If the website does NOT comply with unsubscribe links (this is why we're going to use SPAM honeypots:) ), we'll use the frogs. This is what Security did, IIRC.
Disclaimer: This is my personal opinion and does not reflect the viewpoints of other members of the Okopipi project. --
Sheesh people! I hate to have to respond to 1,000 comments made by kneejerks who don't even RTFA, saying how terrible it's to DDOS and how the system could be abused.
Do you think we're idiots to let something like this happen?
1. The "attacks" on websites will be moderated. We want to make sure that the force is non-lethal to websites. We haven't discussed the implementations, but the decision has been taken: We will use throttling to PREVENT denial-of-service attacks.
2. The P2P network does *NOT* control the clients, it'll only distribute opt-out scripts for websites. Also, the customer can log out ANY TIME they want. So, NO, it's NOT a botnet.
3. Spammers Don't need P2P networks to initiate an attack. They already have their effective botnets in infected WinXP machines.
4. There will be a reputation system AND a hierarchy system (so not everyone can mod someone down), people will have to earn their trust to classify scripts, those who report wrong sites will be modded down, and the usernames and reputations are permanent. The hierarchy system we're studying requires at least two people acting as an individual before taking any action, to prevent infiltrations.
5. We're already considering infiltration of spammers in our model, we're researching papers written by experts in graph theory and computer science for this. A spammer could at most try to disable the network, but with the currently planned infrastructure, i doubt they can do it.
6. We haven't started to code. We're still discussing (and will continue to discuss) the possible consequences, abuses, attacks and how to prevent them or at least minimize them. We cannot afford to have ANY point of failure.
7. If any wants to cooperate, the google group is open to ideas.
8. And I repeat: we will *NOT* DDOS websites. It's a decision the commitee has taken, and it's a final decision. There have been people who have proposed to DDOS the spammers to death, and we're already shutting them up.
The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.
Unelected? Unrepresentative? We've received HUNDREDS of volunteers to help us. And with more than 700 diggs (yes, blasphemy! don't burn me), i doubt it's "unrepresentative".
The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.
It should be obvious by now that you haven't RTFA. The network will have a system of trust and reputation (karma), and there WILL be people gathering evidence.
One thing to clarify. It's an open network, but unlike other P2P networks this one is willing to cooperate with the police. We're going to give authorities and recognized companies PGP-based authorization (on request) so they can work with their own nodes and recognize authentic SPAM.
The result is that members of the Okopipi network and innocent bystanders with websites will become the target of the organised crime that is funding the spammers.
Sure, let them earn MORE money and become MORE powerful so they'll lobby the congress and throw away the can-spam act.
You're forgetting something, currently there's *NO* mechanism to enforce ALREADY EXISTING laws regarding SPAM. Spammers' servers are across the globe, where there are no laws. And not only they're bypassing the countries frontiers, they're also committing FRAUD. They're telling the marketers: "Look! These people are willing to receive your offers for cheap viagra, they WANT to buy our products!". But we're not. ALL WE ASK is to GET OUT of their lists.
Also, we don't want to DDOS sites. I already said that, the "attacks" will be controlled but significant enough to disrupt the spammers' business.
And FINALLY, the network will NOT be used to INITIATE attacks. The attacks are the sole responsible of the CLIENT - the system has been designed this way to prevent abuse.
In other words:
* The police force is THE PEOPLE (those who submit their SPAM, plus we'll have spam honeypots and cooperate with SpamHaus and other authorities)
* The jury is THE PEOPLE (the people who have earned enough trust to participate in the classification of websites, or simply those who emmit votes. As if that wasn't enough, people who have voted to punish an innocent website will receive bad karma, this eliminates corruption from the network.
* The judge is also appointed by THE PEOPLE. Those who have earned enough trust to write the opt-out scripts. Maybe even the FTC with their own authorized nodes.
* The executioner is the PEOPLE, those who have installed the clients on their system. It's their decision to opt out from the websites, no one else's.
We'll use throttling techniques to let them live and breath.
What we're going to do, is poison their purchase forms (as Blue Sec. did) with enough requests so they have to search in them before finding true customers.
We *DO* have the sourcecode. Read the google discussions. But it seems (I haven't read the code yet, so don't trust me much on this) from one of the group participants that Blue Frog is a hollow client, it just executes scripts sent by the server (no wonder Blue Sec wanted us to uninstall).
The network is P2P, but authority is hierarchical. We'll use anonymous routing to prevent DDOS on the high authority nodes. And the network will require a validated login.
On the remote case we suffer a complete P2P blackout, the frogs can still opt out - the network will only be used as a regulation mechanism.
We're (yes, I'm part of the team - hello slashdot!) currently discussing using the main servers thru various proxys to anonymize the IP address. On a DDOS attack, the servers would just disconnect and then reconnect to another proxy and voila.
Also, the servers are the ones with the Central PGP authority. The network can still operate without servers, they're just needed for login (for now).
Itchy and Scratchy was a criticism towards the hipocricy of extreme right-wing groups and the corruption of the media.
Like when the women helped Marge in banning Itchy and Scratchy... but then they were scandalized at Michael Angelo's David and Marge was accused of treason. Then the TV company saw this and played Itchy and Scratchy again.
The same hipocricy and nonsense can be seen in the "conservative christian" groups banning the.xxx domain.
I also find the entertainment media hipocritical - instead of accepting that they *COULD* be *PARTLY* responsible, they blame EVERYTHING on the parents. It would be a scandal that censorship might *GASP* take away their profits! (Shock!)
I think that BOTH the media and parents are responsible. (Of course, this will get me flamed by people from BOTH sides).
Extremists (both left and right wing) just put noise into the environment and don't let the public take the right choices.
It must be a Vatican conspiracy! They obviously hired the templars thru secret rites so the Davinci code steganographed in the movie wouldn't be available to the public! The secret must be preserved!!! HACK THE PLANET!!!
Hold your horses, I think we all get the point that it was the installation that was troublesome. This is why i made my joke about Linux, because (at least for Ubuntu Hoary) installation was a pain.
And remember it was a joke, I actually had expected flames from Linux fans, not MS fans.
The research i've been doing in P2P networks (due to my involvement in the okopipi project) has shocked me. In file sharing, we're living in the STONE AGE. Yes, even with bittorrent (which depends on centralized servers, and there's practically no privacy. And anonymous bittorrent like mutorrent is closed source, who knows if they got a backdoor in there).
EDonkey uses MD4 for hashing, it depends on central servers, and has no anonymity at all. And without mentioning queue # 4892 for a popular file.
Unfortunately for filesharers, file sharing networks based on modern P2P architectures is very scarse. The supernodes / ultrapeers approach is obsolete, easy to disrupt both denial of service and eavesdropping attacks.
From an architectural point of view, I would recommend the KAD p2p network, which bases its architecture on the relatively-new kadelmia network (See Technical paper on Kadlemia, 2002).
As I said, current peer to peer networks are in the stone age. Someone needs to design a file sharing network based on the latest research, and publish it.
but then it redirected me to *ANOTHER* copy of the document, without link. But below that was another link, which redirected me to... *ANOTHER* copy of the document, without link. But below that was another link, which redirected me to... *ANOTHER* copy of the document, without link. But below that was another link, which redirected me to...
Slashdot Mirror
If the website does NOT comply with unsubscribe links (this is why we're going to use SPAM honeypots :) ), we'll use the frogs. This is what Security did, IIRC.
Disclaimer: This is my personal opinion and does not reflect the viewpoints of other members of the Okopipi project.
--
Sheesh people! I hate to have to respond to 1,000 comments made by kneejerks who don't even RTFA, saying how terrible it's to DDOS and how the system could be abused.
Do you think we're idiots to let something like this happen?
1. The "attacks" on websites will be moderated. We want to make sure that the force is non-lethal to websites. We haven't discussed the implementations, but the decision has been taken: We will use throttling to PREVENT denial-of-service attacks.
2. The P2P network does *NOT* control the clients, it'll only distribute opt-out scripts for websites. Also, the customer can log out ANY TIME they want. So, NO, it's NOT a botnet.
3. Spammers Don't need P2P networks to initiate an attack. They already have their effective botnets in infected WinXP machines.
4. There will be a reputation system AND a hierarchy system (so not everyone can mod someone down), people will have to earn their trust to classify scripts, those who report wrong sites will be modded down, and the usernames and reputations are permanent. The hierarchy system we're studying requires at least two people acting as an individual before taking any action, to prevent infiltrations.
5. We're already considering infiltration of spammers in our model, we're researching papers written by experts in graph theory and computer science for this. A spammer could at most try to disable the network, but with the currently planned infrastructure, i doubt they can do it.
6. We haven't started to code. We're still discussing (and will continue to discuss) the possible consequences, abuses, attacks and how to prevent them or at least minimize them. We cannot afford to have ANY point of failure.
7. If any wants to cooperate, the google group is open to ideas.
8. And I repeat: we will *NOT* DDOS websites. It's a decision the commitee has taken, and it's a final decision. There have been people who have proposed to DDOS the spammers to death, and we're already shutting them up.
The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.
Unelected? Unrepresentative? We've received HUNDREDS of volunteers to help us. And with more than 700 diggs (yes, blasphemy! don't burn me), i doubt it's "unrepresentative".
The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.
It should be obvious by now that you haven't RTFA. The network will have a system of trust and reputation (karma), and there WILL be people gathering evidence.
One thing to clarify. It's an open network, but unlike other P2P networks this one is willing to cooperate with the police. We're going to give authorities and recognized companies PGP-based authorization (on request) so they can work with their own nodes and recognize authentic SPAM.
The result is that members of the Okopipi network and innocent bystanders with websites will become the target of the organised crime that is funding the spammers.
Sure, let them earn MORE money and become MORE powerful so they'll lobby the congress and throw away the can-spam act.
You're forgetting something, currently there's *NO* mechanism to enforce ALREADY EXISTING laws regarding SPAM. Spammers' servers are across the globe, where there are no laws. And not only they're bypassing the countries frontiers, they're also committing FRAUD. They're telling the marketers: "Look! These people are willing to receive your offers for cheap viagra, they WANT to buy our products!". But we're not. ALL WE ASK is to GET OUT of their lists.
Also, we don't want to DDOS sites. I already said that, the "attacks" will be controlled but significant enough to disrupt the spammers' business.
And FINALLY, the network will NOT be used to INITIATE attacks. The attacks are the sole responsible of the CLIENT - the system has been designed this way to prevent abuse.
In other words:
* The police force is THE PEOPLE (those who submit their SPAM, plus we'll have spam honeypots and cooperate with SpamHaus and other authorities)
* The jury is THE PEOPLE (the people who have earned enough trust to participate in the classification of websites, or simply those who emmit votes. As if that wasn't enough, people who have voted to punish an innocent website will receive bad karma, this eliminates corruption from the network.
* The judge is also appointed by THE PEOPLE. Those who have earned enough trust to write the opt-out scripts. Maybe even the FTC with their own authorized nodes.
* The executioner is the PEOPLE, those who have installed the clients on their system. It's their decision to opt out from the websites, no one else's.
It seems pretty democratic to me.
Any questions?
We'll use throttling techniques to let them live and breath.
What we're going to do, is poison their purchase forms (as Blue Sec. did) with enough requests so they have to search in them before finding true customers.
We *DO* have the sourcecode. Read the google discussions. But it seems (I haven't read the code yet, so don't trust me much on this) from one of the group participants that Blue Frog is a hollow client, it just executes scripts sent by the server (no wonder Blue Sec wanted us to uninstall).
The network is P2P, but authority is hierarchical. We'll use anonymous routing to prevent DDOS on the high authority nodes. And the network will require a validated login.
On the remote case we suffer a complete P2P blackout, the frogs can still opt out - the network will only be used as a regulation mechanism.
We're (yes, I'm part of the team - hello slashdot!) currently discussing using the main servers thru various proxys to anonymize the IP address. On a DDOS attack, the servers would just disconnect and then reconnect to another proxy and voila.
Also, the servers are the ones with the Central PGP authority. The network can still operate without servers, they're just needed for login (for now).
Itchy and Scratchy was a criticism towards the hipocricy of extreme right-wing groups and the corruption of the media.
.xxx domain.
Like when the women helped Marge in banning Itchy and Scratchy... but then they were scandalized at Michael Angelo's David and Marge was accused of treason. Then the TV company saw this and played Itchy and Scratchy again.
The same hipocricy and nonsense can be seen in the "conservative christian" groups banning the
I also find the entertainment media hipocritical - instead of accepting that they *COULD* be *PARTLY* responsible, they blame EVERYTHING on the parents. It would be a scandal that censorship might *GASP* take away their profits! (Shock!)
I think that BOTH the media and parents are responsible. (Of course, this will get me flamed by people from BOTH sides).
Extremists (both left and right wing) just put noise into the environment and don't let the public take the right choices.
I hope these "better quality" versions feature an improved script.
In that case, I want a replacement on Silent Hill, please. The version I saw was boring.
It must be a Vatican conspiracy! They obviously hired the templars thru secret rites so the Davinci code steganographed in the movie wouldn't be available to the public! The secret must be preserved!!! HACK THE PLANET!!!
Someone should edit the wikipedia and add the ICANN controversy to his
wikipedia entry.
How about this - an invention that uses food to propel you and requires minimum maintenance.
It's called "feet".
Hold your horses, I think we all get the point that it was the installation that was troublesome. This is why i made my joke about Linux, because (at least for Ubuntu Hoary) installation was a pain.
And remember it was a joke, I actually had expected flames from Linux fans, not MS fans.
"for me [it] was one of the worst operating system experiences that I've ever encountered."
Yay! For the first time Linux is more friendly than Windows! *ducks*
The research i've been doing in P2P networks (due to my involvement in the okopipi project) has shocked me. In file sharing, we're living in the STONE AGE. Yes, even with bittorrent (which depends on centralized servers, and there's practically no privacy. And anonymous bittorrent like mutorrent is closed source, who knows if they got a backdoor in there).
EDonkey uses MD4 for hashing, it depends on central servers, and has no anonymity at all. And without mentioning queue # 4892 for a popular file.
Unfortunately for filesharers, file sharing networks based on modern P2P architectures is very scarse. The supernodes / ultrapeers approach is obsolete, easy to disrupt both denial of service and eavesdropping attacks.
The future of P2P is Overlay Networks.
From an architectural point of view, I would recommend the KAD p2p network, which bases its architecture on the relatively-new kadelmia network (See Technical paper on Kadlemia, 2002).
Even then, Kadelmia could be improved because it's based on a Pastry network topology - compared to other topologies like De Bruijn Graphs, proposed by a recent paper in 2003.
And more research is being done dealing with load balancing, anonymity, trust, reputation, etc.
As I said, current peer to peer networks are in the stone age. Someone needs to design a file sharing network based on the latest research, and publish it.
I tried to click the link...
but then it redirected me to *ANOTHER* copy of the document, without link. But below that was another link, which redirected me to... *ANOTHER* copy of the document, without link. But below that was another link, which redirected me to... *ANOTHER* copy of the document, without link. But below that was another link, which redirected me to...
O.O GAHHH!
You forgot to link the original source! You... you... PLAGIARIST! *GASP*
I was just joking. *gulp*
:) )
(Am I clear now? Whew
You hosted it on your website!?! ARE YOU OUT OF YOUR FRIGGIN' MIND?
You should have uploaded it to BITTORRENT! Muahahahaha! >:)
I think our boys at Wired are in trouble now, no?
;)
Yeah, but not more than Mike Wallace on the case against Tobacco companies. I think it's about time we spanked Uncle Sam a little
I mean, he DDOs'ed Six Apart, threatened Blue Frog members, without mentioning all the spam he sent.
It makes sense now... Game Dev. Ninjas are at war with Software Pirates, YARRRRRRRR!!!
Let's just outsource the president and congress. Problem solved.
Maybe M$ should have started out... by asking the Users what they want!
They haven't done that in more than 15 years, why should they start now?
We will have 1 gig chips implanted into our brains
Don't you mean... "160 gigabytes"?