...
The author of this paper seems to suffer from the common practice of those in a hurry to finish their term papers that if they somehow ignore the elephant in the room that disproves their point they might end up getting partial credit for impressing people with how well they can tap dance around the elephant. In this case the well-established practice of using a secure hash function as a self-verifying mechanism to prevent DoS attacks that try to flood a network with garbage files is the elephant.
In his FAQ regarding the paper, Mr. Chen correctly addresses the problem of a lack of centralized authority in using hash functions as distributed/P2P but apparently did not make more than a cursory examination of the subject or else he would have seen the various methods available for solving such a problem. I can only assume this is the case because reputation systems beyond simple moderation are not addressed and flow-constrained trust networks are never mentioned in this section.
As someone who seeks to pass off a "bad" file (this report) as a "good" file, perhaps sooner rather than later Mr. Chen will learn how the distributed moderation and trust system known as peer reputation works. Surely I am not the only one who finds it more than a little ironic that a paper by an author who claims that distributed moderation doesn't work is being submitted to a peer-reviewed journal in an attempt by the author to bootstrap his own reputation?
David Chaum, the inventor of the "blind" signature mechanism that is the core of most digital cash protocols, created an extended variant of this system [Chaum90] that explained how you can accomplish some rather tricky things with unlinkable identity systems. One of the examples he has used in the past a computer controlled library, the "librarian" would let you check out books with an anonymous identity and maintain policies such as "only three books out at any one time", etc. with strong security for the system and complete unlinkability among user transactions as long as they follow the rules.
This system handles the daily mechanics of such a digital library, but it needs an external hook to get a user into the system called an "isa-person" certificate (a cert that you could only get one of, probably biometric, that is a hard link to your meatspace identity) which is used as the stick to prevent people from walking away with your books. If someone checks out books and does not return them they get a negative mark on their isa-person cert that will follow them to around until it is cleared. A deposit of cash, as others have suggested, would probably serve an equivalent purpose.
If you really want a secure, anonymous digital system it is probably going to end up working something like NetFlix. You apply for an anonymous id and put down a cash deposit, the anon id lets you borrow titles with certain restrictions, when you are finished with the account you cancel your subscription and get your deposit back.
Jim
[Chaum90] David Chaum: Showing credentials without identification: Transferring signatures between unconditionally unlinkable pseudonyms; Auscrypt '90, LNCS 453, Springer-Verlag, Berlin 1990, 246-264.
I will try to answer as many of the good questions and points of discussion that have been brought up as I can over the next few hours, but I wanted to shoot out a quick overview of what HiveCache is to try to set the story straight here.
First of all, HiveCache is an enterprise backup utility that uses a parasitic peer-to-peer data mesh as its backup media. Simple enough really. The goal of the software is not to replace tape or other offline backup tools, the goal is to serve as an alternative tool for users to make most file restoration requests ("hey, I accidentally deleted my Powerpoint presentation fo the big meeting that starts in 30 minutes...") a user self-help operation rather than something that needs IT assistance. Users restore most files via the p2p mesh and tape/CD-R is only needed for really old stuff or if the building burns down.
The HiveCache distributed online backup system is currently targetted at small to mid-sized enterprises (100-1000 seats) as a way for these companies to increase the ROI on existing IT investment (they already paid for the disk space, so why not use all of it) and to decrease the burden that daily backup and restore operations place upon IT staff. Right now the clients are win32 but agents that serve up disk space to these clients from OS X and Unix hosts are also available. By using good error-correction mechanisms it is possible to maintain five "nines" of reliability for retrieving any particular file even if 25% of the network drops offline. As the backup mesh grows larger reliability keeps increasing while the data storage burden for adding a new node drops (because the level of redundancy among the nodes grows.)
Lastly, the relationship between HiveCache and MojoNation. Basically, there are two branches off of the work HiveCache (nee Evil Geniuses) did on MojoNation, one early branch went on to become the backup product, a later fork pared off some of the non-essential bits (payment system, etc.) and became MNet. The MojoNation public prototype helped to work out the kinks of the data mesh but for the last year and a half of the life of MojoNation most of our internal coding effort was on behalf of this other project which shared some back-end components with the LGPL codebase we were also supporting. For those who complained earlier that the MojoNation user experience sucked I must humbly appologize, we were spending the cycles working on a different UI. Since the MojoNation project went into hibernation on our side, a former MojoNation coder and several other very sharp people have been continuing the MNet project based upon the open codebase (and with a much nicer UI than we ever provided for MojoNation.) I do appologize if the patent and licensing language appears a bit heavy-handed, it was a cut and paste job from some email with legal counsel and will be made clearer this weekend when the site is updated.
ObPlug: We are still seeking a variety of enterprise environments for our upcoming pilot test and in addition to getting to experience the benefits of the HiveCache system for your company you will also be able to purchase the Q4 release version at OEM prices! Sign up now by sending mail to pilot@hivecache.com
Jim McCoy HiveCache, Inc.
The article mentions distributed backup as a possible application, but in my mind distributed backup is the killer application.
While this is not directly mentioned by David Anderson in his article I know for a fact that this is something that United Devices is interested in because late last year Mojo Nation was in discussion with UD to provide just this sort of service to its users.
This sort of distributed backup is what the current private branch of the Mojo Nation codebase does, with a little taskbar app that sits in the background and distributed backed up files to peers within the enterprise. One major benefit that your post missed is that the majority of the data stored on hard drives within an enterprise is redundant data (e.g. multiple copies of MS Word, etc.) and with a distributed backup system you only need to keep a few copies of such files around for restores. You can back up 99% of your data while only needing 10-15% of the available space on individual PCs.
In what is turning out to be one of life's interesting ironies, the company that was most intrested in this UD/MojoNation pairing was Enron's bandwidth trading group (mostly for storing medical imaging data and distributed corporate backups.) When Skilling left Enron just before the whole accounting scandal started to blow up the Enron guys became "unavailable" so things never moved forward, but you can be certain that this sort of a distributed data storage and backup system will appear again.
Jim
This is because strict pricing really does not work. I could point you to some good work by Andrew Odzlyko regarding incremental pricing for computational resources, but the best paper to find that outlines the hard part is "Price-War Dynamics in a Free-Market Economy of Software Agents" by Kephart et al. Computational resources are like electricity, they can't really be stored for future resale so it is relatively easy for suppliers to play games with the market by withholding resources during periods of peak demand. The resources are very time-dependant and they are effectively a zero-cost good so there is a race to the bottom in pricing. Additionally, these resources are difficult to price by users --users expect a constant price for resources contributed and most users have both an inflated expectation of what their resources are worth and little understanding of things like options pricing (e.g. to them Black-Scholes is a vacation destination.)
For Mojo Nation we opted to move to a pricing model closer to Odzlyko's "Paris Metro Pricing" in which resources donated to the system were exchanged for a sort of network karma. If you donated resources during periods of peak demand you could redeem them for enhanced quality of service at a later point. Not as fancy as the "disk space for dollars" model that the cypherpunk dreamers seem to want but a scheme a little more grounded in reality.
Jim
It seems that the review of Emergence has about as much substance as the book itself, collecting random bits from a larger body of work to prove an almost unrelated point. A reviewer who finds the lack of a god figure in a book about emergent behavior unsettling? That is the whole point of complex adaptive systems you idiot! Rich and varied macro behovior arises from simple rules applied at the micro level in a massively parallel fashion.
That is not to say that Emergence is a good book. It is an adequate book to give to a lay reader who is completely unfamiliar with the subject matter so that they can at least understand the basics of emergent behavior. On the whole the book is about at the same level as Kelley's Out of Control, cute but nothing of consequence. Anyone who is really interested in this subject should start with the following list:
Turtles, Termites, and Traffic Jams (Michael Resnick)
Emergence (John Holland)
Hidden Order (John Holland)
At Home in the Universe (Stuart Kaufman)
A Self-Made Tapestry (John Ball)
Swarm Intelligence (Bonobeau et al.)
The Computational Beauty of Nature (Flake)
Anything (and everything you can find) by Dawkins, E.O Wilson, and Hofsteader along with the Artificial Life series from the Sante Fe Institute (preceedings from the conference series of the same name)
This is an interesting and important subject area which most Slashdot readers would be well-served to examine and explore. Unfortunately such exploration is not served well by either this review or the book being reviewed.
The advantage of a wireless last-mile is that you can eliminate a lot of the costs involved in providing broadband to users. You do not need to have lots of expensive employees driving around in their little trucks to try to get a wire run into some idiots living room over 90 year old internal wiring. In the bay area you could walk into Fry's, buy a Ricochet modem or PCMCIA card and have it activated by the time you left the parking lot. The Ricochet technology was also rather sophisticated when it came to cell hand-off and bandwidth usage, so Airie can also achieve closer to the theoretical optimum when it comes to making sure that there is enough upstream bandwidth for all of its users.
The only reason the high-bandwidth Ricochet service cost as much as it did was that users were forced to help pay off the debt burden incurred by metricom when it got too ambitious and tried to build a bigger network than it could effectively run. Metricom was also not interested in licensing the back-end equipment to anyone else; they wanted to own all of the pipes but the risk of this sort of strategy is that you do not have anyone else to share the risk with if things do not work out...needless to say, things did not work out according to the plan
You would be surprised how many people will pay for a wireless service that runs at near-DSL speed. Back in the days before broadband when Ricochet only ran at 22-28Kbs it was priced to be almost the equivalent of a standard phone line, so lots of people skipped getting a second phone line at home for dialup and instead paid Ricochet for an almost equivalent service that worked just about anywhere local. Tres cool.
:)
Expect to see the new Ricochet aim to place themselves on the telecom offerings list as an alternative to cable modems and DSL in terms of price with the slightly lower bandwidth being offset by the fact that you can drive around with your connection still working
Foraging techniques (similar to pheremones) are used to propagate meta-info describing how to contact and find other agents within the mesh and the self-organizing, emergent nature of the filesystem owes a debt to random algorithms and similar techniques from ant colonies. The swarm downloading feature we pioneered is also derived from how an ant colony gets food back to the colony, with lots of expendable agents taking individual paths during the delivery task.
While it is sometimes not obvious to casual observers, I think you will find many distributed systems which take their cues from the natural world if you peek under the hood.
Many hands make light work...
The keyword you want to pop into google here is "cellular encoding", the seminal work was done by Frederic Gruau back in the mid-90s (I first saw his presentation at GP-96.) Unlike the GA variant suggested by an earlier reply this method does not just change the weightings of the nodes, it re-arranges the architecture during cross-over and mutation. The basic idea is that you start by viewing a simple ANN as a graph and then perform operations on the edges. Astro Teller presented a paper at GP-98 that performed similar operations upon the nodes, but iirc the end-result was not an ANN (I can't remember what he called his variant.) I always wanted to try to perform node-encoding upon FSMs to try my own variant on cellular encoding but never got around to doing it...
I still use my upgraded MP2000 every day and get quite a kick out of explaining to people just how cool it really is. It is not pocket-sized, but the monster screen size makes up for this. It is a shame that this box was killed because it really was the ultimate student PDA (you could actually _write_ your class notes during class and then go back over the recognition later.)
>Presently United States accounts for 25 % of
>world's carbon dioxide emissions while having
>only less than 5 percent of the population.
And while producing more than 33% of the world's GDP. We emit more pollutants because we produce most of the world's economically valuable products. Perhaps you should start by trying to make the remaining 95% of the world's population a little more efficient and productive rather than bitching about the people who are doing most of the work in producing your Birkenstocks and iMacs...
"Oxford will own the intellectual property developed under the program, but the university will license it relatively freely."
That means that the big bad corporate nasty that Micahel is complaining about is Oxford University and the American Cancer Society, not quite in the same league as the evil pharmaceutical companies that can do no good in Michael's eyes. Perhaps he would rather that millions of people continue to suffer and die from cancer for the sake of his cynicism and moral outrage.
While it is probably not very important to the people reading this, there be dragons ahead for this project that I do not think the implementor is aware of. We implemented a system very much like this for Mojo Nation to achieve the swarm distribution (parallel downloads) which is one of the key features of our technology. Windows does not like to hold lots of open connections and you quickly eat up local resources and run out of file descriptors. It works like a charm under Linux and other "real" operating systems, but backporting this to make it available to the un-enlightened will be a very, very unpleasant task for whomever tries to actually implement this. jim
The court made several findings related to this point (you can get to the heart of the result in section 8 of the decision) but it basically came down to this -- Napster is not responsible for keeping pirated stuff off of the service, but if a copyright holder comes to them and demands that something must be removed then Napster has to do so, the judge also indicated that Napster needs to stop pretending that it can't do certain things to prevent this from happening again (possibilities here include things like proactive filters on search requests to prevent users from finding copyrighted tracks, stronger user authentication to track "real names", etc.)
jim
Some interesting points here are the last little caveat in the last paragraph of section eight. The first amendment ("fair use") claim made by Napster and used by many here was completely nuked by the court. It found that Napster users were not fair users and therefore the first amendment protections against prior restraint do not apply here.
In operational terms the modifications to the injunction are also interesting. Basically the court found that the original injunction was too vague because it put all of the burden on copyright policing on Napster. The court pushed most of the burden back to the copyright holder, saying that the RIAA, et al. must notify Napster of a violation to start the process in each case of suspected infringement. Napster then has to follow-through and nuke the content and user, but the court did find that peered content on decentralized systems cannot be held to a higher standard than the safe harbor provisions of the DMCA require given the reality of the architectures of such systems.
jim
AZI/Mojo Nation
Some interesting points here are the last little caveat in the last paragraph of section eight. The first amendment ("fair use") claim made by Napster and used by many here was completely nuked by the court. It found that Napster users were not fair users and therefore the first amendment protections against prior restraint do not apply here.
In operational terms the modifications to the injunction are also interesting. Basically the court found that the original injunction was too vague because it put all of the burden on copyright policing on Napster. The court pushed most of the burden back to the copyright holder, saying that the RIAA, et al. must notify Napster of a violation to start the process in each case of suspected infringement. Napster then has to follow-through and nuke the content and user, but the court did find that peered content on decentralized systems cannot be held to a higher standard than the safe harbor provisions of the DMCA require given the reality of the architectures of such systems.
jim
AZI/Mojo Nation
BTW, if you are looking for the current incarnation of Xanadu, look for zigzag.
jim