Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Interviews: Christine Peterson Answers Your Questions

Previous 谈谈写作

You asked questions, we've got the answers!

Christine Peterson is a long-time futurist who co-founded the nanotech advocacy group the Foresight Institute in 1986. One of her favorite tasks has been contacting the winners of the institute's annual Feynman Prize in Nanotechnology , but she also coined the term "Open Source software" for that famous promotion strategy meeting in 1998.

Christine took some time to answer questions from Slashdot readers .

What exactly happened in 1998?

by Anonymous Coward

Prior to 1998, had you heard anyone using the phrase "open source" before? Or was it something you came up with on your own as the only logical set of words to describe source code which is openly shared.

Starting earlier, our non-profit, Foresight Institute, had been holding a series of small invitational meetings at our office in Los Altos, focused on our free software project and the field in general. One topic of discussion that came up now and then was the problem of the name free software and how it confused newcomers into thinking that the main point was the price because, sadly, in English our word for "free as in freedom" and "free as in price" are the same. (In Spanish they wisely use different words for these two concepts.) But nothing had yet been suggested that seemed good enough to catch on.

Sometime after that the term "open source software" popped into my mind, and my immediate thought was "that's good enough." Not ideal, not great, but good enough to solve the problem. I ran it by a few friends including Mark Miller and Eric Drexler, and they agreed it was probably good enough. One other friend, who worked in PR, thought that "open" had already been overused in the software field, which was true, but it seemed appropriate in this context so I decided to go ahead with the idea anyway.

Eric Raymond came to visit Silicon Valley in connection with the transition of the Netscape code from proprietary to publicly available, so we met again to discuss these new developments. While there Eric took a call from two people from Netscape, and when he was done I asked to speak to them, a man and a woman (possibly Mitchell Baker?). I mentioned the name problem and they agreed, but none of us then had a better term to suggest.

When Eric Raymond visited again, he needed to have other local meetings and doesn't drive, so I offered to drive him around. That's when I found myself sitting in on the meeting at VA Research that included Larry Augustin, Sam Ockman, and "maddog" by phone; I wasn't invited to it. Probably the others thought I was Eric's chauffeur or even his girlfriend. Prior to the meeting I had discussed the "open source software" idea with Todd Anderson, who was also at this meeting, but not with Eric himself, whom I didn't know as well at this point. Being a non-programmer, I had pretty much zero status at this meeting, except with the two who already knew me, so I didn't feel it would work to just say "Hey, here's why you guys all need to use my terminology for your field." The meeting was primarily on broader free software topics anyway, so I just listened and didn't see an opening. Fortunately, Todd was on the ball and tried an interesting tactic: he just used the term casually, not introducing it formally but just throwing it out there in another context. Of course then I perked up and started paying closer attention to see what would happen, if anything. A few minutes later someone else, who hadn't been informed in advance, spontaneously used it, again in a context unrelated to a change in terminology. Todd and I looked at each other and smiled: the meme had jumped successfully!

Later in the meeting, as a rather minor matter compared to the rest of it, the group had a brief discussion and agreed that open source software would be a useful term. No attention was paid then to who suggested it originally, which was fine with me. Later on, Eric even briefly thought it was he himself who came up with it (which would be quite a plausible thing for him to do), but Todd took the initiative to let him know that it was me, and immediately Eric was super gracious about correcting the record on that.

At the time, Todd told me that someday I would be glad to have credit for this, and he was quite right about that. So thank you Todd, wherever you are (and please get in touch).

I don't recall hearing the phrase before it popped into my head, though I found out later that it has long been widely used in the "intelligence" (i.e., spy) field to refer to publicly available information content, so the usage is similar enough to not be a problem. Since the recent coverage of the 20th anniversary, a couple of previous uses in a software context have turned up also. But since I was neither in software nor in intelligence, I probably did not see any of these uses.

I've seen a couple of commenters suggesting that I should defend a claim to having coined the term. Fortunately for me, I don't need to do this, because that decision is not based on my current input or comments. It's an open source community decision based on past experiences, and as a non-programmer I don't even get a vote on this. I just have to accept whatever the community decides, which is why I waited twenty years to let things settle out before publishing my own account.

For a more of the history, see my longer version at Opensource.com. (The OSI history page lists Michael Tiemann also at the VA Research meeting, which is probably correct though I don't recall it. It also has the meeting dated two days earlier than my notes indicate; sadly my calendar data from those days is not accessible format-wise anymore.)

What was it like in 1998?

by DevNull127

As someone who worked closely with Eric Raymond (and had interactions with Jon "maddog" Hall), what were they like in 1998? I'm curious what the whole "mood" of the development community was like in 1998 at that historic meeting. Maybe you could also talk about how things changed -- what they were like before the Open Source movement revved into high gear, and what they were like after.

And how does it all compare to when you first joined the tech scene in the 1980s?

CP:When I arrived in Silicon Valley in 1985, we were still in the early days of the personal computer. Most people did not have an email address or even a fax machine. Only visionaries like Ted Nelson and Doug Engelbart were talking about hypertext and the future of online personal computing. At that time, working on Nelson's Xanadu Hypertext Project was one of the few ways available to move toward that future, and it was through that project that I met many very smart software people including Mark S. Miller and Dean Tribble (who have just started a new company, Agoric , to advance secure smart contracts). It was an exciting time in terms of knowing the potential, but frustrating because the underlying chips were still slow, with little memory or graphics functionality, and online communications were done over regular phone lines using modems, painfully slow.

I vividly recall when Martin Haeberli came to the Foresight office to show us an early MOSAIC browser. It wasn't super impressive at that time, but he explained that this was the start of what would become a world of online hypertext, and he was right. The early days of the World Wide Web were extremely exciting to those of us who had been inspired by Nelson's and Engelbart's visions of hypertext. FINALLY we got to make links! But also they had an undercurrent of intense frustration, because so many of the visionary features were missing, such as automatic micropayments to authors for their original publications and even their quotes used elsewhere online. But the term micropayment was seen by many as anathema, because "information should be free." Even back then, some of us knew that there was no such thing as a free lunch, and that expenses must be paid somehow. It's this lack of micropayments to content providers that has led to today's ubiquitous business model of selling users' personal information and manipulating them using highly-targeted ads, and the negative effects of that on society.

At the time, the open-sourcing of Netscape was seen as yet another innovative Silicon Valley company succumbing to unfair pressure by the all-powerful behemoth Microsoft. This sad situation had the silver lining of bringing an exciting browser project into the free software world. But the small startups trying to do support for free software were having a heck of a time explaining to customers why they should have to pay anything at all to use "free software". (And of course they don't, if they are good enough at dealing with code...which most people, including me, are not.) This awkwardness is what led to the addition of "open source software" to the original -- and still useful -- name "free software".

I did not get to know maddog, but in 1998 Eric Raymond was the one who was most active in doing public outreach, especially media, on behalf of open source. He worked very hard for months or years, unpaid to my knowledge, to promote these ideas and the community. There were many others of course, including Bruce Perens who with Eric co-founded Open Source Initiative to defend the ideas and approve licenses that met the new Open Source Criteria they wrote. Tim O'Reilly played a key role by convening and hosting the community in meetings to make group decisions. And of course we should remember Richard Stallman and the Free Software Foundation, which had been and still are doing similar work under the original term.

To me as a relative outsider, it seemed that there was a big change when the new term was introduced, which happened very close in time to the Netscape open-sourcing. I had been reading Slashdot occasionally, mainly to admire the way it was designed and enabled users to interact much more effectively that other systems I'd seen. But when the new term arrived, it seemed that suddenly there was a fast ramp-up of attention and especially media coverage of the field. For a while it seemed like every day there was a new exciting development in "open source", which often appeared in quotes because it was so new. And these were appearing in non-programmer publications, ultimately in mainstream news media. Reading Slashdot became a daily necessity, especially for me, since I was getting some kind of thrilling brain chemistry surge every time I saw the term used. I still do, but it's smaller now: a nano surge.

Nanotech Prognosis / Open Source Utopia

by qaute

What's the current outlook for nanotechnology? Technically speaking, do we get Star Trek replicators soon, or is that still a 25+ year thing ?

The ultimate dream in nanotechnology is a molecular assembler (atomic 3D printer) on every desktop, with a widespread community of hardware designers/developers analogous to open source software today. You'll be able to, say, download files to build a new car from GitHub. Hackaday has a good writeup . Suppose that someone finally figures out how to build such a molecular assembler. Chances are it'll be patent-encumbered and NDA'd. How can we [get] from here to there...? Politically, how do regulations, industry, and patents look?

Socially, is it generally viewed as positive or negative these days?

CP:Let's say that the goal is an open-source molecular 3D printer able to construct molecular machinery, plus a large library of open-source designs to use with the device. Let's divide this into the hardware components and software components.

It's taken decades and billions of dollars investment to get us where we are today in conventional hardware chips. That kind of investment has not been made yet in molecular machinery. I think eventually we would get there using human chemists, but it appears that instead there will be a shortcut. Progress in artificial intelligence is moving faster now, and I expect that instead of human chemists and human designers of molecular machinery and associated construction pathways, this work will be done faster via AI. We do not need AGI (artificial general intelligence) to do this. Targeted knowledge of chemistry and design engineering are what is needed, and that's coming sooner than AGI. So it could well be sooner than 25+ years depending on AI progress, but (and here's the catch) if that happens, the world will be changing in many other ways also, both positive and negative, to the extent that we may have other issues to deal with instead of having the opportunity of focusing on writing open source code for atomically-precise manufacturing.

Regarding regulations and patents: there's no particular regulatory focus on molecular machinery just now, and there probably won't be much until an actual problem crops up. As an example, consider the recent hearings on Facebook: the US legislators are not educated enough on those issues to grapple effectively with them. Patents seem likely to continue to be used whenever a company does the work, unless it sees a strategic advantage to open-sourcing the work.

I don't think that nanotech or atomically-precise manufacturing is on the public radar these days, either positive or negative. The nanotech term itself has become a marketing term for anything with at least one nanoscale dimension, so the average person who hears it probably thinks that we already have nanotech and therefore it's not a big deal. But it's not clear that we need or want the average person to be paying attention to atomically-precise manufacturing just now anyway, so maybe that's just as well.

Open source or free software

by Jim Hall

Some people prefer one term over the other. I'm curious: all these years later, do you still prefer the term open source software or are you more aligned to Free software?

CP:I use both terms, depending on context. When I'm with longtime hackers such as John Gilmore who naturally use the earlier term, I use it too. And of course if one is at a meeting of the Free Software Foundation, it's polite to use their preferred terminology.

However in dealing with non-software people or young people, I believe that the open source term is much clearer and therefore more useful. I tried doing a search on the two terms, and they are both in active use, but I found more "open source software" than "free software" usages. (This is a very crude measure and may be wrong, of course.)

Probably in Spanish-speaking countries, where they have the words gratis and libre to distinguish our two meanings for the English word free , there is less reason to use the new term. Someone could do a PhD dissertation comparing how the new term spread in the English-speaking world vs. the Spanish-speaking world. That would enable us to tease apart how much the newer term spread due to the free/free confusion problem vs. any more intrinsic value it may have, e.g., implying that the source code is open to public view.

Open source and medicine

by AmiMoJo

How can we get more open source medical software? Given that medical devices are so heavily regulated it seems like it will be hard to get, say, an open source pacemaker system that users can hack, or at least audit.

Radio software seems to be in a similar state - cellular modems, wifi chipsets etc. are all heavily regulated and closed source, with signed code required for updates.

CP:As far as I can tell, the Internet of Things world is still using the "security through obscurity" model. Given that, regulators are naturally going to favor closed source code, since that seems to be a way to reduce the likelihood of attacks.

If we want regulators to approve open source software for important devices, we need to show that it's as secure, or preferably more secure, than closed source code.

Although I am not a programmer, I have paid enough attention to this general issue to be intrigued with object capabilities (ocaps) as a path forward toward more secure code, whether closed and open source.

Currently the most serious effort I'm aware of in this area is Agoric .

There are (at least) two problems that ocaps does not solve. Social engineering will continue to be an issue, though my understanding is that ocaps reduces the damage that these can cause. Finally, there is the problem of compromised hardware: deliberate back doors designed into our computer chips; this is a huge problem with only very expensive solutions; see the hardware question below for more on this.

For more on security, see the paper Cyber, Nano, and AGI Risks: Decentralized Approaches to Reducing Risks , by myself, Mark S. Miller, and Allison Duettmann, from the proceedings of UCLA's First International Colloquium on Catastrophic and Existential Risk (2017).


by lhowaf

Nano-materials, in general, seem to be becoming a significant source of hard-to-cleanup pollution. Do you see nano-tech heading in the same direction?

CP:The long-term goal of atomically-precise nanotech is the complete control of the structure of matter (to the extent we care about that structure). This would include extremely advanced abilities to clean up the natural environment. The question is what the pathway looks like to get there, and how clean can we make that pathway? This last question is a matter of what we decide to do. If society decides that preventing nanoscale pollution is a priority, then we'll do much better than if we don't try. It's at least possible to consider how to make this happen commercially, through traditional regulatory mechanisms. The more difficult challenge is military use, and use in regions which don't prioritize environmental values. No easy answers here. But the ultimate goal, at least, is a very clean environment, and it should be achievable eventually. It was this prospect that drew me into trying to advance this field in the first place.

How to deal with nanotech hype problem?

by Goldsmith

I am a nanotechnologist. I've done great academic research, worked for the government, managed a few grants, and started a few companies. It's very easy to hype the potential of nanotechnology. On the other hand, it's very hard to get attention put on results from serious commercial efforts. Granting agencies and our community are not good at supporting companies that do what we all tell each other needs to get done (i.e. NanoIntegris). We are great at supporting academic research groups that have a patina of commercial application (i.e. IBM).

As a field we've missed celebrating a number of major commercialization milestones. CNT and graphene electronics are available commercially! Who knew? For five years or so, you could find commercial graphene electronics in cell phone screens in Shenzhen. For the last two years, you could find commercial graphene biosensors at many big pharma companies. For the last year, you could buy CNT based high power RF electronics.

If we were interested in showing the real potential of the field, wouldn't the leaders want to show everyone that it IS working? We have actually met the NNI timeline for commercialization set in the 1990s. The goals we set out with 20 years ago seem to mean nothing to the hype machine we've created.

Simply put, how do we deal with the addiction to hype in nanotechnology, and focus a bit more on substantive accomplishment?

CP:I'm speaking here from a US perspective. This problem is not unique to nanotechnology, or even to technology in general. It's part of a general decline that has at least two sources, the decline in education standards and the decline of serious journalism, resulting in a hype culture with hype consumers who cannot tell the difference among exciting current technologies, valid engineering prospects, and complete nonsense.

It takes substantial science background to understand why nanotech and atomically-precise manufacturing are interesting, and few in our society today have that background. Our K-12 system is largely broken. Many of our colleges and universities now optimize for student entertainment and enjoyment, rather than the hard road of learning science and engineering.

Serious journalism has been decimated -- worse than decimated, including science and technology journalism. Consumers want all their information for free, and in many cases, you get what you pay for in this area as in others. Could micropayments help? Perhaps something built into the browser sending pennies or fraction of pennies to content originators? I am not sure. It seems worth a try. It could at least help with the privacy problem.

As for the education problem: we need to admit the disaster and try some major experiments. For example, some blame the decline of university standards on deceptively easy loans to students who don't realize what they are getting into. Glenn Reynolds has written books worth reading on this general problem of educational decline in the US, and I would look to him for ideas on solutions.

To me, compared to earlier decades, US society overall seems kind of decadent, cynical, in a cultural decline. I hope we can turn this around somehow. People like Slashdot readers give me hope. And there are still many, many people truly working to make the world a better place, including here in Silicon Valley. My view of Silicon Valley has a positive bias because I meet people through Foresight Institute, which helps select for good folks. I invite you all to join our email list (use blue button on this page ) and come to our events. Some are research workshops (e.g., application form for Atomic Precision for Longevity workshop) and some are more accessible, such as our salons and Vision Weekend ( videos ). If you like what you see, consider donating; we are entirely supported by individual donations from great folks like the open source community.

Why Nanotechnology, for Laypeople

by qaute

Integrated circuits, solar panels, and GMOs are some pretty big results in nanotech these days. What are some future benefits we can look forward to that help justify further research to non-techies?

CP:My own focus is on the long term, very advanced applications such as molecular repair of the human body, ending disease and even aging itself. To me this is highly motivating! That's on top of the original goal of restoring the environment that drew me in originally.

Coming up with near- and intermediate-term applications is harder. This is why venture capitalists make lots of money, when they do their job well. Picking winning new applications is so challenging, especially in getting the timing right.

I can say this: amazing new catalysts and filtration technologies are on the way. Sound boring? It is totally not. Huge energy savings, cheap clean water for everyone (this would even help prevent wars), even blood filtration to take out all the stuff that should not be there.


Nanotech threat landscape

by bjorng

How concerned should we be about nanotechnology equivalents of the software threats we see today? I would hate to have my circulatory system held hostage for bitcoin. The Nanotechnology Corollary to Metsploit

by Anonymous Coward

The Internet of Things (IoT) seems to be a ramp-up to Micro-Electromechanical Machines (MEMs), which, in turn, will prime another ramp into atomic-scale nanotechnology. But already, security is atrocious. Worse than windows XP's exploitation, endless automatic updates and a constant avalanche of zero-day patches.

What will a metasploit framework and CVE database for IoT, MEMs and smaller systems look like? How will biomedical bug bounties, vulnerabilities, exploits and weaponized payloads play themselves out?


CP:We should be very concerned and more important, very vigilant. We need to solve today's Internet of Insecure Things as soon as possible, before even more of our world is controlled by software. As mentioned above, I am placing my hope in Agoric and object capabilities in general. There are also suggestions for how to address the insecure chip problem, though they are expensive and have performance costs as well; see the question from AmiMoJo below.

Recent improvements in physical security

by AmiMoJo

Recently big gains have been made in physical security. Many phones are encrypted by default and relatively difficult for unauthorized persons to unlock. Encrypted storage is increasingly common for computers too, although open source support for technologies like OPALv2 seems to be lagging behind closed source systems. In 2017 AMD introduced encrypted RAM.

All of these rely on special hardware to protect encryption keys and perform encryption functions at speeds fast enough to avoid any significant performance loss. It seems like hardware is necessary for very high levels of physical security anyway, e.g. tamper-proof boot ROMs.

How can open source provide this level of security when high end hardware is increasingly difficult for individuals to fabricate? Should we be thinking about how we can fabricate our own security processors and key storage, or is there another way to achieve high levels of physical security?

CP:My understanding from Mark S. Miller is that yes, we need to be thinking about fabricating our own chips, if we want to get around the problem of deliberately-installed backdoors.

In the paper cited above we write, "In the near term one can imagine a technology example that can be secure against those risks: a good open source processor design for which there is a proof of security comparable to the proof of security of the seL4 software. There are many open source processor designs that are sufficiently high performance that, when run on a field-programmable gate array (FPGA), can run fast enough to be practical for many applications. By combining these well-designed processors with a layout algorithm that randomizes layout decisions, the processor could be randomly laid out for each individual hardware instance. Given this randomized layout, there is no feasible corruption of the FPGA hardware that can escape notice under electron microscopes and that would also be able to successfully corrupt most instances of the processor."

UPDATE: After writing the above, I met with Mark and he explained that another approach has been found to the problem of insecure chips. At the recent Zcon0 conference, a method was described using zkSnarks and/or Coda. It's not financially practical yet, and doesn't fix leakage of data, but addresses the integrity issue. This is way outside my area of expertise. Eventually, the Agoric website will have many relevant documents on these topics, but not yet.

50 years ahead

by EngineeringStudent

I heard a myth a few decades ago, that top-secret work in most fields is at least 50 years ahead of the current published state of the art. I can't begin to imagine what that would look like here. What sorts of things do you think are solidly plausible within the next 50 years of work in the field of nano-technology, and how would we detect them "in the field" today, if we were to look for them...?

I know there were published discussions about silicon based listening and transmitting devices, bugs, that were smaller than grains of salt. I also know that there was great published fervor over single-pixel cameras, and, in my personal opinion, I have seen a surprising gap in entangled non-return imaging. I expect "they" have working, single-photon, non-return-imaging cameras on grains of silicon too small for the eye to work with, so perhaps nano drone swarms used for data gathering/surveillance, where each drone is less than 0.1mm across?

When I look at robo-cat, and the alleged robo-squirrels or robo-insects, I think they have such swarms that can be ingested/injected/otherwise-implanted inside animals that don't realize they have become "listening posts". What would you do with a fully-functional jet-engine that was only a few microns across? I remember sub-cellular size bar-codes made by shooting proton based cylindrical holes in silicon, then lithographing layers of gold or other stuff to make the code, then removing the silicon substrate. Could we put markers into people to inform future medical reconstruction such as "non-invasive" 3d printing of organs in-vivo? How would we detect sub-cell-size tagging, or fabrication? I like the idea of nanotech-driven bio-energy harvesting. Why can't we turn trees into solar panels by hacking into their organic photosynthesis?

CP:These areas are above my pay grade, but for inspiration on what could be possible in 50 years I would look at high-quality hard science fiction. Some of those writers pay close attention to physical limits. Yes, the surveillance technology should be amazingly good (or bad, depending on one's point of view). I'm not sure we would need advance markers in the body in order to do great 3D printing of organs in vivo, but I could be wrong on that. Eventually I expect we will come up with physical barriers that only allow understood molecular structures to pass though, to avoid having to detect sub-cell size tagging inside our bodies, when it's harder to find. But that's very long-term and ambitious.

Is physical security a political problem?

by Anonymous Coward

How to defend against molecule-sized machines is a question, but there is a meta-question there: will we be subject to constant false flag attacks and entrapment? Year 2030: Great Leader or Deep State accuses you of carrying a nanotech attack. You and perhaps people of your supporting network get disappeared into high security facilities, solitary confinement and all. Can we disprove the authorities' lies? Will people be able to know... Will there be anyone left to speak for you? CP: Yes, this is a meta question and not about nanotech per se . If government is so dysfunctional and corrupt that the scenario above can take place, we have already lost. Our goal has to be to prevent that level of corruption from taking hold. Edmund Burke wrote, "The only thing necessary for the triumph of evil is for good men to do nothing." To take a US perspective, there have been various times in our country's history when the smartest and most civic-minded people have turned their attention to political matters, to get them straightened out for their own generation and those to come. Jefferson wrote, "We will be soldiers, so our sons may be farmers, so their sons may be artists." Sadly, it's looking like it's time to turn from being artists to being soldiers -- not physical soldiers, but soldiers in the fight for freedom, openness, and other values the open source community cares about.

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images