Re: ... rolling ... 3D ... entropy master's authority

Florent THIERY writes :

"If i was to push my studies further (i work as a junior security
consultant for now), i think i'd do it with a master thesis on croquet
:)"

Now, I am intrigued with collaborative saving of work
of open operating system "security issues".

The architypal complex is authority/anonymity.

You work in collaboration, someone goes builds an object and signs it
by getting in a "high entropy channel" noone could crack with password.

I've fooled with opening images with older incarnations
of the squeak virtual machine and got unintended public error messages
asking me to bug my platform provider (Apple) for this higher entropy
and was familiar from Knuth readings
on random numbers to try to get what was
going on in computer algebra recipes random number algorithm
on computers and a crypto conference I went to at Tx A and M
what that was about.

I knew from quantum crypto stories that a perfect random number generator
generates unbreakable code. I'm not a crypto guy but I read
what physics is good for.

That fixes responsibility on the password signor for the piece of the
project
and the "glory" of having created it. People can own pieces they make and
own
improving those pieces. Noone else could come and mess things up
without leaving a footprint.

Though objects hide inside for abstraction, you have accountability
credit and blame. A hacker couldn't make croquet look evil
as easily as it could with the older vm's.

Better heads than mine collaborate with platform providers on such things
and also, I suppose, in breaking the codes.

Great master's thesis idea because fun could motivate deep understandings.

Hi,

> The architypal complex is authority/anonymity.

Yes, especially regarding:
- decentralized systems: who is the authority, if everything is
decentralized? A certification authority would be a monopoly,
self-signature is worthless without reputation/repudiation systems.
One can think about implementing pgp in this context, which is
semi-decentralized and human relationship-based.
- why anonymity? There is need for anonymity for 2 different aspects:
* IP obfuscation (to prevent regular IP attacks), i.e. level 7 routing
(DHTs), NAT, proxying
* privacy protection for "unethical" activities, i.e. activities one
wouldn't want to associate to it's real-life identity. As for a
croquet-based metaverse, i really don't think global anonymity is a
good idea: croquet is a place to collaborate, not for virtual hookers
(well, it's kindof a collaboration....) or 0day exchanging/selling;
still, implementing "gray" zones may be interesting: who wants to go
in a virtual world where there is no "i am nobody" switch?

> You work in collaboration, someone goes builds an object and signs it
> by getting in a "high entropy channel" noone could crack with password.

Well, it's either:
- authentification: signing with it's private key, so that the object
is always associated to the author; i would go for this one, because
sharing is important.
- IP protection: I don't see a croquet world based on intellectual
property protection (such as second life), just because protections
can be as hard as you want, there's always somebody to catch on and
find a hole; developing sophisticated protections limits propagation
of innovativity, costs time and money, adds performance overhead
etc...

> I knew from quantum crypto stories that a perfect random number generator
> generates unbreakable code.

But there is no perfect random number generator, except people
themselves (biometry-based random generation?). Plus, you seem to be
talking about a "secure channel" which would be a particular space in
the world, right? That's centralization :-\

> I'm not a crypto guy but I read what physics is good for.

You are referring to quantum cryptography, right ? :)

> That fixes responsibility on the password signor for the piece of the project and the "glory" of having created it. People can own pieces they make and own improving those pieces. Noone else could come and mess things up without leaving a footprint.

I totally agree.

As for keeping track of the changes, it's sort of a secure embedded
svn changelog :p . It's really authentication; one can imagine a
kudos-based currency, which has NO stock exchange, but serves as
internal currency and reputation indicator.

Example of incentive system:
- when somebody injects a contribution into the world : develops a
script/code/object/graphics component/help guide/whatever: that's
great for the community ! For every people using this code, the dev
gets kudos (on a logarithmic basis); the kudos system counts as a
reputation system
- regular users that can't/don't want to contribute by creating can do
so by paying freelance/commercial artists/developers to create content
for the world. By doing so, they offer it not only to themselves, but
to the community too (not in forms of the bought objects, but of their
subobjects/subcode, ex parts of an avatar, but not the avatar itself).
It's more like a donation to the community than real-life commerce. On
the model of today's open source donations (micro-donations).
- kudos give you the possibility to *duplicate* objects (again, lots
of rules to define...), privileged access to selective areas (ex:
overcrowded / saturated), who knows.

I'm not very sure about this kudos thing, i'm just writing randomly,
but there is many exploration space in these two fields:

- open-currency-based economics, that has incentive mecanisms to
sharing, evolution, not profit. Still, one can imagine internal
*jobs*, paid in real money (the artists' is one), but the question is:
who is the bank/employer.... Well, it's a passionating question, but
it won't come before ages.

- IF there are rules, then with rules/constraints comes security, so
that the social/economic system is sustainable

And croquet can be a test-system for studying their viability.

So as for security there are 2 aspects:
- network/system security
- rules application (ex: what defines an acceptable client software,
what physics rules, can one teleport, etc....) which can be (and
probably will) zone-dependant

> Better heads than mine collaborate with platform providers on such things
> and also, I suppose, in breaking the codes.
>
> Great master's thesis idea because fun could motivate deep understandings.

That's for sure ! I have tons of interests, in the following fields:
* domotics/virtual world interaction (you add an intelligent object
into your home, and it's materialized into your virtual home, so that
you can access to it's settings/functions)
* regarding network security (pgp implementation, secure communications)...
* i also put some time into reading p2p research papers (DHTs, exotic
p2p systems), and mesh-based wifi networking (provider-independant
communications...)
* virtual currency/incentive mecanics (closely related to p2p)
* the open source community and the peer to peer philosophy itself (
http://www.p2pfoundation.net/Main_Page )

... And i'd be glad to study/contribute. But one has to find an
educational "sponsor"/mentor/research team/context for this kind of
stuff, when taken seriously. Not to mention that my programming skills
are todays those of a new fresh born out of academy.

Cheers

Florent

PS: on another subject, i recently looked at the OLPC project, and the
interface (Sugar, see http://wiki.laptop.org/go/Sugar_Instructions )
has interesting novative aspects, activity based, which may (if
they're not part of croquet yet) be of interest to people here.