By splitting files for publication and breaking up the load Mojo Nation solves part of this problem. Instead of trying to download 3Mb from someone on a 28.8 connection you download 300 packages of 100K from agents with a variety of connection types. The upstream load on each agent is small, but this architecture has the potential to saturate any downstream pipe you can get. While this does not solve all of the problems with broadband haves vs. have-nots it does provide a partial answer to the problem you describe.
Mojo Nation uses market-based mechanisms for solving the problems of cheating and parasites. You pay to play, but you pay in computational resources. It is like the old upload/download ratios except it wraps the whole thing in a micropayments system.
> I think a ratio type of thing would be a great
> idea, but how in the world can this be done?
It has already been done. The Mojo Nation system was designed as a way for people to exchange services using a micropayment system. This system is different from other micropayment systems because the "coins" are backed in digital resources. It is like the old upload and download ratios of BBS days. You contribute services to the system by "selling" to others and when you need services you "buy" them from other agents. Toss in a distributed, de-centralized data sharing services and you have a pretty cool little item. The coins are like tokens at an arcade, except those who contribute more than they consume end up with a surplus they might be able to sell later; greed is a powerful motivation to get people to
Cheating is controlled (or at least minimized) by using market-based mechanisms like reputations. By basing the service on something like a market it is possible for distrustful parties to conduct transactions and exchange services. Look around at any stable social structure and you will see a lot of the same techniques employed to fairly allocate resources and control parasites and cheaters.
The tragedy of the commons was inevitable in these cases, and solving the problem is what Mojo Nation was designed for. It uses a micropayments system which is denominated in digital resources (disk space, bandwidth, CPU time) and exchanged for services. This is just a micropayment system that is backed by the old upload/download credits of the BBS days.
As the guy who ran YahooMail ops from our humble origins as RocketMail until a couple of weeks ago when I retired to play with more interesting things (after the first 50 million users it just gets boring:) it seems to me that you are somewhat "reality challenged" about how to scale a system to handle the userbase we are talking about here.
For starters, the first rule I learned (the hard way) was to have as few failure points as possible. This means _no_ centralized databases. EVER. A centralized database is your worst nightmare waiting to happen because when it does fail, and it happens more than you would think even if you are running overpriced "fault-tolerant" servers and database software (just ask EBay..), then the entire system is down. Having a component failure take out 5% of your users it a lot better than having it take out 100% of your users.
The key concept to grasp here is to design a system so that it degrades gracefully when it begins to fail. That means that instead of just locking up when a key box dies your system will continue working (albeit a little slower) and you have time to investigate the problem rather than having to hit a panic button. Remember that we are talking about mail here, so if you lose your account database for even a few hours you are going to be unable to accept incoming mail during this downtime and when you come back up you will get hammered by queued messages. Swarms of little boxes are the only way to do something like this.
The swarm scales up very well on a $/user basis and is much more tolerant of failures than any centralized system. The swarm gives you much more flexibility in dealing with the daily traffic flux because it is trivial too add a few more cheap boxes or to re-task a box with a simple reboot instead of having to spend a lot of energy fixing the one box that everything else is depending on.
The other problem with your approach is that there are not many systems that can handle the sort of load and volume we are talking about. Those that are available are extremely expensive. A service that only gets revenue from ad banners does not stay in business unless it figures out how to get the best performance for the least amount of money.
As for Hotmail's troubles I am guessing that earlier posters are correct: Hotmail probably had a catastrophic disk failure on a key system and no backups, once that happens you start throwing the disks into other boxes and trying to do a sector-by-sector repair or recovery (a very slow and unpleasant process.) This is the sort of nightmare scenario that caused me to fear every 3am phone call or alarm page; eventually one of the major services was going to step on this particular landmine and I am sooooooo happy that something like that did not happen on my watch...
Get it at http://www.freedom.net and start surfing with anonymity. It is a pretty good product done by some rather sharp cryptographers and security people (like Ian Goldberg and Adam Shostack) and it works transparently with your clients.
No, there is not a Linux version yet, but it is a hell of a lot easier to write the linux version so I expect it along quite quickly. Check out the white papers available on the site for a good description of how this system works.
Along with Spaf, Garfinkel wrote "Practical Unix and Internet Security" and "Web Security & Commerce". If you are going to make a lame flame please at least get your facts straight.
The reason RSA is being used for signatures is that it is more than 10-40 times faster than DSA or other similar methods when you do signature verification, moreover, DSA signature verification gets a lot slower as the modulus increases compared to RSA. This is due to the nature of the math used and no one has found a suitable alternative to RSA which provides the same security and comes even close to RSA in verificiation speed. This is an important feature because people will be doing a lot more verifications of DNS records than they will do signatures.
Please remember that Intel got the Strongarm during the Digital carve-up, so your statement that these things have far lower power consumption than any intel CPU is laughably wrong.
Remember, just because a sound file with your ID info tagged into the watermark happens to be the downlaod-du-jour from warez r' us does not mean that you were the one who committed the criminal act of distributing the file. Your system could have been cracked, the file could have been intercepted in transmission, your CC info could have been stolen, etc. The watermark is circumstantial evidence and anyone who tried to prosecute someone based upon it would get laughed out of court. This is the fatal flaw of all watermarking schemes, they may tag the file but a single watermark pointing to you as the culprit does not actually prove anything...
As much as I respect Eric's work in promoting nanotech these ideas all came from Ted Nelson's work, specifically the Xanadu project. Read Literary Machines for an example of a good flight of fancy on how such a system should look, but completely ignore it when it comes to actually implementing code. As the guy who fronts the box and bandwidth for crit.org I also need to point out that such a system is inherently broken because it does not place the burden of paying for the annotation upon the person doing the markup.
It was lead, not iron. Gutenberg was a jeweler by trade and was familiar with the many fun uses of soft metals. By using lead the printer could maintain a large, cheap set of type and easily refresh or modify his selection through the use of a few wooden forms in which new type was cast.
3. Why would an electronic archive be harder to maintain than a paper journal?
This is the kicker really. Paper is physical. While this is looked down upon by most techies it really has several advantages:
Wide distribution of the paper materials make ex-post facto modifications (i.e. rewriting history) much more difficult and almost impossible to hide.
There are no format or obsolescence issues involved. I can go to the right library and read scientific literature from the 3rd century B.C. while demographic data from the mid-60s on punch cards is basically lost forever. The rapid changes to information format and medium in the information age means that keeping things in a format available to all would be a massive and expensive project over time.
Dead trees work. So far nothing electronic has come close to this for the long term storage of information.
The jurisdiction of the courts has _always_ been under the control of Congress. Read the constituion a little closer and you will see this. In fact, this is hardly the first time nor even the most controversial use of such power. Following the U.S. Civil War the Congress removed from the jurisdiction of the federal courts all cases arising from the reconstruction acts.
The only exception to this rule are cases which have _original_ jurisdiction with the U.S. Supreme Court. These are cases of admiralty law and suits between the states themselves IIRC. Last year was rather noteworthy because the court heard one of the first such cases in something like 50 years (New York and New Jersey were fighting over which state Ellis Island is in...NJ won.)
You know the answer to the second question. IP is something to be protected and its attendant rights are to be cherished when it is my stuff and IP is a load of crap that should be disregarded because property is theft when it is your stuff. What matters here is not the principle involved, just whether or not 'da man is trying to exploit you.
While this chip is cute, and smartcard manufacturers have been making strides in putting good crypto functions into the cards, there is the big dark cloud of differential power analysis hanging over their heads that they have not dealt with yet. Basically a determined attacker can rip the secret keys from smart cards in a _very_ short period of time by observing power draws while the card is in use (i.e. the old "one" uses more power than "zero" problem.) Until this problem is dealt with anyone who uses a smartcard for crypto is just adding features for a marketting brochure and not adding any real security.
Take a good look at the clock speeds on the "state of the art" in FPGAs. While a system like this could, in theory, mark a significant step forward by erasing most of the hardware/software boundary it will still take a huge amount of effort to rebuild our existing base of computing infrastructure to take advantage of such a system. A computer like this is far more likely to find use in niche applications like routers and packet switches (e.g. put the logic for the current packet flows into hardware) and for strange little AI projects.
Actually you are the one who does not get the point. Radio emmisions are on a particular frequency and you are only looking for an "interesting" signal. Van Ecking a computer is not a trivial task, and there is no way for you to effectively hide the radiated signal without spending a lot of effort to shield the system (e.g. do all your work inside a Farraday cage).
The use of FPGAs and other reconfigureable hardware along with genetic operators on the configuration is broadly lumped under the category of "Evolveable Hardware" and most of the people doing cutting-edge work in this arena will be at the GECCO conference down in Orlando next month. You can expect a few news blurbs based upon papers presented at this conference soon after...
BTW, the guy who did a lot of the initial work on this whom you are probably thinking of is Adrian Thompson. Alternatively you could have been thinking of Hugo DeGaris and the smoke and mirror game he has been running with the press for several years related to his CAM-Brain project (this is a variation of EHW whereby a cellular automata is used to generate random neural pathways/connections and then the system evolves the weightings.)
While you statement that most current crypto needs better UI work is quite correct, you are quite wrong when it comes to security through obscurity. Obscurity works as a part of the overall strategy but must never be relied upon. Just because obscuring the details is a part of the security you should not assume that it is the only part. Unfortunately in this case you are correct that the attempt to hide the existence of the encrypted data will not work, the person who is trying to do this needs to think long and hard about what sorts of results I would get if I searched his hard disk for long, contiguous chunks of data which seemed to be very random...
Too much current crypto uses iron doors to secure houses with tissue-paper walls anyway. Crypto does not just need a better UI, it needs to be integrated into the system from the very beginning. Unfortunately it is already too late for Linux (and unix in general), security cannot be added as an afterthought or it will never work as well as it should. If security is not a part of the foundation then the structure built will never be as strong as you think it is...
Yes, having a little bit more U238 in a place that has no atmosphere or magnetosphere is going to make sooooo much difference.... If you are on the moon and are so ill-protected that whatever radioisotopes we manage to drop there have even the slightest effect upon you then someone did a piss-poor job in designing your environment because you are going to get cooked by general background radiation long before a this stuff is going to kill you.
We are not contaminating the moon, we are depositing processed fuel for future generations; this is our gift to the future (no, I am not kidding.)
Sorry, but a vaccuum is a perfect insulator. The only way your motherboard would be able to get rid of hid would be to radiate it as IR. The big problem in space travel is not keeping things warm, you have several humans generating kW of heat to do that, the problem is getting rid of the heat. That is why the space shuttle has to open up the cargo bay doors as soon as it gets into orbit, to radiate away heat. If the doors don't open they have to come back real quick or else you end up with braised astronauts.
The "open ource movement" is mainly characterized by copying other people's good ideas. Innovation have never been one of the strong points of the open source movement. OSS takes existing products and tries to rebuild the wheel, albeit a politically correct wheel...
All http requests are logged. If you are unaware of this then you need to get whacked pretty hard by the clue stick. If you are concerned about your privacy vis a vis Slashdot then join the great masses of Anonymous Cowards (something I do frequently for just such purposes.)
Slashdot Mirror
By splitting files for publication and breaking up the load Mojo Nation solves part of this problem. Instead of trying to download 3Mb from someone on a 28.8 connection you download 300 packages of 100K from agents with a variety of connection types. The upstream load on each agent is small, but this architecture has the potential to saturate any downstream pipe you can get. While this does not solve all of the problems with broadband haves vs. have-nots it does provide a partial answer to the problem you describe.
jim
Mojo Nation uses market-based mechanisms for solving the problems of cheating and parasites. You pay to play, but you pay in computational resources. It is like the old upload/download ratios except it wraps the whole thing in a micropayments system.
Check it out a http://www.mojonation.net/
jim
> I think a ratio type of thing would be a great
> idea, but how in the world can this be done?
It has already been done. The Mojo Nation system was designed as a way for people to exchange services using a micropayment system. This system is different from other micropayment systems because the "coins" are backed in digital resources. It is like the old upload and download ratios of BBS days. You contribute services to the system by "selling" to others and when you need services you "buy" them from other agents. Toss in a distributed, de-centralized data sharing services and you have a pretty cool little item. The coins are like tokens at an arcade, except those who contribute more than they consume end up with a surplus they might be able to sell later; greed is a powerful motivation to get people to
Cheating is controlled (or at least minimized) by using market-based mechanisms like reputations. By basing the service on something like a market it is possible for distrustful parties to conduct transactions and exchange services. Look around at any stable social structure and you will see a lot of the same techniques employed to fairly allocate resources and control parasites and cheaters.
jim mccoy
The tragedy of the commons was inevitable in these cases, and solving the problem is what Mojo Nation was designed for. It uses a micropayments system which is denominated in digital resources (disk space, bandwidth, CPU time) and exchanged for services. This is just a micropayment system that is backed by the old upload/download credits of the BBS days.
Check it out at http://www.mojonation.net/
Back in August the LDP pushed a bill through the Diet which gave wiretapping powers to law enforcement agents. Sorry dude.
jim
As the guy who ran YahooMail ops from our humble origins as RocketMail until a couple of weeks ago when I retired to play with more interesting things (after the first 50 million users it just gets boring :) it seems to me that you are somewhat "reality challenged" about how to scale a system to handle the userbase we are talking about here.
For starters, the first rule I learned (the hard way) was to have as few failure points as possible. This means _no_ centralized databases. EVER. A centralized database is your worst nightmare waiting to happen because when it does fail, and it happens more than you would think even if you are running overpriced "fault-tolerant" servers and database software (just ask EBay..), then the entire system is down. Having a component failure take out 5% of your users it a lot better than having it take out 100% of your users.
The key concept to grasp here is to design a system so that it degrades gracefully when it begins to fail. That means that instead of just locking up when a key box dies your system will continue working (albeit a little slower) and you have time to investigate the problem rather than having to hit a panic button. Remember that we are talking about mail here, so if you lose your account database for even a few hours you are going to be unable to accept incoming mail during this downtime and when you come back up you will get hammered by queued messages. Swarms of little boxes are the only way to do something like this.
The swarm scales up very well on a $/user basis and is much more tolerant of failures than any centralized system. The swarm gives you much more flexibility in dealing with the daily traffic flux because it is trivial too add a few more cheap boxes or to re-task a box with a simple reboot instead of having to spend a lot of energy fixing the one box that everything else is depending on.
The other problem with your approach is that there are not many systems that can handle the sort of load and volume we are talking about. Those that are available are extremely expensive. A service that only gets revenue from ad banners does not stay in business unless it figures out how to get the best performance for the least amount of money.
As for Hotmail's troubles I am guessing that earlier posters are correct: Hotmail probably had a catastrophic disk failure on a key system and no backups, once that happens you start throwing the disks into other boxes and trying to do a sector-by-sector repair or recovery (a very slow and unpleasant process.) This is the sort of nightmare scenario that caused me to fear every 3am phone call or alarm page; eventually one of the major services was going to step on this particular landmine and I am sooooooo happy that something like that did not happen on my watch...
jim
Get it at http://www.freedom.net and start surfing with anonymity. It is a pretty good product done by some rather sharp cryptographers and security people (like Ian Goldberg and Adam Shostack) and it works transparently with your clients.
No, there is not a Linux version yet, but it is a hell of a lot easier to write the linux version so I expect it along quite quickly. Check out the white papers available on the site for a good description of how this system works.
Along with Spaf, Garfinkel wrote "Practical Unix and Internet Security" and "Web Security & Commerce". If you are going to make a lame flame please at least get your facts straight.
The reason RSA is being used for signatures is that it is more than 10-40 times faster than DSA or other similar methods when you do signature verification, moreover, DSA signature verification gets a lot slower as the modulus increases compared to RSA. This is due to the nature of the math used and no one has found a suitable alternative to RSA which provides the same security and comes even close to RSA in verificiation speed. This is an important feature because people will be doing a lot more verifications of DNS records than they will do signatures.
Please remember that Intel got the Strongarm during the Digital carve-up, so your statement that these things have far lower power consumption than any intel CPU is laughably wrong.
Remember, just because a sound file with your ID info tagged into the watermark happens to be the downlaod-du-jour from warez r' us does not mean that you were the one who committed the criminal act of distributing the file. Your system could have been cracked, the file could have been intercepted in transmission, your CC info could have been stolen, etc. The watermark is circumstantial evidence and anyone who tried to prosecute someone based upon it would get laughed out of court. This is the fatal flaw of all watermarking schemes, they may tag the file but a single watermark pointing to you as the culprit does not actually prove anything...
As much as I respect Eric's work in promoting nanotech these ideas all came from Ted Nelson's work, specifically the Xanadu project. Read Literary Machines for an example of a good flight of fancy on how such a system should look, but completely ignore it when it comes to actually implementing code. As the guy who fronts the box and bandwidth for crit.org I also need to point out that such a system is inherently broken because it does not place the burden of paying for the annotation upon the person doing the markup.
jim
It was lead, not iron. Gutenberg was a jeweler by trade and was familiar with the many fun uses of soft metals. By using lead the printer could maintain a large, cheap set of type and easily refresh or modify his selection through the use of a few wooden forms in which new type was cast.
jim
This is the kicker really. Paper is physical. While this is looked down upon by most techies it really has several advantages:
Wide distribution of the paper materials make ex-post facto modifications (i.e. rewriting history) much more difficult and almost impossible to hide.
There are no format or obsolescence issues involved. I can go to the right library and read scientific literature from the 3rd century B.C. while demographic data from the mid-60s on punch cards is basically lost forever. The rapid changes to information format and medium in the information age means that keeping things in a format available to all would be a massive and expensive project over time.
Dead trees work. So far nothing electronic has come close to this for the long term storage of information.
jim
The jurisdiction of the courts has _always_ been under the control of Congress. Read the constituion a little closer and you will see this. In fact, this is hardly the first time nor even the most controversial use of such power. Following the U.S. Civil War the Congress removed from the jurisdiction of the federal courts all cases arising from the reconstruction acts.
The only exception to this rule are cases which have _original_ jurisdiction with the U.S. Supreme Court. These are cases of admiralty law and suits between the states themselves IIRC. Last year was rather noteworthy because the court heard one of the first such cases in something like 50 years (New York and New Jersey were fighting over which state Ellis Island is in...NJ won.)
You know the answer to the second question. IP is something to be protected and its attendant rights are to be cherished when it is my stuff and IP is a load of crap that should be disregarded because property is theft when it is your stuff. What matters here is not the principle involved, just whether or not 'da man is trying to exploit you.
While this chip is cute, and smartcard manufacturers have been making strides in putting good crypto functions into the cards, there is the big dark cloud of differential power analysis hanging over their heads that they have not dealt with yet. Basically a determined attacker can rip the secret keys from smart cards in a _very_ short period of time by observing power draws while the card is in use (i.e. the old "one" uses more power than "zero" problem.) Until this problem is dealt with anyone who uses a smartcard for crypto is just adding features for a marketting brochure and not adding any real security.
Take a good look at the clock speeds on the "state of the art" in FPGAs. While a system like this could, in theory, mark a significant step forward by erasing most of the hardware/software boundary it will still take a huge amount of effort to rebuild our existing base of computing infrastructure to take advantage of such a system. A computer like this is far more likely to find use in niche applications like routers and packet switches (e.g. put the logic for the current packet flows into hardware) and for strange little AI projects.
Don't start short-selling Intel and AMD yet...
Actually you are the one who does not get the point. Radio emmisions are on a particular frequency and you are only looking for an "interesting" signal. Van Ecking a computer is not a trivial task, and there is no way for you to effectively hide the radiated signal without spending a lot of effort to shield the system (e.g. do all your work inside a Farraday cage).
The use of FPGAs and other reconfigureable hardware along with genetic operators on the configuration is broadly lumped under the category of "Evolveable Hardware" and most of the people doing cutting-edge work in this arena will be at the GECCO conference down in Orlando next month. You can expect a few news blurbs based upon papers presented at this conference soon after...
BTW, the guy who did a lot of the initial work on this whom you are probably thinking of is Adrian Thompson. Alternatively you could have been thinking of Hugo DeGaris and the smoke and mirror game he has been running with the press for several years related to his CAM-Brain project (this is a variation of EHW whereby a cellular automata is used to generate random neural pathways/connections and then the system evolves the weightings.)
While you statement that most current crypto needs better UI work is quite correct, you are quite wrong when it comes to security through obscurity. Obscurity works as a part of the overall strategy but must never be relied upon. Just because obscuring the details is a part of the security you should not assume that it is the only part. Unfortunately in this case you are correct that the attempt to hide the existence of the encrypted data will not work, the person who is trying to do this needs to think long and hard about what sorts of results I would get if I searched his hard disk for long, contiguous chunks of data which seemed to be very random...
Too much current crypto uses iron doors to secure houses with tissue-paper walls anyway. Crypto does not just need a better UI, it needs to be integrated into the system from the very beginning. Unfortunately it is already too late for Linux (and unix in general), security cannot be added as an afterthought or it will never work as well as it should. If security is not a part of the foundation then the structure built will never be as strong as you think it is...
Yes, having a little bit more U238 in a place that has no atmosphere or magnetosphere is going to make sooooo much difference.... If you are on the moon and are so ill-protected that whatever radioisotopes we manage to drop there have even the slightest effect upon you then someone did a piss-poor job in designing your environment because you are going to get cooked by general background radiation long before a this stuff is going to kill you.
We are not contaminating the moon, we are depositing processed fuel for future generations; this is our gift to the future (no, I am not kidding.)
Sorry, but a vaccuum is a perfect insulator. The only way your motherboard would be able to get rid of hid would be to radiate it as IR. The big problem in space travel is not keeping things warm, you have several humans generating kW of heat to do that, the problem is getting rid of the heat. That is why the space shuttle has to open up the cargo bay doors as soon as it gets into orbit, to radiate away heat. If the doors don't open they have to come back real quick or else you end up with braised astronauts.
The "open ource movement" is mainly characterized by copying other people's good ideas. Innovation have never been one of the strong points of the open source movement. OSS takes existing products and tries to rebuild the wheel, albeit a politically correct wheel...
All http requests are logged. If you are unaware of this then you need to get whacked pretty hard by the clue stick. If you are concerned about your privacy vis a vis Slashdot then join the great masses of Anonymous Cowards (something I do frequently for just such purposes.)