Eternity service proxies
[btw what do people think of the practice of putting To: cypherpunks, and Bcc: coderpunks@toad, cryptography@c2 as I have done here? I do this for stuff when I'm interested in comments of people who are on cryptography but not cypherpunks, similarly for coderpunks to avoid the non-crossposting issue with coderpunks, and avoid extra moderation work for Perry with cryptography. I know you get multiple copies if you're on all lists, how else does one reach you all? Myself I have a procmail recipie which junks multiple copies, like: :0 Wh: msgid.lock | formail -D 128000 msgid.cache ] My announce was rather hurried, and someone suggested to me the use of a proxy as an architecture for interfacing to the eternity service rather than the cgi based system I have. The person who suggested this to me also described some work on a "universal proxy framework" which is designed to enable things like "cookie-cutting, onion routing etc." Also it was suggested this is a cheaper way to implement a proxy. Here are some comments on possible architectures for an eternity service. There are a number of places where one might put a eternity server: - cgi script on your ISP for yourself and others to use - cgi script and local web server on your dial up linux box - standalone eternity proxy running on an ISP - local proxy - proxy framework module (local or remote? does it support both) - apache module "eternity proxy module" - browser plugin (if this has the power to do it) My ideal interface would have been a web proxy, as this allows the user to transparently integrate this into their browser. You may be able to set your browser to use the proxy to handle *.eternity, and have the rest go direct, but I'm not so sure on this point. Regardless, the proxy can forward requests as cacheing proxies do for documents not in *.eternity. My first consideration was to get a proof of concept going as quickly as possible. What you are looking at is a weekend hack + 3 days debugging and cleaning up. Proxies have higher user requirements to set up, you need root, or at least ability to leave processes running indefinately, and some mechanism to restart them on reboot (or do it manually). My cgi-bin implementation allows you to run with cgi access, and cron, or at a pinch to do without cron even. Local proxies have higher development costs, in that it involves windows code to be of use for the majority of users, which has much higher development cost. The universal proxy framework (which I am not familiar with) would allow a local proxy to be implemented more easily if I understand correctly. Local handling of at least the last layer of decryption would help from a security point of view. Or the local proxy could be a full eternity server for your own use. The ones I've made possible with my cgi based implementation are the first two, I chose them over proxies simply because they are the easiest to implement first. Basically what I have implemented is a poor mans remote proxy or (with a local webserver) a poor unix person's local proxy. You give it URLs of the form: http://www.foo.com/cgi-bin/eternity?url=http://blah.eternity/blah/ The cgi script modifies on the fly URLs in documents (if they are type text/html) and involve *.eternity to have prefix: cgi-bin/eternity?url= Well actually it copes with local, and site relative urls also (where site is the eternity virtual site). Normal URLs are left as is. Proxy is the more elegant way to do it as you don't have to re-write urls on the fly. There are advantages to running the server (proxy or otherwise) on an ISP rather than locally: - if you're using the cgi solution and an SSL web server you get SSL encryption on the link. This way people don't get to see your requests, if they are handled locally by your ISP from it's news spool. - it has lower bandwidth requirements which may be an advantage, as you don't have to down load all the eternity documents, only the ones you want to read as you browse them - if the eternity server is running on your ISP and the ISP has a local newspool people outside the ISP can not see your requests go to the NNTP server to see which articles you are reading. There are some advantages to local proxies: - you don't rely on the ISP or the eternity service operator not to log exdirectory URLs, and not to log your accesses. (However note that your ISP can observe your use of the NNTP server, unless you protect against this by saving all eternity web pages locally, so that you never have to do a NNTP lookup per article). - if you are accessing URLs which are private (encrypted with a password inside the final layer) you don't need to give this password to the server to get it to decrypt for you. (You don't need to with the remote proxy, but you get back a PGP message which you then have to manually decrypt, unless you can figure out a browser plugin to automatically decrypt PGP documents on the fly as they are read). A local proxy used in combination with remote proxy or cgi-proxy would allow another architecture. Your local proxy obtains it's article hash -> message-id/newsgroup/article-number database from a real remote eternity proxy which is watching news as it comes in. Then it can fetch the articles itself with lower overhead. Another architecture (moving more towards Anderson's meaning of an eternity service) is the idea of forwarding requests between eternity servers. In this way the eternity servers would be "remailing" your requests. If your entry point into the eternity service network was via an SSL protected link, and the links between the eternity servers were encrypted, the eternity servers as a whole would disguise who was accessing what. You could allow proxying of normal web pages too, and create a distributed version of anonymizer.com as a side effect. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 8:41 PM -0800 4/30/97, Adam Back wrote:
[btw what do people think of the practice of putting To: cypherpunks, and Bcc: coderpunks@toad, cryptography@c2 as I have done here? I do this for stuff when I'm interested in comments of people who are on cryptography but not cypherpunks, similarly for coderpunks to avoid the non-crossposting issue with coderpunks, and avoid extra moderation work for Perry with cryptography. I know you get multiple copies if you're on all lists, how else does one reach you all? Myself I have a procmail recipie which junks multiple copies, like:
I once unintentionally forgot to delete the "cryptography@c2.net" cc: on a reply I made to what (I assumed) was a Cypherpunks message, and received a Perrygram stating that my message was off-topic and was not welcome on his list. Clearly Perry has the right to run _his_ list any way he wishes to, just as Declan has the right to run _his_ list any way he wishes to, just as Bob Hettinga has the right to run _his_ list (or lists) as he wishes, and just as Lewis McCarthy has the right to the run _his_ "Coderpunks" list as he wishes, and so on. However, I think these "personal" lists are not to my taste, I don't want Perry or Declan or Bob or Lewis deciding whether my articles match their interests at the time I submit an article. I routinely delete all of the cc:s to other lists, figuring if people want to read my stuff they can damn well subscribe to the Real Thing, the Cypherpunks list. No censorship (modulo the John and Sandy Show in Jan-Feb), and no control freaks trying to limit discussion to the things that happen to interest them that week. --Tim May There's something wrong when I'm a felon under an increasing number of laws. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 2:12 AM -0800 5/1/97, Adam Back wrote:
I don't either. My only interest in posting to these lists at all is that some people hang out there who don't read cypherpunks. I got a reply from Ron Rivest on the hashcash stuff as it related it to his and Shamir's MicroMint payment system. I presume from reading it on coderpunks or cryptography where I forwarded copies.
Some people want the advantages of lists like the Cypherpunks list, but not the disadvantages of volume and noise. Well, there is no simple solution to this, except the usual ones of local filtering, hitting the delete key, etc. I don't subscribe to lists controlled by others, for various reasons I've discussed over the years. It's a lot harder to create signal than it is to suppress noise. As I like to say, "My keyboard has a "Delete" key--it doesn't have a "Create" key." Many "edited" lists have appeared over the years. Nick Szabo had (and still has) his own list. Robin Hanson had one ("AltInst," or "Alternative Institutions"...I like Robin's thinking a lot, but I quit his last after just a few days when he asked me to "fine tune" my posts more to his liking), and there have been various libertarian/digital liberty mailing lists. (These lists typically start with a bang, having traffic of a dozen or so messages a day....then things peter out. Some of these lists have no traffic for months at a time.) The Cypherpunks list, rambunctuous and uncontrolled as it is, has thrived for four and a half years, coming up on 5 years in just a few months. That "serious cryptographers" do not want to be subscribers is just the way it is. I can't do anything to get David Chaum or Matt Blaze to subscribe. Too bad. I don't worry about it. If they want to subscribe, they can. I'm not interested in creating a "Tim's list" in hopes that they'll subscribe. They won't.
I routinely delete all of the cc:s to other lists, figuring if people want to read my stuff they can damn well subscribe to the Real Thing, the Cypherpunks list.
So what you're saying is that you boycott them in effect, you don't send your writings to censored lists, and if they want to read your writing, they've got to read The List. Well the more quality content that comes to cypherpunks first, or exclusively to cypherpunks until a 3rd party forwards it the better, as this adds to cypherpunks reputation, and increases the value of and interest in the list.
Exactly. I don't want my writings primarily distributed to Declan's list, or Bob's list, or whatever. (Bob sometimes reposts my articles to his yuckily-nnamed "e$spam" list, and I get responses from people who simply don't understand the background to the issues....I either ignore them completely or tell them to subscribe to the Cypherpunks list and to quit pestering me for explanations.)
My attitude is leaning this way also. I post most things to cypherpunks first. The others I consider in effect forwards of material posted to cypherpunks.
Many people seem to want to "fix" the Cypherpunks list. I try to do what I can by writing essays. That's my form of "signal." Those who don't want to read these articles know where the delete key is. --Tim May There's something wrong when I'm a felon under an increasing number of laws. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim May <tcmay@got.net> writes:
I once unintentionally forgot to delete the "cryptography@c2.net" cc: on a reply I made to what (I assumed) was a Cypherpunks message, and received a Perrygram stating that my message was off-topic and was not welcome on his list.
The Bcc approach avoids this problem as you don't see the Cc's, so they only last for one post. That's if you have an interest in posting there at all. I've also had negative experiences of cross posting, (I did it to coderpunks and got a Futplexgram, followed by a threat of unsubscription. Pissed me off somewhat. Also again lately following up to someone else, which earned maybe 10 people a more polite multiply Cc'd: please don't cross-post note from Raph). Perry just silently nukes stuff, or says that's enough on this topic (chop).
Clearly Perry has the right to run _his_ list any way he wishes to, just as Declan has the right to run _his_ list any way he wishes to, just as Bob Hettinga has the right to run _his_ list (or lists) as he wishes, and just as Lewis McCarthy has the right to the run _his_ "Coderpunks" list as he wishes, and so on.
However, I think these "personal" lists are not to my taste, I don't want Perry or Declan or Bob or Lewis deciding whether my articles match their interests at the time I submit an article.
I don't either. My only interest in posting to these lists at all is that some people hang out there who don't read cypherpunks. I got a reply from Ron Rivest on the hashcash stuff as it related it to his and Shamir's MicroMint payment system. I presume from reading it on coderpunks or cryptography where I forwarded copies.
I routinely delete all of the cc:s to other lists, figuring if people want to read my stuff they can damn well subscribe to the Real Thing, the Cypherpunks list.
So what you're saying is that you boycott them in effect, you don't send your writings to censored lists, and if they want to read your writing, they've got to read The List. Well the more quality content that comes to cypherpunks first, or exclusively to cypherpunks until a 3rd party forwards it the better, as this adds to cypherpunks reputation, and increases the value of and interest in the list. My attitude is leaning this way also. I post most things to cypherpunks first. The others I consider in effect forwards of material posted to cypherpunks. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 3:08 am -0400 on 5/1/97, Tim May wrote:
just as Bob Hettinga has the right to run _his_ list (or lists) as he wishes,
Just for the record, here, I should note that e$ is completely unmoderated, though I've been sorely tempted (he said, dislocating his arm to pat himself on the back...). e$pam, on the other hand, as a filter of other lists (whenever it's running, that is... :-/), is a non-interactive, one-way channel from me to the rest of the universe. :-). It don't say e$pam until I say it says e$pam, in other words. I'm just providing an opinion; letting people read over my sholder, and all that. So, I don't feel like I'm "censoring" anyone, in that regard. Cheers, Bob ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA Lesley Stahl: "You mean *anyone* can set up a web site and compete with the New York Times?" Andrew Kantor: "Yes." Stahl: "Isn't that dangerous?" The e$ Home Page: http://www.shipwright.com/
participants (3)
-
Adam Back -
Robert Hettinga -
Tim May