On 23/1/23 03:38, Timothy Collinson - timothy.collinson at port.ac.uk
(via tml list) wrote:
> <snip>
>
> Many thanks for the explanations.  Some I could sort of work out but
> this helped with others.
> (I think my bigger problem would be being confident of presenting that
> in a way that was interesting/believable to players - some of whom
> have the technical know-how that's exhibited on this list and which is
> what I suspect makes Virus and hacking etc rather hard for them to
> swallow.  See the whole ATV glitch thingy I inflicted on Yebab for the
> kind of difficulty I can get into:
> https://www.simplelists.com/tml/msg/15381667/).
>
Understanding the basic principles is a damned good first step - which
would help make your presentation to your players more believable.
> <snip>
>
>     Following that analogy, only _well-formed_ messages are accepted. 
>     All
>     the i's must be dotted, all the t's must be crossed, etc - whatever
>     "well-formed" means in the particular case you're looking at.
>
>
> Hah!  That might stop a lot of spam messages - Prince so-and-so has a
> zillion dollars he wants to give me for example.  Just refuse any
> email with a typo!
> Of course, it might also stop a bunch of my friends communicating with
> me...  you win some, you lose some...
OT: For one setup, I used the _density_ of typos as a factor of interest.
>
>     In OTL, the OpenBSD operating system has implemented this to a
>     massive
>     extent - one thing in particular is their pledge mechanism. Long
>     story
>     short, a program makes a promise "I'm only going to talk to (say)
>     standard input/output, network sockets, and domain-name lookup"
>     (such as
>     the ping command) - and, later on, can only surrender its existing
>     pledge or parts of it.  If this promise is later violated (the
>     program
>     tries to colour outside the whitelist set up by pledge - say
>     trying to
>     access a file on disk), it gets summarily flattened by the operating
>     system, and thus can't be used by an external miscreant.
>
>
> <wibble>  Ok, if I am understanding this aright, it's sounding very
> much like something out of Neuromancer etc!  Pictorially representing
> what's going on in code!

No, sorry for inadvertently misleading you - this is real code running
on live systems right now (OTL, not any TTL) as I type - one about two
feet from my right elbow.  No pictorial representation needed.

This is a specific implementation of the general security principle
"reduce the attack surface" - given some fixed problem density per unit
of surface, a robust way to reduce the problems experienced is to reduce
the surface _that can have the problems_.

> <snip>
>
>     "Triplicate, consensus systems" harks back to the Byzantine Generals
>     Problem (I think - Greg, please correct me), aka Byzantine failure.
>
>
> My puzzle over that isn't so much understanding three
> redundant systems but in figuring out, if they're all 'equal' how a
> decision gets made if they disagree.  Only if it's 2 against 1?  Some
> weighting to a 'prime' system?  That's where the human comes in?

Look up Byzantine Paxos - it addresses this exact problem.

"Paxos is a family of protocols for solving consensus in a network of
unreliable or fallible processors. Consensus is the process of agreeing
on one result among a group of participants. This problem becomes
difficult when the participants or their communications may experience
failures." - https://en.wikipedia.org/wiki/Paxos_(computer_science)

As part of the protocol, the participating machines elect (and
eventually agree upon) a leader.  The elected leader(s) can change at
any time.

Especially in safety-of-flight kit, this has to happen far too fast to
let a sophont get involved.  Do you really want to be booting along at
300 km/s inbound to the Splatt Zone, and have to wait 2 seconds for your
controls to respond?

>
>     Given all that, how do you design and build a
>     _safety-and-security-critical_ distributed system to not only _keep
>     functioning_ in the presence of Byzantine faults, but _keep its
>     realtime
>     guarantees_ as well?
>
>
> Have now gone off into a subworld of some pratchett-style computers
> using in ancient Byzantium...

Again, sorry for misleading you.  "Byzantine" is the term of art for
"arbitrary", here.

Dread God Finagle breakdances while his mad prophet, Murphy, swills
Guinness.

>     SOTA here
>
>
> I think you don't mean Secrets of the Ancients, but a google search
> suggests it might be 'state of the art'.  I'll go with that.
You unpacked it correctly.  Sorry - been reading through a lot of
Shadowrun recently.
> <snip>

Alex