De-spamming with a cycle tax - A summary and an extension idea
[Via Ole Eichhorn, via Dave Winer] Microsoft is noising around an anti-spam technique that would essentially create a cycle tax on each piece of e-mail. This is done by forcing a client computer that wants to submit e-mail to a server to solve a cryptographic problem of known difficulty set by the server, presumably by adding a challenge/response step in the mail protocol. To the normal sender of mail, the few second delay is no problem. For a spammer, it bogs down even networks of hijacked machines and reduces the flow of garbage into the network. There remains an interesting problem of the inter-server protocols, since replicating the same technique per message would become an egregious burden, but something must be done since hijacked relays are part of the problem. But there are a variety of options there: batching messages, trust networks among servers, throttled tiers of forwarding service based on the size of cycle tax provably paid by the originator.
This is one of the anti-spam options explored by a Microsoft Research project called Penny Black, named after the original postage stamp. It has the merit of creating a real cost, without requiring all the apparatus and problematic economics of a microtransaction infrastructure. Like Dave, I'll wait and see if it's a ploy by Microsoft to sink its proprietary hooks into the mail networks before I cheer too loud, but this does have potential.
Enough so to lead me to elaborate and speculate a little bit. One can easily see using the difficulty of the crypto puzzle to bias for or against users with various reputation levels, identity verification, or purchases of service tiers. Which leads me to recall an interesting protocol invented by Martin Hellman as a by-product of a project during my CompuServe days:
We had this little problem with users signing on with plaintext IDs and passwords. Less of an issue during the days when the network was proprietary and end-to-end, but more and more users were showing up over the open Internet. This we needed to fix, but without forcing the users to change their behavior, or deploying some expensvie infrastructure like PKI. Using a cryptographic challenge-response protocol would get around sending secrets in the clear. There remained the problem that most user-chosen IDs and passwords are vulnerable to dictionary attack, and almost all are cryptgraphically weak. So Martin, our consultant on the project, had the following good idea (it's patented):
Have the client, as part of the protocol, just make up a random number of set length and concatenate it onto the existing secret. To validate the exchange, the server machine has to cycle through all possible random values, but already knows password/ID values. This isn't an issue for a big host computer to do once per session. An outside attacker, on the other hand, is faced with the full complexity of the problem: The password/ID entropy plus added random bits
Sound familiar? Seems to me something of the same sort could be used to tune the Microsoft idea to allow a lot of other service and trust possiblities. The Hellman patent is assigned to AOL, so they can do what they want here, but I believe Martin also retained independent licensing rights. Others will have to invent around or talk to either of them. If there's any novelty in my observation here, I consign it to the public domain.
Update: Chuq von Rospach likes Penny Black as well, but is skeptical of its acceptance. He's certainly right that any retrospective fix of this sort suffers from the down-side of network effects: the tyranny of the installed base. He prefers a combination of DNS flags, whitelists, and data flow throttling as opposed to protocol hacks like Penny Black. These have the advantage of being implementable in increments.
Posted on December 30, 2003 at 17:16 | Permalink
Fedex buys Kinko's - good move
Fred Smith pays $2.4b to to add copy shop store fronts to the Fedex fleet of trucks and air freighters. That may seem a bit retro in this day of virtual everything, but I think it makes sense. It gives Fedex a drop-off/pick-up business point of presence competing with UPS. Most US readers won't know that Kinko's has an extensive overseas business, especially in East Asia. And Kinko's has been one of the leaders in adding electronic facilities and services to its stores, giving Fedex a bit of a hedge against the encroachment of e-mail on the document express business.
Posted on December 30, 2003 at 10:14 | Permalink
The Real Killers
A week ago, we had a 6.5 quake in California, which killed two people. As you likely already know, that was followed by a 6.7 quake (2x absolute magnitude) in Iran that shattered the historic city of Bam. As of the CNN update that I watched with this morning's coffee, the death toll there is 25,000 and climbing.
Doc Searls opines this shows that how real terrorism comes from Mother Nature. No. Leaving aside the attempted devaluation of the word 'terrorism', that's not the operative agency.
My home stands about two miles from the Mother of All Faults, the San Andreas. I'm not sure exactly how much extra I paid for the code-required plus self-inflicted earthquake upgrades - the tiedowns, the extra shearwall, the beefier rebar, tiebacks and beams in the foundations and retaining walls, but it's easily in the tens of thousands. When the Big One comes, the place will be beat around, but it and my family will still be here.
I had the money, and an enforced code requirement to make sure I used it. The Iranians certainly weren't ignorant of their risks; the Persians are far more ancient in their land than we upstart Californians in ours. But they lived in a poor district, and where they had the money, it was apparently used for bribes to officials to look the other way from substandard constuction. Poverty and corruption, and the social and government system that breeds them. Those were the real killers.
And while I periodically bitch in this blog about the California cost of living, some part of it is the price of life. Just pay up.
Update: Hoder posts on the distrust between Iranians and their government and its impact on the relief in Bam.
Update 2: The Blogfather has a roundup on the story. The Guardian, of all places, has the same angle on the story as my post. If you'd care to contribute to the relief, you'll have to get around both the US sanctions (if you're here, that is), and the corruption of the Iranian government - which includes the local Red Crescent/Cross. Iranian bloggers are recommending Mercy Corps as a conduit.
Posted on December 29, 2003 at 14:47 | Permalink
Professionals study logistics - and procurement
Over at Winds of Change, there's a highly informative post by Trent Telenko, and ensuing discussion, re where shortfalls and bottlenecks are appearing in equipment supply to the US armed forces. Traditionally, but sadly, it's the Guard and Reserve, now in demand as occupation and garrison troops as we rebuild a strategic reserve, that are getting the short end of the stick. Post-action analysis on Iraq is showing that we won quickly due to both better equipment and training. From StrategyPage of 12/29:
Researchers at the Army War College did a study, interviewing 176 participants (including Iraqis) and concluded that the major factors were the new technologies (GPS smart bombs and satellite communications like Blue Force tracker) and the much higher skill levels of coalition troops. The Iraqis had expected smart bombs, but they were unable to cope with the sheer speed of the advance and the fighting. And when the Iraqis fought, and they often did, and quite steadfastly, the better trained American troops just blew them away. The Iraqis were in shock from all this, and after about 20 days, resistance collapsed.
There is a Silicon Valley angle to this story: The Bradley fighting vehicle in heavy use in Iraq was once produced in the FMC facilities in San Jose. But as Bush discovered on a visit earlier this year, Bradley doesn't live here any more. Production ceased in 1995, and the facility is now used for San Jose airport parking overflow. The work force of skilled machinists and others is long dispersed. And it'd be pretty hard to argue that the line should be restarted here, given the costs of doing business in California. As the Winds discussion speculates, it's more likely that instead production of the Stryker LAV will be accelerated, since the lines are already up and rolling, even though it's not a real replacement for the Bradley.
Posted on December 29, 2003 at 13:50 | Permalink
RIP, Phil Goldman
This is a shocker. Anti-spam company Mailblocks founder and CEO Phil Goldman died suddenly of as yet unknown natural causes on Christmas Day. He was only 39. I worked with Phil at Apple Computer systems software in the late 80s, when I was doing CD-ROM and multimedia stuff and he was a key member of the team on Multifinder aka 'Twitcher' aka System 6.0. He later went on to fame and fortune, founding WebTV along with fellow Apple vets Steve Perlman and Bruce Leak. I last saw him at the AlwaysOn conference a few months back, and he looked in great shape. He leaves a wife and two young children, and my thoughts and sympathies are with them.
Posted on December 29, 2003 at 12:28 | Permalink
The Social Limits of Social Software
We have come to the end of a tumultuous year on the Internet and in real life, and it's a good point to sum up what we've built and learned. There's been plenty of self-congratulation as we went along, so here's instead a look at a couple of controversial places where limits are appearing.
Over at BoingBoing, Cory Doctorow pleads:
....I have a special request to the toolmakers of 2004: stop making tools that magnify and multilply awkward social situations ("A total stranger asserts that he is your friend: click here to tell a reassuring lie; click here to break his heart!") ("Someone you don't know very well has invited you to a party: click here to advertise whether or not you'll be there!") ("A 'friend' has exposed your location, down to the meter, on a map of people in his social network, using this keen new location-description protocol -- on the same day that you announced that you were leaving town for a week!"). I don't need more "tools" like that, thank you very much.
Deanies seem to exist in a isolated cultural milieu in which everybody is secular, socially liberal, and antiwar. They can't fathom why those things might hurt Dean in a general election because they don't ever talk to or read anybody who thinks differently. Dean's Internet networking--which has had lots of positive effects on American politics--has probably intensified this cloistering, by creating intellectual ghettos on the web where true believers can interact, undisturbed by those who don't share their faith.
The Internet augmented with social software may be a good place to organize for action, whether it be protests, Dean fund raising, toys for Iraqi kids, or books for soldiers. But it seems it can also become an isolating echo chamber, potentially deadly when the goal is changing minds on a large scale. It's going to be an interesting year...
(Jarvis now has more, in a conversation with John Robb, wondering if this same isolation could lead the Deanies to bolt the party if their man isn't the nominee.)
Good luck, Beagle 2
The Brit's Mars probe, Beagle 2, is scheduled to land this evening - in the early hours of Xmas, European time. The Mars Express carrier craft will insert into Mars orbit about the same time. Good luck to both! Memo to Mars ghouls: These are not Xmas presents for you, leave 'em alone! BTW, Beagle 2 has a house blog.
Update: Rats. It's looking increasingly like the ghouls enjoyed another light snack at the expense of the European space program. Potential next courses for the menu: NASA's Mars Rovers, set to arrive Jan 3 and 24th. Hope they fare better...
Posted on December 24, 2003 at 12:25 | Permalink
When will they ever learn?
Jeff Jarvis contemplates the $100m that VCs have sunk into social software companies. Is there really enough market territory out there to repay the capital being spent rushing to grab it? Yet, Jarvis remains bullish on the impact of blogs on journalism, both electronic and print. Is he missing something, dissing the investment opportunity while talking up the media impact? Maybe not.. 'Creative destruction' is the hallmark of the technology markets, but sometimes the old business model is destroyed while the new one is yet undefined. Or, the net benefit end up in the hands of the customers/readers/users, not companies and investors. This may be such a case, but there are enough fund managers willing to bet the other side to put $100m out on the street. Compared to the amount that was dropped on dot-com plays, and the size of some of the funds placing the social software bets, this is chump change.
Update: Jeff's addendum to the original post makes explicit his distinction between "people's media", e.g., blogs, and the more specific social software category, stating that the usefulness and value of the first is better established than the latter. I agree with both the categorization and value statement.
Posted on December 23, 2003 at 12:29 | Permalink