Client As Server: The New Model
 by David Weekly, in Editorials - Sun, Apr 16th 2000 23:59 UTC

David Weekly writes: "A new model is emerging from the Internet. It represents the culmination of years of incremental evolution in the structure of the network and the clients that feed upon it. It is based upon the same principles upon which the Internet was founded. It is this: the client is the server."

darpanet

People had previously grown used to the notion that there must be one central arbiter that oversees all transactions on a network: a Mainframe. This model has an obvious weakness: when the Mainframe goes down, the whole system is unusable. Then again, if there is only a single important point of failure, you could pay some people a lot of money to sit there and fix problems as soon as they happen (and hopefully insure that the problems never happen in the first place). Unfortunately, it's difficult to do this with regards to a nuclear bomb, so a different model was needed.

DARPANET provided this model by removing the server. It's like a model in which everyone hands mail to a friend who passes it to a friend who passes it to the recipient. While at first this might seem a little odd or inefficient, it means that it would be a lot harder for someone to stop the flow of mail to you (or the flow of mail in general). Instead of simply bombing the post office, now they have to assassinate each and every one of my friends to prevent me from getting mail. Going back to the real world, there would be no single point of failure which the Russians could bomb to take down our communications.

It was a revolutionary, strange way of thinking about things. To this day, some people don't understand it and ask questions like "Where is the server that runs the Internet?" or even "Where is the Internet?" It's hard to understand that every server on the Internet is a part of the Internet.

availability

A quick fix is to employ a large number of servers configured exactly the same way, so that if one goes down, traffic is quickly diverted to the others. Work is equally distributed amongst these servers by use of a "load balancer". This solves a few problems, but what if your server cluster is in California and the network link from California to New Zealand is getting bogged down? While the long-term answer is to invest in a faster connection to New Zealand, the short-term way to solve this problem is to put a server cluster in New Zealand. This sort of rapid expansion can quickly get expensive to deploy and manage. Some bright kids from MIT figured this out a few years ago and cobbled together what is now one of the fastest-growing companies out there: Akamai. (Hawaiian for "cool", if you're wondering.)

Akamai has already gone through the trouble of buying several thousand servers and putting them in network closets all around the world. The idea is that you can spoon off delivery of the parts of your site that don't change much (the pictures, the movies, etc.) to Akamai, and they'll take care of making sure that your readership can always quickly access your content. Cute idea. "Cool," even.

Distributed services lead to higher data availability. The more machines that are distributing your content in the more places, the more people will be able to access your content quickly. It's a straightforward idea. This notion of distributing work is also useful for distributing computation...

processing power

It's important to note that making fast chips is expensive, because if I want ten times the processing power that comes in a top-of-the-line consumer PC, the best way to do that and save money is not to buy a machine that's ten times faster, it's to buy ten top-of-the-line consumer PCs. People have understood this general concept for a long, long time: wire together a bunch of processors to get a very, very fast machine. It's called "Massive MultiProcessing" (MMP) and is pretty much how all of the supercomputers of yore (and of today!) work.

The recent concept is that it's possible to do this with off-the-shelf PCs. Recently, software (such as Beowulf) has been developed to make it very easy to make a cluster of PCs act like one very fast PC. Sites that previously deployed very expensive custom supercomputer systems are actively investigating using massively distributed commodity hardware to serve their computing needs. That would be remarkable as-is, but this concept of distributing computing cycles has gone even farther than clumps of commodity hardware: it's gone into the home.

seti @ home

Some clever programmers put together the software used for analyzing the data returned by the Arecibo antenna (the largest radio receiver on Earth), put some pretty graphics on it, got it to act as a screensaver, and put it on the Web. Several hundred thousand people downloaded it and ran it. While they're away from their computers, this pretty screensaver crunches through vast quantities of data, searching for patterns in the signals. The SETI project (as of this writing) in this way has a "virtual computer" that is computing 13.5 trillion floating-point operations per second.

(I feel I should also mention distributed.net, which spends its time using people's computing power to crack cryptography codes. Their "virtual computer" is currently cracking a 64-bit cipher known as RC4 at the rate of 130 billion keys per second.)

data services

Napster is one of the first and best examples of end-users acting as distributed servers. When you install Napster, it asks you where your MP3 files are. You tell it, and it makes a list of what MP3 files you have, how long each song is, and of what quality the recording is. It then uploads this list (but not the songs) to a central server. In this way, the central server has a whole bunch of lists. It knows who has what music, and you can ask the server who has songs by Nirvana and then contact those other users (while your Beck tunes are possibly getting served to some Scandinavian with a predilection for American music). This model allows information (in this case, MP3 files) to be rapidly and efficiently served to thousands of users.

The problem with it is both technical and legal. There is a single point of failure: Napster's servers. While there is more than one server (the client asks a "meta-server" what server it should connect to), they are all owned by Napster. These servers, unfortunately, do not share their file lists between themselves, and as a result, you can only share files (and see the files of) others connected to the same server that you happen to have connected to. Napster is currently being sued by the RIAA for acting as a medium for distributing illegal MP3 files. While it is true that Napster can be easily used for illegally distributing MP3 files, they themselves don't actually copy the bits for users; it's more like acting as a Kinko's that happens to be used by subversives than actually distributing copies of MP3.

If you are a Napster user, you should be worried about this lawsuit, because if the RIAA succeeds, they will probably want to shut down Napster's servers, thus theoretically shutting down the whole Napster network. In short order, they could quickly close down any Napster clones because of the legal precedent that the anti-Napster case would set. Boom. Game over, no more illegal music.

Theoretically.

a virtual internet

This is a "virtual Internet" of sorts in which links are not physical (a wire from you to me) but logical (I know you). Data flows through this "web of friendship" in such a way that it looks like you are only talking with your friends, when really you are talking to your friends' friends, and so forth.

gnutella

Since there's no central server around which Gnutella revolves, AOL's shutdown of the project didn't actually stop Gnutella from working. A growing user base of several thousand souls (myself included) uses the product on a daily basis to share files of all types, from music to movies to programs. At last check, there were about 2,200 people using it, sharing 1.5 terabytes of information. Wow.

There's no way to shut it down. There is no organization to sue to stop it. There is no server to unplug that would bring the network tumbling down. As long as at least two people are running the software, the network is up and running.

freenet

the future net

What is enabling this now? Well, computers are, unsurprisingly, getting faster every year. The average desktop that's sold to Joe User for doing word processing, email, and Web browsing can, when properly configured, deliver hundreds of thousands of email messages a day, serve millions of Web pages, route Internet traffic for tens of thousands of users, or serve gigabytes of files a day. (Joe probably isn't aware of this and will still kick it when Word takes five minutes to load.) His hard drive could store 100,000 Web sites each having ten or so pages, email for 1,000 users, and a few thousand of his favorite songs. Furthermore, if Joe has DSL or a cable line, he's got a static IP (an address on the Internet that doesn't change often, if at all), is almost always connected to the Internet, and is online at high speed.

In short, Average Joe's computer resembles one of the best Internet servers of yesteryear.

If thousands of Joes end up running "community" applications like Gnutella, they can take advantage of their connectivity, disk space, and computing power. New "co-hosting" services will spring up like popcorn in the microwave. Here are a few possibilities in that direction:

the distributed future

requiem server

a footnote on wireless

David Weekly is a senior majoring in Computer Science at Stanford University. A programmer since the age of 5 and a veteran of the MP3 scene, he's working on graduating in June and generally figuring life out. He offers a tip of the hat to Kevin Doran for inspiring him to write these ideas down.

T-Shirts and Fame!

We're eager to find people interested in writing editorials on software-related topics. We're flexible on length, style, and topic, so long as you know what you're talking about and back up your opinions with facts. Anyone who writes an editorial gets a freshmeat t-shirt from ThinkGeek in addition to 15 minutes of fame. If you think you'd like to try your hand at it, let jeff.covey@freshmeat.net know what you'd like to write about.

[Comments are disabled]

Referenced categories Topic :: Communications :: File Sharing Topic :: Communications :: File Sharing :: Napster Topic :: System :: Clustering/Distributed Networks

Referenced projects Freenet - A distributed decentralised information storage and retrieval system.

 Comments

[»] Magical transaction fabric in the sky
by ToddBoyle - May 24th 2000 14:32:59

I'm an independent web accounting consultant and evangelist. I maintain a free info. website you might enjoy. David Weekly is God! I want you to build an ecommerce platform based on freenet.

Basically, individuals and small business will send and receive invoices, orders and payments over the internet instead of printing and mailing. The question is yours: will this be geodesic or will we be paying rents to hubs and gatekeepers the next fifty years, like we are with the telcos and the banks?

Based on about 5000 hours of research I think the webledgers will be so numerous and functional, the fees and rents will be low, and today's hubs, banks etc. will be a laughingstock, in comparison. If you're curious here is a list of webledgers and other BSPs http://www.gldialtone.com/links.htm

But every ecommerce platform and webledger, today, and on the drawing board is still a book-entry system on a server someplace, (except some of the digital bearer cash discussed on www.philodox.com DBS mailing list)

The ideal ecommerce environment would be a "magical transaction fabric" in the sky, where we will find bids and offers with zero friction, conduct business in utter safety and privacy, and where all transaction data would be stored with total reliability and redundancy but decentrallized, with the encrypted bits dispersed among countless trillions of other transactions and millions of servers, impossible for anybody except the principle parties to retrieve, and impossible to lose, yet retrievable with your key anytime.

(translation: I have discoverd http://freenet.sourceforge.net/ (grin))

"it" is going to need some resource management mechanism.

When you start using the magical transaction fabric, the data sizes and bandwidth assigned to your computer by the fabric would be stored based on the data sizes and bandwidth you are loading onto the fabric with your business. If you unplug your computer the fabric would detect it and start repairing the lost hash by shovelling it out to nearby nodes. The fabric would punish you by increasing your datasizes and bandwidth next time you login, eventually killing you if you keep doing it.

Todd http://www.GLDialtone.com/webledger.htm

[reply] [top]

[»] legality issues
by Mr. Shiny & New - Apr 19th 2000 02:11:47

In regards to some people's view that Napster and Gnutella are illegal because they are used for piracy purposes, I just have to say that it doesn't matter if no one distribuites shareware or source code on Gnutella and you've never searched for original artists on Napster. That wasn't my point at all; the point was that you can't just decide that a program is illegal because people use it to do bad things. That kind of reasoning is flawed; it's like saying that netscape shouldn't have ftp support, because the only people who use ftp in windows are downloading warez. I don't know many people who run windows only, and use ftp who actually download legal files. Yet if I claimed that ftp support in windows equals piracy, people would say that it was stupid. The point is that a data transfer protocol is not illegal. Do you know anyone who actually made legal copies of things with cd burners? Everyone I know who has one burns pirated CD software; virtually no one uses it as backup or (legal) software distribution (I'm not including people in industry, only home users). Are CD burners illegal? Of course not. Photocopiers can be used to make unlimited numbers of copies of copyrighted works; are they illegal? Nope. The fact is that just because a tool can be abused is no reason to make that tool illegal.

Furthermore, the claim that NFS/SMB are "enough" to share data with the rest of the world, or that email is sufficient, is garbage. Email is not designed for file transfer; that is a bad hack that should be discouraged. That's why most ISPs bounce emails larger than a few MB. And NFS and SMB are not well suited to Internet use. For one thing, they require a lot of configuration, and provide too little security. For another, they are not suited to the needs of people with dynamic IPs and groups that are not fixed in size or membership. They just don't provide the same functionality that Napster or Gnutella provide.

Now, I'm not condonning piracy; nor do I claim that Napster or Gnutella have any amount of security. But they were designed because there was no such tool that provided this functionality. It doesn't matter if the inventors had good or bad intentions; it doesn't matter if the tools are used for illegal purposes. The point is that a tool is not intrinsicly bad, and saying that "People share warez on Gnutella so Gnutella is illegal" is just as ludicrous as saying that "Cars can be used to kill people so cars should be illegal".

[reply] [top]

[»] Security and Trust
by DocWilco - Apr 18th 2000 11:04:21

The problem I see with such a widely distributed network is security and trust. For instance with the mail example. If 10 friends all store the same email to addressed to me, there's a good chance I would get that email, even if a few of their machines are down. But what if a fwe of them get together and forge an email. How would I know it's not the real thing?

This is just an example and a very simple one. Considering SMTP right now is also very open. But look at email-SPAM. As someone else noted, that would be very easy to do with Gnutella.

Without a central authority it gets really hard to implement a model based on trust that can span the entire (or larger part of the) internet.

One could try with Certificates and Public Key concepts, but still, one would have to say "I trust that person". And can you really trust all your friends.

And how far would you let that trust carry. If you trust person A, and person A trusts person B, does that mean you trust person B? It would seem the right approach for a Akamai like concept, but what about the "7 degrees of seperation" theory? I'm not completely sure, but I believe the theory says that between any individual on earth and any other individual on earth there are only 7 people. Frankly that has me worried. It might not be 7, but anything higher than 10 seems a bit too much. That's 10 people. So if the trust goes 11 levels deep, I trust everybody on earth. Including crazy virus writers, and childporn collectors.

So although "The client is the server" seems like a cool idea, I think the whole trust&security aspect of it should be examined and examined really carefully, because frankly I think that the scenario of introducing bogus files and noise that was posted earlier is a real threat.

[reply] [top]

[»] The New Model and Russian Threat
by Dima - Apr 17th 2000 18:10:57

After reading your "Client As Server: The New Model" I'd like to draw your attention to the fact that today is April of year 2000 which you probably forgot when using "Russians" as an example of universal threat to humanity in your text. This loss of memory probably happens when coding or writing articles around the clock. On the technical side I agree with your view on distributed computing being myself in network programming for about 15 years already. I was lucky to take part in the architecture and actual development of the first Russian heterogeneous LAN ALISA in the early 80th even before the Novel Netware come into existence. ALISA has been successfully deployed on about 1000 sites in many parts of the world (including FTP Software where some of ALISA developers work since then) and allowed to interconnect DEC PDP, IBM mainframe and PCs into network providing virtual devices such as terminals, tapes, disks and printers. Even that time, when working on ALISA I don't remember anybody around me in Moscow who would consider using nuclear weapons against any other country. It was quite a discovery for me later when I was working in Silicon Valley in 1996, 1997 and occasionally had a small talk with a cop of the fact to what an extent most public in the States was zombied by Russian threat. This guy told he likes that we can just chat as normal people now. He also said that he was told many horror stories in school about possible Russian invasion. Even policemen has come over this brain-washing at least three years ago ! The more sorrow I feel now in year 2000 when I come across mentioning Russia (actually your example is the first one in many years) as a threat to the world in the technical! article. This is ridiculous at best. Much more appropriate as an example of a real threat would be to use "Corporate America" which I got to know so well during two years I lived in the Valley. Dima

[reply] [top]

[»] But gnutella has a serious flaw...
by Spot The Dog - Apr 17th 2000 17:50:06

Try this experiment: create a few files full of garbage and put them in your gnutella outgoing directory with provocative file names, eg SexySlut.jpg or FatBoySlim_PraiseYou.mp3. Watch as people wasting their bandwidth keep downloading these files.

Of course this is not very nice behaviour, but it serves to illustrate a very real possible denial-of-service attack, albeit one characterised by gradual degradation.

Imagine you are the RIAA or the Chineese Government and wish to prevent the spead of the technology by making it (almost) useless. You can connect to any gnutella node and obtain a list of other nodes, and consequently walk through mapping the network as it morphs from moment to moment. Keep a connection open to every known node and each time a search is initiated, respond by saying you have a file which matches exactly what has been requested. You can even use AI learning techniques to optimise the construction of responses to make a best guess as to what will most likely result in a download. You can also keep changing your IP number to make it difficult for gnutella users to learn to avoid your 'noise'.

The problem is that gnutella as currently designed does not implement any quality control mechanism. The solution/challenge is to design such a mechanism that works in a self-organising, distributed network.

[reply] [top]

[»] Comment on all comments
by asi - Apr 17th 2000 17:28:43

You all post comments like it matters what you say will make any difference. You think you have control over what gets posted on the Internet? How the largest collection of information in the history of this world is distributed? Well as a single individual you don’t. Your little voice means nothing. This is a wonderful example of evolution. What survives is only what that masses want. And the masses want a freenetwork. You think it's "morally correct", you think it's "illegal", you think it's "evil", HAHA. It doesn’t matter! Thousands of people downloaded SETI @ home without any thoughts about a backdoor installed. Or better yet million of people use Microsoft products. Need I say more? People don’t care about security. The little teenage will see one thing. Ahhh a program I can download/install on my computer that will give me access to free mp3s, Porn, movies, and anything else I could download; for free! All I need to do is share a little hard drive space and a little bandwidth? Done! Freenet or something like it will happen, for one reason and one reason only: because we want it.

[reply] [top]

[»] Openness
by Alhazred - Apr 17th 2000 16:39:16

Sean brings up reasonable points, but again a close examination will reveal that secrecy is not the proper response.

Who is at fault when someone SPAM's you? Surely not the software. By this logic guns kill people, not those who fire them... Hiding your email address is not the answer, this is throwing out the baby with the bathwater. Furthermore no network is really ever going to be all that secure, someone will find your address, sooner or later, and once they do your going to get spammed. UNLESS people don't DO things like that, because they have RESPECT for others. Promote respect, not secrecy. Solve the problem, not the symptom.

Now given that some people will always be problems, how do we identify and deal with them? Simple. Qualitative ratings and filtering. My friend Steve Moyer has already implemented a system which is quite good at this, and extends far beyond email. I am currently considering ways in which this information can be distributed in a non-centralized way to anyone requiring it. Hence the interest in Freenet, Gnutella, etc.

[reply] [top]

[»] Napster and Nutella
by OoSpaceoO - Apr 17th 2000 15:37:31

The article by david weekly and many of the subsequent postings have brought up a number of very valid points regarding the legality of programs like Gnutella and Napster. Although it is no secret that these programs are primarily used to pirate massive amounts of software and digital media, debating the legitamicy of such programs is useless. As David Weekly intuitively points out, such programs will have the means to survive as long as there are still users willing to support them. As broadband technology becomes more and more universal, the effect on the software and media industries will become more and more dramatic as piracy increases and sales decline. The question now should not be how to stop such action, but rather where such companies should look for alternative sources of income in this new era. This is the question people should try to answer rather than trying to regulate something as vast as the internet.

[reply] [top]

[»] Privacy
by Sean Russell - Apr 17th 2000 14:28:11

Alhazred claims that the desire for privacy is a sign of dishonesty. I disagree with this. In many cases, the desire for privacy is entirely justified based on the behavior of others. I do not like unsolicited email, and therefore endeavor to keep my email address relatively private. For obvious reasons which are anything but dishonest, I certainly want my credit card information kept private. The same is true about my social security number, my mother's maiden name, and how I vote in general elections. One very important reason (one might argue the most common reason) that we keep information private is because of the damage that others can do to us if they have that information. Some cultures believe that they have a private name that has power over them; it is very important for these people to keep that private name secret. The American voting system is private ballot for a reason that has absolutely nothing to do with dishonesty.

There are many very good, honest reasons why someone would want to keep certain information private. I completely reject the notion that the desire for privacy implies a dishonest character.

--

[reply] [top]

[»] Security and privacy
by Sean Russell - Apr 17th 2000 14:13:38

In response to Dave's comment that data security is easily solved using encryption: this is a partial solution to the problems associated with data replication. There are two primary issues with distributed storage: data replication, and data security. Data replication requires some sort of versioning system, for identifying the replicated data, and this can get very complicated. Data replication would provide extended accessibility to data in case of server failure, but also increases bandwidth usage and eats up storage medium.

Encrypting the data will reduce the ability of hostile agents to crack the data, but will not eliminate it. As we have seen through various DES and ECC challenges, with distributed computing any current encryption mechanism can be cracked. The question becomes only how badly the hostile agent wants to crack your data. While personal emails are fairly safe due to volume and relative economic unimportance, business data is a very attractive target, and encryption only helps keep the data safe. To be truely safe, the data needs to be additionally hidden from untrusted hosts. As I said before, the very first step of securing data is limiting access to the data, encrypted or not.

--

[reply] [top]

[»] Paradigm Problem
by Alhazred - Apr 17th 2000 10:16:03

It certainly seems that this article has touched a nerve...

I would simply like to observe that perhaps the issues brought up have a lot more to do with people's perceptions and expectations than anything else. Why would I CARE who can see my data? Do all of you out there feel that you HAVE SOMETHING TO HIDE? Eh? Perhaps you need to examine your lives. You might find that the contents of your hard drives are not really all that interesting to the rest of the world. Afraid people will find out you like to look at girly pictures? OK, fine, then maybe A) people need to be less judgemental, and B) if you real feel that its going to reflect badly on you then DON'T DO IT. Hiding your girlfriend's email from your wife? Huh, somehow I don't think the problem there is privacy... Only EVIL fears the light. Examine your fears and you will see the truth of this. The problem is in your hearts and minds. Openness is strength and power. The righteous have nothing to fear.

People will object that there is information which is not fit to be general knowledge, that openness puts us all in danger of being "spied on" by "big brother", etc etc etc. Again, a straightforward examination of each of these claims demonstrates uniquivocally that the problem is NOT openness. Hiding things, keeping secrets, is in fact a sign of weakness, of doubt about OURSELVES. The truely righteous person, living in the truely righteous society has NOTHING TO FEAR. If you do not believe you are such, and that you do not live in such a society then the answer is to CREATE ONE. Not to hide behind obscurity and layers of encryption. Trust breeds trust, right thinking breeds right thinking. Attacking the symptoms of the disease is no way to accomplish a cure for the world's ills.

[reply] [top]

[»] Illegal ... or a sin?
by Petr Tesarik - Apr 17th 2000 06:25:38

A few people stated here that inventing/running Gnutella might or might not be legal. Well, the legality is only the question if you ask whether or not a person will go to jail. On the other hand, there's the moral question. Downloading and using a program created by someone else, who has spent much time creating it and doesn't give it away for free, results in dirty conscience. Why is this not true for some folks? Do they think they have right to steal? Hey, would you go to an airplane without a valid ticket arguing that it's your freedom of movement? You probably find this absurd but producer's work costs some money and producers (regardless whether programmers or musicians) need to live somehow. That's why they have to sell their programs/music. Maybe if you planted free wheat and baked free bread for them, they could give it away for free too. :) As long as they need to pay all these thinks, they also have to charge money for their work. If I exaggerate a bit, by copying "illegal" music you're making musicians starve. In reality, you don't, because they use other means to get money and it's those unclean practices you hate on the music and software industry. I understand you. But it won't change. Nothing will change until you start changing...

[reply] [top]

[»] Re: previous post.
by timecop - Apr 17th 2000 04:19:55

Please. "Some" people using it to traffic warez. Have you seen unregistered shareware offered on Gnutella lately? Have you seen free, no-copyright-attached MP3 music on Gnutella? Have you seen 100% legal music on Napster? Get with it, the response that only "Some" people use it illegally is just dumb. The primary PURPOSE that napster and gnutella were created for is to share illegal data. Not to share data. What "data" exactly was planned to be shared? I sure as hell don't want to share my private documents and files, only with a few selected people, and email and nfs/samba works fine for that. I don't need a collection of my source code shared in Gnutella, because I can just as well use sourceforge.net or something similar. Same goes for music, if I am a starting artist and want to make my music available I go to mp3.com or something, and create myself an account, and get publicity as well as the fact that mp3.com is probably visited by large record companies and I have a lot more chances of being noticed than if I post my music on some underground ftp site or offer it in #elitemp3warez on EFNET. So all these claims that napster and gnutella were created to share legal data is crap, I cannot think of any examples of "legal data" that cannot be shared using current technolgies, and why a whole new protocol was created for this is beyond me.

[reply] [top]

[»] Re: The legality of Gnutella and other distributed file sharing systems
by Mr. Shiny & New - Apr 16th 2000 23:11:53

There have been comments about the legality of Napster and Gnutella. One post claims that they are blatantly illegal and downloading from them is just as illegal as downloading from some warez site or from irc. I feel that a point must be made. Firstly, sharing data is not necessarily illegal. You can't put the inventors of Gnutella in jail because some users use it to distribute warez. That would be like putting the inventor of http/html in jail because web sites can contain warez or child-porn or other illegal content. It would be like arresting the inventors of the cassette deck because cassettes can make copies of CDs or pre-recorded cassettes. As one person commented, it would be like putting gun manufacturers in jail because guns are used to commit murder. The conclusion that Gnutella is illegal because you can share illegal content on it is just false. And decisions like this have been taken to court before. In the US it is LEGAL to make backup copies of copyrighted material for your own use, and it is LEGAL to make copies of audio recordings for your own use on different formats (ie to make a tape of a CD so that you can listen to it in the car). In other countries, this is not necessarily the case. In any event, the act of transfering a program from one computer to another over a network does not necessarily constitute piracy. I have installed Windows 9x on many computers using various means, not always using the CD. Furthermore I have installed Windows (or other apps) on multiple computers using only one copy of the media. Is this piracy? No, because these computers had the required licenses. So I can ftp adobe photoshop to my friend if he has a license for that version but say, lost his CD. That's perfectly legal. Gnutella is as legal as NFS in Unix or "File and Printer Sharing" in Windows. Napster, on the other hand, could be considered illegal because it only allows sharing of mp3s. BUT the thing is that again, backup copies and change-of-format copies are legal; also just because a tool can be used in an illegal manner doesn't mean that the tool is illegal.

[reply] [top]

[»] Security
by Hairy Larry - Apr 16th 2000 21:34:49

The second issue was what I had in mind. Thousands of servers being administered by people that are not even knowledgeable about computers let alone able to even evaluate security on their servers. This will necessarily call for some type of distributed application that updates security automatically. Which is where the issue of trust comes in.

I am not particularly happy about Microsoft updating my OS if I connect to the internet and I would be distrustful of any third party applying security patches on my server without my knowledge. So there will have to be protocols with authoriztions, notifications, audits, and probably a whole bunch of other stuff.

As mentioned Open Source has a definite advantage here, there is just too much conflict of interest to allow large corporations with proprietary code the ability to patch your security without you really knowing what they are doing. Open Source security patches will be audited right to the source code level making trap doors or other tricks difficult to perpetrate.

In order for businesses to buy into a distributed security system they will demand accountability. That is a company name and a known team that will answer their concerns. There will be many businesses providing these services hopefully based on Open Source code and standard open protocols.

In the same way that you can trust your data to servers that may be insecure by applying encryption we need to be able to trust security updates to third parties with the assurance that all updates are done in an open and well understood way. This way we can trust an understandable process and trust the business that is using this process with our most important posession, security on our servers.

In just writing these few paragraphs it has been very difficult to remain clear and this is just trying to outline the problem. Discussing these issues with normal people causes their eyes to glaze over in less than 30 seconds. There is a great deal of important work to be done here on a very complicated issue.

Thanks,

Hairy Larry

[reply] [top]

[»] Comments on Comments
by david e. weekly - Apr 16th 2000 20:48:03

I appreciate these comments. It is correct that I should call it ARPANET proper and not DARPANET (although there are many documents that indicate that that was its informal name for some time). Also, the RAND Corporation's work on the reliability of a network under nuclear attack influenced but was not the primary motivator behind ARPANET. I apologize for being misleading about this.

As for the security concerns, there are really two very separate security issues here: one is data security, or that your private data (were you to store it in a distributed fashion) could be compromised. The easy solution to this is to encrypt your data with a large key that only you have (standard symmetric crypto) and distribute the pieces to the untrusted network. If you are sufficiently clever you could build a system to store your email on a distributed network run by people you didn't know and didn't trust without fear of it being read.

The second security issue is considerably more worrisome: that with a proliferation of server-type programs running on users' PCs, that a bevy of holes could be found and vast attacks could be mounted. I think that people will need to run Open Source software by virtue of its auditability and reliability. Secure "Auto-updating" will need to be built in to allow security patches to be distributed as soon as they are available. Given that all of the nodes running the software will have significant connectivity, this should be quite feasible.

As for the person who believed that "Akamai" means "smart" and not "cool" -- it means both! =) The following is from Akamai's own page [at http://www.akamai.com/company/origins.html]: Akamai (pronounced AH kuh my) is a Hawaiian word for intelligent and clever. Informally, it means "cool."

Finally, while the concept of distributing services in general is certainly not new, the new model that I see emerging is the client becoming a distributed server by default. That is to say, there are no longer clients and servers on the network, only participants. Were this to happen, an underground network could very rapidly supercede Akamai and similarly "explicitly distributed" systems in favor of a "user-distributed" architecture. Local mirroring happens automatically, not at the whim of whether or not your ISP has decided to partner with Tucows...The upside is huge: if you're on the network, it'll be like you've got a giant version of Akamai working for you with automatic mirroring, balancing, cacheing, etc.

Again, I really appreciate the insightful comments that you all have left. Feel free to contact me if you want to talk further about this.

[reply] [top]

[»] Re: Previous post.
by iserlohn - Apr 16th 2000 19:43:20

Actually the guys who made gnutella made a couple million bucks off a piece of free(beer) software called winamp.

And by the way, would you like to present your argument to the gun industry? They would be very happy to hear how they making guns and selling them increases the muder rate in the US.

I'm not saying that it does. I'm just saying they would be very happy to hear you out. Remember to mention the part about getting their ass in jail. :)

life's a journey. get gas while it's cheap.

[reply] [top]

[»] GNUTELLA/NAPSTER
by timecop - Apr 16th 2000 19:32:38

This comment will undoubtedly be deleted because it goes against what most "3r33t w4r3z d00dz" who run this place think about piracy and illegal activities. However I would like to take my time to say that Napster/Gnutella services are just as illegal as copying warez from some random .edu ftp site. Here, the downloaded will say that he is not responsible for downloading, because he got the list from #warez_insert_slow_modem_speed_sites, and that it was not his fault for connecting and getting the warez. Napster people say exactly the same thing. Sorry, since we do not actually host the pirated MP3 files, then we are cool. But this is just as absurd as making #warez_insert_slow_modem_speed_sites responsible for average joe luser downloading pirated copies of your next Windows shitware. The Gnutella bullshit is even worse, all the fucking americans are so sure of themselves, they think they can legally transfer "Music, Movies, Programs, and any other type of file over the internet". Now, I am sure the "Programs" are not shareware demo versions, and I last time I checked the only kind of movie you could freely pass along was whatever you took with a quickcam in your bedroom... etc etc. I wish the Napster lawsuit suceeds, and set good precedence for the other lusers trying to do the same, and I hope as a result of that the bastard who made Gnutella will either lose a lot of money, or be stuck in jail for a few years.

[reply] [top]

[»] Akamai
by wtanaka - Apr 16th 2000 16:46:35

Last time I checked, Akamai meant "smart," not "cool."

[reply] [top]

[»] DIistributes vs. centralized storage
by justman - Apr 16th 2000 13:17:54

I think that the article dosen't address the direction of the individual networks that make up the internet. They tend to be moving towards the centralized storage mode.
House holds with cable modems and more than one computer are through the magic of SMB and a lot of CAT5 playing their 5 gig mp3 collection residing on their athlon monster system on their P133 in the basement.
Business and university networks are also starting to more into this directions. Great strides are being made into making windows remote bootable, although M!cr0$0ft is not making these efforts, and why anyone would want to remote boot Windows when *BSD or Linux would remote boot much easier. Indeed there are several entries in the freshmeat application database regarding utilities for NIC EPROMS and remote booting utilities. Companies and Universities using Beowulf clusters usually do not use the nodes as clients. Usually most nodes in a Beowulf do not even have consoles attached.
What has influenced the centralized stoage in modern LAN design? most likely the simple fact that as fast as internet access has become. LAN connections are much faster. A cable Modem has a maximun speed of 10 Mbits/sec which is rarely realixed. Todays LANS are usually 100 Mbits/sec and are designed to come close to auctually reaching the maximum speed of the network cards. Naturally it makes sense that once you get the data in the LAN, if you have an inexpensive means of storing it, which you do in todays storage market, store it in one place on the lan and allow all the clients to read it from their on a need to access basis.
The concept of locally mirroring data is not new. Tucows.com offers advertisement profits to ISP's that mirror their monster software collection. However their biggest selling point is a significant reduction in the ISPs extranetwork traffic.
Networking will continue to evolve as well as computing in general. The client as a server model makes sense now but it might not 2 years from now. However, whatever happens computers will evolve as they always have, although it would be nice if that evolution included the price of leasing a T3 dropping to the point where having one installed into your house is feasible.

[reply] [top]

[»] Death of Static IP + Authorized Use Policies
by halmonster - Apr 16th 2000 12:56:33

My concern is that the Static IP number is an endangered
animal. Many ISPs are no longer giving out Static IP numbers for
their DSL customers. It's hard to be a server without one. I know
there are some DNS services out there but that isn't a mature
solution yet. The other issue is that as ISPs become more corporate,
their Acceptable Use Policies will restrict forms of speech that those
corporations don't like. At first you won't be able to post "libelous"
comments on your own web site, then they'll shutdown Napster
style file sharing. There needs to be some kind of government
protection for this kind of speech, and I'm not confident we'll
get the sorts of protections that are our right.

[reply] [top]

[»] Nice, but...
by ianezz - Apr 16th 2000 11:29:30

All this is really exciting (I like distributed systems), but what about security?

Basically, think about the millions of Joe Luser that are out there and don't have any clue in security. Think also at all the software manifacturers that, when it comes to choose between security and ease of use at all costs, usually choose the latter.

A large part of the world is already filled with Windows 98 boxes, or with Windows NT and Linux boxes that, for the law of large numbers, are poorly configured WRT security. The major problem is of Joe's box being used to attack someone else without Joe's knowledge, and in a way that is undistinguishable from normal use. Of course, Joe doesn't pay much attention until he becomes a victim.

Making everything distributed could also turn in cracker's paradise, as you can see: they would have to attack multiple subjects at once, probably unaware of how thing works, and not a single subject with some security knowledge. Think of all script kiddies with lists of misconfigured hosts "ready to use" and the picture is almost complete.

Shortly: security in such distributed systems can't rely in any measure on the knowledge of the final user, because there are too many users who wouldn't pay any attention on security issues for many valid reasons (difficulties, lack of time, etc.), not counting pure laziness.

[reply] [top]

[»] Another definition of Free
by Hairy Larry - Apr 16th 2000 11:17:44

Yet another advantage of Open Source and another meaning of free. Free from restrictions as in "They can't take it away from us."

The deeper issue is the coming of age of clients to server status and what this change implies is an important issue. The dark side of this trend lies in the fact that many (most) installations putting this powerful and always connected hardware in place are not thinking in these terms and really have no idea of the security risks they are taking. And there is zero chance that at most (nearly all) will there be someone reading security bulletins and fixing holes.

Think about distributed data security. Think about third parties providing data security services completely over the net. Think about trust. These are very difficult issues.

Thanks,

Hairy Larry
http://tvsoup.com
http://deltaboogie.com
http://tvsoup.net/pwweb

[reply] [top]

[»] "DARPANET" Revisionist?
by genepaul - Apr 16th 2000 11:04:00

As one who is old enough to have been an ARPANET user in the early days, I think that re-naming the ARPANET to DARPANET after the fact is revisionist history. In the words of the Dept of Defense and the Agency, as found at URL: http://www.dei.isep.ipp.pt/docs/arpa-Introduc.html, " Introduction The global Internet's progenitor was the Advanced Research Projects Agency Network (ARPANET) of the U.S. Department of Defense. This is an important fact to remember, because the support and style of management by ARPA was crucial to the success of ARPANET. As the Internet develops and the struggle over the role the Internet plays unfolds, it will be important to remember how the network developed and the culture that it was connected with. (As a facilitator of communication, the culture of the Net is an important feature to acknowledge.) The ARPANET Completion Report, as published jointly by BBN of Cambridge, Mass., and ARPA concludes by stating: ``...it is somewhat fitting to end on the note that the ARPANET program has had a strong and direct feedback into the support and strength of computer science, from which the network itself sprung.'' (Chapter III, pg.132, Section 2.3.4) In order to understand the wonder that the Internet, and various parts of the Net, represent, we need to understand why the ARPANET Completion report ends with the suggestion that the ARPANET is fundamentally connected to and born of computer science. " It is probably easy to assume that because at one point in its history, ARPA started calling itself DARPA, that its projects might also undergo name changes, but I would not assume that.

[reply] [top]

[»] Distributed apps vs. servers
by Sean Russell - Apr 16th 2000 11:02:25

By definition, any computer which provides a service to another computer is a server. I think that at some point it becomes useful to distinguish between distributed applications and servers. What is being talked about in this article are distributed applications.

While distributed applications are really useful in a lot of ways, they do not replace servers. For example, as a company, much of my business logic I will absolutely not want running on arbitrary computers.

Another example is file storage. The only way to extend the distributed model to data storage is by replication. This is useful in many cases, but not practical to the extent that that redundancy achieves a level as discussed in this article. The security issue is even more appropriate for storage; the first step to securing data is to restrict access to the data.

I don't expect to see distributed solutions replacing servers any time in the near, or even far, future. That said, there are a vast number of problems for which distributed computing is an excellent solution, especially for organizations which do not have access to funds for providing their own distributed network of secure systems.

--

[reply] [top]