CodeCon 2.0 Presentations

CodeCon
2.0 takes place next week, February 22-24, in San
Francisco. CodeCon showcases active, working software development
projects, presented by the actual code developers. The following
synopses describe projects that will be presented at the
conference."Alluvium: P2P Media Streaming for Low-Bandwidth
Broadcasters", by Brandon WileyWhen the recent shutdown of internet radio stations occurred,
Alluvium developers began using components from the Tristero
project to build a superior system for audio and video streaming.
The Tristero project,
tristero.sourceforge.net,
develops a set of standard reusable components for P2P
systems.Hosting and downloading will be demonstrated. Broadcasters
only publish metadata and thus have very low bandwidth
requirements, and only a web server is required. They are only
exempt from current RIAA webcasting royalties.In the future, Alluvium developers plan to help alternative
sources of news and culture establish low-cost media broadcasting
stations. They have founded a non-profit organization, the
Foundation for Decentralization Research, to help fund the adoption
of P2P media broadcasting technologies by alternative media such as
indymedia, Guerilla News Network and college and pirate radio
stations.Alluvium technology hopes to make it possible for users with
little technical experience to run media broadcasting stations on
old PCs and a consumer-grade broadband connection. This setup will
scale well past a reasonable number of listeners.Brandon Wiley is a well-known P2P researcher, co-founder of
the Freenet project and coordinator of the Tristero project."Mixminion: A Next-Generation Anonymous Remailer", by Nick
MathewsonMixminion
(www.mixminion.net)
began in early 2002 as a project to design a next-generation
successor to the current anonymous remailer network. It aims to
resist all known attacks as well as or better than currently
deployed software; add a secure and anonymous reply mechanism where
not even remailers can distinguish forward messages from replies;
add an integrated directory design; and add link encryption. In
addition to a specification, developers also decided to provide a
working reference implementation. Mixminion has been in development
since the first version of the specification was near-complete in
May 2002.A working Mixminion client and server will be demonstrated.
If, as planned, Mixminion developers have directory servers
working, any user with a static IP will be able to start a
Mixminion node and have other users route their packets through the
network. If not, messages will pass through a set of servers on- or
off-site. The presentation will focus on attacks against mix-nets
and the defenses Mixminion uses to prevent them. As many attacks as
possible will be demonstrated against live servers.The presentation will also discuss issues involved in
implementing anonymity software, as well as the good and bad
implementation choices Mixminion developers have made along the
way.Mixminion specification and a design papers are available
from the project's home page. Mixminion protocol design has been
adopted by the Mixmaster team as the basis for Mixmaster v4. Today,
they have over 14K lines of code in CVS, implementing all of the
spec except as discussed below, with acceptable performance
(approximately 1.2 MB of messages per second on an 800MHz
Pentium-III desktop).The following features from the Mixminion spec are not yet
implemented in their library: directories, nymservers, generic SMTP
delivery with abuse prevention, resistance to certain
resource-exhaustion attacks, K-of-N message fragmentation and
address filtering. When these features are completed, along with
complete interfaces and testing suites, Mixminion will release
version 1.0. Developers hope to reach this point some time in the
first half of 2003.Mixminion developers are also researching additional
improvements to the current specification, including: decentralized
directories, dummy messages, batching mechanisms (synchronous
batching, cascades, etc.), simplified indistinguishability and
faster response to network outages. They hope to include
implementations for these ideas in future versions.Nick Mathewson started writing free software with the PolyJ
language, developed as an undergraduate project to add parametric
polymorphism to Java. He graduated from M.I.T. with an M.Eng. in
2000 and has been working for a startup ever since. Outside of
work, he's contributed a few minor patches to the Python language.
Nick has been spending his free time on Mixminion since May of
2002."DeepGreen: Agent-Oriented Investment Analysis Designed to Be
Self-Funding", by Michael F KornsDeepGreen
(investbyagent.com)
began in 1993 with version 1.0 and released version 4.3 this July.
The project is vertically integrated with its own
LISP/JavaScript/XML compilers, proprietary agent-oriented database
and IDE. DeepGreen has been self funding by investing profits. In
1999 a commercial startup, InvestByAgent, was spun off to handle
all commercial application of the technology. InvestByAgent
received a $10 million first venture round in 2000.Deep Green's current successes and weaknesses will be
demonstrated, and plans for DeepGreen Version 5 will be
discussed.DeepGreen has achieved balanced hedged-growth investing with
a nine year (through today) average per annum return of 25%. Their
best year was a 104% gain and worst year was a 13% loss. DeepGreen
developers are in the black. They are in the process of adding a
cognitive layer to DeepGreen to further increase investing
profits.Michael F Korns has thirty-seven years in CS with positions
including: IBM Research staff member, VP Tymeshare Transactions and
VP Chief Scientist Xerox Imaging. His areas of specialization
include database design, compiler design, A.I., machine learning,
natural language processing and agent-based systems."GNU Radio: Hacking the RF Spectrum with Free Software and
Hardware", by Eric Blossom and Matt EttusGNU Radio
(www.gnu.org/software/gnuradio)
is a collection of software that, when combined with minimal
hardware, allows the construction of radios where the actual
waveforms transmitted and received are defined by software. This
means that it turns the digital modulation schemes used in today's
high performance wireless devices into software problems.GNU Radio was launched in April of 2001 to build a platform
to learn about, explore and deploy software-defined radios using
open-source software and hardware. "Regulatory hacking" led GNU
Radio developers down a path that has most recently led to the
creation of a software HDTV transmitter and receiver. The HDTV
receiver can serve as the basis for an open-source digital TV
recorder in the TiVo/Replay genre.Applications that have been built with GNU Radio will be
demonstrated, including: a concurrent multi-channel FM receiver,
the mother of all scanners and an all-software ATSC (HDTV)
receiver. If it's working by the conference, they will also demo
their encrypted digital radio transceivers. Demos and talks will
include a show and tell of radio construction by scripting together
signal processing modules (radio hacking made easy), transparent
use of SMP hardware and other cool stuff.Future plans are to work on encrypted digital transceivers,
ad-hoc networking using cognitive radio techniques, GPS receiver,
trunking and relaying for existing radio services and research with
new modulation techniques and protocols.Eric Blossom is CTO of Blossom Research. He is the maintainer
of GNU Radio. Prior to his interest in software radio, he was the
founder and CTO of Starium, where he was responsible for the design
and development of a line of secure telephones.Matt Ettus, has a Master's Degree in EE from Carnegie Mellon
University, where he studied spread spectrum and ad-hoc networks.
He also has BSEE and BSCS degrees from Washington University in St.
Louis. After a couple of years working on GPS systems at
Integrinautics Corp., he now does DSP design for Zeevo, Inc., a
leading Bluetooth semiconductor company. Matt is a licensed radio
amateur (N2MJI) and lives in the Bay Area."Advogato: Good Metadata, Even When Under Attack, Based on a
Trust Metric", by Raph LevienAdvogato
(www.advogato.org) is
a community site for free software developers. It also serves as a
research testbed for Raph Levien's research on group trust metrics
for peer certification.Advogato launched in November 2000 as a testbed for a network
flow-based attack-resistant trust metric. In July 2002, Advogato
added a new eigenvector-based trust metric for rating diaries. The
thesis is still ongoing.The demonstration will tour Advogato and then run the trust
metric code by itself. Explanation of how it works will include
both network flow (which is simple) and the random walk
interpretation of eigenvectors, which is very strongly related to
Google's PageRank algorithm.Advogato has become an integral part of the free software
scene. The site shows that it is realistic to construct a trust
graph. The accuracy of the trust metric may not be perfect (there
is definitely "cert inflation"), but overall, Advogato manages to
be remarkably free of trolls and abuse, with virtually no manual
moderation.Future plans for Levien are to keep Advogato going, finish
his thesis and spread the word about trust metrics.Raph is the founder of Advogato, a community site for free
software developers. The trust metric ideas are the basis for his
Ph.D. research at UC Berkeley. His day job is maintainer of
Ghostscript."Current Developments in Version Control", a panel discussion
with Larry McVoy, Greg Stein and Jonathan ShapiroQuestions for the panel are: What are the important version
control systems today? What are they appropriate for? How will the
current adoption battles play out?Larry McVoy is found of BitMover, creators of the BitKeeper
version control system, currently in use for Linux kernel
development.Greg Stein is a Director at CollabNet, where is he in charge
of their version control initiatives, which includes the Subversion
project. He is also the author of ViewCVS.Dr. Shapiro is a faculty member in the Department of Computer
Science at Johns Hopkins University, where he is also a founding
member of the Information Security Institute. His current research
focuses on high performance secure operating systems (EROS),
configuration management (OpenCM), information assurance and (most
recently) virtual machine technologies.Dr. Shapiro also has over fifteen years of high-technology
experience, primarily in standard-setting product design and
competitive strategy definition. He is an experienced technologist
and executive with a track record for building leading-edge
products and organizations."Neurogrid: Decentralized Fuzzy Meta-Data Search", by Sam
JosephNeurogrid
(neurogrid.net)
released its first web prototype one month after the first O'Reilly
P2P conference. The first personal version was released for Windows
in May 2001. NeuroGrid P2P simulator code was released before the
second O'Reilly P2P conference, and used in CodeCamps in Tokyo.
More recently, NeuroGrid has implemented the Tristero search
interface and separated out its core features into the NG Core.
Once stable, the NeuroGrid API will be proposed as a Tristero
reputation/search interface extension. Current work focuses on
isolating the persistence, search and transport APIs, so that the
system will be more maintainable and interoperate with other
projects.A brief overview of NeuroGrid design will be followed by a
demonstration of a bookmark file being imported into NeuroGrid,
searches over the imported URLs and meta-data editing. The
demonstration will also include a connection to the NeuroGrid net
for distributed searches. A key part of the demonstration will be
to show how NeuroGrid learns users' preferences in response to the
way they search. Thus, if a user bookmarks a URL, the words used to
search for it become more strongly associated with it, leading to a
higher ranking in future searches. Similarly if a user bookmarks a
URL provided by a remote search engine/neurogrid node, then this
node will appear higher in future rankings.Achievements of Neurogrid are a prototype web-based NeuroGrid
version; release of a personal NeuroGrid Beta version; release of
open-source NeuroGrid Simulation Code (also supports Gnutella,
Freenet and other P2P simulations); two NeuroGrid Codecamps held in
Tokyo; release of NeuroGrid Core 0.1 with full RDF Search support
and built in RDB; and implementation of Tristero Search
Interface.For future development, the main aims include more rigorous
simulation including adversarial meta-data environments and release
of more user-friendly software. The project code has been rewritten
recently to fix various problems that the web prototype brought to
light. The core code can be used as a generic way to organise data,
but in order to get that across, there must also be a simple to
use, easy to understand application which runs on top of it. The
main example applications still revolve around organising URLs, and
are still fairly complicated.Dr. Sam Joseph received a Ph.D. from the University of
Edinburgh in 1997 after finishing a Cognitive Science thesis
entitled "Theory of Adaptive Neural Growth." He subsequently moved
to Japan on a Toshiba Fellowship, worked for two years on mobile
software agents in a Toshiba research laboratory, and contributed
learning technology to the "Plangent" project. While in Japan, he
also worked for the internet advertising company ValueCommerce,
researching advert personalization and tracking systems. In 2000 he
went freelance, starting "NeuroGrid Consulting" and worked with a
variety of companies, with projects including Japanese Chat
systems, Language Learning Support systems and a Movie Database
project. During this period, Dr. Joseph wrote a number of articles
on Japanese technology for JapanInc magazine and started the
NeuroGrid project. Most recently he has been taken on as a Research
Associate at the University of Tokyo, Strategic Software
Division."Khashmir: A Distributed Hash Table Library upon which
Applications Can Be Built", by Andrew LoewensternKhasmir
(sourceforge.net/projects/khashmir)
has been written in an attempt to spark distributed application
development with scalable search techniques.A P2P music recommendation system based on Khashmir will be
demonstrated. Khashmir includes Airhook reliable datagram protocol
over UDP for STUN-like NAT penetration. Future plans are to deploy
a useful system based on Khashmir.Andrew Loewenstern previously worked on Mojo Nation."YouServ: A Communal Web-Hosting System for the Masses", by
Roberto BayardoThe YouServ system
(www.almaden.ibm.com/cs/people/bayardo/userv)
has been deployed in a constantly evolving form within the IBM
intranet for almost 18 months. In that time, it has been used by
over 5000 unique users, with approximately 1500 of them actively
running the software in any given week. Many more users have
accessed YouServ-hosted content over the IBM internal web. Earlier
this year, a limited version of YouServ (without P2P search) was
deployed for use by the Carnegie Mellon University community but
has yet to achieve critical mass.The YouServ system as it is deployed within IBM (through
secure tunnel into the IBM intranet) will be demonstrated. Focus
will be on the unique features of publishing a web site or sharing
files with YouServ compared to something like Apache. These
features include: mirroring of web site content across multiple
end-user machines for improved availability; secure and uniform
control access to site content via integrated SSL support and
single sign-on authentication; the ability to publish web content
using your own machine even from behind firewalls or NATs; an
efficient and complete (hybrid P2P) search over all participating
sites even in the presence of transient node availability; and a
plugin capability for easily extending site functions and enabling
meta P2P apps.YouServ has demonstrated P2P file sharing is useful within a
corporate environment. A future goal is to open source the system
and allow deployment outside of IBM (without any licensing
headaches)."OpenRatings: An Open-Source Professor Ratings Engine", by J.
Paul Reed, Brian Morris and Kennan BlehmOpenRatings
(openratings.sigkill.com),
released under the Jabber Open Source License on July 1, 2002, grew
out of rewriting the Polyratings.com professor ratings engine in
PHP and importing data from flat files into a database.Polyratings, launched in January of 1999, was one of the
first professor ratings sites on the Internet. The PHP version was
open sourced to protect both the intellectual property value
invested in the original project as well as the First Amendment
rights of students at Cal Poly, SLO.OpenRatings is a unique open-source project because it not
only protects "freedom" in terms of "free beer" and "free code,"
but in terms of the "free speech" of over 16,000 students.The OpenRatings demonstration will show a "day in the life"
tour of a college student using one of the existing OpenRatings
installations; a brief tour of the source code; an explanation of
some of the guiding principles behind technical decisions made on
the project, including inherent requirements not found in other
open source projects, such as an emphasis on installation and
operational user support; operational suggestions and historical
notes; and coverage of some planned features which seek to increase
the value of OpenRatings installations to university-going students
and smaller universities around the world.The original Polyratings.com ratings engine was one of the
first such engines on the Internet, and has been featured in the
Los Angeles Times, the Japan
Times, the Christian Science
Monitor, the Houston Chronicle, the
Sacramento Bee and various other
publications.One of the original authors of the ratings engine also has
consulted on a court case involving professors suing students
running a similar site at San Jose State University.Technical plans include adding a web-based administration
interface and enterprise-level features to make OpenRatings more
attractive to smaller universities who may want managed student
feedback but don't have the technology budget to write or purchase
proprietary software to accomplish this. These plans, while
important, are second to providing features required by
OpenRatings' primary "customers," college students all over the
world.Current project leaders have also identified installation and
operational support as a critical area to assist students at
universities world-wide. Support areas include both the technical
issues associated with starting an OpenRatings installation, as
well as socio-political and legal issues such a site can raise with
university administrators. This is yet another aspect which sets
OpenRatings apart from many open-source projects, and which will be
covered in more detail in a demonstration."Paketto Keiretsu: Interesting and Useful Techniques for
TCP/IP Networking", by Dan KaminskyPaketto
(www.doxpara.com) is
similar in lineage to Dan's presentation at CodeCon 2002. The
demonstration will show near-instantaneous network mapping, ICMP
Echo over Cut-And-Paste and an update to his CodeCon 2002
talk.The Paketto Keiretsu is a collection of tools that use new
and unusual strategies for manipulating TCP/IP networks. They tap
functionality within existing infrastructure and stretch protocols
beyond what they were originally intended for. It includes
Scanrand, an unusually fast network service and topology discovery
system; Minewt, a user space NAT/MAT router; Linkcat, which
presents a Ethernet link to stdio; Paratrace, which traces network
paths without spawning new connections; and Phentropy, which uses
OpenQVIS to render arbitrary amounts of entropy from data sources
in three dimensional phase space.Dan Kaminsky, also known as Effugas, worked for two years at
Cisco Systems designing security infrastructures for large-scale
network monitoring systems. He recently wrote the spoofing and
tunneling chapters for Hack Proofing Your Network: Second
Edition and has delivered presentations at several major
industry conferences, including LinuxWorld, DefCon and past Black
Hat Briefings. Dan was responsible for the Dynamic Forwarding patch
to OpenSSH, integrating the majority of VPN-style functionality
into the widely deployed cryptographic toolkit. Finally, he founded
the cross-disciplinary DoxPara Research in 1997, seeking to
integrate psychological and technological theory to create more
effective systems for non-ideal but very real environments in the
field. He is based in Silicon Valley, presently studying Operation
and Management of Information Systems at Santa Clara
University."Hydan: Steganographically Conceal a Message into Executable
Applications", by Rakan El-KhalilIn the demonstration, a given text message will be embedded
into an application chosen by the audience. This application will
be run to show that execution proceeds identically to the original
program, and then the Hydan will be retrieved.Hydan encodes without changing executable file size. On
average, one byte of message can be encoded for every 200 bytes of
machine code.Future plans are to improve the statistical profile of the
instructions in the host program to closely match that of the
original application; embed more bits by identifying dead-code
sections in the host program; and support more than just ELF
binaries and the i386 instruction set."Bayonne: Telephony Application Services for Freely Licensed
Operating Systems", by David Sugar and Rich BodoGNU Bayonne
(www.gnu.org/software/bayonne)
started in mid-2000 and has been in wide use in e-government,
commercial organizations and carriers since 2001. GNU Bayonne 1.0
was released in September 2002.A live GNU/Linux system will be demonstrated with an
OpenSwitch12 telephony card installed and acting as a complete
telephone system, with several analog telephones attached, using
the GNU Bayonne telephony service daemon.GNU Bayonne is already used by commercial carriers in Europe,
in e-government projects and in many industries to provide voice
response application services that can integrate freely with other
services. GNU Bayonne will also provide direct office telephony
solutions soon.The 2002 Singapore Linux Conference awarded the prestigious
"Best New Enterprise Infrastructure Application of the Year" to GNU
Bayonne. Future plans include adding IP Voice support, DS3 capacity
voice response applications on a single server and support for
Carrier Grade Linux enhancements.David Sugar is one of the founders of and CTO for the Open
Source Telecom Corporation. He is also the primary author of and
active maintainer for a number of packages that are part of the GNU
project, including GNU Common C++, GNU ccScript, GNU ccRTP and GNU
ccAudio, as well as the GNU telephony application server, GNU
Bayonne. He also serves as the volunteer chairman of the FSF's
DotGNU steering committee, and has served as the community's
elected representative to the International Softswitch
Consortium."Cryptopy: Pure Python Crypto", by Paul LambertThe Cryptopy demonstration will include encryption MACing,
"enhanced" AES and rolling your own enhancements, file encryption,
simple UDP-based encrypted messaging system, ping as a covert
encrypted signalling channel and random ping discovery
process.This Pure Python crypto library has very easy to use
consistent OO interfaces; runs on any Python capable platform with
no additional dependencies; and implements Rijndael, AES, AES-CBC,
AES-CCM, AES_etc, Icedoll and others. It has hashing and key
generation (e.g., pbkdf2), strong passphrase generation, "enhanced"
AES encryption and tools for enhanced algorithms, a crypto strong
random class, full support for IEEE 802.11i base algorithms and
full reference implementations with test vectors.Interesting applications include very portable file
encryption and ping-based messaging as covert channels. Future
plans are to work on public key based trust delegation."HOTorNOT: People Submit Their Picture for Others to Rate
from 1 to 10", by Jim Young and James HongHOTorNOT
(hotornot.com) started in
October 2000. The "meeting" component was added three months later.
HOTorNOT scaled very quickly and was built entirely on open-source
tools, without real financing.The demonstration will discuss HOTorNOT's approach to UI, and
why it has been so important to the success of the project. Future
plans include increasing the scale of the site.Jim Young is a co-founder of HOTorNOT.com. Jim is also a
Ph.D. candidate at UC Berkeley, where he focuses on embedded system
design. Entertainment Weekly named Jim as one
of the most creative people in entertainment.James Hong is a co-founder of HOTorNOT.com and XMethods.
James holds an engineering degree and MBA from UC Berkeley.
Entertainment Weekly also named James as one
of the most creative people in entertainment.

email: L@koonts.com