I had a long discussion the other day with my sister during which I told her how one-fifth of North-American believe that the the Sun is orbiting the Earth. I kept thinking about this after the end of the discussion, and I was wondering if there was a way to demonstrate to people, by a sort of experience that everybody can do on their home, that it is in fact the Earth that is moving around the Sun. I was thinking of something like the experience were you put a non-moving stick of butter in a microwave oven, measure the distance between the melting point and by multiplying by the frequency of the microwave, demonstrate the speed of light. Obviously if it took until two hundred years ago to find this proof, that was probably more complex that I expected. But perhaps that, like the measurement of the speed of light that everybody can do at home thanks to the availability of stuff that scientists did not had access to in the past, there was a way to also reduce the complexity to a combination of available equipment (I am an incorrigible optimist who believe that any problem can be solved by time and a better education).
Certainly the most understandable proof that we have today is that we are capable to send missions to Mars and that this would be impossible if our knowledge of how the solar system works was wrong. But that would be forgetting that most people who believe that the Sun is orbiting the Earth probably also believe that the travels to the Moon were an hoax, so we are back to the same problem: Until people can do the experience themselves, there is no way they will believe it. This is the reason why those people say that evolution is just a theory when they have no problem with the gravitation theory.
So I started to search what was the proof that the Earth is orbiting the Sun (I had no idea myself what was this proof, even if I do not remember ever having any doubt about this). The most fascinating one was called the aberration of light and was soon searching what kind of hardware James Bradley used to make this discovery. I knew it was some sort of meridian telescope and I was thinking that hooking up a Celestron telescope with a webcam connected on the Internet would permit to show to everybody the movement of the star that indicates that the Earth is moving on an ellipse - hoping that the progress in optics and computer would permit to replicate the experience. This is how I went to read on Google one or two pages of "Parallax: The Race to Measure the Cosmos", immediately order it on Amazon, and read it back to back on two evenings. The book is a fascinating reading and I strongly recommend but it was a disappointment to discover that the kind telescope used by Bradley was still out of reach for an amateur (Here's a picture that shows exactly what I mean).
I have some ideas on how to perhaps solve these problems but by lack of available time this project will unfortunately have to go on the "things to do when I am retired" folder. But that was a great book to read.
Wednesday, March 16, 2011
RELOAD: Access Control Policy distribution
This blog had been quiet for the last month because I was working on an implementation of RELOAD, the peer-to-peer protocol developed at the IETF as a component of peer-to-peer SIP (I do not plan to develop a peer-to-peer SIP implementation, but I needed a RELOAD implementation for another project). The plan is to release a complete implementation of RELOAD as a Java library under an Affero GPL 3 license and to let the company I co-founded, Stonyfish Inc, sell commercial licenses to people in need of a less restrictive license. The code will be released progressively between now and July, so keep an eye on this blog for progress.
Anyway during the development I came to see some limitations in the RELOAD specification (which is still not an RFC). Most of them were solved by the P2PSIP Working Group and there is still few that are waiting for discussions and decisions by the WG. Hopefully all will be solved before the final release. But there was one specific problem that required a somewhat different treatment, and this is the subject of this blog entry.
RELOAD is, among other things, a Storage protocol. Any user of a network of RELOAD servers (an overlay) can store data in it, and these data are automatically replicated and available to any other user. Because the overlay is designed to be secure even in presence of users with less than nice goals, only the user that stored a piece of data can modify it. The rules that are used to decide who can or cannot write or modify a piece of data in an overlay are grouped into what is called an Access Control Policy. There is four different Access Control Policies defined in the RELOAD specification, and the intent was that these four policies would cover most of the future needs. And even if there is a way to add new Access Control Policies, only a limited number would be defined.
Unfortunately, it turns out that there is a need for more than the four policies already existing. After a survey of all the existing proposals for new types of data to be stored in an overlay (this is called an Usage), I discovered that more than 50% of the new Usage are requiring a new Access Control Policy. In my opinion that creates a problem that could kill the usefulness of RELOAD before it even start to be deployed.
Let's say that I start a new overlay and that I distribute my software to hundred of thousand of users, each of them using the overlay to store their data in the way that was defined in this first version. Everything works fine until I decide to introduce a new feature that require a new Access Control Policy. The problem is that it is not only the users that will use this new feature that will have to upgrade their copy of the software. No, to be able to even start deploying this new feature, I will have to wait that ALL the users upgrade the software. If the story of IE6 teaches us anything, it is that it will never happen. And the problem is even worse if the software used comes from different vendors.
So the proposal I made to the P2PSIP Working Group is to automatically distribute the code of a new Access Control Policy, without having to upgrade the software. This way instead of waiting months or years to deploy a new feature, it will take only 24 hours or so to have all the users ready to store the new data.
Obviously this code has to be portable so it can be executed on any language used to write the RELOAD implementations in an overlay. So I chose JavaScript (or more precisely ECMAScript) to do that - not because I like the language (JavaScript is the rubber band that hold the Web together, and I do not mean that in a nice way) but because, thanks to the current Web Browsers war, there is very good implementations available.
I am presenting this concept at IETF 80 in Prague on March 31th. You can read the Internet-Draft or the slides for the presentation if you cannot attend.
Anyway during the development I came to see some limitations in the RELOAD specification (which is still not an RFC). Most of them were solved by the P2PSIP Working Group and there is still few that are waiting for discussions and decisions by the WG. Hopefully all will be solved before the final release. But there was one specific problem that required a somewhat different treatment, and this is the subject of this blog entry.
RELOAD is, among other things, a Storage protocol. Any user of a network of RELOAD servers (an overlay) can store data in it, and these data are automatically replicated and available to any other user. Because the overlay is designed to be secure even in presence of users with less than nice goals, only the user that stored a piece of data can modify it. The rules that are used to decide who can or cannot write or modify a piece of data in an overlay are grouped into what is called an Access Control Policy. There is four different Access Control Policies defined in the RELOAD specification, and the intent was that these four policies would cover most of the future needs. And even if there is a way to add new Access Control Policies, only a limited number would be defined.
Unfortunately, it turns out that there is a need for more than the four policies already existing. After a survey of all the existing proposals for new types of data to be stored in an overlay (this is called an Usage), I discovered that more than 50% of the new Usage are requiring a new Access Control Policy. In my opinion that creates a problem that could kill the usefulness of RELOAD before it even start to be deployed.
Let's say that I start a new overlay and that I distribute my software to hundred of thousand of users, each of them using the overlay to store their data in the way that was defined in this first version. Everything works fine until I decide to introduce a new feature that require a new Access Control Policy. The problem is that it is not only the users that will use this new feature that will have to upgrade their copy of the software. No, to be able to even start deploying this new feature, I will have to wait that ALL the users upgrade the software. If the story of IE6 teaches us anything, it is that it will never happen. And the problem is even worse if the software used comes from different vendors.
So the proposal I made to the P2PSIP Working Group is to automatically distribute the code of a new Access Control Policy, without having to upgrade the software. This way instead of waiting months or years to deploy a new feature, it will take only 24 hours or so to have all the users ready to store the new data.
Obviously this code has to be portable so it can be executed on any language used to write the RELOAD implementations in an overlay. So I chose JavaScript (or more precisely ECMAScript) to do that - not because I like the language (JavaScript is the rubber band that hold the Web together, and I do not mean that in a nice way) but because, thanks to the current Web Browsers war, there is very good implementations available.
I am presenting this concept at IETF 80 in Prague on March 31th. You can read the Internet-Draft or the slides for the presentation if you cannot attend.
Subscribe to:
Posts (Atom)