CodeCon 2.0 Presentations

by L. Koonts

CodeCon 2.0 takes place next week, February 22-24, in San Francisco. CodeCon showcases active, working software development projects, presented by the actual code developers. The following synopses describe projects that will be presented at the conference.

"Alluvium: P2P Media Streaming for Low-Bandwidth Broadcasters", by Brandon Wiley

When the recent shutdown of internet radio stations occurred, Alluvium developers began using components from the Tristero project to build a superior system for audio and video streaming. The Tristero project,, develops a set of standard reusable components for P2P systems.

Hosting and downloading will be demonstrated. Broadcasters only publish metadata and thus have very low bandwidth requirements, and only a web server is required. They are only exempt from current RIAA webcasting royalties.

In the future, Alluvium developers plan to help alternative sources of news and culture establish low-cost media broadcasting stations. They have founded a non-profit organization, the Foundation for Decentralization Research, to help fund the adoption of P2P media broadcasting technologies by alternative media such as indymedia, Guerilla News Network and college and pirate radio stations.

Alluvium technology hopes to make it possible for users with little technical experience to run media broadcasting stations on old PCs and a consumer-grade broadband connection. This setup will scale well past a reasonable number of listeners.

Brandon Wiley is a well-known P2P researcher, co-founder of the Freenet project and coordinator of the Tristero project.

"Mixminion: A Next-Generation Anonymous Remailer", by Nick Mathewson

Mixminion ( began in early 2002 as a project to design a next-generation successor to the current anonymous remailer network. It aims to resist all known attacks as well as or better than currently deployed software; add a secure and anonymous reply mechanism where not even remailers can distinguish forward messages from replies; add an integrated directory design; and add link encryption. In addition to a specification, developers also decided to provide a working reference implementation. Mixminion has been in development since the first version of the specification was near-complete in May 2002.

A working Mixminion client and server will be demonstrated. If, as planned, Mixminion developers have directory servers working, any user with a static IP will be able to start a Mixminion node and have other users route their packets through the network. If not, messages will pass through a set of servers on- or off-site. The presentation will focus on attacks against mix-nets and the defenses Mixminion uses to prevent them. As many attacks as possible will be demonstrated against live servers.

The presentation will also discuss issues involved in implementing anonymity software, as well as the good and bad implementation choices Mixminion developers have made along the way.

Mixminion specification and a design papers are available from the project's home page. Mixminion protocol design has been adopted by the Mixmaster team as the basis for Mixmaster v4. Today, they have over 14K lines of code in CVS, implementing all of the spec except as discussed below, with acceptable performance (approximately 1.2 MB of messages per second on an 800MHz Pentium-III desktop).

The following features from the Mixminion spec are not yet implemented in their library: directories, nymservers, generic SMTP delivery with abuse prevention, resistance to certain resource-exhaustion attacks, K-of-N message fragmentation and address filtering. When these features are completed, along with complete interfaces and testing suites, Mixminion will release version 1.0. Developers hope to reach this point some time in the first half of 2003.

Mixminion developers are also researching additional improvements to the current specification, including: decentralized directories, dummy messages, batching mechanisms (synchronous batching, cascades, etc.), simplified indistinguishability and faster response to network outages. They hope to include implementations for these ideas in future versions.

Nick Mathewson started writing free software with the PolyJ language, developed as an undergraduate project to add parametric polymorphism to Java. He graduated from M.I.T. with an M.Eng. in 2000 and has been working for a startup ever since. Outside of work, he's contributed a few minor patches to the Python language. Nick has been spending his free time on Mixminion since May of 2002.

"DeepGreen: Agent-Oriented Investment Analysis Designed to Be Self-Funding", by Michael F Korns

DeepGreen ( began in 1993 with version 1.0 and released version 4.3 this July. The project is vertically integrated with its own LISP/JavaScript/XML compilers, proprietary agent-oriented database and IDE. DeepGreen has been self funding by investing profits. In 1999 a commercial startup, InvestByAgent, was spun off to handle all commercial application of the technology. InvestByAgent received a $10 million first venture round in 2000.

Deep Green's current successes and weaknesses will be demonstrated, and plans for DeepGreen Version 5 will be discussed.

DeepGreen has achieved balanced hedged-growth investing with a nine year (through today) average per annum return of 25%. Their best year was a 104% gain and worst year was a 13% loss. DeepGreen developers are in the black. They are in the process of adding a cognitive layer to DeepGreen to further increase investing profits.

Michael F Korns has thirty-seven years in CS with positions including: IBM Research staff member, VP Tymeshare Transactions and VP Chief Scientist Xerox Imaging. His areas of specialization include database design, compiler design, A.I., machine learning, natural language processing and agent-based systems.

"GNU Radio: Hacking the RF Spectrum with Free Software and Hardware", by Eric Blossom and Matt Ettus

GNU Radio ( is a collection of software that, when combined with minimal hardware, allows the construction of radios where the actual waveforms transmitted and received are defined by software. This means that it turns the digital modulation schemes used in today's high performance wireless devices into software problems.

GNU Radio was launched in April of 2001 to build a platform to learn about, explore and deploy software-defined radios using open-source software and hardware. "Regulatory hacking" led GNU Radio developers down a path that has most recently led to the creation of a software HDTV transmitter and receiver. The HDTV receiver can serve as the basis for an open-source digital TV recorder in the TiVo/Replay genre.

Applications that have been built with GNU Radio will be demonstrated, including: a concurrent multi-channel FM receiver, the mother of all scanners and an all-software ATSC (HDTV) receiver. If it's working by the conference, they will also demo their encrypted digital radio transceivers. Demos and talks will include a show and tell of radio construction by scripting together signal processing modules (radio hacking made easy), transparent use of SMP hardware and other cool stuff.

Future plans are to work on encrypted digital transceivers, ad-hoc networking using cognitive radio techniques, GPS receiver, trunking and relaying for existing radio services and research with new modulation techniques and protocols.

Eric Blossom is CTO of Blossom Research. He is the maintainer of GNU Radio. Prior to his interest in software radio, he was the founder and CTO of Starium, where he was responsible for the design and development of a line of secure telephones.

Matt Ettus, has a Master's Degree in EE from Carnegie Mellon University, where he studied spread spectrum and ad-hoc networks. He also has BSEE and BSCS degrees from Washington University in St. Louis. After a couple of years working on GPS systems at Integrinautics Corp., he now does DSP design for Zeevo, Inc., a leading Bluetooth semiconductor company. Matt is a licensed radio amateur (N2MJI) and lives in the Bay Area.

"Advogato: Good Metadata, Even When Under Attack, Based on a Trust Metric", by Raph Levien

Advogato ( is a community site for free software developers. It also serves as a research testbed for Raph Levien's research on group trust metrics for peer certification.

Advogato launched in November 2000 as a testbed for a network flow-based attack-resistant trust metric. In July 2002, Advogato added a new eigenvector-based trust metric for rating diaries. The thesis is still ongoing.

The demonstration will tour Advogato and then run the trust metric code by itself. Explanation of how it works will include both network flow (which is simple) and the random walk interpretation of eigenvectors, which is very strongly related to Google's PageRank algorithm.

Advogato has become an integral part of the free software scene. The site shows that it is realistic to construct a trust graph. The accuracy of the trust metric may not be perfect (there is definitely "cert inflation"), but overall, Advogato manages to be remarkably free of trolls and abuse, with virtually no manual moderation.

Future plans for Levien are to keep Advogato going, finish his thesis and spread the word about trust metrics.

Raph is the founder of Advogato, a community site for free software developers. The trust metric ideas are the basis for his Ph.D. research at UC Berkeley. His day job is maintainer of Ghostscript.

"Current Developments in Version Control", a panel discussion with Larry McVoy, Greg Stein and Jonathan Shapiro

Questions for the panel are: What are the important version control systems today? What are they appropriate for? How will the current adoption battles play out?

Larry McVoy is found of BitMover, creators of the BitKeeper version control system, currently in use for Linux kernel development.

Greg Stein is a Director at CollabNet, where is he in charge of their version control initiatives, which includes the Subversion project. He is also the author of ViewCVS.

Dr. Shapiro is a faculty member in the Department of Computer Science at Johns Hopkins University, where he is also a founding member of the Information Security Institute. His current research focuses on high performance secure operating systems (EROS), configuration management (OpenCM), information assurance and (most recently) virtual machine technologies.

Dr. Shapiro also has over fifteen years of high-technology experience, primarily in standard-setting product design and competitive strategy definition. He is an experienced technologist and executive with a track record for building leading-edge products and organizations.

"Neurogrid: Decentralized Fuzzy Meta-Data Search", by Sam Joseph

Neurogrid ( released its first web prototype one month after the first O'Reilly P2P conference. The first personal version was released for Windows in May 2001. NeuroGrid P2P simulator code was released before the second O'Reilly P2P conference, and used in CodeCamps in Tokyo. More recently, NeuroGrid has implemented the Tristero search interface and separated out its core features into the NG Core. Once stable, the NeuroGrid API will be proposed as a Tristero reputation/search interface extension. Current work focuses on isolating the persistence, search and transport APIs, so that the system will be more maintainable and interoperate with other projects.

A brief overview of NeuroGrid design will be followed by a demonstration of a bookmark file being imported into NeuroGrid, searches over the imported URLs and meta-data editing. The demonstration will also include a connection to the NeuroGrid net for distributed searches. A key part of the demonstration will be to show how NeuroGrid learns users' preferences in response to the way they search. Thus, if a user bookmarks a URL, the words used to search for it become more strongly associated with it, leading to a higher ranking in future searches. Similarly if a user bookmarks a URL provided by a remote search engine/neurogrid node, then this node will appear higher in future rankings.

Achievements of Neurogrid are a prototype web-based NeuroGrid version; release of a personal NeuroGrid Beta version; release of open-source NeuroGrid Simulation Code (also supports Gnutella, Freenet and other P2P simulations); two NeuroGrid Codecamps held in Tokyo; release of NeuroGrid Core 0.1 with full RDF Search support and built in RDB; and implementation of Tristero Search Interface.

For future development, the main aims include more rigorous simulation including adversarial meta-data environments and release of more user-friendly software. The project code has been rewritten recently to fix various problems that the web prototype brought to light. The core code can be used as a generic way to organise data, but in order to get that across, there must also be a simple to use, easy to understand application which runs on top of it. The main example applications still revolve around organising URLs, and are still fairly complicated.

Dr. Sam Joseph received a Ph.D. from the University of Edinburgh in 1997 after finishing a Cognitive Science thesis entitled "Theory of Adaptive Neural Growth." He subsequently moved to Japan on a Toshiba Fellowship, worked for two years on mobile software agents in a Toshiba research laboratory, and contributed learning technology to the "Plangent" project. While in Japan, he also worked for the internet advertising company ValueCommerce, researching advert personalization and tracking systems. In 2000 he went freelance, starting "NeuroGrid Consulting" and worked with a variety of companies, with projects including Japanese Chat systems, Language Learning Support systems and a Movie Database project. During this period, Dr. Joseph wrote a number of articles on Japanese technology for JapanInc magazine and started the NeuroGrid project. Most recently he has been taken on as a Research Associate at the University of Tokyo, Strategic Software Division.

"Khashmir: A Distributed Hash Table Library upon which Applications Can Be Built", by Andrew Loewenstern

Khasmir ( has been written in an attempt to spark distributed application development with scalable search techniques.

A P2P music recommendation system based on Khashmir will be demonstrated. Khashmir includes Airhook reliable datagram protocol over UDP for STUN-like NAT penetration. Future plans are to deploy a useful system based on Khashmir.

Andrew Loewenstern previously worked on Mojo Nation.

"YouServ: A Communal Web-Hosting System for the Masses", by Roberto Bayardo

The YouServ system ( has been deployed in a constantly evolving form within the IBM intranet for almost 18 months. In that time, it has been used by over 5000 unique users, with approximately 1500 of them actively running the software in any given week. Many more users have accessed YouServ-hosted content over the IBM internal web. Earlier this year, a limited version of YouServ (without P2P search) was deployed for use by the Carnegie Mellon University community but has yet to achieve critical mass.

The YouServ system as it is deployed within IBM (through secure tunnel into the IBM intranet) will be demonstrated. Focus will be on the unique features of publishing a web site or sharing files with YouServ compared to something like Apache. These features include: mirroring of web site content across multiple end-user machines for improved availability; secure and uniform control access to site content via integrated SSL support and single sign-on authentication; the ability to publish web content using your own machine even from behind firewalls or NATs; an efficient and complete (hybrid P2P) search over all participating sites even in the presence of transient node availability; and a plugin capability for easily extending site functions and enabling meta P2P apps.

YouServ has demonstrated P2P file sharing is useful within a corporate environment. A future goal is to open source the system and allow deployment outside of IBM (without any licensing headaches).

"OpenRatings: An Open-Source Professor Ratings Engine", by J. Paul Reed, Brian Morris and Kennan Blehm

OpenRatings (, released under the Jabber Open Source License on July 1, 2002, grew out of rewriting the professor ratings engine in PHP and importing data from flat files into a database.

Polyratings, launched in January of 1999, was one of the first professor ratings sites on the Internet. The PHP version was open sourced to protect both the intellectual property value invested in the original project as well as the First Amendment rights of students at Cal Poly, SLO.

OpenRatings is a unique open-source project because it not only protects "freedom" in terms of "free beer" and "free code," but in terms of the "free speech" of over 16,000 students.

The OpenRatings demonstration will show a "day in the life" tour of a college student using one of the existing OpenRatings installations; a brief tour of the source code; an explanation of some of the guiding principles behind technical decisions made on the project, including inherent requirements not found in other open source projects, such as an emphasis on installation and operational user support; operational suggestions and historical notes; and coverage of some planned features which seek to increase the value of OpenRatings installations to university-going students and smaller universities around the world.

The original ratings engine was one of the first such engines on the Internet, and has been featured in the Los Angeles Times, the Japan Times, the Christian Science Monitor, the Houston Chronicle, the Sacramento Bee and various other publications.

One of the original authors of the ratings engine also has consulted on a court case involving professors suing students running a similar site at San Jose State University.

Technical plans include adding a web-based administration interface and enterprise-level features to make OpenRatings more attractive to smaller universities who may want managed student feedback but don't have the technology budget to write or purchase proprietary software to accomplish this. These plans, while important, are second to providing features required by OpenRatings' primary "customers," college students all over the world.

Current project leaders have also identified installation and operational support as a critical area to assist students at universities world-wide. Support areas include both the technical issues associated with starting an OpenRatings installation, as well as socio-political and legal issues such a site can raise with university administrators. This is yet another aspect which sets OpenRatings apart from many open-source projects, and which will be covered in more detail in a demonstration.

"Paketto Keiretsu: Interesting and Useful Techniques for TCP/IP Networking", by Dan Kaminsky

Paketto ( is similar in lineage to Dan's presentation at CodeCon 2002. The demonstration will show near-instantaneous network mapping, ICMP Echo over Cut-And-Paste and an update to his CodeCon 2002 talk.

The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system; Minewt, a user space NAT/MAT router; Linkcat, which presents a Ethernet link to stdio; Paratrace, which traces network paths without spawning new connections; and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.

Dan Kaminsky, also known as Effugas, worked for two years at Cisco Systems designing security infrastructures for large-scale network monitoring systems. He recently wrote the spoofing and tunneling chapters for Hack Proofing Your Network: Second Edition and has delivered presentations at several major industry conferences, including LinuxWorld, DefCon and past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he founded the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. He is based in Silicon Valley, presently studying Operation and Management of Information Systems at Santa Clara University.

"Hydan: Steganographically Conceal a Message into Executable Applications", by Rakan El-Khalil

In the demonstration, a given text message will be embedded into an application chosen by the audience. This application will be run to show that execution proceeds identically to the original program, and then the Hydan will be retrieved.

Hydan encodes without changing executable file size. On average, one byte of message can be encoded for every 200 bytes of machine code.

Future plans are to improve the statistical profile of the instructions in the host program to closely match that of the original application; embed more bits by identifying dead-code sections in the host program; and support more than just ELF binaries and the i386 instruction set.

"Bayonne: Telephony Application Services for Freely Licensed Operating Systems", by David Sugar and Rich Bodo

GNU Bayonne ( started in mid-2000 and has been in wide use in e-government, commercial organizations and carriers since 2001. GNU Bayonne 1.0 was released in September 2002.

A live GNU/Linux system will be demonstrated with an OpenSwitch12 telephony card installed and acting as a complete telephone system, with several analog telephones attached, using the GNU Bayonne telephony service daemon.

GNU Bayonne is already used by commercial carriers in Europe, in e-government projects and in many industries to provide voice response application services that can integrate freely with other services. GNU Bayonne will also provide direct office telephony solutions soon.

The 2002 Singapore Linux Conference awarded the prestigious "Best New Enterprise Infrastructure Application of the Year" to GNU Bayonne. Future plans include adding IP Voice support, DS3 capacity voice response applications on a single server and support for Carrier Grade Linux enhancements.

David Sugar is one of the founders of and CTO for the Open Source Telecom Corporation. He is also the primary author of and active maintainer for a number of packages that are part of the GNU project, including GNU Common C++, GNU ccScript, GNU ccRTP and GNU ccAudio, as well as the GNU telephony application server, GNU Bayonne. He also serves as the volunteer chairman of the FSF's DotGNU steering committee, and has served as the community's elected representative to the International Softswitch Consortium.

"Cryptopy: Pure Python Crypto", by Paul Lambert

The Cryptopy demonstration will include encryption MACing, "enhanced" AES and rolling your own enhancements, file encryption, simple UDP-based encrypted messaging system, ping as a covert encrypted signalling channel and random ping discovery process.

This Pure Python crypto library has very easy to use consistent OO interfaces; runs on any Python capable platform with no additional dependencies; and implements Rijndael, AES, AES-CBC, AES-CCM, AES_etc, Icedoll and others. It has hashing and key generation (e.g., pbkdf2), strong passphrase generation, "enhanced" AES encryption and tools for enhanced algorithms, a crypto strong random class, full support for IEEE 802.11i base algorithms and full reference implementations with test vectors.

Interesting applications include very portable file encryption and ping-based messaging as covert channels. Future plans are to work on public key based trust delegation.

"HOTorNOT: People Submit Their Picture for Others to Rate from 1 to 10", by Jim Young and James Hong

HOTorNOT ( started in October 2000. The "meeting" component was added three months later. HOTorNOT scaled very quickly and was built entirely on open-source tools, without real financing.

The demonstration will discuss HOTorNOT's approach to UI, and why it has been so important to the success of the project. Future plans include increasing the scale of the site.

Jim Young is a co-founder of Jim is also a Ph.D. candidate at UC Berkeley, where he focuses on embedded system design. Entertainment Weekly named Jim as one of the most creative people in entertainment.

James Hong is a co-founder of and XMethods. James holds an engineering degree and MBA from UC Berkeley. Entertainment Weekly also named James as one of the most creative people in entertainment.


Load Disqus comments