Timestamps are in GMT/BST.
[0:14] <linyos> the key to sneakernet is not routing so much as caching efficiently
[0:15] <linyos> and the depth of the cache
[0:20] <linyos> we should breed an army of vicious mutant cats
[0:20] <linyos> equip them with hard disks
[0:20] <linyos> and let them roam about
[0:20] <linyos> exchanging information
[0:24] <linyos> but i mean, suppose you had just a thousand devices in your 'local area' that you can search
[0:24] <linyos> and each device stored one terabyte, yielding a local cache depth of a petabyte
[0:25] <linyos> if you can solve the knapsack problem of filling that terabyte with the variously-sized pieces of data that yield the most aggregate utility
[0:25] <linyos> that petabyte
[0:25] <linyos> i think in the real world, you are not doing too bad at all
[0:25] <linyos> if you can do that
[0:26] <linyos> so the problem there is not routing, as you can broadcast, but efficiently using the cache space.
[0:28] <linyos> if hard disks keep growing as they have been, in five years there will be 10TB disks or something
[0:29] <linyos> naturally people will find all sorts of new ways to use all that
[0:42] <linyos> the thing about scaling by segmentation
[0:42] <linyos> how much worse is one petabyte than 100 petabytes?
[0:43] <linyos> well, it means that the 'cost' of a file is 100 times more in the one-petabyte network
[0:45] <linyos> but in practice, what do you really need to have a useful system
[0:45] <linyos> i suppose you could measure that (if you are being equitable) in space per person
[0:45] <linyos> ie, each person needs on average 1GB of network storage to conduct his business (messaging, publishing, etc)
[0:47] <linyos> in real life there are generally diminishing returns, the utility of an additional GB declines as i have more and more of them already.
[0:56] <linyos> i suppose the open question is, what happens when you make cache use the first priority in your design, instead of routing
[0:56] <Elly> hmm linyos
[0:56] <Elly> you know the trusted computing idea?
[0:57] <linyos> certainly a network that caches inefficiently and routes efficiently is equivalent to a network that caches efficiently and routes inefficiently.
[0:57] <linyos> Elly: yo
[0:57] <Elly> Does it have any protection against being emulated in an untrusted environment?
[0:57] <linyos> oh, you want the TCPA lecture
[0:57] <linyos> here is what happens
[0:58] <linyos> you receive a document that's encrypted
[0:58] <Elly> no no no
[0:58] <Elly> how does the operating system
[0:58] <Elly> distinguish trusted hardware
[0:58] <linyos> and can only be decrypted with a private key that is in a tamperproof hardware chip
[0:58] <Elly> from an emulator emulating trusted hardware
[0:58] <Elly> so what if my emulator emulates that chip - provides all functions and all
[0:58] <linyos> i'm explaining that.
[0:58] <Elly> but lets me specify a key
[0:58] <linyos> you don't specify the key!
[0:58] <linyos> that's the thing
[0:58] * [DH]Chris (~kicken18@80-193-62-89.cable.ubr03.gill.blueyonder.co.uk) has joined #freenet
[0:58] <Elly> No, I would be running it in an emulator
[0:59] <Elly> (on a nontrusted PC)
[0:59] <Elly> over which I have total control
[0:59] <Elly> so the emulated crypto chip could return any key I like
[0:59] <linyos> all the valid public keys, the keys that correspond to the secret private keys in the tamper-proof hardware, are signed by an authority.
[0:59] <Elly> uh-huh
[0:59] <linyos> so when disney wants to send you a movie
[0:59] <Elly> and how does the OS verify that key?
[1:00] <linyos> you send them your public key and the manufacturer's signature of that key that proves its authenticity
[1:00] <Elly> yeah but
[1:00] <linyos> they encrypt the movie with that key
[1:00] <Elly> how does the OS itself
[1:00] <Elly> know that the key is valid
[1:00] <linyos> your TCPA chip decrypts it
[1:00] <linyos> but only if your computer is locked down first
[1:00] <Elly> my emulated TCPA chip lies to it
[1:00] <Elly> and says it's locked down when it really isn't
[1:01] <linyos> logically, you would either have to forge the "this is an authorized public key" signature
[1:01] <linyos> or you break the encryption
[1:01] <linyos> or you extract the private key from the tamperproof chip
[1:01] <Elly> "Tamperproof things aren't"
[1:02] <linyos> they can build them so you need a pretty sophisticated laboratory to do it.
[1:02] <linyos> and experience
[1:02] <Elly> but once it's done
[1:02] <Elly> then someone has a public/private keypair
[1:02] <Elly> which are signed
[1:02] <linyos> which is fine for their goals, since disney is just fine if you can pay 50,000 bucks for a black market private key
[1:02] <Elly> and those will be ALL over the internet
[1:03] <linyos> that's true, they would have to detect that sort of thing
[1:03] <Elly> but my emulated network card
[1:03] <Elly> wouldn't tell the trusted OS about that
[1:03] <linyos> there would be no trusted OS needed if you could just decrypt the movie they send you
[1:04] <Elly> yeah, but we're assuming that you need a trusted OS to access some online content
[1:04] <linyos> TCPA is an ingenious scheme, it is really impressive
[1:04] <Elly> and you have a sufficiently powerful machine to emulate trusted hardware
[1:04] <Elly> at a decent speed
[1:04] <Elly> and furthermore you have access to another machine which is using TCPA in an actual normal configuration
[1:04] <Elly> what I could see happening is
[1:04] <linyos> that is a given. the security lies in the difficulty of obtaining an authorized private key.
[1:05] <Elly> you sniff the verification of the signature
[1:05] <Elly> and then play it back to the emulated OS
[1:05] <linyos> you're confused
[1:05] <Elly> and you have an emulated trusted monitor (encrypted output and all that) which is in fact piped to an untrusted recording stream
[1:05] <Elly> I am?
[1:05] <linyos> either you have the private key
[1:06] <Elly> Which we'll assume I have, but nobody knows I have
[1:06] <linyos> then you can use whatever computer you want to pretend to be a "trusted" box
[1:06] <Elly> wo0t
[1:06] <linyos> or you don't, in which case you are totally fucked
[1:06] <Elly> then all your trusted content are belong to us
[1:06] <linyos> how will you get an authorized key?
[1:06] <Elly> well
[1:07] <linyos> they're not going to be posted all over the internet, they will find those and blacklist them.
[1:07] <Elly> Freenet :)
[1:07] <linyos> they will make sure that only one host is using any given key.
[1:07] <Elly> besides, how do you blacklist a key?
[1:07] <linyos> disney's movie server gets programmed to reject it.
[1:08] <Elly> man
[1:08] <Elly> I can imagine the results of a hack of the blacklisted key list
[1:08] <Elly> increased centralization is generally seen to be a Bad Thing in the computing world, isn't it?
[1:09] <linyos> as far as disney is concerned, sort of
[1:09] <Elly> Disney thinks it's a Bad Thing?
[1:09] <linyos> they would worry most about the manufacturer's key-signing key being found out
[1:09] <Elly> ooooh boy
[1:09] <Elly> that would indeed be ugly
[1:10] <linyos> the one that they use to sign the public key and say "this is a legit key that corresponds to a tamperproof private key"
[1:10] <Elly> they'd have to change the key in hardware on every trusted chip
[1:10] <linyos> right, all the keys would be worthless.
[1:10] <linyos> well.
[1:10] <Elly> "The secret must be small and easy to change."
[1:10] <linyos> not quite.
[1:10] <linyos> they could check them against a whitelist of known good keys i guess.
[1:10] <Elly> ewwww.
[1:11] <linyos> which is not too hard.
[1:11] * Elly shrugs
[1:11] <Elly> I stand by the assertion that protecting content from the user is laughable
[1:12] <linyos> i don't see a well designed tcpa system being circumvented very easily.
[1:12] <Elly> However
[1:12] <Elly> for this TCPA system to work
[1:12] <Elly> would require something which has never before happened in the history of computing
[1:12] <Elly> bulletproof security on the first try
[1:13] <Elly> because once the code is in the TCPA chips you can't change it
[1:13] <linyos> at least for the particular application they want it for: letting people download movies without being able to copy them.
[1:13] <Elly> since they are tamperproof
[1:13] <linyos> the cryptosystem is nothing special though.
[1:13] <Elly> You and I both know that some unknown genius will get his hands on his TCPA key and the stuff will keep showing up on P2P nets from untrusted boxes anyway
[1:13] <Elly> I know it's nothing special
[1:14] <Elly> but if it has a bug, then it fails, because you can't change the software without replacing the chip
[1:14] <linyos> sure
[1:14] <linyos> also, the software could have bugs
[1:14] <linyos> that is how the xbox drm was circumvented
[1:14] <Elly> hehe
[1:14] <Elly> Metal Gear Solid
[1:14] <linyos> i mean the application software, the MPAA movie viewer
[1:15] <Elly> we're assuming the chip is read-only, right?
[1:15] <linyos> you smash the stack and make it write out the unencrypted file
[1:15] <linyos> the chip isn't programmable
[1:15] <linyos> it verifies that that software in memory is signed by the MPAA
[1:15] <linyos> and then decrypts the incoming movie stream
[1:16] <linyos> that is all it does
[1:16] <Elly> well you can't really smash the stack
[1:16] <Elly> you have memory compartmenting
[1:16] <linyos> however
[1:17] <linyos> just find a way to make it do your thing
[1:17] <Elly> well if it was emulated, you could =p
[1:17] <linyos> if you have the private key you don't even need the trusted software
[1:17] <linyos> you could use mplayer
[1:17] <linyos> instead of MPAAplayer
[1:18] <linyos> they can't tell the difference
[1:18] <Elly> mmm, private-key hax0rage
[1:20] <linyos> i don't care much about TCPA's impact on freenet because the computer's network connection is and always will be the weakest link in the system.
[1:21] <linyos> you have a situation where hosts will not be able to freely communicate.
[1:21] <Elly> the TCPA gives someone else control over your PC instead of you
[1:21] <Elly> the owner of the computer should always be able to do whatever they like with it
[1:21] <linyos> of course
[1:22] <linyos> but your ISP has control over your internet connection
[1:22] <linyos> and that will never change so long as you're using wires somebody else controls
[1:22] <linyos> meaning, it will never change.
[1:23] <Elly> yeah I know
[1:23] <Elly> but I mean the computer itself
[1:23] <Elly> the hardware
[1:25] <linyos> in the extreme, the state could simply ban computers and vigorously enforce that ban
[1:26] <linyos> that'd be the final nail in freenet's coffin.
[1:27] <linyos> but, in reality, it is much more likely that the internet will be locked down than 'untrusted' computers being confiscated.
[1:27] <linyos> i mean, i do not see bush launching a 'war against computing' any time soon.
[1:28] <linyos> but i can easily imagine an "national internet security initiative"
[1:29] <linyos> anyway, the conclusion is that freenet has to work without formal networking.
[1:41] <linyos> so
[1:41] <linyos> consider an ideal 'data pool' composed of N participants, each of whom store data
[1:42] <linyos> if a user contributes capacity X, a capacity-ideal datapool would allow him to use all of it to store his files.
[1:43] <linyos> deviating from that ideal, however
[1:43] <linyos> let Y be the ratio of contributed space X to available space Z.
[1:44] <linyos> if some hard bound could be imposed on Y, that would be great.
[1:44] <gvdm> wow freenet conversation
[1:44] <linyos> for instance, in a particular 'data pool', a user who contributed 100GB may publish 1GB of data.
[1:44] <gvdm> on #freenet, I was so convinced this channel was dead
[1:46] * linyos is such the life of the party
[1:46] <gvdm> make it a practical diff
[1:46] <gvdm> not 1-100
[1:46] <gvdm> 1-20 perhaps
[1:47] <gvdm> or 1-50
[1:47] <linyos> the closer to optimum the better obviously.
[1:47] <linyos> but if you can have a hard bound, i think that is an achievement no matter what.
[1:49] <gvdm> yeah, people can always hack around
[1:49] <linyos> the model is all that matters to me right now. you have a correspondence between resource inputs and utility outputs.
[1:49] <linyos> i'm just thinking aloud in here.
[1:49] <gvdm> plus if it's open, which itll hace to be for me to use, people can hacka round the code
[1:50] <gvdm> have*
[1:50] <linyos> right, it would have to be a property enforced by the nature of the network algorithm.
[1:51] <gvdm> which can still be fiddled with, assuming true decentralisation, another property I consider paramount
[1:52] <linyos> if i have this publishing system where i know that if i pay in resources worth A, i can get utility B, i can make rational decisions.
[1:52] <gvdm> uhuh
[2:41] -deedra- {global notice} Hi all! in about an hour and 15 minutes, I'm going to start in on upgrades to the network. This will be a major upgrade that affects about half the network. Please see 'http://www.freenode.net/news.shtml' for more info. Thank you for your patience, and thank you for using freenode!
[2:46] * gvdm_ (~gvdm@210-246-9-185.paradise.net.nz) has joined #freenet
[2:47] * gvdm (~gvdm@210-246-9-185.paradise.net.nz) Quit (Read error: 113 (No route to host))
[2:47] * MrNaughty (MrNaughty@d199-126-25-30.abhsia.telus.net) Quit ("\(^_^)/' No Soliciting!!! Unless you have legs way, way up and really, really big tits....")
[2:49] * gvdm_ (~gvdm@210-246-9-185.paradise.net.nz) Quit (Client Quit)
[2:50] * gvdm (~gvdm@210-246-9-185.paradise.net.nz) has joined #freenet
[3:01] * [DH]Chris (~kicken18@80-193-62-89.cable.ubr03.gill.blueyonder.co.uk) Quit (Read error: 110 (Connection timed out))
[3:16] * linyos (~asdfasdf@adsl-68-79-0-39.dsl.emhril.ameritech.net) Quit ("Download Gaim: http://gaim.sourceforge.net/")
[3:27] -deedra- {global notice} Hi all! in half an hour I'm going to be rebooting several boxes for upgrades. This will affect about half the network. Please see 'http://www.freenode.net/news.shtml' for more information. Any further announcements are going to be given in wallops, '/mode your_nick +w' if you would like to watch what's going on. I will announce what happens as I take boxes down for reboot.
[3:39] * RiderOfTheStorm (~chatzilla@c50fd4a37e4cfad7.session.tor) has joined #freenet
[3:43] * RiderOfTheStorm (~chatzilla@c50fd4a37e4cfad7.session.tor) Quit (Client Quit)
[3:53] * [DH]Chris (~kicken18@80-193-62-89.cable.ubr03.gill.blueyonder.co.uk) has joined #freenet
[3:58] * RiderOfTheStorm ([U2FsdGVkX@b7bddae8d98f1049.session.tor) has joined #freenet
[4:01] * proggie (~tklaus@e176166067.adsl.alicedsl.de) has joined #freenet
[4:01] * locksy (~locksy@mrtg.sisgroup.com.au) Quit (tolkien.freenode.net irc.freenode.net)
[4:06] * Disconnected.
[4:07] [freenode-connect VERSION]
[4:46] -lilo- [Global Notice] Hi all. We're stable again. Thanks to dmwaters for her excellent work on this upgrade!
[5:47] -lilo- [Global Notice] Hi all. Last bit of wrap-up. If you were in #gentoo or #debian before the maintenance, you'll probably want to rejoin. You might have to try a few times. Thanks again for your patience and understanding, and thank you for using freenode! :)
These logs were automatically created by Jay Oliveri with his gimp hapi on irc.freenode.net.