chaz meyers: You know what's awesome?
chaz meyers: Writing an API 4 months ago, writing a slightly related component for a while, and then come back to the API, forgetting everything about it.
RustRage: heh, nice
RustRage: for umm
RustRage: what was the project?
chaz meyers: NECS.
RustRage: you needed an api???
chaz meyers: I overdesign everything, remember that.
RustRage: well, yes
chaz meyers: I created a templating system for it too, remember?
RustRage: yeah, i remembered that part
chaz meyers: Yeah. Didn't like that one so I wrote a new one.
chaz meyers: The new one is finished.
chaz meyers: It's pretty funny, 'cause it's just perl.
RustRage: you really do overdesign everything
chaz meyers: Yep.
chaz meyers: Well, I wanted it to be easily extendable.
RustRage: well, yeah
RustRage: but it's necs, how extendable would someone want it to be?
chaz meyers: I want it to be quite extendable.
RustRage: heh, well, of course
chaz meyers: I'm not going to do this for the initial release, but I was contemplating how the whole codebase could easily be expanded to include other types of relations.
chaz meyers: Besides just a "crush" relation.
chaz meyers: Ala friendster or something like that.
RustRage: but friendster sucks!
chaz meyers: True, but it's an interesting idea.
RustRage: well, yeah
chaz meyers: Crushlink also sucks.
RustRage: and it woudn't be too incredibly difficult
chaz meyers: That isn't stopping me from making an opensource alternative to it.
RustRage: heh, fair enough
chaz meyers: Besides, the templater was an interesting project on it's own merrit.
chaz meyers: Got to learn a lot about Perl's symbol tables and namespaces.
chaz meyers: Not as much as I would've liked to, but still.
RustRage: well, you could always pick up a book to get at the rest if you really wanted to
RustRage: oh, have you ever heard of a secure (ie: riaa couldn't hack it) p2p?
chaz meyers: I did pick up a book. Perl can be messy for uncommon tasks.
chaz meyers: Nope.
RustRage: I'm thikning about writing one
chaz meyers: I thought p2p was, by nature, insecure.
RustRage: well yeah
RustRage: but I mean, just untraceable more
chaz meyers: What do you have in mind?
RustRage: just routing the messages through someone else before hitting the end user
RustRage: it would take up a lot of bandwidth, but I don't think the riaa could get it (man in the middle attacks aside)
chaz meyers: Hm.
chaz meyers: So it would make a network edge essentially a router in your network.
chaz meyers: But because it's really a network edge, tracerout, etc, aren't efficient at tracking.
chaz meyers: Two issues I see right off the bat.
RustRage: I mean, I wouldn't be going for the fastest network ever
RustRage: but just in a sense that riaa/mpaa couldn't get ips
chaz meyers: 1) You need some sort of header so it knows where it will end up eventually.
chaz meyers: Couldn't the RIAA just look at that header?
RustRage: ehh, not really though
chaz meyers: What do you have in mind for that?
RustRage: like a temporary id
RustRage: or even a username
chaz meyers: Assigned by?
RustRage: the user
RustRage: I mean, tradition p2p stuff
chaz meyers: Well, my point is.
chaz meyers: Somewhere you're going to need to map id's to ip's.
chaz meyers: And that's a vulnerable point in the system.
RustRage: right, which is why I'm saying man in the middle attacks aside
chaz meyers: I mean beyond that.
RustRage: theoretically the ips could be garnered if it's the first (or last) hop
chaz meyers: I mean in terms of dup usernames and stuff like that.
chaz meyers: like, kazaa lets you have usernames, but they aren't really used for anything practical, as far as i can see.
RustRage: I mean, the way I see it's just like an additional tcp layer over umm well tcp
chaz meyers: and I'm just saying that TCP layers are easy to trace.
RustRage: so I mean, if the user gets an ack they didn't send anything for then you'd get a return
RustRage: well, howso if you would abstract out the ips
chaz meyers: That's the problem I'm running into.
chaz meyers: Everything I can think of eventually leads to centralization.
chaz meyers: Which, obviously, is unacceptable.
chaz meyers: the best I can think of...
chaz meyers: every user knows which computers are one hop away. each of those computers are numbered, maybe?
chaz meyers: and then you just pile on numbers the further you go? for the return trip, you just strip them off?
chaz meyers: i'm not sure i like that either.
RustRage: yeah, I dunno
RustRage: definetely requires me thinking about different things alot more
chaz meyers: i was thinking for a while about a circuit based type of system, but that would totally not work..
RustRage: right, I was thinking that too
chaz meyers: since so many people are like, "Hey, I just got this mp3. signing off now."
RustRage: I mean, you'd have to find a way for alternative routes for a circuit, which I can't figure out how to do without ips
chaz meyers: yes, without unique identifiers it's tricky.
chaz meyers: the problem is that you are trying to set up a trust based network where you can't trust any of the nodes.
RustRage: heh, basically
chaz meyers: there has to be someway you can have the best of both worlds.
chaz meyers: using addresses just local to the current host doesn't work because that's fixed.
chaz meyers: using unique identifiers for each node doesn't work because then you can reverse engineer the unique id.
RustRage: and how would you get unique ids in the first place
RustRage: unless it's centralized
RustRage: you'd have to broadcast the entire network
chaz meyers: well, in a sense, the hop-and-add-a-local-address-onto-a-long-string is a uid.
chaz meyers: it's just not globally readable.
chaz meyers: but you are correct.
RustRage: you might have gotten something
RustRage: let the user make up a username
RustRage: then add it to the first hop's ip
RustRage: so you can always find one hop away from the target node
RustRage: which would then have a circuit
RustRage: you'd have to setup a number of one hops though
chaz meyers: Yeah, it's the same problem as before, unless if the username is unique throughout the whole network.
RustRage: well, not necessarily
RustRage: unless everyone's one hop away from the same guy
chaz meyers: Think of it this way.
chaz meyers: I'm Bob, I'm trying to talk to Jose.
chaz meyers: I send my request to Tom because Tom happens to be between us.
chaz meyers: I don't know Jose's name because he's more than one hop away.
chaz meyers: So, I talk to Tom and say "Tom, I'm looking for this"
chaz meyers: Tom talks to Jose. Jose says, "I have this."
chaz meyers: Tom's cat pulls out Tom's network cable.
RustRage: right, but if you set up additional circuits
RustRage: ie: add mike, who's one hop from tom and bob
RustRage: I'm confused
RustRage: too much macro
chaz meyers: Let me draw a picture.
chaz meyers: Where can I email to? I'm on aim express.
chaz meyers: rather http://astro.temple.edu/~meyers/temp/tombobjose.PNG
RustRage: okay, got it
RustRage: so 2 users named jose?
chaz meyers: Jose isn't network unique, remember?
RustRage: right, but he would be because it would be really like jose
RustRage: and worse comes to worse, mike's jose intercepts a packet sent to tom's jose
RustRage: mike's jose could just send a nack
chaz meyers: understood.
chaz meyers: i'm pointing out the problem if Tom goes away.
chaz meyers: You have a circuit based connection.
RustRage: but if you set up multiple circuits, ie: duplicate tom's circuit
RustRage: but then that would divulge ips so nm
chaz meyers: yeah.
chaz meyers: and, even.
chaz meyers: let's say that mike pointed to tom's jose.
chaz meyers: you would have no way of knowing that they're the same without a unique id.
RustRage: ah, right
chaz meyers: So, it's the same exact situation as if they were given random numbers.
chaz meyers: Except when you give people names, they have to broadcast to everyone within one hop and find out who's taken up which names. assigning numbers can be done without network traffic.
chaz meyers: hm.
chaz meyers: it's a tricky problem you have here.
RustRage: okay, so what about if you had like a group proxy, just a single one, and then network the proxies
RustRage: then you'd have kazaa, nm
chaz meyers: what if you didn't care if it's connection-based?
chaz meyers: circuit based, rather?
RustRage: just packet switched?
chaz meyers: do you really care who has the file as long as it has the same md5 some or something?
RustRage: right, not at all
chaz meyers: so as long as tom sticks around long enough to send back the md5 of the file you want, does it really matter if you end up back with jose?
chaz meyers: you can just broadcast, "Hey, I'm looking for something that looks like this md5. If you have something like that, holla back."
RustRage: so search from text, whoever has text sends back md5, then broadcast requests for the md5?
RustRage: or you could do the ed2k link thing
chaz meyers: Well, you'd only broadcast req's for md5's if tom disapeared or his connection sucked, but basically yeah.
chaz meyers: ed2k?
RustRage: so I mean, yes, i guess that would work, but it still doesn't implicitly solve the anonymity issues
RustRage: very good, go check it out
chaz meyers: I think it addresses some issues.
RustRage: it's based on (I think md5 even) hashes and you can link from a webpage
RustRage: and it'll automatically start searching for the hash
chaz meyers: You no longer need a globally addressable unique identifier for every person.
chaz meyers: All you really care about are sending and recving packets to people who are one hop away.
chaz meyers: So, if I have an address that looks like:
RustRage: that would make sense
chaz meyers: 2,4,64,2,6,3,1
chaz meyers: all I know about is the 2, so for the last leg of the journey, you can be screwed, yes.
RustRage: right, but if someone breaks, just request again
chaz meyers: yeah, just req the md5.
RustRage: es muy bueno
chaz meyers: and if there is no md5, then there wasn't a second route in the first place.
RustRage: heh, thesis project here I go
chaz meyers: haha.
chaz meyers: make sure i at least get a footnote.
RustRage: heh, I'll call it cp2pm
chaz meyers: hahahaa.
chaz meyers: totally classy.
chaz meyers: mind if i post this, or 'fraid of the competition?
RustRage: heh, not at all
RustRage: it's not like I'd stand to gain any money off it anyway
chaz meyers: 'cause I know I'll lose it if I don't.
RustRage: yeah, me too