Loading ...
Sorry, an error occurred while loading the content.

[mnet-devel] reconsidering fundamental Mnet architecture (fwd)

Expand Messages
  • Lucas Gonze
    A double forward, unusual for this list. On a technical level Friendnets are interesting because they are a new kind of decentralized topology. ... Date: Sat,
    Message 1 of 6 , Dec 14, 2002
    • 0 Attachment
      A double forward, unusual for this list. On a technical level Friendnets
      are interesting because they are a new kind of decentralized topology.

      ---------- Forwarded message ----------
      Date: Sat, 14 Dec 2002 20:40:17 +0100 (CET)
      From: Eugen Leitl <eugen@...>
      To: cypherpunks@...
      Cc: forkit! <fork@...>
      Subject: [mnet-devel] reconsidering fundamental Mnet architecture (fwd)

      ---------- Forwarded message ----------
      Date: Sat, 14 Dec 2002 14:16:02 -0500
      From: Zooko <zooko@...>
      Reply-To: mnet-devel@...
      To: mnet-devel@...
      Subject: [mnet-devel] reconsidering fundamental Mnet architecture


      http://zooko.com/log-2002-12.html#d2002-12-14_the_human_context_and_the_future_of_Mnet

      2002-12-14
      the human context and the future of Mnet dura-link v1.0.1

      The state of the art in emergent network design goes something like this:
      step 1, treat everyone you talk to over the Internet identically. Whether the
      other person is your best friend or the one millionth anonymous stranger from
      a university network half-way around the world, you offer your resources to
      them and request services from them just the same. step 2, design a wonderful,
      infinitely scalable, efficient, elegant emergent network on top of this
      substrate. step 3, observe that if all of the players aren't perfectly
      well-behaved and altruistic, your wonderful design doesn't work, and start
      trying to figure out how to salvage your beautiful design from being destroyed
      by the ugly fact of malicious and/or selfish agents.

      Now, solutions proposed by people in step 3 include very clever game-theoretic
      tricks and cryptography, the addition of ubiquitous micropayments (as
      pioneered by Mojo Nation), the addition of sophisticated redundancy so that as
      long as the malicious/selfish nodes are not a sufficiently large subset their
      misbehavior is drowned out by the majority, the addition of reputations so
      that only people who have already done given something of value are allowed to
      take something of value, and more.

      But it seems to me that the first thing we should do is go back and reconsider
      step 1: the part where you forget everything you know about your friends and
      family and treat messages received over the Internet from strangers half-way
      around the world the same as messages received over the Internet from your
      best friend. I think that the emergent network designer should focus on the
      human context, both because the human context is where our ultimate goals and
      values are defined, and also because the human context is the best source of a
      uniquely valuable network resource: trust.

      (Raph Levien and Mark Miller are both thinking along these lines, although
      they're thinking of dramatically different designs.)

      This is the core consideration of what Lucas Gonze calls "friendnet".
      "Friendnet" is similar to what business people use under the name "VPN" --
      Virtual Private Network. A VPN is an "overlay network", in that it runs on top
      of the Internet, but it acts like a private local network, in that all of the
      computers and all of the human users on a VPN belong to the same company, obey
      the same rules, and are loyal and altruistic toward one another. (Ahem.)

      Now obviously there are some things we would like to do differently with
      friendnet. For starters, I strongly prefer the emergent and human topology of
      "I have some friends, and they have some friends, and some but not all of
      their friends are also my friends.", over the centralized and, well, inhuman
      topology of "Every user on this network is an employee/member of X
      organization, and they are not allowed to have any network connections to
      other people who are not also employees/members of X organization.".

      For seconders, we could investigate the intriguing possibility of automated
      transitive operations. This could be automated transitive proxying, where I
      request something of my friend, and since he can't give it to me, but his
      friend can, his computer automatically requests it of his friend and then
      gives it over to me. It could also be automated transitive introduction, where
      my friend's computer automatically introduces his friend to me (so that I can
      then make direct requests of my friend's friend).

      Raph's research is all about doing this automated transitive stuff in a
      systemically constrained way. That is to say doing it safely -- without
      letting it run out of control such that our computers offer all of our
      resources and all of our privacy to a friend of a friend of a friend of a
      friend, who turns out to be an enemy. I think that his research is promising
      and will probably lead to very important techniques someday.

      But when doing pragmatic design on the Mnet network, I would rather try the
      variant without any automated transitive operations. This is simpler to
      design, and almost certainly safer.

      My current big issue in the design and evolution of Mnet is that this notion
      of friendnet (with or without systemically contrained transitive operations)
      is at odds with a fundamental architectural feature that it inherited from
      Mojo Nation, as originally designed by Jim McCoy and Doug Barnes. This
      architecture has it that the storage and transfer of bulk data is a global,
      automatically transitively managed resource, while the encryption keys
      necessary to download and decrypt the data can be private and can be shared by
      actual human friends via telephone or e-mail. I always liked that idea, and
      when I initially launched the Mnet project and named it a "universal
      filestore", my goal was to focus the project on implementing that simple
      abstraction (universal public data store, private keys).

      Nowadays I'm less keen on that abstraction, since the global part of it will
      eventually require some "step 3" answer, and I'm doubting that layering step 3
      on top of step 2 is the right approach, compared to the approach of revisiting
      step 1 and building a unified and elegant emergent network from step 1 up.
      There are also technical problems with the abstraction which I'll save for a
      later day.

      Now, a lot (all?) of my fellow Mnet Hackers are very keen on micropayments,
      and even if I were to actively oppose the micropayment notion, they would go
      ahead and implement it and give it another go. So that's one future of Mnet
      (or a branch of Mnet): another try at Mojo Nation's architecture wherein step
      3 (integrated automatic ubiquitous micropayments) is layered on top and
      provides attack resistance and resource management for step 2 (universal data
      store and transport). Another future of Mnet, which is almost certainly going
      to happen in the near future, is just deploying a good implementation of step
      2 without any step 3. This would be more or less on par with other emergent
      networks in current theory and practice, and will form an excellent base for
      more experiments. A third future of Mnet (or a branch thereof), is to break
      the universal filestore abstraction and return to step 1, building a
      friendnet-Mnet in which any two computers are allowed to have a relationship
      if and only if their human users already have a similar human relationship.

      Intriguingly, all three of these possible future Mnets can in principle
      interoperate with one another...
    • Todd Boyle
      ... Thanks, that s very informative, Todd
      Message 2 of 6 , Dec 14, 2002
      • 0 Attachment
        At 01:26 PM 12/14/2002, you wrote:

        >A double forward, unusual for this list. On a technical level Friendnets
        >are interesting because they are a new kind of decentralized topology.


        Thanks, that's very informative,
        Todd
      • Justin Chapweske
        There is a lot of interesting stuff in Zooko s post, but I think this is ... I think the fundamental question is: What are the fundamental building blocks
        Message 3 of 6 , Dec 14, 2002
        • 0 Attachment
          There is a lot of interesting stuff in Zooko's post, but I think this is
          the most important:

          >
          > Intriguingly, all three of these possible future Mnets can in principle
          > interoperate with one another...
          >

          I think the fundamental question is: What are the fundamental building
          blocks that a given system needs in order to interop with a friendnet
          architecture?

          For interop reasons, is it sufficient to treat a given friendnet as a
          virtual supernode, thus allowing individual members to remain anonymous,
          or is it necessary to interact with individuals directly?

          This is definately a taste of whats to come.

          --
          Justin Chapweske, Onion Networks
          http://onionnetworks.com/
        • Lucas Gonze
          See also: http://www.nachlin.com/projects/friendnet/ http://gonze.com/friendnet.html - Lucas
          Message 4 of 6 , Dec 14, 2002
          • 0 Attachment
          • Rich Persaud
            ... Assuming membership overlap in all three lists, is a double-forward (in lieu of crosspost): - implied endorsement (reputation metric) - disclosed collusion
            Message 5 of 6 , Dec 14, 2002
            • 0 Attachment
              Lucas wrote:
              | A double forward, unusual for this list. On a technical level Friendnets
              | are interesting because they are a new kind of decentralized topology.

              Assuming membership overlap in all three lists, is a double-forward (in lieu of crosspost):

              - implied endorsement (reputation metric)
              - disclosed collusion (buzz metric)
              - emergent network (taste discovery)

              The double-forward / crosspost distinction arises from a specific topology.

              Zooko wrote:
              ...
              | substrate. step 3, observe that if all of the players aren't perfectly
              | well-behaved and altruistic, your wonderful design doesn't work, and start
              | trying to figure out how to salvage your beautiful design from being destroyed
              | by the ugly fact of malicious and/or selfish agents.
              ...

              Prevent destruction, yes, Prevent damage, no. It's useful to allow malicious agents to self-identify through malicious behavior. Suppression of all opportunity for malice would make it impossible to identify agents that decline such opportunities. It would also delay immune system response to malice.

              ...
              | best friend. I think that the emergent network designer should focus on the
              | human context, both because the human context is where our ultimate goals and
              | values are defined, and also because the human context is the best source of a
              | uniquely valuable network resource: trust.
              ...

              There's a useful analogy between trust and information theory, from http://www.sandelman.ottawa.on.ca/spki/html/1998/winter/msg00058.html :
              '... Trust being "that which is essential to a communication channel but which cannot be transferred from a source to a destination using that channel" ...'


              | the universal filestore abstraction and return to step 1, building a
              | friendnet-Mnet in which any two computers are allowed to have a relationship
              | if and only if their human users already have a similar human relationship.

              Humans have relationships in contexts.

              Any pair of humans is tied by multiple relationships. Case in point, the crosspost / double-forward distinction.

              Rich
            • Julian Bond
              ... This reminds me a lot of two concepts I ve come across. The first is William Gibson s Walled City in the Idoru series. This was a subset of the net which
              Message 6 of 6 , Dec 15, 2002
              • 0 Attachment
                Lucas Gonze <lgonze@...> wrote:
                >See also:
                >http://www.nachlin.com/projects/friendnet/
                >http://gonze.com/friendnet.html

                This reminds me a lot of two concepts I've come across. The first is
                William Gibson's "Walled City" in the Idoru series. This was a subset of
                the net which was complete of itself but who's members chose not to
                interact with the rest of it. Whenever I've raised this in conversation,
                poeple have always thought of it in terms of firewalls (viz the great
                firewall of China) but it actually makes more sense as a logical
                overlay. Some of the private discussion groups behave like this such as
                Howard Rheingold's Brainstorms (or The Well?). There's no need for a
                moderation or trust metric system because everyone is there by
                invitation and hence has a vested interest in playing cooperatively.

                The second concept came from Consume.net and was a protocol for deciding
                if a "Guest" should have access to a WiFi community. It's known as the
                "cup of tea" protocol. You can't join and use the service until you've
                sat down and had a cup of tea with a member or node owner. We seem to be
                moving towards similar whitelist approaches in several areas, notably
                spam control.

                One last point. I like the feel of trust and relationship algorithms
                that are only positive and have no concept of enemy. Where you can mark
                someone up as a friend but there's no facility to mark people down.
                These also have the advantage that they are easier to implement as side
                effects of other behaviour rather than a specific action.

                --
                Julian Bond Email&MSM: julian.bond@...
                Webmaster: http://www.ecademy.com/
                Personal WebLog: http://www.voidstar.com/
                CV/Resume: http://www.voidstar.com/cv/
                M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
              Your message has been successfully submitted and would be delivered to recipients shortly.