Several people have objected to my point about the anti-TCPA efforts of Lucky and others causing harm to P2P applications like Gnutella. Eric Murray wrote:
Depending on the clients to "do the right thing" is fundamentally stupid.
Bran Cohen agrees:
Before claiming that the TCPA, which is from a deployment standpoint vaporware, could help with gnutella's scaling problems, you should probably learn something about what gnutella's problems are first. The truth is that gnutella's problems are mostly that it's a screamer protocol, and limiting which clients could connect would do nothing to fix that.
I will just point out that it was not my idea, but rather that Salon said that the Gnutella developers were considering moving to authorized clients. According to Eric, those developers are "fundamentally stupid." According to Bram, the Gnutella developers don't understand their own protocol, and they are supporting an idea which will not help. Apparently their belief that clients like Qtrax are hurting the system is totally wrong, and keeping such clients off the system won't help. I can't help believing the Gnutella developers know more about their own system than Bram and Eric do. If they disagree, their argument is not with me, but with the Gnutella people. Please take it there. Ant chimes in:
My copy of "Peer to Peer" (Oram, O'Reilly) is out on loan but I think Freenet and Mojo use protocols that require new users to be contributors before they become consumers.
Pete Chown echoes:
If you build a protocol which allows selfish behaviour, you have done your job badly. Preventing selfish behaviour in distributed systems is not easy, but that is the problem we need to solve. It would be a good discussion for this list.
As far as Freenet and MojoNation, we all know that the latter shut down, probably in part because the attempted traffic-control mechanisms made the whole network so unwieldy that it never worked. At least in part this was also due to malicious clients, according to the analysis at http://www.cs.rice.edu/Conferences/IPTPS02/188.pdf. And Freenet has been rendered inoperative in recent months by floods. No one knows whether they are fundamental protocol failings, or the result of selfish client strategies, or calculated attacks by the RIAA and company. Both of these are object lessons in the difficulties of successful P2P networking in the face of arbitrary client attacks. Some people took issue with the personal nature of my criticism:
Your personal vendetta against Lucky is very childish.
This sort of attack doesn't do your position any good.
Right, as if my normal style has been so effective. Not one person has given me the least support in my efforts to explain the truth about TCPA and Palladium. Anyway, maybe I was too personal in singling out Lucky. He is far from the only person who has opposed TCPA. But Lucky, in his slides at http://www.cypherpunks.to, claims that TCPA's designers had as one of their objectives "To meet the operational needs of law enforcement and intelligence services" (slide 2); and to give privileged access to user's computers to "TCPA members only" (slide 3); that TCPA has an OS downloading a "serial number revocation list" (SNRL) which he has provided no evidence for whatsoever (slide 14); that it loads an "initial list of undesirable applications" which is apparently another of his fabrications (slide 15); that TCPA applications on startup load both a serial number revocation list but also a document revocation list, again a completely unsubstantiated claim (slide 19); that apps then further verify that spyware is running, another fabrication (slide 20). He then implies that the DMCA applies to reverse engineering when it has an explicit exemption for that (slide 23); that the maximum possible sentence of 5 years is always applied (slide 24); that TCPA is intended to: defeat the GPL, enable information invalidation, facilitate intelligence collection, meet law enforcement needs, and more (slide 27); that only signed code will boot in TCPA, contrary to the facts (slide 28). He provides more made-up details about the mythical DRL (slide 31); more imaginary details about document IDs, information monitoring and invalidation to support law enforcement and intelligence needs, none of which has anything to do with TCPA (slide 32-33). As apparent support for these he provides an out-of-context quote[1] from a Palladium manager, who if you read the whole article was describing their determination to keep the system open (slide 34). He repeats the unfounded charge that the Hollings bill would mandate TCPA, when there's nothing in the bill that says such a thing (slide 35); and he exaggerates the penalties in that bill by quoting the maximum limits as if they are the default (slide 36). Lucky can provide all this misinformation, all under the pretence, mind you, that this *is* TCPA. He was educating the audience, mostly people who were completely unfamiliar with the system other than some vague rumors. And this is what he presents, a tissue of lies and fabrications and unfounded sensationalism. Don't forget, TCPA and Palladium were designed by real people. In making these charges, Lucky is not just talking about a standard, he is talking about its authors. He is saying that those people were attempting to serve intelligence needs, to make sure that people had to run spyware, to close down the system so it could keep "undesirable" applications off. He is accusing the designers of far worse than anything I have said about him. He is basically saying that they are striving to bring about a technological police state. And yet, no one (other than me, of course) dared to criticize Lucky for these claims. He can say whatever he wants, be as outrageous as he wants, and no one says a thing. I don't know whether everyone agrees with him, or is simply unwilling to risk criticism by departing from the groupthink which is so universal around here. I asked Eric Murray, who knows something about TCPA, what he thought of some of the more ridiculous claims in Ross Anderson's FAQ (like the SNRL), and he didn't respond. I believe it is because he is unwilling to publicly take a position in opposition to such a famous and respected figure. But anyway, maybe I was too personal in criticizing Lucky. Tell you what. I'll apologize to Lucky as soon as he apologizes to the designers of TCPA for the fabrications in his slide show. Deal? ------------------------------------------------------------------------ [1] We are talking to the government now, and maybe this is where we get some advantage from having a broad industry initiative. Our fundamental goal is "let's do the right thing." We have pretty strong feelings about what the right thing is on terms of making sure that things are truly anonymous and that key escrow kinds of things don't happen. But there ARE governments in the world, and not just the U.S. Government. http://www.techweb.com/index/news/Hardwa...WB19980901S0016/INW20020626S0007