Liudvikas Bukys

The existence of cheap and presumed-reliable storage services such as Amazon S3 will cause a burst of innovation in personal and corporate storage options. A particularly good fit: content-addressible storage schemes such as plan9 venti and git, that offer frugal use of bandwidth (important when metered), and attractive features like version snapshots “for free.” A little searching shows one talented software developer thinking along these lines already: “Brad Fitzpatrick: wsbackup — encrypted, over-the-net, multi-versioned backup.” There will be more.

I just happily discovered that GMail settings support non-GMail “From:” addresses. It’s a welcome feature for me, as I had no intention of binding to a vendor domain name ever again.

Perhaps it has been a feature for quite some time, and I just wasn’t aware of it. GMail is predisposed toward pleasant surprises without fanfare (e.g. “plus addresses” are supported too).

Network coding applied to P2P content distribution, as seen in Microsoft’s Avalanche research paper, is motivated by network performance improvement: it makes good use of available network throughput by filling the pipes with data that is useful to others, while avoiding the difficult problem of selecting what your downstream peers will need. Nodes send linear combinations of everything they’ve got, and receivers can reconstruct what they need from that.

There are interesting implications for content filterers. Previously one could argue that transmitting combined blocks (e.g. XOR a file with the U.S. Declaration of Independence, the Constitution, and today’s Dilbert) is purely an obfuscation technique for easily evading content recognizers. Now those techniques will be a basic component of efficiently using available bandwidth, with a side effect of making content recognition and filtering more dynamic and more difficult.

Two hoary protocols get even more final nails driven into them:

• George Ou (ZDNet): PPTP VPN authentication protocol proven very susceptible to attack; LEAP and WPA are weak too. [via Wi-Fi Networking News]

• Michael Ossmann (SecurityFocus): WEP: Dead Again [via Wi-Fi Networking News]

EarthLink SIPshare: SIP-based P2P Content Sharing Prototype contibutes an open-source P2P favoring end-to-end principles:

EarthLink believes an open Internet is a good Internet. An open Internet means users have full end-to-end connectivity to say to each other whatever it is they say, be that voice, video, or other data exchanges, without the help of mediating servers in the middle whenever possible. We believe that if peer-to-peer flourishes, the Internet flourishes. SIPshare helps spread the word that SIP is more than a powerful voice over IP enabler — much more. SIP is a protocol that enables peer-to-peer in a standards-based way.

The emerging ubiquity of SIP as a general session-initiation enabler provides a rare opportunity to offer users all manner of P2P applications over a common protocol, instead of inventing a new protocol for each new P2P application that comes along.

[via Many-to-Many]

James Lick: Tracking A Zombie Army (PDF)
[via Asrg]

I had the opportunity to join GMail [beta]. My first piece of feedback to them was a request for user-defined recipient sub-addresses (e.g. using the sendmail “username+anything@domain” convention. Having that available for recipient filtering is more reliable than trying to parse numerous styles of correspondence (some list software inserts List-ID, some doesn’t, etc).

It turns out that GMail already implements the sendmail ‘+’ convention. It works, but as far as I can tell, it’s not documented anywhere — or at least I didn’t think of the right search terms for it.

I hope that this creates new incentives for web sites and other email addressing processing software to stop violating RFC2822 by excessively restricting the character set of email addresses.

P.S. If anyone else wants to try GMail [beta] also, let me know; I now have a ration of invitations too.

Shannon and Moore: The Spread of the Witty Worm:

Witty infected only about a tenth as many hosts than the next smallest widespread Internet worm. Where SQL Slammer infected between 75,000 and 100,000 computers, the vulnerable population of the Witty worm was only about 12,000 computers. Although researchers have long predicted that a fast-probing worm could infect a small population very quickly, Witty is the first worm to demonstrate this capability. While Witty took 30 minutes longer than SQL Slammer to infect its vulnerable population, both worms spread far faster than human intervention could stop them. In the past, users of software that is not ubiquitously deployed have considered themselves relatively safe from most network-based pathogens. Witty demonstrates that a remotely accessible bug in any minimally popular piece of software can be successfully exploited by an automated attack.

Now I have received my first Orkut invitation. Interestingly, it came from an actual friend — probably a good sign for Orkut, as the quality of their system depends on the utility of actual relationships, not random diffuse connections.

It’s good timing for Orkut. Our distance from the Six Degrees era, and the current spontaneous blossoming of intellectual/social relationships as seen among intertwined weblogs, make it seem fresh, and not just another selling-eyeballs.com.

Yet-another fatigue is now a barrier to entry for Orkut competitors.

Will I go out and spam all my colleagues and friends with Orkut invitations? No, it seems a little too close to a MLM pitch. I think I’ll just pick on a few who I know are in the right frame of mind.

Previous: Orkut[0]: Out with the out crowd

OK, while my left brain tells me that yet another social networking system is not much of an aid to real relationships (and it gets worse with every new yet-another), I’m still feeling curious and sorely left out. Groucho Marx aside, would anyone care to invite me in?

Next: Orkut[1]: In with the in crowd