One issue that I have been thinking on is I.P. addresses.
Specifically how obfuscate them. Now I happy use google applications and facebook, I believe it is up the user to define just how much privacy they give up and as a result have no problems with the monitoring and analytics those sites perform.
However the user's I.P. address can trace an user's active regardless or explicit choice and that concerns me. The fact there isn't a simple solution bugs me.
The reason you shouldn't obfuscate your I.P. address is the same reasons you shouldn't tell someone you want to call you a factitious number. None of the servers you are addressing will be able to send responses back to the correct address.
Of course that constraint is a hard one to beat.
The question is how can we ensure when we bind to a socket on a site that the responses in that connection return to our client, yet ensure that the server is unable to trace the source I.P. address of the client.
Now the common answer to that is using proxies, which while simple not true obfuscation. In addition arguably they move the traceability to a central choke point. By that I mean the proxy or VPN server can trace and monitor the user behaviour to a greater degree any other mechanism.
What I am discussing it a can to ensure the functional integrity of the I.P. address for the transport layer, but the obfuscation of the address for all layers above it.
To do this requires changing the tcp/ip stack on the sender/client. However the question of to what is still uncertain.
There are protocols which use encryption of the various header fields including the address field for communication between a client an a trusted server. But what actions are available when the server is not trusted?
Within the datagram transport the 12th to 15th (counting as a C programmer) bytes contain the identification of where the client is, that is the source address. Without this the can not be sent, the client can not be traced.
Sunday, September 5, 2010
Sunday, August 8, 2010
Starting at the begining
I recently sent a note to the writers of the video show 'extra credit' essentially asking why games often seemed to be developed so inefficiently. By that I mean where in J2EE for almost every aspect of development there is a framework to base your work. Seems frameworks rather than making everything appear the same effectively do the opposite allowing the developer and business to spend there effort in key areas of differentiation.
The reply I got was a polite response James Portnow indicating that some games may reuse an engine for physic or the like, but voice and visuals couldn't be reused.
Now ignoring the slight tone of condensation of his email, especially around his comments around web apps largely being around database configuration his response raised an important question in my mind.
The reuse he was referring to was engine re-use, something common in J2EE as well. However the point he was missing was around framework re-use. I was left wondering why the very concept was a hard one to grasp. My final realisation was that open source must not have had nearly the same impact on his industry as it has had in mine.
Lets face in 90 percent of was we as developers is free to the end users. Sure it mind have cost 1/2 a billion dollars to produce but the producer is giving it away for free. The why's are complicated but the results are dramatic.
Since effectively its free and most of the effort is aimed at complementary systems (with a game you have to choose which one you buy, with a booking engine and a payment transactional service there is no such limitation). As a result the enterprise development community produces more open or shared source. It is not a sense of altruism that drives this, but vanity and laziness. In that it is easy to build a great work on top of an already ready work than from scratch and everyone wants to be somebody even if it is for a highly specialised area (J2EE) in programming with in itself is hardly mainstream.
This has resulted in the a world where most commercial ventures are actually built on more socialist, community based and dare I say it artistic roots than the games industry which the is routinely trumpeted as the artist branch of the programming tree so to speak.
Somewhere along the way I may have mislaid the point, but never fear I have found it again.
The result of this is I realised many of the paradigms I as a J2EE developer purely take as a given best practice are completely unknown outside of my community and industry so I figured why not start writing as an experiment about such things and how they might work outside of the web 2.0 j2ee versus .net world.
Also I'm sure it will give me a good place to vent and my employer encourages blogging so why not.
The reply I got was a polite response James Portnow indicating that some games may reuse an engine for physic or the like, but voice and visuals couldn't be reused.
Now ignoring the slight tone of condensation of his email, especially around his comments around web apps largely being around database configuration his response raised an important question in my mind.
The reuse he was referring to was engine re-use, something common in J2EE as well. However the point he was missing was around framework re-use. I was left wondering why the very concept was a hard one to grasp. My final realisation was that open source must not have had nearly the same impact on his industry as it has had in mine.
Lets face in 90 percent of was we as developers is free to the end users. Sure it mind have cost 1/2 a billion dollars to produce but the producer is giving it away for free. The why's are complicated but the results are dramatic.
Since effectively its free and most of the effort is aimed at complementary systems (with a game you have to choose which one you buy, with a booking engine and a payment transactional service there is no such limitation). As a result the enterprise development community produces more open or shared source. It is not a sense of altruism that drives this, but vanity and laziness. In that it is easy to build a great work on top of an already ready work than from scratch and everyone wants to be somebody even if it is for a highly specialised area (J2EE) in programming with in itself is hardly mainstream.
This has resulted in the a world where most commercial ventures are actually built on more socialist, community based and dare I say it artistic roots than the games industry which the is routinely trumpeted as the artist branch of the programming tree so to speak.
Somewhere along the way I may have mislaid the point, but never fear I have found it again.
The result of this is I realised many of the paradigms I as a J2EE developer purely take as a given best practice are completely unknown outside of my community and industry so I figured why not start writing as an experiment about such things and how they might work outside of the web 2.0 j2ee versus .net world.
Also I'm sure it will give me a good place to vent and my employer encourages blogging so why not.
Subscribe to:
Posts (Atom)