CodeCon

Main Registration Program Schedule People CFP Lists About Sponsors

Advogato - Good metadata, even when under attack, based on a trust metric
presentersRaph Levien
historyAdvogato launched in November 2000, as a testbed for a network flow based attack-resistant trust metric. In July 2002, Advogato added a new eigenvector based trust metric for rating diaries. The thesis is still ongoing.
demoWe will tour Advogato, and run the trust metric code by itself. Also explain how it works, including both network flow (which is simple), and the random walk interpretation of eigenvectors, which is very strongly related to Google's PageRank algorithm.
achievementsAdvogato has become an integral part of the free software scene. We definitely showed that it's realistic to construct a trust graph. The accuracy of the trust metric may not be perfect (there is definitely "cert inflation"), but overall the site manages to be remarkably free of trolls and abuse, with virtually no manual moderation.
claim to fame Salon Story

"This is yet another piece of good work from Raph Levien" -- Daniel Veillard.

future plansKeep Advogato going. Finish my thesis. Spread the word about trust metrics.


Alluvium - p2p media streaming for low-bandwidth broadcasters
presentersBrandon Wiley
historyThe Tristero project develops a set of standard reusable components for peer-to-peer systems. When the recent shutdown of Internet radio stations occurred, we began using these components to build a superior system for audio and video streaming.
demoHosting and downloading will be demonstrated
achievementsBroadcasters only publish metadata
Very low bandwidth requirement
Exempt from current RIAA webcasting royalties
Only a webserver is required
claim to fameThe author is a well-known peer-to-peer researcher and former co-founder of the Freenet project
future plans After the beta release of the product, we plan to help alternative sources of news and culture establish low-cost media broadcasting stations. We have founded a non-profit organization, the Foundation for Decentralization Research, to help fund the adoption of peer-to-peer media broadcasting technologies by alternative media such as indymedia, Guerilla News Network, and local college and pirate radio stations. With our technology, it should be possible for users with little technical experience to run media broadcasting stations on old PCs and a consumer-grade broadband connection which will scale well past a reasonable number of listeners.

Bayonne - Telephony application services for freely licensed operating systems
presentersDavid Sugar, Rich Bodo
historyStarted in middle of 2000. Has been in wide use since 2001 in e-government, commercial organizations, and carriers. 1.0 release of GNU Bayonne in September 2002.
demoA live GNU/Linux system will be demonstrated with an OpenSwitch12 telephony card installed and acting as a complete telephone system, with several analog telephones attached, using the GNU Bayonne telephony service daemon.
achievementsGNU Bayonne is already used by commercial carriers in Europe, in e-government projects, and in many industries to provide voice response application services that can integrate freely with other services. We are soon going to also provide direct office telephony solutions using GNU Bayonne.
claim to fameAwarded prestigious "Best new Enterprise Infrastructure Application of the year" by 2001 the Singapore Linux Conference.
future plansIP Voice support, DS3 capacity voice response applications on a single server, support for Carrier Grade Linux enhancements.

Cryptopy - pure Python crypto
presentersPaul Lambert
historyWrote code. Ran code. Saw code run.
demoDemo will include -

  • encryption, MACing
  • 'enhanced' AES and rolling your own enhancements
  • file encryption
  • Simple UDP based encrypted messaging system
  • Ping as a covert encrypted signalling channel
  • perhaps more ... depending on time
  • random ping discovery process
achievements 'Pure Python' crypto library

  • Very easy to use consistent OO interfaces
  • Runs on any Python capable platform, no additional dependencies
  • Rijndael, AES, AES-CBC, AES-CCM, AES_etc, Icedoll and others
  • hashing and key generation (e.g. pbkdf2)
  • strong passphrase generation
  • 'enhanced' AES encryption and tools for enhanced algorithms
  • Crypto strong random class
  • full support for IEEE 802.11i base algorithms
  • full reference implementations with test vectors
Interesting Applications

  • very portable file encryption
  • Ping based messaging as covert channels
future plans
  1. Public key based trust delegation.
  2. World domination.

DeepGreen - Agent Oriented investment analysis designed to be self-funding
presentersMichael F Korns
historyBegan in 1993 with version 1.0, and released version 4.3 this July. Project is vertically integrated with its own lisp/javaScript/XML compilers, proprietary agent oriented database, and IDE. Project has been self funding from investing profits. In 1999 spun off a commercial start up, InvestByAgent, to handle all commercial application of the technology. InvestByAgent received a $10 million first venture round in 2000
demoLaptop demo of DeepGreen, its current successes, current weaknesses, and plans for DeepGreen Version 5.
achievementsBalanced hedged-growth investing with a nine year (through today) average per annum return of 25%. Our best year was a 104% gain our worst year was a 13% loss
claim to fameWe're "black". Fame is not a desired option.
future plansWe're in the process of adding a Cognitive layer to DeepGreen to further increase investing profits.

GNU radio - Hacking the RF Spectrum with Free Software and Hardware
presentersEric Blossom, Matt Ettus
historyGNU Radio was launched in April of 2001 to build a platform to learn about, explore and deploy software defined radios, using open source software and hardware. ``Regulatory hacking'' has led us down a path that has most recently lead to the creation of a software HDTV transmitter and receiver. The HDTV receiver can serve as the basis for an open source digital TV recorder in the TiVo/Replay genre.
demoWe'll be demoing some of applications that we've built with GNU Radio including: concurrent multi-channel FM receiver, the mother of all scanners, and our all software ATSC (HDTV) receiver. [If it's working by the conference, we'll also demo our encrypted digital radio transceivers.] Demos and talks will include show and tell of radio construction by scripting together signal processing modules (radio hacking made easy), transparent use of SMP hardware and other cool stuff.
achievementsA fully functional HDTV receiver.
future plansencrypted digital transceivers, ad-hoc networking using cognitive radio techinques, GPS receiver, trunking and relaying for existing radio services, research with new modulation techniques and protocols.

HOTorNOT - People submit their picture for others to rate from 1 to 10
presentersJim Young, James Hong
historyStarted site in October 2000, Added "meeting" component 3 months later.
demoWe will discuss our approach to UI, and why it has been so important to the success of HOTorNOT.
achievementsWebsite scaled very quickly, built entirely on open source tools, with no real financing.
claim to fameWe were once profiled in the New Yorker
future plansContinue to grow the site.

Hydan - Steganographically conceal a message into executable applications
presentersRakan El-Khalil
historyThis project started conceptually while on vacation during the summer of 2002. Hydan was then put to code in september of that year, and a working version was ready shortly thereafter.
demoWill embed a given text message into an application chosen by the audience. This application will then be run to show that execution proceeds identically to the original program, and then we will retrieve the concealed message.
achievements
  • Encodes without changing executable file size
  • On average, can encode one byte of message for every 200 bytes of machine code.
future plans
  • Improve the statistical profile of the instructions in the host program to closely match that of the original application.
  • Embed more bits by identifying dead-code sections in the host program.
  • Support more than just ELF binaries and the i386 instruction set.

Khashmir - A distributed hash table library upon which applications can be built
presentersAndrew Loewenstern
historyKhashmir has been written in an attempt to spark distributed application development with scaleable search techniques.
demoDemo of a peer to peer .music recommendation system based on Khashmir.
achievementsIncludes Airhook reliable datagram protocol over UDP for STUN-like NAT penetration
future plansDeploy a useful system based on Khashmir

Mixminion - A next-generation anonymous remailer
presentersNick Mathewson
historyMixminion began in early 2002 as a project to design a next-generation successor to the current 'Type-II' anonymous remailer network. It aims to resist all known attacks as well as or better than currently deployed software; to add a secure and anonymous reply mechanism where not even remailers can distinguish forward messages from replies; to add an integrated directory design; and to add link encryption.

In addition to a specification, we also decided to provide a working reference implementation.

Mixminion has been in development since the first version of the specification was near-complete in May 2002.

demo We'll demonstrate a working Mixminion client and server.

If, as planned, we have directory servers working before the materials submission date, any user with a static IP will be able to start a Mixminion node and have other users route their packets through the network. If not, messages will pass through a set of servers on- or off-site.

The presentation will focus on attacks against mix-nets, and the defenses Mixminion uses to prevent them. As many attacks as possible will be demonstrated against live servers.

The presentation will also discuss issues involved in implementing anonymity software, and discuss the good and poor implementation choices we've made along the way.

achievements We've got a specification and a design paper, both available from our project's homepage. Our protocol design has been adopted by the Mixmaster team as the basis for Mixmaster v4. Today, we have over 14K lines of code in CVS, implementing all of the spec except as discussed below, with acceptable performance (approximately 1.2 MB of messages per second on an 800MHz Pentium-III desktop).
future plans The following features from the Mixminion spec are not yet implemented in our library:

  • directories
  • nymservers
  • generic SMTP delivery with abuse prevention
  • resistance to certain resource-exhaustion attacks
  • K-of-N message fragmentation
  • address filtering
When these features are completed, along with complete interfaces and testing suites, we'll release version 1.0. We hope to reach this point some time in the first half of 2003.

We're also researching additional improvements to our current specification, including:

  • decentralized directories
  • dummy messages
  • batching mechanisms: synchronous batching, cascades, etc.
  • simplified indistinguishability
  • faster response to network outages
We hope to include implementations for these ideas in future versions.

Neurogrid - Decentralized Fuzzy Meta-Data Search
presentersSam Joseph
historyReleased 1st web prototype one month after the first O'Reilly P2P conference. 1st personal version released for windows May 2001. NeuroGrid P2P simulator code released before second O'Reilly P2P conference, and used in CodeCamps in Tokyo. More recently NeuroGrid has implemented the Tristero search interface and separated out its core features into the NG Core. Once stable the NeuroGrid API will be proposed as a Tristero reputation/search interface extension. Current work focuses on isolating the persistence, search and transport apis, so that the system will be more maintainable and interoperate with other projects.
demoBrief overview of NeuroGrid design. Demonstration of bookmark file being imported into NeuroGrid, searches over the imported urls and meta-data editing. Assuming we have internet connectivity the demonstration will also include a connection to the NeuroGrid net for distributed searches. The key part of the demonstration will be to show how NeuroGrid learns the users preferences in response to the way they search. Thus if a user bookmarks a url, the words used to search for it become more strongly associated with it, leading to a higher ranking in future searches. Similarly if a user bookmarks a url provided by a remote search engine/neurogrid node, then this node will appear higher in future rankings.
achievements
  • Prototype Web Based NeuroGrid version
  • Release of personal NeuroGrid Beta version
  • Release of Open Source NeuroGrid Simulation Code (also supports Gnutella, Freenet and other p2p simulations)
  • Two NeuroGrid Codecamps held in Tokyo.
  • Release of NeuroGrid Core 0.1 with full RDF Search support, built in RDB.
  • Implementation of Tristero Search Interface
claim to fameMixup led to an unprepared Lightning talk at the first O'Reilly P2P conference. "Remember the site http://www.neurogrid.net - don't go there yet, wait until March 15th" Sam told the audience.
future plansTotal World Domination (of decentralised fuzzy search systems)

Seriously though, the main aims are more rigorous simulation including adversarial meta-data environments; and release of more user-friendly software. The project code has been re-written recently to fix various problems that the web prototype brought to light. The core code can be used as a generic way to organise data, but in order to get that across there needs to be a simple to use, easy to understand application that runs on top of it. The main example applications still revolve around organising urls, and still have a way to go before they are simple to use.

We intend to have a smoothly operating application demo (of url organisation) for CodeCon, but ultimately we would like to see this system in use for organising files, email, perhaps available as a basic OS service, so that any application could access resources via meta-data as opposed to file paths.


OpenRatings - An open source, professor ratings engine
presentersJ. Paul Reed, Brian Morris, Kennan Blehm
history OpenRatings, released under the Jabber open source license on July 1st, 2002, grew out of the work done to rewrite the Polyratings.com professor ratings engine in PHP and import the data from flat files into a database.

Polyratings, launched in January of 1999, was one of the first such professor ratings sites on the Internet. The PHP version was open sourced to protect both the intellectual property value invested in the original project and the First Amendment rights of students at Cal Poly, SLO.

This makes OpenRatings a unique open source project in that it not only protects "freedom" in terms of "free beer" and "free code," but in terms of the "free speech" of over 16,000 students at one site alone.

demo
  • a "day in the life"-tour of a college student using one of the existing OpenRatings installations
  • a brief tour of the source code
  • an explanation of some of the guiding principles behind technical decisions made on the project, which has some interesting inherent requirements not found in other open source projects, including an emphasis on installation and operational user support
  • Operational suggestions and historical notes
  • Coverage of some planned features which seek to increase the value of OpenRatings installations to university-going students and smaller universities around the world
achievements Apart from the technical achievements accomplished during the project's relatively short lifetime, which would be covered in the demo, the OpenRatings project is currently in use by students at California Polytechnic State University, San Luis Obispo, Colorado State University, and the University of California at Santa Cruz.

We've also received serious interest and requests for installation support from the University of Colorado at Boulder, Nova Southeastern University, the University of Leoben, Austria, the University of California at Davis, and the University of California at Santa Barbara.

claim to fame The original Polyratings.com ratings engine was one of the first such engines on the Internet, and has been featured in the Los Angeles Times, the Japan Times, the Christian Science Monitor, the Houston Chronicle, the Sacramento Bee and various other publications.

One of the original authors of the ratings engine has also consulted in a court case involving professors suing students running a similar site at San Jose State University.

future plans Technical plans include adding a web-based administration interface and 'enterprise-level' features to make OpenRatings more attractive to smaller universities who may want managed student feedback, but don't have the technology budget to write or purchase proprietary software to accomplish this. These plans, while important, do take a backseat to providing features that are required by our first "customers": college students all over the world.

Current project leaders have also identified installation and operational support as a critical area to assist students at universities world-wide. Support areas include both the technical issues associated with starting an OpenRatings installation, and the socio-political and legal issues such a site can raise with the university administrators.

This is yet another aspect which sets OpenRatings apart from many open source projects, and which would be covered in more detail in a demo.


Paketto Keiretsu - Interesting and Useful Techniques for TCP/IP Networking
presentersDan Kaminsky
historyPaketto is similar in lineage to Dan's presentation at CodeCon 2002
demo
  • Demonstration of near-instantaneous network mapping
  • ICMP Echo over Cut-And-Paste
  • An update to the Codecon 2002 talk
achievements The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.
claim to fame
  • Coauthored "Hack Proofing Your Network: 2nd Edition"
  • Wrote Dynamic Forwarding component of OpenSSH
future plansYou'll see :-)

YouServ - A communal web-hosting system for the masses
presentersRoberto Bayardo, Dan Gruhl
historyThe YouServ system has been deployed in a constantly evolving form within the IBM intranet for almost 18 months. In that time, it has been used by over 5000 unique users, with around 1500 of them actively running the software in any given week. Many more have accessed YouServ-hosted content over the IBM internal web. Earlier this year, a limited version of YouServ (e.g. no p2p search) was deployed for use by the Carnegie Mellon University community, but has yet to achieve critical mass.
demoWe will give a demonstration of the YouServ system as it is deployed within IBM (through secure tunnel into the IBM intranet). We will focus on the unique features of publishing a website or sharing files with YouServ compared to something like Apache. These features include:
  1. mirroring of website content across multiple end-user machines for improved availability
  2. secure and uniform control access to site content via integrated SSL support and single sign-on authentication
  3. the ability to publish web content using your own machine even from behind firewalls or NATs
  4. an efficient and complete (hybrid p2p) search over all participating sites even in the presense of transient node availability, and
  5. a plugin capability for easily extending site functions and enabling meta p2p apps.
achievementsDemonstrated P2P file sharing is useful within a corporate environment.
future plansOur goal is to open source the system to allow deployment outside of IBM (without any licensing headaches). However this is a complicated process we are still navigating.

Panel - 'Current Developments in Version Control'
topics
  • What are the important version control systems today?
  • What are they appropriate for?
  • How will the current adoption battles play out?
panelists

PGP key signing

organised by Len Sassaman.

The PGP key signing will use the " Zimmermann-Sassaman Group Key Signing Method". Please give your PGP key when you register.

See here for more information.