Loading ...
Sorry, an error occurred while loading the content.

Re: [decentralization] Decentralization and exhastive searches: mutually exclusive?

Expand Messages
  • Tim Dorcey
    ... And soon he will not be able to do it at home either. Most high speed access devices (cable and DSL modems) come bundled with a NAT/firewall, which is
    Message 1 of 10 , Aug 1, 2000
    • 0 Attachment
      Dave Winer wrote:

      > A user wants to run a decentralized app on his workstation.
      >
      > He can do it at home but not at the office.
      >
      > Firewall in the way.

      And soon he will not be able to do it at home either. Most high speed
      access devices (cable and DSL modems) come bundled with a NAT/firewall,
      which is promoted as an address sharing device, as well as a security
      feature. Many consumers haven't a clue on how to configure these things,
      and there is little standardization in their operation. The basic design
      principle seems to have been "make sure you can surf the www... and then do
      something with any other traffic you see." Even when the idiocy inside
      (some of) these devices is sorted out, security concerns will remain an
      obstacle for decentralized applications. Effective security generally
      depends on allowing what has been explicitly permitted and denying what is
      unknown. But, this raises the question of how something can become "known"
      in the first place. E.g., if effective security policies had been widely
      deployed 8 years ago, we would have never seen the rise of the www.
      Fortunately, there were enough unprotected hosts at universities and on
      dial-up to allow experimentation, and on that basis, a reasoned analysis of
      the risks and rewards of allowing www traffic was possible. Without this
      kind of open arena for experimentation, the only source of significantly new
      internet applications will be organizations that have enough
      financial/political clout to make their applications "known" prior to
      end-user demand.

      The best solution I can see for this is to move as much of the security as
      possible to the end-user host where applications can more easily control
      it. Every machine should ship under the assumption that it will be deployed
      on the public Internet (with address advertised in bright red colors). The
      only reason to operate an external firewall should be to protect network
      resources or when a 3rd party needs to maintain administrative control over
      less responsible parties. And, end-users should be better educationed
      regarding the inherent trade-offs between security and functionality.

      Tim
    • Dave Winer
      How will all those folks use Napster? Dave ... From: Tim Dorcey To: Sent: Tuesday, August 01, 2000 1:11 PM
      Message 2 of 10 , Aug 1, 2000
      • 0 Attachment
        How will all those folks use Napster? Dave


        ----- Original Message -----
        From: "Tim Dorcey" <tim@...>
        To: <decentralization@egroups.com>
        Sent: Tuesday, August 01, 2000 1:11 PM
        Subject: Re: [decentralization] Decentralization and exhastive searches:
        mutually exclusive?


        > Dave Winer wrote:
        >
        > > A user wants to run a decentralized app on his workstation.
        > >
        > > He can do it at home but not at the office.
        > >
        > > Firewall in the way.
        >
        > And soon he will not be able to do it at home either. Most high speed
        > access devices (cable and DSL modems) come bundled with a NAT/firewall,
        > which is promoted as an address sharing device, as well as a security
        > feature. Many consumers haven't a clue on how to configure these things,
        > and there is little standardization in their operation. The basic design
        > principle seems to have been "make sure you can surf the www... and then
        do
        > something with any other traffic you see." Even when the idiocy inside
        > (some of) these devices is sorted out, security concerns will remain an
        > obstacle for decentralized applications. Effective security generally
        > depends on allowing what has been explicitly permitted and denying what is
        > unknown. But, this raises the question of how something can become
        "known"
        > in the first place. E.g., if effective security policies had been widely
        > deployed 8 years ago, we would have never seen the rise of the www.
        > Fortunately, there were enough unprotected hosts at universities and on
        > dial-up to allow experimentation, and on that basis, a reasoned analysis
        of
        > the risks and rewards of allowing www traffic was possible. Without this
        > kind of open arena for experimentation, the only source of significantly
        new
        > internet applications will be organizations that have enough
        > financial/political clout to make their applications "known" prior to
        > end-user demand.
        >
        > The best solution I can see for this is to move as much of the security as
        > possible to the end-user host where applications can more easily control
        > it. Every machine should ship under the assumption that it will be
        deployed
        > on the public Internet (with address advertised in bright red colors).
        The
        > only reason to operate an external firewall should be to protect network
        > resources or when a 3rd party needs to maintain administrative control
        over
        > less responsible parties. And, end-users should be better educationed
        > regarding the inherent trade-offs between security and functionality.
        >
        > Tim
        >
        >
        >
        >
        > To unsubscribe from this group, send an email to:
        > decentralization-unsubscribe@egroups.com
        >
        >
        >
      • bouncy_thing@hotmail.com
        ... With current home firewalls, they won t be using Napster (or ICQ, or running an Unreal Tournament server) unless they know how to set up port-forwarding
        Message 3 of 10 , Aug 1, 2000
        • 0 Attachment
          --- In decentralization@egroups.com, "Dave Winer" <dave@u...> wrote:
          > How will all those folks use Napster? Dave

          With current home firewalls, they won't be using Napster (or
          ICQ, or running an Unreal Tournament server) unless they
          know how to set up port-forwarding (assuming that their firewall
          device can do that, which some can't).

          Corporate users will generally have stateful packet-inspecting
          firewalls, so they can reasonably expect to get access to
          decentralized apps (assuming, again, that their network security
          guys are willing to play ball).

          Home users, on the other hand, are mostly using "firewalls" that
          just do DHCP/NAT. Their protection is strictly limited to
          masquerading your IP, and giving you a nonroutable address via DHCP.

          I'm buying one of the more popular home "firewall" devices in order
          to test some of this stuff out, so I could be wrong.

          E.S.
        • Aaron Swartz
          ... I have one of these firewalls (actually more of a router, that just happens to act like one) and I m able to use Napster, but only to download it seems
          Message 4 of 10 , Aug 1, 2000
          • 0 Attachment
            bouncy_thing@... <bouncy_thing@...> wrote:

            > With current home firewalls, they won't be using Napster (or
            > ICQ, or running an Unreal Tournament server) unless they
            > know how to set up port-forwarding (assuming that their firewall
            > device can do that, which some can't).
            >
            > Home users, on the other hand, are mostly using "firewalls" that
            > just do DHCP/NAT. Their protection is strictly limited to
            > masquerading your IP, and giving you a nonroutable address via DHCP.

            I have one of these "firewalls" (actually more of a router, that just
            happens to act like one) and I'm able to use Napster, but only to download
            it seems -- not to upload. Napster seems to have some sort of firewall
            detection mode where it's able to work. I'm not too sure of the details. I
            have the same problem with Radio UserLand -- I can send XML-RPC commands but
            you can't communicate with me as a server.

            I think it'll be important to find a way to route around IP masquerading as
            more and more people begin to do it. Until IPv6 becomes more widely
            available, it's really the only way for me to have multiple machines running
            off of one Cable Modem connection.

            --
            Aaron Swartz |"This information is top security.
            <http://swartzfam.com/aaron/>| When you have read it, destroy yourself."
            <http://www.theinfo.org/> | - Marshall McLuhan
          • Justin Chapweske
            ... Very short reply, but this will probably end up not being much of an issue because many games now-adays are using p2p for multiplayer games....and we all
            Message 5 of 10 , Aug 1, 2000
            • 0 Attachment
              > And soon he will not be able to do it at home either. Most high speed
              > access devices (cable and DSL modems) come bundled with a NAT/firewall,
              > which is promoted as an address sharing device, as well as a security
              > feature.

              Very short reply, but this will probably end up not being much of an issue
              because many games now-adays are using p2p for multiplayer games....and we
              all know how important games are to cable & DSL people. Also you can use
              tricks like the UDP one I described earlier.

              -Justin
            • Alex Future Bokov
              ... [firewalls are a threat to decentralized computing] That tells me that someone can make a killing starting and promoting a Firewall-less ISP. FreeForAllNet
              Message 6 of 10 , Aug 1, 2000
              • 0 Attachment
                -----BEGIN PGP SIGNED MESSAGE-----

                [firewalls are a threat to decentralized computing]

                That tells me that someone can make a killing starting and promoting a
                Firewall-less ISP. FreeForAllNet or something. First they'll catch on
                with the sophisticated users. Then the me-too users will follow along.
                Then all of a sudden anal, centralized security is no longer fashionable.

                - --

                Special Forces milgov Vince Foster
                Why are the above words in my signature? Check out:
                http://www.echelon.wiretapped.net


                -----BEGIN PGP SIGNATURE-----
                Version: PGP 6.5.1

                iQBoAwUBOYewGZvUJaRNHMexAQE2hwKYpbKcueEkMIQNqFgvi/W2IRPaoiRcCPX9
                EFmuhbbqXNjAdregrpS58+6ryxkfl3O67/PjPg+iB9mxPo14wf5zqakYgVu6RE5e
                gC5NPMrPIg4mGac=
                =j446
                -----END PGP SIGNATURE-----
              • Justin Chapweske
                ... Well, if you believe in what Bruce Schneier is doing with counterpane, they are basically saying that all proactive security measures are useless and the
                Message 7 of 10 , Aug 1, 2000
                • 0 Attachment
                  > with the sophisticated users. Then the me-too users will follow along.
                  > Then all of a sudden anal, centralized security is no longer fashionable.
                  >

                  Well, if you believe in what Bruce Schneier is doing with counterpane,
                  they are basically saying that all proactive security measures are useless
                  and the only way to effectively secure a network is active defense to
                  attacks.

                  -Justin
                • Simon St.Laurent
                  This is from Jon Udell s Internet Groupware for Scientific Collaboration , a piece that seems to be generating interest outside the small group its title
                  Message 8 of 10 , Aug 4, 2000
                  • 0 Attachment
                    This is from Jon Udell's "Internet Groupware for Scientific Collaboration",
                    a piece that seems to be generating interest outside the small group its
                    title might indicate:
                    http://software-carpentry.codesourcery.com/Groupware/report.html

                    ---------------------- 3.2.3
                    There is not likely to be a single "killer app" in the realm
                    of Internet groupware. Rather, there will be a "killer
                    infrastructure" -- based on universal representation of data in
                    XML -- that enables a whole class of specialized, ad-hoc applications
                    in the same way that the UNIX pipeline did.
                    ---------------------- 3.2.3

                    To me, that sounds pretty interesting - and a ripe target for
                    decentralization.

                    Simon St.Laurent
                    XML Elements of Style / XML: A Primer, 2nd Ed.
                    http://www.simonstl.com - XML essays and books
                  • Aaron Swartz
                    ... My problem with the UNIX pipeline was that it only dealt with flows of text. Of course, with XML we can change that. That could be pretty powerful. The
                    Message 9 of 10 , Aug 4, 2000
                    • 0 Attachment
                      Simon St.Laurent <simonstl@...> wrote:

                      > There is not likely to be a single "killer app" in the realm
                      > of Internet groupware. Rather, there will be a "killer
                      > infrastructure" -- based on universal representation of data in
                      > XML -- that enables a whole class of specialized, ad-hoc applications
                      > in the same way that the UNIX pipeline did.

                      My problem with the UNIX pipeline was that it only dealt with flows of text.
                      Of course, with XML we can change that. That could be pretty powerful. The
                      barrier to decentralization, would likely be the same who-where problem that
                      keeps cropping up.

                      That is, who do I go to and where are they. With UNIX, it's easy. You
                      installed all the applications and so you can run them. When you're thrown
                      out into the massive Internet, it's much harder. In the end, we all end up
                      running to our Yahoo!s and Googles.

                      If we are to have a decentralized infrastructure, we're going to need to
                      figure out a way to solve this problem. Perhaps we can take a page from
                      Gnutella and Infrasearch. One sends out a query, and their XML bit, and sees
                      if anyone sends back anything interesting.

                      This is starting to sound a lot like BXXP.

                      http://www.bxxp.org
                      http://www.invisible.net

                      Hmm, food for thought.

                      --
                      Aaron Swartz |"This information is top security.
                      <http://swartzfam.com/aaron/>| When you have read it, destroy yourself."
                      <http://www.theinfo.org/> | - Marshall McLuhan
                    • Willem Broekema
                      ... Isn t this something that bookmarklet -based applications like Deepleap (try to) address? Deepleap provides you with a bookmark that, when pressed, will
                      Message 10 of 10 , Aug 5, 2000
                      • 0 Attachment
                        Aaron Swartz wrote:
                        > My problem with the UNIX pipeline was that it only dealt with flows
                        > of text. Of course, with XML we can change that. That could be
                        > pretty powerful. The barrier to decentralization, would likely be
                        > the same who-where problem that keeps cropping up.
                        >
                        > That is, who do I go to and where are they. With UNIX, it's easy.
                        > You installed all the applications and so you can run them. When
                        > you're thrown out into the massive Internet, it's much harder. In
                        > the end, we all end up running to our Yahoo!s and Googles.

                        Isn't this something that "bookmarklet"-based applications like
                        Deepleap (try to) address?

                        Deepleap provides you with a bookmark that, when pressed, will give
                        you a pop-up window with various options to get related info to the
                        page you're currently browsing and/or the words you have selected on
                        that page:

                        <http://www.deepleap.com/tools/available.pl>

                        I.e. highlight a film title and with one click you can view Yahoo's
                        listing of that film in cinema's near you.

                        By the way, their back-end is XML-based and is open to outside
                        developers:

                        <http://www.deepleap.org/plugins>

                        Is this a solution to the 'where do I go to'-problem?

                        - Willem
                      Your message has been successfully submitted and would be delivered to recipients shortly.