Orcmid's Lair |
||||
|
|
2004-02-21Software EngineeringDependable Systems DevelopmentResearch activitiesHere's a great find that came out of my explorations earlier today.DIRC. This is the Interdisciplinary Research Collaboration in Dependability (so how come the letters are rearranged in DIRC?). This is an exciting site. The research activities cover topics like trust, reliability, organizational culture, and so on. Some of the activities have been concluded, and I will see what more there is on those, such as Organizational Structure and Trust (with Ian Sommerville), Deployment and Evolution (involving Stuart Anderson, Donald MacKenzie, and Denis Bernard -- whoa, this is getting exciting), Open Source Software, and Collaboration (that is, Group Process) in Dependable Software. These activities are described as now closed and I want to find out what was produced. Meanwhile, there are activities still open on decision support for dependability, security and privacy, and dependable service-centric grid computing. (I omitted ubiquitous computing in the home because I don't yet believe in it.) Computing MilieuxCoping in CyberspaceUsing SMTP to Curb SpamACM News Service. This blurb about a New Scientist article [Celest Biever on p.26 of vol. 181, 2433 (2004-02-07)] seems to contradict other news about the approaches being considered. This may be what the IETF proposals are based on -- Yahoo!'s Domain Keys protocol and Lightweight Message Access Protocol (LMAP). What these do is tie messages (and the From:) to a domain and confirm that domain and the sender.I have a personal concern and that is for the portability of my e-mail address and being able to "send from" an address which is my forwarded address and the one my X.509 signature is tied to. But I send from where I can send. There is no spoofing involved, and my forwarder actually provides no way for me to be an SMTP sender from their domain. It only handles mail to me. I guess I need to ask ACM what they are going to do to support people with their affinity address, @acm.org, be bona fide senders as well as recipients. Software EngineeringPsychological Barriers to Good Product Validation?News from a related disciplineThe following articles may be very important for their insight into the difficulties of disciplined software engineering and also appropriate testing, verification, and most-of-all, validation. It would be good to contact these blokes and find out if the connection has been recognized.I am searching for Denis Besnard, one of the authors of this work. He participated in a discussion of interdisciplinary lessons for software engineering in 2002. The business about expert errors in trouble-shooting has been under investigation since 1999. I definitely want to know more. I found Besnard on the Web, and he is definitely interested in software reliability. I must assume that the findings about mental barriers being applicable. I am sending an e-mail inquiry. Coincidences set up mental error TRN 021104. Here's Kimberly Patch's Technology Research News article on the problems of mental model shortcuts and their errors. "The researchers are currently looking at the conditions under which operators can lose their grasp on a situation, said Besnard." This work is being applied to aircraft safety and cockpit design as well as flight-crew procedures. As I said, I think this may be very useful in regard to software engineering. The key research is reported here: "Besnard's research colleagues were David Greathead at the University of Newcastle upon Tyne and Gordon Baxter of the University of New York in England. The work appeared in the January, 2004 issue of the International Journal of Human-Computer Studies. The research was funded by the UK Engineering and Physical Sciences Research Council (EPSRC). "Timeline: 5-10 years "Funding: Government "TRN Categories: Human-Computer Interaction "Story Type: News "Related Elements: Technical paper, 'When Mental Models Go Wrong: Co-Occurrences in Dynamic, Critical Systems,' International Journal of Human-Computer Studies, January, 2004" ACM News Service - Coincidences Set Up Mental Error. This is an interesting blurb on some characteristics of human cognitive behavior. Although the case is not mentioned, this seems extremely valuable and applicable to software development and the prevention, detection, and mitigation of bugs. The automatic mental error seems pronounced in software development, especially around confirmation testing. Programming LanguagesJIT and Virtual Machine ProcessorsPerl 6 and Parrotparrot - Parrot. There's a domain for Parrot code development. Parrot 0.0.10 is current (that tells you something), and there is a working IL assembler, a JIT and some basic types. I have learned that Parrot creates a register-machine model and has an (Artistic|GPL) license that is GPL compatible. These are all reasons to look closer. This is automatically a potential target for oMiser and oFrugal, for starters. The absence of reference-counting will be an interesting challenge. NewsFactor Network - Enterprise - Perl Gets Extreme Makeover. Here's Vincent Ryan's 2004-02-18 NewsFactor Network article, with many links and useful background. ACM News Service - Perl's Extreme Makeover. The major changes in Perl 6 and the use of Parrot are something to keep an eye on. Parrot was an April Fool's Day announcement between Guido (Python) and Larry (Perl) as I recall. It looks like there is now beef, and something to look at, especially the safety of the object model and the engine. Network ProtocolsAnalysis and MonitoringPacket SniffingI have been despairing that I could figure out how to observe anything working at the protocol internals level from my Windows XP setup. I know there are ways to do it, but I didn't want to buy any $2000 commercial package, and I was having dismal results with the few utilities I found on my configuration (though there may be many I didn't find), some open-source downloads, and some shareware trials. Today, 2004-02-21, I began to have great success, and it is with these packages: WinPcap, WinDump, and Ethereal. I am getting results and it is starting to make sense. I'm so excited. ...WinDump: tcpdump for Windows. Here's the WinDump page. WinPcap FAQ. Some important things to watch out for. There may be firewall interference. We'll have to see. Also, we will want to run WinPdump to see if the adapter is being found. Windows Packet Capture Library. This is the support site for WinPcap, the packet capture architecture for Windows. This is required by Ethereal (and downloadable from the Ethereal site). Here is where there is information on what this is, documentation, etc. Ethereal: A Network Protocol Analyzer. This seems to be the right thing for protocol analysis and also observing packets. 2004-02-20UtilKit Inc, Best Windows Utilities. Here's a mildly odd site and I don't know quite what to make of it. But the utilities may be worthwhile. TamoSoft, Inc. // Products. Here are some network products that look useful too. I downloaded a trial version of CommView and we'll see how well that goes. NetworkingFiles.com - Ping and Trace Utilities. Here's a giant collection of freeware, shareware, and demoware network utilities Yahoo! News - ZoneAlarm Bug Bares System To E-Mail Attack. I got a vulnerability summary from US-CERT yesterday and it was amazing how many of the vulnerabilities had nothing to do with Microsoft Systems. Now I am seeing something that does impact me, and I will do the firewall update at once. Like right now. Pandora's box for open source | CNET News.com. Here's Martin LaMonica's 2004-02-12 article on the topic. This is a benchmark page -- I don't have to ask for a printable version to be able to bookmark all of it, and if I wanted to archive it I can scoop it all in one chunk. The sidebars and other goodies are cool too. Is this a new look for C|net News.Com? ACM News Service -- Pandora's Box for Open Source. While Microsoft's love-hate relationship with Open Source continues, others are more, uh, ambivalent (thinking of Sun and Apple). This article suggests that business models can work around Open Source, but there is the prospect, by commercial firms, of having open source eat their lunch. Still, the CEO of MySQL thinks there is room here, and just struck me that it would appear to be at the engineered and enterprise level. I am not sure how that gets rice and beans on the table of the open-source developer, a very important part of the equation. Lots to think about. Boston.com / Business / Technology / Biology stirs software 'monoculture' debate. Here's the Justin Pope 2004-02-16 article. There is something useful here about decoupling, such as having Word and lord knows what else snarled up in Microsoft Windows. I don't know if it deals with the monoculture vulnerability, but I think that operating clean separations of concerns and decoupling could help, if only to allow more places/edges for substitution and also upgrading and repair. My remaining concern is for integration models that might become monocultural. And, after all, there is that x86 under there too. That doesn't seem to worry us so much, and it would be useful to understand why and where the trustworthy aspect arises, if there really is one. ACM News Service -- Biology Stirs Software 'Monoculture' Debate. I worried about this sort of thing when everyone was installing the same antivirus software where I worked because there was a corporate license for it. The possibility of a single exploit or simply a detection failure that impacted all of them was a concern for me, so I ran a different anti-virus on my workstation. Here in my SOHO LAN, all of the machines run the same anti-virus and they will soon all run the same operating system. Bummer. On the other hand, these research activities seem ill-conceived and unmindful of what we have learned about common-mode failures. I think it is going to take more than this. Also, randomizing inessential aspects of an implementation seems just stupid. I worry about this when I think of trust points and other elements of Miser -- both in terms of accomplishing software verification and validation and in terms of being vulnerable to a common exploit or common-mode failure. I want to see diversity with interoperability. Would you like fries with that? ... New Anti-spam Initiative Gaining Traction. Here's the Dennis Callaghan 2004-02-12 article in eWeek. There are more links here and more on how this might work. The trick is to combat spoofing while also providing for people using portable forwarded addresses. That is my personal itch. There is more here on following the debate. ACM News Service -- New Anti-Spam Initiative Gaining Traction. This news blurb is about SMTP+SPF. I have a personal concern with regard to using a personal e-mail address that I keep portable (that is, I use it regardless of the SMTP service that I use for sending). That's my acm.org address. I don't have a way to send through that domain, and I don't want to lose the ability to still have it be what people reply to and what they see the message as from. My digital certificates are tied to that e-mail address too. So I have this selfish interest in how this works out. 2004-02-19Dino Karabeg - Polyscopic modelling -. Here's an abstract for a conference on Evolution of Complexity. Information infrastructure design. Here's another topic of Karabeg's that fits right into Situating XML. Sonofagun. Informasjonsdesign - Institutt for informatikk, UiO. The topic (in English) is Information Design (ID). This is something for me to hold onto when I move into Data as Information as part of the nfoWare treatment of Situating Data. Informasjonsdesign - Institutt for informatikk, UiO. The topic (in English) is Information Design (ID). This is something for me to hold onto when I move into Data as Information as part of the nfoWare treatment of Situating Data. Dino Karabeg. Well, teaching Qigong and information design should certainly go together, yes? I am going to look around here for Polyscope. Dino Karabeg, Ifi, UiO. Dino Karabet is an associate professor at the University of Oslo, in the Department of Informatics. Polyscope - what an idea. I just ran into a talk by Donald Knuth [TUGboat 23, 3/4 (2002), 251] where he discusses "Polyscope" a concept of Dino Karabeg about looking at things at all levels. "It's more than a telescope -- it's a polyscope." This strikes me as what I have in mind for being able to explore a computer system, observe, demonstrate and see many of the levels (of abstraction, often) and Knuth talks about this way as a certain kind of talent that is strong in computer scientists. He mentions this in his lectures on 3:16 and Things a Computer Scientist Rarely Talks About. What matter right now is that I have a better name than computer macroscope or anything like that for animating computer processing so that it can be inspected, walked through, and so on, and it is a computer polyscope. SSHDOS - SSH and SCP client for DOS. This is the home page for SSHDOS. I am not sure that I am up for running this under XP Pro, with 4NT, but I should at least try it. It may also be important to look at what the package was built with (including PUTTY), since that may provide another avenue I can use. 2004-02-17Information SystemsWeb ServicesWS Inspection and DiscoveryClassmate John O'Dea has been discussing the similarities between Web Services and P2P and that P2P arrangements, such as JXTA, can be carried on HTTP and SOAP. I think this is valuable, and uncovered Web Service Inspection Language (WSIL) and the newly reannounced WS-Discovery specification efforts. I like the idea of WSIL, which provides for simple discovery, and I have some ideas for dealing with referrals ('Joe sent me'). It is interesting that WS-Discovery uses Internet multicasting to advertise presence.Web Services Architect : Articles : Do we need WSIL?. Here's a nice discussion and an explanation of the basic WS-Inspection arrangement. Web Services Inspection Language for Java API - Overview. WSIL4J is a Java class library that can be used to locate and process WS-Inspection documents. ONJava.com: An Introduction to WSIL [Oct. 16, 2002]. Here's more on the use of WSIL and its value as a light-weight support for service discovery. WS-Inspection. This is a convention for placing XML documents where they can be inspected to learn about supported services. The document could be the target of a link, it could have a known URL, and it could be discovered by inspection of the site or page carrying it. WS Discovery Specification. This is the official page for the February 2004 edition of the WS-Discovery specification. I find there is another interesting specification here too. Yahoo! News - Microsoft to Release New Web Services Spec. This is the Web-Discovery specification. It allows services that are only periodically available to come and go. I couldn't find an announcement, but there is a February 2004 specification on the MSDN site. Mathematical LogicSet TheoryThe Burali-Forti ParadoxI ran into use of this and realized I didn't know which paradox it is. I see that it is a very interesting one.Burali-Forti Paradox -- from MathWorld. Here's a nice, clean presentation of the Burali-Forti paradox: Eric W. Weisstein. "Burali-Forti Paradox." From MathWorld--A Wolfram Web Resource. http://mathworld.wolfram.com/Burali-FortiParadox.html An Historical Account of Set-Theoretic Antinomies. This is a report by Justin T. Miller, dated 2001-01-11. It includes the Burali-Forti Paradox along with Cantor's and Russell's. The key thing is that the axiom of abstraction (that is, the extensional existence of a set as all a for which phi(a) is true) led to all of these and that the accepted repair is with Zermelo's Axiom of Separation or Fraenkel's Axiom Schema of Replacement. Personal ComputingWeblogs and SyndicationTrackBack TechniquesTrackBack Module for RSS 1.0/2.0. This is a version 1.0 draft that adds TrackBack into RSS. This is an interesting additional wrinkle. mttrackback - TrackBack Technical Specification. OK, I got it. The trackback URL that is available for human and automatic discovery in an article is an address that accepts POST to add a trackback and that, under GET, will return an RSS feed of the trackback items that have been pinged to the particular trackback point. This all looks pretty straightforward, though it takes something to automate. I think this is an interesting protocol. A free implementation is available for download. It has been added to bloxser, I don't know why it can't be added to a process that goes over one of my pages and pings the trackback of those sites I have refered to, if they have set up for autodiscovery. This is an interesting mechanism. mttrackback - TrackBack Technical Specification. OK, here's the TrackBack protocol specification. This is a kind of subscription protocol in that it sends a ping to a trackback receiver URL and is then included in the trackbacks from the associated article. I know I'm over-simplifying. What is interesting is how this can be used to request notification of something or to make availability of something. The protocol is mainly neutral (he says, without reading the document) as to purpose. I can see this being used to establish a connected community. Rather than pontificate further, I am going to look at the details now. movabletype.org : TrackBack Explanation. Here's more on what is going on with trackbacks. Hmm, hmm, hmm. Amazon Honor System. Because this is on the blosxer page, I clicked the "more information" link about the Amazon Honor System and payment thingie. So, here's an alternative to PayPal using Amazon.com accounts. Hmm. blosxom :: the zen of blogging ::. Well, all right, I am now looking into bloxsom. I may need to learn to convert Perl to something else (my preference is JavaScript in ASP, dare you ask), but this is a nice approach and I wonder how it would blend with a MoinMoin Wiki or some other Wiki style operation. raelity bytes :: /computers/internet/weblogs/blosxom/trackbacks_in_blosxom.html. This is an interesting page. It is about Trackbacks. It was served up because I used the little purple "#" thingy in the title on the blog page where I found it. This is an interesting blog implementation. I need to look at it more, but first, Trackbacks. Information TechnologyEconomics and Business ModelsERP users bristle at upgrade pressure, maintenance costs - Computerworld. This article reminds me of the problem that exists in the preservation of data systems. In data management and digital libraries, for example, there will be long-lived slow-changing resources, and the collections can become massive. On the other hand, these systems outlive the attention span of vendors and ultimately of the media technology. Business models based on upgrading and revision and change of technology do not work well here. This applies to such simple things as Microsoft Word documents. If we extend into more-specialized, proprietary technologies, the situation becomes even stickier, as in the case of upgrade and maintenance fees for ERP systems. There is a way in which "innovation" is not a good, let alone a free good (all puns intended). What is a girl to do? Personal ComputingSocial NetworkingEsther Dyson observationsAlthough I am happy to have been reminded to check on Esther Dyson's site for industry trends and analysis, the observations about social computing are also appropriate to our discussions in class, and my general interest in P2P arrangements. Blogging and Syndication is part of that. There is more here.EDventure :: some comments about LinkedIn. These comments in Esther Dyson's Blog are important. One of the commentators points out that there is a kind of "friend inflation" that creeps in. It is also desirable to be able to filter the invitations from people who don't know you personally (or that you don't know personally). I notice that trackbacks are interesting and I will need to put one in here to see how it works. Meanwhile, I am still interested in the self-organizing community approach, how ants find food, and also how one asserts something as part of recommending one friend to another. Bill Anderson and I just got off the phone, and I think that the web of trust machinery is adaptable and I also think that there is more to it than the countersigning of trusted countersigners. We need something that carries specific assertions by respected countersigners. It's not like peer rating but that could play in too. Overlays on overlays on overlays. AnderBill and I will look at coherence and confirmable experience at the signed-material level and use that as an avenue to look into trust networks. OpenPGP is a great place to start, as is signed code (now there we can see many undifferentiated assertions and unmerited expectations). Anyhow, we want to start somewhere, and the first thing I want to find out about is TrackBack. But meanwhile, I notice that the trackback URL takes me to an XML file of the trackback material. My question is how the trackback gets built, and how to be in someone's trackback, how to trackback from my blog, once upgraded, etc. I will dig around. Release 1.0 Abstract: Social Networking for Business (Release 0.5). This is Esther Dyson's November 2003 appraisal. LinkedIn is menbtioned, and my associate Bill Anderson is sending me something about that. I know that I declined the Google-created one based solely on their IP claim and a certain sophomoric quality that I experienced. I think the Friend-of-a-Friend (FOAF) structure is also juvenile, but I like the principle involved and the technology (RDF with OWL seasoning) may be applicable to many more cases. I want to use this in an application-to-application P2P setting, and I am still looking. Release 1.0 Abstract: Reputation Systems. This October 2003 report by Jeff Ubois is important to me concerning social networks and how P2P can be made to work on a decentralized, self-creating community basis. Business Intelligence & Technology Analysis, Research & Reports - Edventure Holdings Inc.. This is Esther Dyson's (e.d.-venture, yes?) site with nice notes. And the release 1.0 report appears here. There is a link to Esther's blog, too. ACM Ubiqity: Esther Dyson interview. This is a nice interview from Esther Dyson. Here we learn about the PC Forum (I won't be going, still) and that Esther has started a blog. Information TechnologyStandards AdoptionSIP rolloutSIP rollouts hit variety of snags. Here's the NetworkWorldFusion article on problems with SIP rollout. The following quote fits into this week's discussion of problems with standards in my MSC-CC course: «"SIP is extremely flexible, but anytime you have [a protocol] that's flexible, you have different ways of interpreting things or doing things," says Ken Fischer, principal architect for softswitch services at Level 3 Communications.» ACM News Service -- SIP Rollouts Hit Variety of Snags. Here's a blurb on problems with interoperability using the Session Initiation Protocol (SIP) standard along with the Voice over Internet Protocol (VoIP). There are major implementation interoperability and incomplete implementation of standards. Computer MilieuxTrust and Trustworthy ComputingWeb Site and Email SecurityOWASP: The OPen Web Application Security Project. Here's a great find. Specifications, tools, and feeds. Website Design - HWG.ORG. This is a home page to the IWA-HWG (International Webmasters Assocation - The HTML Writers Guild). There is reported to be classes and materials on web security. There's also some at Foundstone, with a good list of white papers (the pages aren't bloggable though). E-Commerce News: Security: Tackling the Secure Web Mail Challenge. This is the full eCommerce Times article by Keith Paslay, 2004-02-04. This has nice reach, and there are some interesting links to follow. ACM News Service - Tackling the Secure Web Mail Challenge. This is an interesting blurb. Although it is focused on Web-based email, this applies to any web presence, including the offering of Web Services. This is also a good description of how security and safety concerns must be addressed from the beginning of software development. Impact of Wireless Technology802.11 StandardsZDNet: Printer Friendly - Why 802.11 is underhyped. This is J. William Gurley's article in full. It is a little too casual (underestimating the Power PC chip, though it did not unseat Intel as Apple and others might have dreamed). Even so, the rationale is important. ACM News Service -- Why 802.11 is Underhyped. This news blurb covers a ZDNet 2004-02-04 article that suggests the impact of 802.11 is seriously underestimated. There are already 50 million devices and the number will have doubled by next year. The 802.11 standards are seen to be driving wireless to the equivalent of the x86 standard for PCs. Computing MiliuexSocial NetworkingBlogging and other technologiesACM News Service -- The Net: Safety, Blogs and Protocols. This news blurb summarizes a 2004-02-09 Wall Street Journal article. It is a nice capsulization of current concerns, worries, and optimism. Mathematical LogicModel TheoryFirst-Order Theories and other aspectsHere are some links to the work of Wilfrid Hodges that I want to mine farther for information on model theory and also first-order theories.First-order Model Theory. Hodges, Wilfrid, "First-order Model Theory", The Stanford Encyclopedia of Philosophy (Winter 2001 Edition), Edward N. Zalta (ed.), URL = <http://plato.stanford.edu/archives/win2001/entries/modeltheory-fo/>. Actualism. Menzel, Christopher, "Actualism", The Stanford Encyclopedia of Philosophy (Spring 2003 Edition), Edward N. Zalta (ed.), URL = <http://plato.stanford.edu/archives/spr2003/entries/actualism/>. Classical Logic. Shapiro, Stewart, "Classical Logic", The Stanford Encyclopedia of Philosophy (Summer 2003 Edition), Edward N. Zalta (ed.), URL = <http://plato.stanford.edu/archives/sum2003/entries/logic-classical/>. EpistemeLinks.com: Bibliography Results. Here's a nice bibliographic compilation that includes Hodges' Stanford Encyclopedia of Philosophy article. Wilfred Hodges Home Page. Hodges' book on Logic is being discussed on the Phil-logic list, though without much attribution. I thought I had better find the source. I discover that Hodges lectures at the ESSLI and related events, and the lecture slides are on-line. That's nice, and a nice reason to visit. 2004-02-16Information TechnologyComputer NetworkingNetwork ToolsMy classmates and I are looking for more and better tools to use in observing and experimenting with application-layer protocols, such as HTTP/1.1SourceForge.net: Project Info - Packetyzer. This is the SourceForge project page for Packetyzer. Information SystemsPeer-to-Peer ComputingConverging Technologies?MUTE: Simple, Anonymous File Sharing. Here is the MUTE home page. I am not sure what to do with this. I probably need to look at the technical details. MUTE: Simple, Anonymous File Sharing. This page describes How Ants Find Food and uses something similar for paths to resources. The pictures are great as are the diagrams. This is an interesting prospect for creating peer connections in search of something. SourceForge.net: Project Info - MoinMoin. This is the SourceForge project. I like this. Need to find some others. FrontPage - RESTwiki. This is a wiki for people interested in the REST architecture of the Web. I want to use this as inspiration for simplicity, though I am not adverse to Web Services either. FrontPage - MoinMoin. This is a Wiki implementation that I like. I don't want to run it in Python, but it would be keen to convert it to ASP and JavaScript. Two key features are that it handles plug-ins and that it does not require a database engine. That's all intriguing. A Web Developers Perspective on JSP. This is a nice sketch of JSP in comparison with ASP (notice the URL) that was found by classmate Susan Abu Azab. P2P Pages. This is a page on P2P that is part of the IEEE Distributed Systems Online (DSO) compilation of expert-authored articles and resources. They also seek essays, and publish student essays. Student Essays. This is an essay by Fang Chen and Vana Kalogeraki on Self-Organizing Unstructured Peer-to-Peer Systems: Opportunities and Challenges. It raises some interesting questions around the basis for identification of peers and the affinity basis, QoS, etc. 2004-02-15Information SystemsPeer-to-Peer ComputingDiscovery MechanismsI am interested in the discovery problem for peer-to-peer arrangements, especially ad hoc and FOAF (friend-of-a-friend) techniques. I have pretty much concluded that having descriptors on web sites is a nice passive idea, and there can be links to these descriptors (as well as common namings for them), so that they can be discovered by searching but, more than that, by reference. With regard to FOAF, it looks like letters-of-recommendation (sort of like 1-time Distinguished Object References) might work, and there is some sort of PKI dance one could do as well. I find this an intriguing topic, especially with regard to connectivity in a distributed miser operation.ideas asylum - Jamie's Weblog: Discovery, 2003-08-21. Explores the idea that discovery is all about bootstrapping. Nice little blog. JXTA v2.0 Protocols Specification. The JXTA protocols refer to how peers self-organize themselves into groups. I want to find out how that is mediated. I am looking here to find out how bootstrapping occurs. This is apparently done by the discovery service, for searching for peers and peer groups. The idea, in the language of the prototype specification, is that a peer wanting to join a peer group may need to discover at least one member of the peer group and then request to join. So far, I have not found a good way to do this, although there appears to be a kind of HTTP "ping" that can be used to discover a peer site. It is not clear how this works with regard to group associations, since there may be any number of groups that a peer belongs to, and so there are some interesting problems about what exactly is being discovered and what can be done with it. XML.com: Web Services: It's So Crazy, It Just Might Not Work. This is a Clay Shirky article about how Web Services are ill-conceived and, in my words, propose to get a great deal for nothing. jxta.org. JXTA is a peer-to-peer framework carried out as a Java Community Project and licensed under a version of the Apache license. The ways to share files and create groups of peers is not clear to me. the friend of a friend (foaf) project. This is the foaf project page. So, there are no capital letters in it. There are some interesting tools and resources. OpenP2P.com: ETech: FOAF [Feb. 12, 2004]. This is Robert Kaye's O'Reilly blog on Friend of a Friend (FOAF or FoaF) social networking. The nice thing about it is that FOAF is completely decentralized. So the FoaF information is encoded in XML and placed on a web site. This also means the data belongs to you. Also, the presence on a web site is a form of association and a start on authentication, just like I can use orcmid.com as a root for, Java libraries. I don't think authentication is that big of a problem, especially since the FoaF profile can be digitally signed. Then there are trust networks, and, as Key points out, "how will FOAF handle lying, trust, reputation? I'm hoping that we can solve these difficult problems soon -- if nothing else, FOAF will expose these problems to the greater public which will get more brains thinking about the problem. And that's certainly a step in the right direction." I am not sure the problem is one that will be solved any more differently than in social networks in the world. Since the damage can propogate more quickly, there may need to be safeguards to basically infectuous activity. I think this is promising. BitTorrent: Protocol Specification. This is the BitTorrent Protocol specification. Basically, beside some special protocol support, the availability of torrents is via special files that are located on web servers and that can be linked from ordinary web pages. So we have the idea of the web as a location mechanism. This can also work with URLs sent out in invitations, so there is some mechanism that might work here for quasi-bootstrappless operation. The Official BitTorrent Home Page. BitTorrent is a file sharing technique that uses P2P. I am going to see how it handles boostrapping. Attack Model. I don't find this attack model appealing, since it has to do with a kind of civil disobedience (e.g., sharing music). I am interested in isolating attacks (that is, corruption of the distributed operation) in a system, but my concern is for the reliability of the system. I think there is an overlap here, but my concern is destabilization and breach of trust and how that is dealt with, not protection of the identity of the participants. Security. This slide resonates for me. Using SSH and PGP make sense. I ned to find out what about BitTorrent is reuasable. For me the issue is about trust as part of distributed operation, whatever it is on behalf of. I am far more interested in trust and dealing with the trustworthiness of material, such as code that is asserted to implement some particular object or a connection to that particular object. I am not so concerned about the activity being visible but that it be trustworthy. Use of encryption technology is primarily for reliability of communication and authenticity, with content encryption for privacy purposes. Invitations & Detection Avoidance. Kaye does suggest some ideas for making sure that only the invited can get into a community. This is not unlike other systems that use invitations, and something about the trust network used for OpenPGP comes to mind as well. Oh, it is a little like being able to tell a cookie has been falsified or someone is being impersonated. Architecture: Central Server/ This is Kaye's Slide 5, where the P2P network bootstrapping problem disappears because a central server is used to track users who are online. This strikes me the same as the Instant Messenger approach where a users publish their status and obtain periodic reports on the status of their list of friends. Phil Windley | ETCon 2004: Robert Kaye on Social Networking-Based File Sharing Networks. This is on Phil Windley's Blog, and it refers to Robert Kaye's discussion of Social Networks and how they work differently. Nevertheless, "Robert likes a two-part system with a central server architecture. Algorithms for authentication are difficult to do in a decentralized system. The central server offers a Web service interface that allows user to build any kind of social network application. The server has no knowledge of what clients are doing and thus clients are protected. The central server also solves the P2P bootstrapping problem of how to get clients linked-in."
|
|||
