I think the majority of visitors to Sealand have been female, so far, actually. And cute:) (and Californian). I even expensed tickets for some of my friends because they brought me computer gear. (it is cheaper to buy a roundtrip plane ticket most of the year than to ship 2 x 70 pound packages! what is up with that?)
As for coworkers, we've had female staff before, but don't currently have any. It worked pretty well. I don't think any female who could work around a bunch of ex-military maintenance/security people and geeks would have much reluctance to kick someone for thinking about them in that way, though, in a professional context. Coworkers are not chicks even if they're hot babes.
I suppose I should be proud to have someone like Bruce Sterling making any kind of comments about me... (I wonder if he'd show up if I invited him to a party?)
Actually, our quality of life out on Sealand is pretty high. Any geek thing which fits in 5k square feet of dedicated-to-accomodations space, for a fairly small number of people, we have. Gig-e, dvd library, 5 TB of mp3s (and divx), wavelan throughout, on-site anonymizing proxies and mixmaster remailers, a pool of laptops, IEC 320 outlets on the walls, and about 16L of diet coke per person per week. It's really no different from a big house in the middle of nowhere, except in 2 hours I can be in London, or 4 hours in Amsterdam, or 11 hours in San Francisco, LA, etc. Admittedly, I'd far prefer living in one of the 5 interesting cities in the world, but this makes money. And, most of the people living here are security/maintenance, not geeks. The big drawback is our no-drug/no-alcohol policy, and the lack of random unplanned social interaction; friends of mine from SF fly out and visit, but nothing really happens spontaneously or serindipitously. Again, much like living on a farm or something.
No one really promotes Sealand as a tourist destination or place to live; it's effectively a big colocation facility at present, and likely to remain so indefinitely.
I *do* agree with his fundamental point there, though -- if I were going to be living in isolation with a small number of people, I don't know if people who are dedicated to bringing down governments and complete individual liberty are the best companions. Although *bland* people are probably the "easiest" to get along with, if I were picking some people to spend long amounts of time with in a remote location, once basic skills were taken care of, people interested in science, art, literature, etc. would be a lot more interesting than "glee club" or debating society or politicians or lawyers or the others Sterling mentions as the most interesting. A lot of the "hacker" conferences attract a good cross-section of people; I think of all the 5000-person subsets of the world, the people at events like HAL, nanotech conferences, Burning Man, etc. would be some of the better ones.
As for his overall point about the rate of cypherpunk progress; I don't know. A lot of the things we want already exist -- ssh is *widely* deployed (to the point that anyone sending passwords in the clear over the net is a fucking moron, and widely recognized as such); SSL web pages are common; anonymization through mixmaster or proxies is understood and deployed. HavenCo provides a small piece of the puzzle by making it easy to anonymously, reliabily, and security host servers. The only thing we're missing is true blinded ecash, but progress is still being made on that front, and almost-as-good alternatives, like e-gold, paypal, etc., already exist. I'd say we've done a pretty good job on the datahaven front, given that it's been discussed in sci-fi for 20-30 years, and most of the pieces are there now; how long were they discussing space travel, biotech, wide area networks, etc. before they were deployed to a similar degree? The dotcom collapse is certainly a setback for everyone, but the underlying trend of decentralization and individual control which started before the dotcom boom is still going strong.
ZKS ended Freedom because it doesn't make money for them; they rightly have shifted their focus to a somewhat better business model. I think ZKS was from the beginning a bit overly cypherpunk and not enough pragmatic business; it's widely known end-users DO NOT pay for privacy or anonymity and usually not for security. They are rightly focusing on what their major clients want. If the markets were doing better, ZKS could have continued subsidizing the Freedom network, and maybe more applications could have been built on top of it, but this is commercial reality -- they need to turn a profit ASAP.
HavenCo (the datacenter on Sealand) has *always* been focused on business clients, and selling services to people who receive bottom line benefits from HavenCo hosting -- a lot of our clients are chosing us at USD 1500/month where the only alternative is traditional central american offshore at USD 15k/month. That's why we have been profitable since 4 months after we started general sales. We're on-track with expansion plans, both in terms of physical sites, and related business offerings.We don't even offer a consumer web hosting or mail option because it just doesn't make money. You can feel free to criticize us for being mercenary, but that's why we'll be in business in 10 years, and companies which in effect subsidize consumer security offerings will probably not. In a recessionary market, products which can provide 1 for 1 substitution at a dramatic and immediate cost savings do well; we've had if anything an uptick since the summer.
(interestingly, at least one member of the press also claimed HavenCo would be out of business; this was in December 2000 if I recall correctly.)
Regardless of people of questionable impartiality or competence from cyberia-l, the fact is Sealand's legal claims have withstood more than 30 years of challenge by other governments; every lawyer who has written an opinion, including numerous professors of law, has recognized this, and there is substantial documentation from various government agencies, in the UK and other nations, to support.
It has always been clear that the true threat to security and privacy companies is market demand; followed perhaps by internal execution. Any threat of government action is so remote that if a company gets to the point where the government DOES shut them down, they've already won. The majority of the p2p systems in the US were forced to shut for commercial reasons (scour, aimster, etc.). Only a few of the most successful were challenged in court, and their failings were after the initial challenge primarily due to execution and lack of a real way to extract revenue, not action by the MPAA or RIAA.
That being said, I'm more than happy to run a Freedom server; I already run a mixmaster remailer (which is fairly similar technology), and there have been absolutely no serious complaints or difficulties. I know several of the executives at ZKS, and I'm sure they'll do the right thing. ZKS has always had a lot of support within the security and privacy community; they were started by and hired some of the best people, and developed technology which made no compromises on security. I'm sure their business and consulting offerings, as well as their remaining optimized client software, will do well.
While I feel incredibly sorry for Dmitry and his family, there's absolutely nothing about this incident which couldn't be fully predicted from the DMCA itself, and the general legal trend in the US for the past 50+ years. Corporations are in the business of maximizing profit and minimizing risk, and governments are in the business of maximizing order, increasing control, and growing their headcount, prestige, and budgets. This is the logical result of evolution through time.
Without strong protections, enshrined in contracts like the US Constitution, Bill of Rights, and in the everyday behavior and norms expected by a well-educated, informed, and active citizenry, things will naturally become more and more authoritarian. We've seen it in the US with DMCA, CALEA, and other new laws, as well as administrative actions taken by government agencies. We've seen it in the UK, with abominations like the RIP Act. We've seen it in the EU, which passes laws which ostensibly protect individual privacy but in fact create new bureaucracy. And Asia and Australia are even worse in a lot of ways.
Absent a major change in public perception (which I think is highly unlikely), the only path to individual liberty is technical. Perhaps it is now the case that security researchers, mathematicians, and pro-liberty activists must go underground, communicating using anonymous remailers, pseudonyms, and strong cryptography. Certainly groups have been forced underground in the past, but given certain conditions, it is impossible for them to be totally silenced. There are plenty of places in the world where people can live in freedom, due to a policy (intentional or unintentional) of tolerance -- Holland, Costa Rica, islands in the Caribbean, the Pacific -- for those who can't live underground in their own lands. Hopefully, HavenCo and Sealand can play some role in safeguarding liberty for those who live in other nations, by hosting servers for sensitive projects, remailers, and other infrastructure, as well as serving as an example of rational security policy for other nations. However, systems like Mojonation, Gnutella, Napster, ZKS Freedom, Mixmaster remailers, OpenPGP, and BitTorrent are perhaps more important for enabling this kind of research to be conducted, if not openly, at least securely.
If you're going to campaign for political change, don't just campaign for Dmitry to be released, or the DMCA to be overturned -- the core issue here is the continued erosion of individual liberty, at the hands of government, "well-intentioned do-gooders", and corporations.
I look forward to seeing people at HAL 2001, which thankfully is being held in a fairly free country.
Mmm, trolls. (ignoring the "do not feed the troll" sign)
I dropped out to start a company in Anguilla: it was a simple financial issue, $30k out of my own pocket per year (no financial aid, no help from parents) vs. working on cool tech in the Caribbean, learning more every day than one would learn in a semester at university, and actually doing something meaningful for humanity and individual liberty.
Simple choice:)
I would have a *very* hard time justifying college if I were interested in 1) changing the world 2) computer practice, vs. theory. Aside from a few cryptography courses and advanced math courses, the most important aspect of university was meeting people and making contacts in industry; a lot of which can be done just as easily independently on the net.
Just to let everyone know how things are going, since I'm sure people will ask:
HavenCo has been doing pretty well recently -- the dotcom funding crisis means we're getting a lot more resumes, although we're not actively hiring.
We're pretty much breakeven now, which is quite a relief given the current funding environment.
We're focusing on a few key markets:
* financial information and services (payment systems, stock information, etc.)
* reseller/VAR/OEM packages -- (ISPs that want to move certain clients offshore, ASPs, etc.)
AFAIK fairtunes and other music services are still underway, but HavenCo itself isn't that actively involved in them. While I'm sure we can weather any storm caused by hosting an opennap server or other controversial information, it is simply better business for us to go after higher-paying, zero-hassle, high value financial and gaming servers.
I apologize for not updating the website -- we've been very busy, and I have a new site with lots of photos and everyone else sitting in cvs, and at a staging URL, but it's not live yet. Hopefully soon, but unlike a lot of companies now on fuckedcompany, we're spending more time on actually selling products and supporting customers than on flashy websites...
We have a pretty good referral program now, which hasn't been publicized or put back on the old website -- bring us a customer, and when they pay their sixth month's colo fee, you get it.
I also got some netra X1's, and would like to host more of them -- we're discounting them substantially, since they're so easy to host, and people run solaris, netbsd, or sparclinux on them, rather than windows, saving us a bunch of hassle. We're charging about USD 6000/year to host on an X1 with minimal bandwidth, additional bandwidth to be purchased separately, vs. about USD 1500/month for a 1U or 2U intel/etc. type server with
much more bandwidth.
sales@havenco.com has info, of course. Buy servers, save money in regulatory and tax issues, and enable me to buy better food for Sealanders, and maybe a sushi chef.
It's pretty obvious where we stand on free speech, privacy, copyright, etc. issues, but unfortunately we have a duty to shareholders, and the "donate service to all sorts of cool free projects, bring a bunch of controversy, earn the hatred of the established media industry, etc." is just not good business practice for HavenCo, regardless of what the Sealand Government wants to do. They are from a pirate radio background, after all!
Interesting but fairly random stuff:
I was actually speaking at the Jupiter Plug-In Europe conference with Aram, the analyst quoted in that piece -- he's a really interesting guy who taught me things about Napster I didn't know! I also met Bruce Ward of NetPD, who turns out to be much cooler in person than one would expect -- I totally respect his/NetPD's technical competence, and if anyone needs to track down child pornography or other illegal use of their own network, I'd definitely recommend NetPD. After meeting a bunch of music industry people, ranging from lawyers to artists (Howie B. even gave me his new unreleased album, which I promptly mp3'd and put on my rio...it's *excellent*, and speaking of rio, the CEO of Sonicblue was there, and everyone standing around the table with him pulled out different generations of rio!). Barcelona, by the way, kicks ass -- all the goodness of France and of Spain, combined. I saw a yacht in the bay which was bigger than Sealand!
I was in San Francisco for RSA -- I'll be in Vegas for BlackHat and Defcon, but not much other than some events in Europe before then. Alas, 13 hour plane trips kind of suck. I had sushi just about every day. It was good. I was also on techtv, which people may have seen. Makeup artists are good at making ultra-pale geeks look suntanned.
I'm working on some software and papers, will probably set up a personal havenco page to post them. So much to do, so little time.
Using tools, Arbor or simply watching flows and rrd graphs while waiting for slashdot to load, is certainly a good way to spot attacks. If you can provide better data to network admins than they get already get using general-purpose network monitoring tools, it's certainly going to be useful.
This is all assuming your net follows basic best practice and thus the most effective DoS/DDoS is to do resource-consumption, not to send 50 multicast packets to your cisco's management interface or something like that...
I think the problem should be split into parts:
1) Pre-emptive moves to eliminate DoS/DDoS in general -- kill fucking smurf amplifiers dead, eliminate spoofing especially on smaller, less-actively-monitored, static networks, etc.
2) Increased safety margin for applications -- use technologies such as distributed dynamic cache, load-balanced servers, oversized links and oversized servers, etc., to deal with both malicious attacks and normal surge load. This
gives you a LOT more leisure time in dealing with big attacks, and makes smaller attacks less of a problem.
3) Intelligence, either from specialized anti-DDoS tools like arbor, or from general network administration tools, a 24x7 NOC, mrtg/rrd, talking with other AS admins on irc, etc.
4) Simple response tools -- having OOB management on routers (you wouldn't believe how many people don't, and if you're being DoS'd, you can't connect over the net under attack), a knowledge of what pieces depend on what, etc. Being able to down interfaces, apply filters, etc. quickly is important. At the present time, I don't think anyone could develop a tool which does this 100% automated, but certainly tools can amplify the power of a small number of good network administrators.
5) Research -- learn from the attacks, improve. I think this is where tools could be quite valuable, by gathering statistics on attacks and presenting them to people when under attack.
If I were trying to build a network resistant to DDoS/DoS, my number one priority would be pushing the safety margin up as high as possible, oversizing links and building border routers capable of taking and filtering most attacks when directed to do so; only after that is in place is it worth worrying about better ways to detect, analyze, etc. attacks. It's pretty obvious that you're being hit and what's going on once it actually happens:)
Actually, a lot of the simple DoS would be eliminated if people would just filter all their outgoing connections, preventing spoofed IP. If you know what AS is the origination of a certain flood, you can easily modify routing.
If someone can spoof packets to make them appear they don't come from a single AS, you have a much harder time.
The reason most ISPs don't filter their outgoing traffic is that most cisco routers will end up with 100% cpu utilization to do basic filtering on any decent sized pipe. No one is going to drop in a USD 100k GSR/12000 just to filter linerate on a 100baseTX.
Juniper, among others, make routers which can do filtering on the interface cards themselves, so doing linerate filtering on 32 gig-e interfaces is actually possible. However, I think like 95% of the core routers on the net are still cisco, even though Juniper's sales figures are rapidly increasing, so it will be some time before this is fixed.
I've looked into the DDoS problem quite a bit, for obvious reasons.
You can limit DDoS attempts, and probably eliminate all the threats out there today, but a truly crafty attacker would make a DDoS which simply appears as extra traffic. Slashdot people have a lot of experience with this -- what's the difference between a slashdotting and a worm with "download this page" as the payload, widely distributed?
Another problem with a single, centralized company providing DDoS monitoring, notification, and realtime blackholing is that of course that company becomes a central point of attack. If you can simulate a DDoS attempt from company A to company B, you don't need to actually accomplish the DDoS, which may also shield you from legal liability and violation of AUPs.
"In the age old battle of arms vs. armor, arms always triumph". I'm not saying arbor networks is not a valuable service, but I think it will be very difficult to provide any sort of lasting edge vs. a determined packet kiddie. ud.com among
others are already using distributed load-testing, so it's easy to see how powerful a worm/virus with DDoS payload would be. I believe the Zapatista in Mexico did this as a form of protest/attack, and it was successful, in 1998 or 1999.
Correct. We rate-limit individual servers to 256kbps at present, to ensure everyone gets fair access to bandwidth. We upgrade individual servers to 1mbps for an additional fee. We have 50Mbps of low latency bandwidth, and pretty much arbitrary amounts of VSAT 600-1000ms bandwidth, at the present time.
We can get enough bandwidth to do 100mbps for individual servers, but it's like 30-90 day leadtime. We're working on enhancing the overall bandwidth situation, and will upgrade servers automatically when more bandwidth is available.
Our competition is places in the third world where a T1 with 95% reliability will cost you USD 30k/month or more, though, and have like 60ms latency to any real internet center, so even with our current situation, USD 1500 for colo and 256kbps bandwidwidth is pretty competitive.
It's tolerable. The main problem was that it's rather cold in the winter; -2 to 5 degrees. Only some parts of the structure are heated; some rooms, like the kitchen, are pretty much the same temperature as outside, just without wind -- you can see your breath, the room is about as cold as the fridge, etc.
We have water and toilet and such; even a shower. The shower was rationed initially, but now we have a 10 ton capacity watermaker and a few large storage tanks, so it's ok. We're upgrading a lot of the residential features constantly; we don't have satellite TV or anything, although I do have a server with about 130 GB of mp3s, dvds, etc.
for local use. Due to generator and computer noise, I mainly just use headphones.
Everyone has a private room, although when we expand datacenter into a second tower, we might need to construct more accomodations up on deck. Initially we were thinking of housing servers in 20' containers on deck, vs. in the concrete towers, but having 12-24" reinforced concrete around machine rooms is much cooler.
We have onsite food preparation, although since the cooks are British, it's mainly meat-and-potatoes every day. If anyone else tries to copy the HavenCo/Sealand idea elsewhere, I suggest they have a sushi chef as member of the team.
We haven't moved www.havenco.com or www.sealandgov.com yet, and we set them up before we had service on Sealand. Since one of our investors runs a US ISP, we got a free box in colo there, so there's no real rush to move.
I've been working on some decent demo-services to host out of our space on Sealand, since most of our customers so far as pretty much internal-use-only.
It would take only very minimal checking to find servers on Sealand, but I leave that as an exercise for the reader.
As for testing sovereignty, I'd say the armed invasion over a decade ago, and subsequent military recapture, where the Germans send diplomats directly to Sealand to negotiate the release of a private citizen being held as POW, is a stronger test of sovereignty than a Napster server!
But yes, we're always happy to have more legal experience and affirmation of Sealand's sovereign status.
And as for satellite bandwidth -- it's certainly not as good as other bandwidth, but even being connected only by high-quality satellite bandwidth during a legal challenge to the UK or Netherlands over terrestrial links wouldn't be the end of the world; since in the absolute worst case, security of servers is assured, even in the event of invasion, Sealand is still the best place to host data which truly needs the highest security.
I woke up this morning to find about 500 messages in our trouble ticketing system about this. Heh.
(I'm one of the cofounders of HavenCo, and the CTO, if you didn't already know; I'm also an active slashdot reader (what else do you think we do for fun out in the middle of the north sea?))
First of all, www.fairtunes.com is hosted in Canada, is slashdotted, and isn't our fault!
Second, I can't comment on confidential discussions with customers w/o their permission, but yes, from looking at the fairtunes site, it looks like they're trying to raise money to pay for a year of service on one of our boxes with the goal being to host an offshore OpenNap server. I'm personally a user of napster (although I mainly use Mojonation now. We definitely would like to have them as a customer -- what they're doing doesn't violate our AUP, and we're happy to offer service to anyone who will pay. Of course, what they are doing is NOT being done by us; if they choose to host with us, it's still their responsibility.
We have network connectivity through multiple providers around the world, and can easily add more. We assign customers a/29, so if any government decides they must protect their citizens from human-rights information, music trading services, etc., they would need to block the customer's/29, affecting only that customer. I personally think the chances of IP blocking at the borders of a country are pretty slim in any marginally free country -- it's difficult from a technical perspective, would be widely opposed by users, and is generally not worthwhile.
As for HavenCo's service, we've been up since May 2000, and now that we have high-speed low-latency network, fully debugged power systems, etc. we're offering commercial service to anyone who is interested and obeys our AUP. Our pricing is standardized, and is USD 1500/month for a 2U box with redundant power, cooling, 24x7 network monitoring, armed security, etc., and 256kbps of Internet bandwidth (local 100baseTX is free, so people can offer services to other HavenCo customers without paying for bandwidth). We charge a USD 1500 one-time setup fee, and USD 3500 for hardware (we can use any high-quality 1U or 2U box, and pricing is US cost; we don't try to make a profit off hardware, but we can't accept non-rackmount, low quality, etc. stuff). We have about 3-5 days lead time, from receipt of payment, before we can have a server up and running, and as long as you're not doing spam/spam support, child pornography, or hacking from our machines, we'd love to have you as a customer; contact sales@havenco.com for more info.
We're in the middle of a web redesign, and have been trying to focus on getting services fully up, rather than getting more press, but we're about to begin a big sales and press push. This is a bit earlier than was planned, but now that people are getting slashdotted, might as well post.:)
I definitely agree freedom is disappearing on the net -- the same thing has happened with other new technologies, such as radio (which got licensed), the aircraft industry, etc. I'm unclear if this happens due to demand from industry to protect their revenues from innovation and competition on the grounds of 'interference' (which is what liberal conspiracy theorists would propose), or due to inherent "nanny-state" government regulators who either feel a moral compulsion to regulate (the right-wing argument) or are simply political opportunists.
Groups like the cypherpunks have forseen this on the net for a long time, and I'm sure the general fear of authoritarianism is sufficient, and far older. Many people believe the current middle-ground level of regulation is not a stable position; we will either have full regulation or no regulation. Since I believe global revolution to protect Internet freedom is highly unlikely in a world which has allowed every other technology to become fully regulated, the only thing that can possibly make the Internet free again is the technology itself.
No other technology lends itself so easily to encryption, steganography, and traffic analysis protection. Thanks to the widespread deployment of "politically acceptable" applications like ecommerce, chat systems, etc. on the Internet, there is a huge amount of cover traffic available.
The ultimate goal is a network resistant to arbitrary degrees against traffic analysis, malicious attacks, denial of service, and physical compromise. Of course, to have this in practice, a lot of separate technologies must be integrated, and one thing learned from ssl vs. pgp, it must be presented in a relatively seamless and simple way to the user. There have been some good beginnings made toward this goal, including ZKS, Mojonation, and e-gold, but nothing has yet become so seamless and easy to use, as well as "full-service", that it is the final solution.
I think the value of such technology is non-linear; being able to know that it isn't *possible* for your communications to be tracked by your adversaries is worth more than 10x as much as a system 1/10th the strength, and something which is as easy to use (or easier to use) than insecure tools is worth far more than something which requires even the minor level of additional work required by the user to browse SSL websites securely.
I'm happy to be involved with HavenCo, as one of the essential parts to this is having a physically and legally secure environment in which to host your servers. After all, it doesn't do a lot of good to use SSL or a new anonymous anti-traffic analysis successor if you're putting personal information on a server which anyone can subpoena or black-bag. At HavenCo, we're focusing on secure managed colo of business servers (USD 1500/month including bandwidth, which is fine for business and other serious users but is more than most individuals can afford, unless they share), and that's going quite well. We are also looking at ways to support consumer/end-user privacy, both on the web/email hosting front, and core technologies like traffic analysis protection, cryptographic tools, and a solution to the pervasive payment problem. We've been a bit quiet on the marketing and PR front as we expand, but that will change soon.
Even though it means more financial success for me if the US/UK/etc. tighten regulations more and more, driving businesses to places like Sealand, I would definitely prefer the outcome where individual freedoms are respected worldwide. After all, Sealand isn't exactly the best vacation spot in the world, especially in the current winter 30kt winds and 7' waves.
We as a company are not in favor of software
piracy, so we certainly wouldn't help, but if
a customer wanted to host stuff like this, we can't really say it's against our AUP.
(I personally think MS source code would be a
waste of space, a thousand monkeys and all that...)
Way back in the day, Tim May (cypherpunks)
created a distributed communications prototype
called 'BlackNet', communicating through anonymous
remailers and doing file service, etc. It was
lacking in a viable anonymous payment mechanism,
but was a totally adequate proof of concept for
a totally secure filestore and info-market.
Ross Anderson, a professor at Cambridge University
(and member of the SERPENT AES-candidate team),
worked on specifications for a system which
provided a "global filestore" capable of storing
popular or unpopular content in a distributed,
censorship-resistant fashion, based on electronic
payment, network communication, etc.
Adam Back then implemented "Eternity USENET",
using USENET as a backing store, with a special
web proxy to enter/retreive files.
Napster, Gnutella, Freenet seem to have come from
a completely different direction (particularly
Napster), rather than from the Eternity/BlackNet/etc. tree. Napster is
certainly the least general, but has had the
most commercial/userbase success, which may
be linked. It's certainly a lot easier to understand "Napster is sharing mp3s" than
"mojonation provides distributed file sharing
backed by electronic cash and a system of reputations and agents and brokers and..." Time
will tell.
Publius is probably most directly inspired by
Anderson's Eternity Service, but I didn't check
citations.
Mojo Nation is from the same intellectual heritage
as BlackNet/Eternity/etc., but I believe the
foundations were laid at about the same time as
the others, with implementation waiting quite
a while for resources to be available. It looks
like the first viable opportunity to get
electronic cash widely deployed on the Internet...
I think that aspect of Mojo Nation (the mojo part)
is by far more important than the file-sharing
aspect, but it's a bootstrapping problem.
If there's one thing the UNIX vs. Windows struggle
has taught over the past 20 years, it's that
when people and organizations standardize on
open standards, allowing multiple
interoperating implementations, the world ends up
a better place than when people standardize on
a given implementation.
The web would suck a lot more than it does if
instead of having HTML/HTTP they had instead said
"You must use NCSA Mosaic and CERN httpd".
Networking with TCP/IP vs. "whatever windows or
macs use at a given time"
Mail with rfc822/smtp vs. forcing everyone to
use Eudora, Exchange, etc....
Linux already HAS a common standards base, with
the LFS/LSB, a common kernel (I suppose logically
it should just be a common kernel interface, with
different people implementing kernels...mmm,
freebsd kernel under the hood...actually, an
LSB-standard which treated BSD linux emu as an
equal player would be nice!).
Major distributions should adopt that, and other
meta-standards (each of the packaging formats
is well defined, so a tool like debian's "alien"
should be able to work across them. Adding
extra data to.tgz's to allow them to be
converted to fully functional.rpms and.debs, etc. would be another step). What makes
Debian, Red Hat, etc. worthwhile as independent
entities is not just the bits on the disk as
an end product...the distinct marketing and
support focuses, their internal priorities, etc.,
allow users to benefit.
The "non-big-four" distributions are already basing themselves to a great degree on tools and
such provided by the "big four", customizing
marketing, implemntation, support to provide
additional value to users. (I must say I'm
slightly annoyed to see Caldera and TurboLinux
in the big-four, but not Debian...I think it's
because the original article was related to
an investor conference, and there's not yet
a major commercial Debian reseller, but
from a decision-making standpoint, the total
number of users is more important than value
of someone's stock)
Given the cost/inefficiency of solar cells, and
the huge area required to get reasonable amounts
of power, I think the solution to being environmentally friendly is to do two things:
generate power locally (avoiding distribution losses) and minimize power use.
1) Onsite generation of power avoids the ~30%
distribution losses. Running, say, natural gas
turbines onsite is cleaner than grid
generation sources as a whole (assuming you're
not in a nuclear area), and 30% efficiency gains
really add up. Waste heat in cogen can be used
to run chillers to cool the machines as well,
decreasing power demands. Onsite generation is
MUCH more reliable than grid power, assuming you
invest substantially in plant, staff, and
maintenance. Power can be sold back to the grid
if you are grid-connected. Cogen can be 90%
efficient if you include thermal energy, vs.
say 20% electrical energy from fuels burned in
remote power plants.
2) Minimize power use: this is tricky for a colo.
A lot of machines today are 200-300W each, but
there are alternatives, such as the Sun Netra T1
1U server, which only draw 30W. Decreased power
use also means decreased power consumption, which
is good.
One can also be efficient in cooling, using water-cooled chillers which heat-exchange with
natural bodies of water (lake, pond, North Sea),
only providing cooling where needed, rather than
in hallways, etc., using proper insulation of
cooled areas, etc. Using onsite power storage,
even if generally powered from the grid, allows
purchasing power during off-peak periods...do
something like pump from one reservoir to another
higher up during the night, and run a generator
from the flowing water during the day.
3) One could always move to Iceland:) Geothermal
power is really nice. A lot of energy-intensive
industries were attracted to Iceland
(bauxite -> aluminum conversion, future planned
hydrogen production) by the US$0.01/KWh power. I
used to live in a country with US$0.35/KWh
electricity (Anguilla), and I must say, Iceland
is very attractive. Other good places would be
to set up near hydroelectric dams, in countries
like France which generate a lot of power from
clean nuclear reactors, etc.
If any of my customers cared enough to pay for it,
I'd put in a wind turbine and/or solar to augment
our cogeneration plant, to offset their own use.
I've experimented with wind and solar before,
and they're not suitable as a 100% site power
solution, but to augment fossil fuels, they're
quite nice.
(Presumably, one could do this even on private channels by running a hacked ircd, doing the snooping at the server -- more efficient, too)
There's a chat system out there with public key crypto on public messages, encryption (symmetric session keys, persistent/signed public keys), and a reasonable mapping of user identifier to username@domain. It's called gale, and there's more info at www.gale.org.
There are a few other chat systems out there with crypto, even some crypto-extensions to IRC. I reviewed several of them on epinions in January 2000.
Cypherpunks and others predicted many years ago that the government would slowly relinquish control over crypto as more and more of a commercial market developed.
PGP was never much more than a curiosity -- no one used it for large-scale commerce systems, and most of the users could be pointed to by the government as privacy nuts or criminals.
SSL, despite inherent weaknesses, has made crypto essential in e-commerce. The e-commerce lobby (sites, vendors, end-users) exposed the masses to crypto, and now depends upon crypto. When users started demanding 40 or 128bit crypto to keep their credit card numbers secure, that's when crypto became widely deployed.
The next step is building crypto into the very fabric of the Internet, in IPsec, and then making that a "checklist item" for purchasing decisions. Once people are only willing to buy products with security designed in, the government will have little choice but to allow its widespread use and export.
(I'm waiting for encrypted cellphones, like those being designed by Starium, to be available...)
A lot of people have suggested md5 or sha-1 hashes to identify duplicate songs, and maintain a cddb-style database. There seem to be a lot of problems with this approach, although I think it's better than nothing.
Rather than a cryptographic hash function, have people considered using an optimized-for-audio (or optimized for mp3) hash function? Maybe you'd take a spectral analysis of the music which eliminated differences due to beginning/ending whitespace, or minor variations in the recording, but which could clearly differentiate one song from another.
This serves not only to deter the "napster terrorists" who mislabel songs, but also simplify finding quality music despite incompetent labeling/id3 tags.
I'm sure there are a lot of signal processing geniuses, like the guy who wrote cdparanoia/ogg/vorbis, who could come up with a good "musical hash function".
The "Sealand Dollar" is part of the Government of Sealand, not HavenCo. I've seen pictures of coins issued by the Government some time ago, but they were mainly for numismatic value (same deal with the postage stamps)
HavenCo does accounting in US Dollars, but have expenses in USD, UKP, and Euro. Having to hedge for minor and major transactions is *really* annoying.
Our prices/contracts/etc. are in USD. I believe pricing has been posted in various articles; $1500/month for a high-end dedicated server with crypto coprocessor and full-tamper-resistance, owned by the customer (and purchased up front), including some bandwidth, or $300/month for our "virtual server" product, in which you get a virtual UNIX machine dedicated to your own use. We also do high-end custom configurations when required; large RAIDs, redundant machines connected by a SAN, etc. I realize many customers have a standard vendor, like IBM, Sun, or HP, that they use for their midrange/high-end servers in colo around the world, and we can certainly work with people on that.
(FWIW, I'm CTO of HavenCo, and responsible for the buildout of the datacenter on Sealand)
We actually have all the equipment needed to get operational *onsite* right now.
Please remember that Sealand has been occupied continuously since 24 December, 1966 by the Royal Family, and they've done quite a bit of work over the years to make sure the place is quite suitable.
Operational IP to Sealand exists, but we're not publishing until we get the second link up. We will be using a network of caches to maximize throughput.
We can always use more money, both in investment and customer revenues, but that's primarily to increase capacity to serve more customers.
You mentioned the oil industry -- sure, to do things the official way through the offshore oil industry would cost >$50m if you were starting with an abandoned platform. However, if you're using a facility almost purpose-built for secure coloation, with a great deal of infrastructure already in place, which has been maintained by dedicated professionals for years, it's a lot cheaper. Plus, we're using commodity equipment, open source software, and vendor partnerships to lower the cost on the Internet/server side.
You don't need to trust us; you can just wait a week or two and see for yourself.
Slashdot Mirror
I think the majority of visitors to Sealand have been female, so far, actually. And cute :) (and Californian). I even expensed tickets for some of my friends because they brought me computer gear. (it is cheaper to buy a roundtrip plane ticket most of the year than to ship 2 x 70 pound packages! what is up with that?)
As for coworkers, we've had female staff before, but don't currently have any. It worked pretty well. I don't think any female who could work around a bunch of ex-military maintenance/security people and geeks would have much reluctance to kick someone for thinking about them in that way, though, in a professional context. Coworkers are not chicks even if they're hot babes.
I suppose I should be proud to have someone like Bruce Sterling making any kind of comments about me... (I wonder if he'd show up if I invited him to a party?)
Actually, our quality of life out on Sealand is pretty high. Any geek thing which fits in 5k square feet of dedicated-to-accomodations space, for a fairly small number of people, we have. Gig-e, dvd library, 5 TB of mp3s (and divx), wavelan throughout, on-site anonymizing proxies and mixmaster remailers, a pool of laptops, IEC 320 outlets on the walls, and about 16L of diet coke per person per week. It's really no different from a big house in the middle of nowhere, except in 2 hours I can be in London, or 4 hours in Amsterdam, or 11 hours in San Francisco, LA, etc. Admittedly, I'd far prefer living in one of the 5 interesting cities in the world, but this makes money. And, most of the people living here are security/maintenance, not geeks. The big drawback is our no-drug/no-alcohol policy, and the lack of random unplanned social interaction; friends of mine from SF fly out and visit, but nothing really happens spontaneously or serindipitously. Again, much like living on a farm or something.
No one really promotes Sealand as a tourist destination or place to live; it's effectively a big colocation facility at present, and likely to remain so indefinitely.
I *do* agree with his fundamental point there, though -- if I were going to be living in isolation with a small number of people, I don't know if people who are dedicated to bringing down governments and complete individual liberty are the best companions. Although *bland* people are probably the "easiest" to get along with, if I were picking some people to spend long amounts of time with in a remote location, once basic skills were taken care of, people interested in science, art, literature, etc. would be a lot more interesting than "glee club" or debating society or politicians or lawyers or the others Sterling mentions as the most interesting. A lot of the "hacker" conferences attract a good cross-section of people; I think of all the 5000-person subsets of the world, the people at events like HAL, nanotech conferences, Burning Man, etc. would be some of the better ones.
As for his overall point about the rate of cypherpunk progress; I don't know. A lot of the things we want already exist -- ssh is *widely* deployed (to the point that anyone sending passwords in the clear over the net is a fucking moron, and widely recognized as such); SSL web pages are common; anonymization through mixmaster or proxies is understood and deployed. HavenCo provides a small piece of the puzzle by making it easy to anonymously, reliabily, and security host servers. The only thing we're missing is true blinded ecash, but progress is still being made on that front, and almost-as-good alternatives, like e-gold, paypal, etc., already exist. I'd say we've done a pretty good job on the datahaven front, given that it's been discussed in sci-fi for 20-30 years, and most of the pieces are there now; how long were they discussing space travel, biotech, wide area networks, etc. before they were deployed to a similar degree? The dotcom collapse is certainly a setback for everyone, but the underlying trend of decentralization and individual control which started before the dotcom boom is still going strong.
ZKS ended Freedom because it doesn't make money for them; they rightly have shifted their focus to a somewhat better business model. I think ZKS was from the beginning a bit overly cypherpunk and not enough pragmatic business; it's widely known end-users DO NOT pay for privacy or anonymity and usually not for security. They are rightly focusing on what their major clients want. If the markets were doing better, ZKS could have continued subsidizing the Freedom network, and maybe more applications could have been built on top of it, but this is commercial reality -- they need to turn a profit ASAP.
HavenCo (the datacenter on Sealand) has *always* been focused on business clients, and selling services to people who receive bottom line benefits from HavenCo hosting -- a lot of our clients are chosing us at USD 1500/month where the only alternative is traditional central american offshore at USD 15k/month. That's why we have been profitable since 4 months after we started general sales. We're on-track with expansion plans, both in terms of physical sites, and related business offerings.We don't even offer a consumer web hosting or mail option because it just doesn't make money. You can feel free to criticize us for being mercenary, but that's why we'll be in business in 10 years, and companies which in effect subsidize consumer security offerings will probably not. In a recessionary market, products which can provide 1 for 1 substitution at a dramatic and immediate cost savings do well; we've had if anything an uptick since the summer.
(interestingly, at least one member of the press also claimed HavenCo would be out of business; this was in December 2000 if I recall correctly.)
Regardless of people of questionable impartiality or competence from cyberia-l, the fact is Sealand's legal claims have withstood more than 30 years of challenge by other governments; every lawyer who has written an opinion, including numerous professors of law, has recognized this, and there is substantial documentation from various government agencies, in the UK and other nations, to support.
It has always been clear that the true threat to security and privacy companies is market demand; followed perhaps by internal execution. Any threat of government action is so remote that if a company gets to the point where the government DOES shut them down, they've already won. The majority of the p2p systems in the US were forced to shut for commercial reasons (scour, aimster, etc.). Only a few of the most successful were challenged in court, and their failings were after the initial challenge primarily due to execution and lack of a real way to extract revenue, not action by the MPAA or RIAA.
That being said, I'm more than happy to run a Freedom server; I already run a mixmaster remailer (which is fairly similar technology), and there have been absolutely no serious complaints or difficulties. I know several of the executives at ZKS, and I'm sure they'll do the right thing. ZKS has always had a lot of support within the security and privacy community; they were started by and hired some of the best people, and developed technology which made no compromises on security. I'm sure their business and consulting offerings, as well as their remaining optimized client software, will do well.
While I feel incredibly sorry for Dmitry and his family, there's absolutely nothing about this incident which couldn't be fully predicted from the DMCA itself, and the general legal trend in the US for the past 50+ years. Corporations are in the business of maximizing profit and minimizing risk, and governments are in the business of maximizing order, increasing control, and growing their headcount, prestige, and budgets. This is the logical result of evolution through time.
Without strong protections, enshrined in contracts like the US Constitution, Bill of Rights, and in the everyday behavior and norms expected by a well-educated, informed, and active citizenry, things will naturally become more and more authoritarian. We've seen it in the US with DMCA, CALEA, and other new laws, as well as administrative actions taken by government agencies. We've seen it in the UK, with abominations like the RIP Act. We've seen it in the EU, which passes laws which ostensibly protect individual privacy but in fact create new bureaucracy. And Asia and Australia are even worse in a lot of ways.
Absent a major change in public perception (which I think is highly unlikely), the only path to individual liberty is technical. Perhaps it is now the case that security researchers, mathematicians, and pro-liberty activists must go underground, communicating using anonymous remailers, pseudonyms, and strong cryptography. Certainly groups have been forced underground in the past, but given certain conditions, it is impossible for them to be totally silenced. There are plenty of places in the world where people can live in freedom, due to a policy (intentional or unintentional) of tolerance -- Holland, Costa Rica, islands in the Caribbean, the Pacific -- for those who can't live underground in their own lands. Hopefully, HavenCo and Sealand can play some role in safeguarding liberty for those who live in other nations, by hosting servers for sensitive projects, remailers, and other infrastructure, as well as serving as an example of rational security policy for other nations. However, systems like Mojonation, Gnutella, Napster, ZKS Freedom, Mixmaster remailers, OpenPGP, and BitTorrent are perhaps more important for enabling this kind of research to be conducted, if not openly, at least securely.
If you're going to campaign for political change, don't just campaign for Dmitry to be released, or the DMCA to be overturned -- the core issue here is the continued erosion of individual liberty, at the hands of government, "well-intentioned do-gooders", and corporations.
I look forward to seeing people at HAL 2001, which thankfully is being held in a fairly free country.
Ryan Lackey
http://www.venona.com/rdl/
http://www.havenco.com/
Mmm, trolls. (ignoring the "do not feed the troll" sign)
:)
I dropped out to start a company in Anguilla: it was a simple financial issue, $30k out of my own pocket per year (no financial aid, no help from parents) vs. working on cool tech in the Caribbean, learning more every day than one would learn in a semester at university, and actually doing something meaningful for humanity and individual liberty.
Simple choice
I would have a *very* hard time justifying college if I were interested in 1) changing the world 2) computer practice, vs. theory. Aside from a few cryptography courses and advanced math courses, the most important aspect of university was meeting people and making contacts in industry; a lot of which can be done just as easily independently on the net.
Just to let everyone know how things are going, since I'm sure people will ask:
HavenCo has been doing pretty well recently -- the dotcom funding crisis means we're getting a lot more resumes, although we're not actively hiring.
We're pretty much breakeven now, which is quite a relief given the current funding environment.
We're focusing on a few key markets:
* financial information and services (payment systems, stock information, etc.)
* gaming (aka gambling)
* outsourced email/IM/file servers, subpoena proof
* reseller/VAR/OEM packages -- (ISPs that want to move certain clients offshore, ASPs, etc.)
AFAIK fairtunes and other music services are still underway, but HavenCo itself isn't that actively involved in them. While I'm sure we can weather any storm caused by hosting an opennap server or other controversial information, it is simply better business for us to go after higher-paying, zero-hassle, high value financial and gaming servers.
I apologize for not updating the website -- we've been very busy, and I have a new site with lots of photos and everyone else sitting in cvs, and at a staging URL, but it's not live yet. Hopefully soon, but unlike a lot of companies now on fuckedcompany, we're spending more time on actually selling products and supporting customers than on flashy websites...
We have a pretty good referral program now, which hasn't been publicized or put back on the old website -- bring us a customer, and when they pay their sixth month's colo fee, you get it.
I also got some netra X1's, and would like to host more of them -- we're discounting them substantially, since they're so easy to host, and people run solaris, netbsd, or sparclinux on them, rather than windows, saving us a bunch of hassle. We're charging about USD 6000/year to host on an X1 with minimal bandwidth, additional bandwidth to be purchased separately, vs. about USD 1500/month for a 1U or 2U intel/etc. type server with
much more bandwidth.
sales@havenco.com has info, of course. Buy servers, save money in regulatory and tax issues, and enable me to buy better food for Sealanders, and maybe a sushi chef.
It's pretty obvious where we stand on free speech, privacy, copyright, etc. issues, but unfortunately we have a duty to shareholders, and the "donate service to all sorts of cool free projects, bring a bunch of controversy, earn the hatred of the established media industry, etc." is just not good business practice for HavenCo, regardless of what the Sealand Government wants to do. They are from a pirate radio background, after all!
Interesting but fairly random stuff:
I was actually speaking at the Jupiter Plug-In Europe conference with Aram, the analyst quoted in that piece -- he's a really interesting guy who taught me things about Napster I didn't know! I also met Bruce Ward of NetPD, who turns out to be much cooler in person than one would expect -- I totally respect his/NetPD's technical competence, and if anyone needs to track down child pornography or other illegal use of their own network, I'd definitely recommend NetPD. After meeting a bunch of music industry people, ranging from lawyers to artists (Howie B. even gave me his new unreleased album, which I promptly mp3'd and put on my rio...it's *excellent*, and speaking of rio, the CEO of Sonicblue was there, and everyone standing around the table with him pulled out different generations of rio!). Barcelona, by the way, kicks ass -- all the goodness of France and of Spain, combined. I saw a yacht in the bay which was bigger than Sealand!
I was in San Francisco for RSA -- I'll be in Vegas for BlackHat and Defcon, but not much other than some events in Europe before then. Alas, 13 hour plane trips kind of suck. I had sushi just about every day. It was good. I was also on techtv, which people may have seen. Makeup artists are good at making ultra-pale geeks look suntanned.
I'm working on some software and papers, will probably set up a personal havenco page to post them. So much to do, so little time.
Using tools, Arbor or simply watching flows and rrd graphs while waiting for slashdot to load, is certainly a good way to spot attacks. If you can provide better data to network admins than they get already get using general-purpose network monitoring tools, it's certainly going to be useful.
:)
This is all assuming your net follows basic best practice and thus the most effective DoS/DDoS is to do resource-consumption, not to send 50 multicast packets to your cisco's management interface or something like that...
I think the problem should be split into parts:
1) Pre-emptive moves to eliminate DoS/DDoS in general -- kill fucking smurf amplifiers dead, eliminate spoofing especially on smaller, less-actively-monitored, static networks, etc.
2) Increased safety margin for applications -- use technologies such as distributed dynamic cache, load-balanced servers, oversized links and oversized servers, etc., to deal with both malicious attacks and normal surge load. This
gives you a LOT more leisure time in dealing with big attacks, and makes smaller attacks less of a problem.
3) Intelligence, either from specialized anti-DDoS tools like arbor, or from general network administration tools, a 24x7 NOC, mrtg/rrd, talking with other AS admins on irc, etc.
4) Simple response tools -- having OOB management on routers (you wouldn't believe how many people don't, and if you're being DoS'd, you can't connect over the net under attack), a knowledge of what pieces depend on what, etc. Being able to down interfaces, apply filters, etc. quickly is important. At the present time, I don't think anyone could develop a tool which does this 100% automated, but certainly tools can amplify the power of a small number of good network administrators.
5) Research -- learn from the attacks, improve. I think this is where tools could be quite valuable, by gathering statistics on attacks and presenting them to people when under attack.
If I were trying to build a network resistant to DDoS/DoS, my number one priority would be pushing the safety margin up as high as possible, oversizing links and building border routers capable of taking and filtering most attacks when directed to do so; only after that is in place is it worth worrying about better ways to detect, analyze, etc. attacks. It's pretty obvious that you're being hit and what's going on once it actually happens
Actually, a lot of the simple DoS would be eliminated if people would just filter all their outgoing connections, preventing spoofed IP. If you know what AS is the origination of a certain flood, you can easily modify routing.
If someone can spoof packets to make them appear they don't come from a single AS, you have a much harder time.
The reason most ISPs don't filter their outgoing traffic is that most cisco routers will end up with 100% cpu utilization to do basic filtering on any decent sized pipe. No one is going to drop in a USD 100k GSR/12000 just to filter linerate on a 100baseTX.
Juniper, among others, make routers which can do filtering on the interface cards themselves, so doing linerate filtering on 32 gig-e interfaces is actually possible. However, I think like 95% of the core routers on the net are still cisco, even though Juniper's sales figures are rapidly increasing, so it will be some time before this is fixed.
I've looked into the DDoS problem quite a bit, for obvious reasons.
You can limit DDoS attempts, and probably eliminate all the threats out there today, but a truly crafty attacker would make a DDoS which simply appears as extra traffic. Slashdot people have a lot of experience with this -- what's the difference between a slashdotting and a worm with "download this page" as the payload, widely distributed?
Another problem with a single, centralized company providing DDoS monitoring, notification, and realtime blackholing is that of course that company becomes a central point of attack. If you can simulate a DDoS attempt from company A to company B, you don't need to actually accomplish the DDoS, which may also shield you from legal liability and violation of AUPs.
"In the age old battle of arms vs. armor, arms always triumph". I'm not saying arbor networks is not a valuable service, but I think it will be very difficult to provide any sort of lasting edge vs. a determined packet kiddie. ud.com among
others are already using distributed load-testing, so it's easy to see how powerful a worm/virus with DDoS payload would be. I believe the Zapatista in Mexico did this as a form of protest/attack, and it was successful, in 1998 or 1999.
Correct. We rate-limit individual servers to 256kbps at present, to ensure everyone gets fair access to bandwidth. We upgrade individual servers to 1mbps for an additional fee. We have 50Mbps of low latency bandwidth, and pretty much arbitrary amounts of VSAT 600-1000ms bandwidth, at the present time.
We can get enough bandwidth to do 100mbps for individual servers, but it's like 30-90 day leadtime. We're working on enhancing the overall bandwidth situation, and will upgrade servers automatically when more bandwidth is available.
Our competition is places in the third world where a T1 with 95% reliability will cost you USD 30k/month or more, though, and have like 60ms latency to any real internet center, so even with our current situation, USD 1500 for colo and 256kbps bandwidwidth is pretty competitive.
It's tolerable. The main problem was that it's rather cold in the winter; -2 to 5 degrees. Only some parts of the structure are heated; some rooms, like the kitchen, are pretty much the same temperature as outside, just without wind -- you can see your breath, the room is about as cold as the fridge, etc.
We have water and toilet and such; even a shower. The shower was rationed initially, but now we have a 10 ton capacity watermaker and a few large storage tanks, so it's ok. We're upgrading a lot of the residential features constantly; we don't have satellite TV or anything, although I do have a server with about 130 GB of mp3s, dvds, etc.
for local use. Due to generator and computer noise, I mainly just use headphones.
Everyone has a private room, although when we expand datacenter into a second tower, we might need to construct more accomodations up on deck. Initially we were thinking of housing servers in 20' containers on deck, vs. in the concrete towers, but having 12-24" reinforced concrete around machine rooms is much cooler.
We have onsite food preparation, although since the cooks are British, it's mainly meat-and-potatoes every day. If anyone else tries to copy the HavenCo/Sealand idea elsewhere, I suggest they have a sushi chef as member of the team.
We haven't moved www.havenco.com or www.sealandgov.com yet, and we set them up before we had service on Sealand. Since one of our investors runs a US ISP, we got a free box in colo there, so there's no real rush to move.
I've been working on some decent demo-services to host out of our space on Sealand, since most of our customers so far as pretty much internal-use-only.
It would take only very minimal checking to find servers on Sealand, but I leave that as an exercise for the reader.
As for testing sovereignty, I'd say the armed invasion over a decade ago, and subsequent military recapture, where the Germans send diplomats directly to Sealand to negotiate the release of a private citizen being held as POW, is a stronger test of sovereignty than a Napster server!
But yes, we're always happy to have more legal experience and affirmation of Sealand's sovereign status.
And as for satellite bandwidth -- it's certainly not as good as other bandwidth, but even being connected only by high-quality satellite bandwidth during a legal challenge to the UK or Netherlands over terrestrial links wouldn't be the end of the world; since in the absolute worst case, security of servers is assured, even in the event of invasion, Sealand is still the best place to host data which truly needs the highest security.
I woke up this morning to find about 500 messages in our trouble ticketing system about this. Heh.
/29, so if any government decides they must protect their citizens from human-rights information, music trading services, etc., they would need to block the customer's /29, affecting only that customer. I personally think the chances of IP blocking at the borders of a country are pretty slim in any marginally free country -- it's difficult from a technical perspective, would be widely opposed by users, and is generally not worthwhile.
:)
(I'm one of the cofounders of HavenCo, and the CTO, if you didn't already know; I'm also an active slashdot reader (what else do you think we do for fun out in the middle of the north sea?))
First of all, www.fairtunes.com is hosted in Canada, is slashdotted, and isn't our fault!
Second, I can't comment on confidential discussions with customers w/o their permission, but yes, from looking at the fairtunes site, it looks like they're trying to raise money to pay for a year of service on one of our boxes with the goal being to host an offshore OpenNap server. I'm personally a user of napster (although I mainly use Mojonation now. We definitely would like to have them as a customer -- what they're doing doesn't violate our AUP, and we're happy to offer service to anyone who will pay. Of course, what they are doing is NOT being done by us; if they choose to host with us, it's still their responsibility.
We have network connectivity through multiple providers around the world, and can easily add more. We assign customers a
As for HavenCo's service, we've been up since May 2000, and now that we have high-speed low-latency network, fully debugged power systems, etc. we're offering commercial service to anyone who is interested and obeys our AUP. Our pricing is standardized, and is USD 1500/month for a 2U box with redundant power, cooling, 24x7 network monitoring, armed security, etc., and 256kbps of Internet bandwidth (local 100baseTX is free, so people can offer services to other HavenCo customers without paying for bandwidth). We charge a USD 1500 one-time setup fee, and USD 3500 for hardware (we can use any high-quality 1U or 2U box, and pricing is US cost; we don't try to make a profit off hardware, but we can't accept non-rackmount, low quality, etc. stuff). We have about 3-5 days lead time, from receipt of payment, before we can have a server up and running, and as long as you're not doing spam/spam support, child pornography, or hacking from our machines, we'd love to have you as a customer; contact sales@havenco.com for more info.
We're in the middle of a web redesign, and have been trying to focus on getting services fully up, rather than getting more press, but we're about to begin a big sales and press push. This is a bit earlier than was planned, but now that people are getting slashdotted, might as well post.
Um, AboveNet and UUNet...
Domain servers in listed order:
NS1.NAPSTER.COM 208.184.216.239
[abovenet]
NS2.NAPSTER.COM 63.108.185.111
[uunet]
Registrant:
Napster, Inc. (NAPSTER16-DOM)
1475 Veterans Blvd.
Redwood City, CA 94063 US
I definitely agree freedom is disappearing on the net -- the same thing has happened with other new technologies, such as radio (which got licensed), the aircraft industry, etc. I'm unclear if this happens due to demand from industry to protect their revenues from innovation and competition on the grounds of 'interference' (which is what liberal conspiracy theorists would propose), or due to inherent "nanny-state" government regulators who either feel a moral compulsion to regulate (the right-wing argument) or are simply political opportunists.
Groups like the cypherpunks have forseen this on the net for a long time, and I'm sure the general fear of authoritarianism is sufficient, and far older. Many people believe the current middle-ground level of regulation is not a stable position; we will either have full regulation or no regulation. Since I believe global revolution to protect Internet freedom is highly unlikely in a world which has allowed every other technology to become fully regulated, the only thing that can possibly make the Internet free again is the technology itself.
No other technology lends itself so easily to encryption, steganography, and traffic analysis protection. Thanks to the widespread deployment of "politically acceptable" applications like ecommerce, chat systems, etc. on the Internet, there is a huge amount of cover traffic available.
The ultimate goal is a network resistant to arbitrary degrees against traffic analysis, malicious attacks, denial of service, and physical compromise. Of course, to have this in practice, a lot of separate technologies must be integrated, and one thing learned from ssl vs. pgp, it must be presented in a relatively seamless and simple way to the user. There have been some good beginnings made toward this goal, including ZKS, Mojonation, and e-gold, but nothing has yet become so seamless and easy to use, as well as "full-service", that it is the final solution.
I think the value of such technology is non-linear; being able to know that it isn't *possible* for your communications to be tracked by your adversaries is worth more than 10x as much as a system 1/10th the strength, and something which is as easy to use (or easier to use) than insecure tools is worth far more than something which requires even the minor level of additional work required by the user to browse SSL websites securely.
I'm happy to be involved with HavenCo, as one of the essential parts to this is having a physically and legally secure environment in which to host your servers. After all, it doesn't do a lot of good to use SSL or a new anonymous anti-traffic analysis successor if you're putting personal information on a server which anyone can subpoena or black-bag. At HavenCo, we're focusing on secure managed colo of business servers (USD 1500/month including bandwidth, which is fine for business and other serious users but is more than most individuals can afford, unless they share), and that's going quite well. We are also looking at ways to support consumer/end-user privacy, both on the web/email hosting front, and core technologies like traffic analysis protection, cryptographic tools, and a solution to the pervasive payment problem. We've been a bit quiet on the marketing and PR front as we expand, but that will change soon.
Even though it means more financial success for me if the US/UK/etc. tighten regulations more and more, driving businesses to places like Sealand, I would definitely prefer the outcome where individual freedoms are respected worldwide. After all, Sealand isn't exactly the best vacation spot in the world, especially in the current winter 30kt winds and 7' waves.
It's not against our AUP.
We as a company are not in favor of software
piracy, so we certainly wouldn't help, but if
a customer wanted to host stuff like this, we can't really say it's against our AUP.
(I personally think MS source code would be a
waste of space, a thousand monkeys and all that...)
(a bit of history)
..." Time
Way back in the day, Tim May (cypherpunks)
created a distributed communications prototype
called 'BlackNet', communicating through anonymous
remailers and doing file service, etc. It was
lacking in a viable anonymous payment mechanism,
but was a totally adequate proof of concept for
a totally secure filestore and info-market.
http://www.cl.cam.ac. uk/ users/rja14/eternity/eternity.html
Ross Anderson, a professor at Cambridge University
(and member of the SERPENT AES-candidate team),
worked on specifications for a system which
provided a "global filestore" capable of storing
popular or unpopular content in a distributed,
censorship-resistant fashion, based on electronic
payment, network communication, etc.
Adam Back then implemented "Eternity USENET",
using USENET as a backing store, with a special
web proxy to enter/retreive files.
Napster, Gnutella, Freenet seem to have come from
a completely different direction (particularly
Napster), rather than from the Eternity/BlackNet/etc. tree. Napster is
certainly the least general, but has had the
most commercial/userbase success, which may
be linked. It's certainly a lot easier to understand "Napster is sharing mp3s" than
"mojonation provides distributed file sharing
backed by electronic cash and a system of reputations and agents and brokers and
will tell.
Publius is probably most directly inspired by
Anderson's Eternity Service, but I didn't check
citations.
Mojo Nation is from the same intellectual heritage
as BlackNet/Eternity/etc., but I believe the
foundations were laid at about the same time as
the others, with implementation waiting quite
a while for resources to be available. It looks
like the first viable opportunity to get
electronic cash widely deployed on the Internet...
I think that aspect of Mojo Nation (the mojo part)
is by far more important than the file-sharing
aspect, but it's a bootstrapping problem.
If there's one thing the UNIX vs. Windows struggle
.tgz's to allow them to be
.rpms and .debs, etc. would be another step). What makes
has taught over the past 20 years, it's that
when people and organizations standardize on
open standards, allowing multiple
interoperating implementations, the world ends up
a better place than when people standardize on
a given implementation.
The web would suck a lot more than it does if
instead of having HTML/HTTP they had instead said
"You must use NCSA Mosaic and CERN httpd".
Networking with TCP/IP vs. "whatever windows or
macs use at a given time"
Mail with rfc822/smtp vs. forcing everyone to
use Eudora, Exchange, etc....
Linux already HAS a common standards base, with
the LFS/LSB, a common kernel (I suppose logically
it should just be a common kernel interface, with
different people implementing kernels...mmm,
freebsd kernel under the hood...actually, an
LSB-standard which treated BSD linux emu as an
equal player would be nice!).
Major distributions should adopt that, and other
meta-standards (each of the packaging formats
is well defined, so a tool like debian's "alien"
should be able to work across them. Adding
extra data to
converted to fully functional
Debian, Red Hat, etc. worthwhile as independent
entities is not just the bits on the disk as
an end product...the distinct marketing and
support focuses, their internal priorities, etc.,
allow users to benefit.
The "non-big-four" distributions are already basing themselves to a great degree on tools and
such provided by the "big four", customizing
marketing, implemntation, support to provide
additional value to users. (I must say I'm
slightly annoyed to see Caldera and TurboLinux
in the big-four, but not Debian...I think it's
because the original article was related to
an investor conference, and there's not yet
a major commercial Debian reseller, but
from a decision-making standpoint, the total
number of users is more important than value
of someone's stock)
Consistency, yes. Merging, no.
Given the cost/inefficiency of solar cells, and
:) Geothermal
the huge area required to get reasonable amounts
of power, I think the solution to being environmentally friendly is to do two things:
generate power locally (avoiding distribution losses) and minimize power use.
1) Onsite generation of power avoids the ~30%
distribution losses. Running, say, natural gas
turbines onsite is cleaner than grid
generation sources as a whole (assuming you're
not in a nuclear area), and 30% efficiency gains
really add up. Waste heat in cogen can be used
to run chillers to cool the machines as well,
decreasing power demands. Onsite generation is
MUCH more reliable than grid power, assuming you
invest substantially in plant, staff, and
maintenance. Power can be sold back to the grid
if you are grid-connected. Cogen can be 90%
efficient if you include thermal energy, vs.
say 20% electrical energy from fuels burned in
remote power plants.
2) Minimize power use: this is tricky for a colo.
A lot of machines today are 200-300W each, but
there are alternatives, such as the Sun Netra T1
1U server, which only draw 30W. Decreased power
use also means decreased power consumption, which
is good.
One can also be efficient in cooling, using water-cooled chillers which heat-exchange with
natural bodies of water (lake, pond, North Sea),
only providing cooling where needed, rather than
in hallways, etc., using proper insulation of
cooled areas, etc. Using onsite power storage,
even if generally powered from the grid, allows
purchasing power during off-peak periods...do
something like pump from one reservoir to another
higher up during the night, and run a generator
from the flowing water during the day.
3) One could always move to Iceland
power is really nice. A lot of energy-intensive
industries were attracted to Iceland
(bauxite -> aluminum conversion, future planned
hydrogen production) by the US$0.01/KWh power. I
used to live in a country with US$0.35/KWh
electricity (Anguilla), and I must say, Iceland
is very attractive. Other good places would be
to set up near hydroelectric dams, in countries
like France which generate a lot of power from
clean nuclear reactors, etc.
If any of my customers cared enough to pay for it,
I'd put in a wind turbine and/or solar to augment
our cogeneration plant, to offset their own use.
I've experimented with wind and solar before,
and they're not suitable as a 100% site power
solution, but to augment fossil fuels, they're
quite nice.
(Presumably, one could do this even on private
channels by running a hacked ircd, doing the
snooping at the server -- more efficient, too)
There's a chat system out there with public key
crypto on public messages, encryption (symmetric
session keys, persistent/signed public keys),
and a reasonable mapping of user identifier to
username@domain. It's called gale, and there's
more info at www.gale.org.
There are a few other chat systems out there with
crypto, even some crypto-extensions to IRC. I reviewed
several of them on epinions in January 2000.
Cypherpunks and others predicted many years ago
that the government would slowly relinquish
control over crypto as more and more of a commercial market developed.
PGP was never much more than a curiosity -- no
one used it for large-scale commerce systems,
and most of the users could be pointed to by
the government as privacy nuts or criminals.
SSL, despite inherent weaknesses, has made
crypto essential in e-commerce. The e-commerce
lobby (sites, vendors, end-users) exposed the
masses to crypto, and now depends upon crypto.
When users started demanding 40 or 128bit crypto
to keep their credit card numbers secure, that's
when crypto became widely deployed.
The next step is building crypto into the very
fabric of the Internet, in IPsec, and then making
that a "checklist item" for purchasing decisions.
Once people are only willing to buy products with
security designed in, the government will have
little choice but to allow its widespread use and
export.
(I'm waiting for encrypted cellphones, like
those being designed by Starium, to
be available...)
A lot of people have suggested md5 or sha-1 hashes
to identify duplicate songs, and maintain a
cddb-style database. There seem to be a lot of
problems with this approach, although I think it's
better than nothing.
Rather than a cryptographic hash function, have
people considered using an optimized-for-audio
(or optimized for mp3) hash function? Maybe you'd
take a spectral analysis of the music which
eliminated differences due to beginning/ending
whitespace, or minor variations in the recording,
but which could clearly differentiate one song
from another.
This serves not only to deter the "napster
terrorists" who mislabel songs, but also
simplify finding quality music despite incompetent
labeling/id3 tags.
I'm sure there are a lot of signal processing
geniuses, like the guy who wrote cdparanoia/ogg/vorbis, who could come up with
a good "musical hash function".
The "Sealand Dollar" is part of the Government of
Sealand, not HavenCo. I've seen pictures of coins
issued by the Government some time ago, but they
were mainly for numismatic value (same deal with
the postage stamps)
HavenCo does accounting in US Dollars, but have
expenses in USD, UKP, and Euro. Having to hedge
for minor and major transactions is *really* annoying.
Our prices/contracts/etc. are in USD. I believe
pricing has been posted in various articles;
$1500/month for a high-end dedicated server with
crypto coprocessor and full-tamper-resistance,
owned by the customer (and purchased up front),
including some bandwidth, or $300/month for our
"virtual server" product, in which you get a
virtual UNIX machine dedicated to your own use. We also do high-end custom configurations when
required; large RAIDs, redundant machines connected by a SAN, etc. I realize many customers
have a standard vendor, like IBM, Sun, or HP,
that they use for their midrange/high-end servers
in colo around the world, and we can certainly
work with people on that.
(FWIW, I'm CTO of HavenCo, and responsible for the buildout of the datacenter on Sealand)
We actually have all the equipment needed to get
operational *onsite* right now.
Please remember that Sealand has been occupied
continuously since 24 December, 1966 by the
Royal Family, and they've done quite a bit of
work over the years to make sure the place is
quite suitable.
Operational IP to Sealand exists, but we're not
publishing until we get the second link up. We
will be using a network of caches to maximize
throughput.
We can always use more money, both in investment
and customer revenues, but that's primarily to
increase capacity to serve more customers.
You mentioned the oil industry -- sure, to do things the official way through the offshore oil
industry would cost >$50m if you were starting with an abandoned platform. However, if you're
using a facility almost purpose-built for
secure coloation, with a great deal of infrastructure already in place, which has been
maintained by dedicated professionals for years,
it's a lot cheaper. Plus, we're using commodity
equipment, open source software, and vendor
partnerships to lower the cost on the Internet/server side.
You don't need to trust us; you can just wait
a week or two and see for yourself.