an old man, broken with the storms of state, is come to lay his weary bones among ye
December 21, 2005 9:01 AM   Subscribe

The Internet Is Broken -- Part 2. We can't keep patching the Internet’s security holes. Now computer scientists are proposing an entirely new architecture.
posted by The Jesse Helms (49 comments total)

 
Now computer scientists are proposing an entirely new architecture.

Well, great. I'd be fairly concerned about any Internet proposals that came from, say, alchemists or necromancers.
posted by Faint of Butt at 9:09 AM on December 21, 2005


I did it.
I'm sorry.
I didn't mean to break it.
Will superglue fix it?
posted by nofundy at 9:20 AM on December 21, 2005


David Talbot argued that the "Internet has no inherent security architecture -- nothing to stop viruses or spam or anything else. Protections like firewalls and antispam software are add-ons, security patches in a digital arms race."

This is painfully misguided. "The Internet" is not vulnerable to viruses or spam, its nodes and the software running on them is, and even that's not nearly "all" the nodes, much less the ones that are critical to the internet's normal functioning. The fact that the internet has no ability to understand what is being transmitted is a feature, not a bug. This does not need "fixing."
posted by odinsdream at 9:25 AM on December 21, 2005


meh.

And the most common mobility patch -- the IP addresses that constantly change as you move around -- has downsides. When your mobile computer has a new identity every time it connects to the Internet, the websites you deal with regularly won't know it's you. This means, for example, that your favorite airline's Web page might not cough up a reservation form with your name and frequent-flyer number already filled out.

Unless, say, I have cookies enabled.


The constantly changing address also means you can expect breaks in service if you are using the Internet to, say, listen to a streaming radio broadcast on your PDA.

That is, if proposed WiFi and WiMax handoff mechanisms designed to work with the existing internet don’t work.


It also means that someone who commits a crime online using a mobile device will be harder to track down.

Which, actually, might not be such a bad thing considering how broadly “crime” is being defined these days.


First, give the medium a basic security architecture -- the ability to authenticate whom you are communicating with and prevent things like spam and viruses from ever reaching your PC.

Like, say, my ISP already does.


Second, make the new architecture practical by devising protocols that allow Internet service providers to better route traffic and collaborate to offer advanced services without compromising their businesses.

Like, say, MPLS, Q-in-Q, or MAC-in-MAC are already doing or are about to do in existing packet networks.


Third, allow future computing devices of any size to connect to the Internet -- not just PCs but sensors and embedded processors.

Got a recent issue of EETimes, ElectronicDesign, EDN, CommsDesign, Wired, or Popular Science handy? BTW, my fridge just informed me that I’m out of milk again.


Fourth, add technology that makes the network easier to manage and more resilient.

They’re called NMSes and routing protocols, and they’ve been around for 30+ years.


Again, meh.
posted by ZenMasterThis at 9:27 AM on December 21, 2005


Windows architecture may be broken but the internet is fine. It was designed to be open.
posted by nofundy at 9:28 AM on December 21, 2005


They're always proposing new architectures; problem is, they each want their own particular architecture to succeed, so that they can write about it in their next funding proposal ...
posted by carter at 9:29 AM on December 21, 2005


For a good number of issues, we need protocol changes not architecture shifts. SMTP is a broken idea that allows 99% of the negative actions we're talking about here. Fix that and then concentrate on the next steps.
posted by Kickstart70 at 9:32 AM on December 21, 2005


Any idea that requires every computer everywhere on the internet to change is doomed to failure, no matter how great it looks in an academic lab environment.
posted by jdfalk at 9:32 AM on December 21, 2005


Good luck with that, computer scientists.
posted by Four Flavors at 9:33 AM on December 21, 2005


I want to see the necromancers' proposals. That would be awesome.
posted by GuyZero at 9:51 AM on December 21, 2005


The OP is part 2 of a 3 parter. All parts are currently available:

Part 1 - Part 2 - Part 3
posted by Western Infidels at 10:02 AM on December 21, 2005


Seems like every time they try to do something like this three letters mysteriously appear floating above my monitor. The first one is a big blue D, followed by an R and finished off by an M. Please make them go away!
posted by blue_beetle at 10:05 AM on December 21, 2005


They're always proposing new architectures; problem is, they each want their own particular architecture to succeed, so that they can write about it in their next funding proposal ...

Standards are great, that's why everybody has one!
posted by delmoi at 10:11 AM on December 21, 2005


Also, the last link is broken.

I don't think the network itself should be designed for security (other then the ability to prevent flooding). People just need to design things with security in mind.
posted by delmoi at 10:13 AM on December 21, 2005


Fuck NO.

The government and big industry would LOVE to help build this new architecture, i'm sure.

They're applying technological solutions to a social problem, which is bad idea.
posted by anonpeon at 10:13 AM on December 21, 2005


blah. No, the internet is just fine. Want to fix it up? Throw the MBAs off Throw the goddamn pervasive annoying advertisers off. Quit using the internet as nothing more than a seedy strip mall.

And for pete's sake, obliterate AOL.
posted by drstein at 10:18 AM on December 21, 2005


these "oh noes, teh int0rweb is teh b0rked" stories come up every coupla years. Remind me of the "oh noes, apple is dead!" stories of the mid- to late nineties...
posted by slater at 10:18 AM on December 21, 2005


Instead of whining we should be grateful that these people are bringing us a much needed wake-up call. And, most importantly, their ideas apply to many other forms of communication too.

For example, a scam artist called me on the phone last week. And I have heard that criminals sometimes use telephones to communicate their nefarious plans. The phone system is obviously broken. Let's not resort to patches, but fix it once and for all.

Also, kidnappers have been known to send ransom letters by mail. How can we put tax-dollars into such a broken and criminal system? And don't even get me started on stolen cars on the interstate highway system. Tear up those roads now!
posted by Triplanetary at 10:19 AM on December 21, 2005


The fact that the internet has no ability to understand what is being transmitted is a feature, not a bug. This does not need "fixing."

Not if your interesting in knowing and controlling what people see.
posted by MikeKD at 10:21 AM on December 21, 2005


Any idea that requires every computer everywhere on the internet to change is doomed to failure, no matter how great it looks in an academic lab environment.

Telnet -> SSH?
posted by Ryvar at 10:26 AM on December 21, 2005


Kickstart70 wrote: "For a good number of issues, we need protocol changes not architecture shifts. SMTP is a broken idea that allows 99% of the negative actions we're talking about here. Fix that and then concentrate on the next steps."

Hell yes. All else pales in comparison to the sheer bulk of crap that spammers and spam zombie machines are throwing out there. If they fix this and nothing else, it's enough.
posted by caution live frogs at 10:30 AM on December 21, 2005


someone really needs to go take a flying fuck on a rolling donut.

Spying on the contents of data transmission is not going to accomplish much more then to spawn the creation of clever ways to fool that which examines data, which becomes a slippery slope.

Right now the burden of security lies on the endpoints in internet communication, which frees everything in the middle to be dedicated to the purpose of making sure the data gets where it needs to go.

It sounds like someone just got a really nice hammer and now everything looks like a nail.
posted by chibikeandy at 10:31 AM on December 21, 2005


If the internet is broken, why don't we use one of the other internets? Isn't that why we have the 'internets', so that if one breaks we can still get our pr0n on the other ones?
posted by spicynuts at 10:44 AM on December 21, 2005


These are usually the most painful articles imaginable: Hand wavy nonsense about Java vs Perl or Web 2.0 or how we should all rush into non-threaded programming or how we need to fix everything now now now!

The model of throwing everything out works when you're, say, cleaning your basement. It doesn't work for web protocols. So much backwards compatibility stuff would have to be kludged in that you'd be making the problem worse by orders of magnitude.

"But we wouldn't do that! This would be fresh and new and if people don't like it..." If people don't like it, they won't adopt it. If it breaks their system as it stands now, they won't like it.

This is just painful pseudo-journalism from some erudite shmuck who reads WIRED or BRANCHé or some crap on the Metro and thinks he'll be chaning his childrens world or something with his incisive and scathing internet diatribe.
posted by jon_kill at 10:46 AM on December 21, 2005


they each want their own particular architecture to succeed, so that they can write about it in their next funding proposal ...

That want 'to protect corporate assets'. Imagine the 'new' internet that 'protects' Hollywood "ip" and keeps a revenue stream per month for the 'content providers'.

(Hint: It was tried by Microsoft and AOL with both of their 'on-line not-the-internet' offerings in the past.)
posted by rough ashlar at 10:54 AM on December 21, 2005


>>Any idea that requires every computer everywhere on the internet to change is doomed to failure, no matter how great it looks in an academic lab environment.

>Telnet -> SSH?


SSH is a newer protocol and isn't required for the 'Net to work. Telnet still works fine if you don't care about sending information in the clear.
posted by MikeKD at 11:16 AM on December 21, 2005


This is just painful pseudo-journalism from some erudite shmuck who reads WIRED or BRANCHé or some crap on the Metro and thinks he'll be chan[g]ing his childrens world or something with his incisive and scathing internet diatribe.

I think you're giving the author the benefit of the doubt.
posted by voltairemodern at 11:20 AM on December 21, 2005


As long as I can still download porn, I'm all for it.
posted by HTuttle at 11:24 AM on December 21, 2005


I'm not getting why an incremental approach leads to "brittleness." That seems counter-intuitive to me. To me, it seems more likely that the system will break if it's replaced wholesale with a new system that hasn't been tested for thirty years.

The sensible course seems to me to be to let the new architectures (or new protocols) grow in parallel. If they're really superior, they will tend to encroach and overtake the old architecture.

Overall, I think there's too much attention these days to preventing problems, and not enough to recovering from them. The original genius of TCP/IP was that it didn't work very hard at prevention per se. It created a system that would largely self-correct; in a sense, the errors are what made the system work. Depending on how you slice it, that could be either a very military or very hippie way of looking at things. The current mindset seems to be "don't let errors happen", which is a very corporate attitude. It smacks of a misapprehension of TQM theory, commits the error of thinking that 100% quality is actually achievable.
posted by lodurr at 11:32 AM on December 21, 2005


Whenever an article like this comes along, it only serves to remind me what a wonderful job the initial designers of IP did. We are very lucky that they were forward thinking enough to make the protocol completely agnostic to what kind of data is being transmitted. And that the transport so easily allows for other protocols to be build on top of it. If they had tried to build this guy's internet, it never would have taken off.

Like others have said. There's nothing wrong with the internet. There could be improvements to SMTP and DNS and definitely end-user applications (and people do improve them all the time, without changing the infrastructure. Amazing!), but security is mostly a social issue. People don't always act in their own best interests. That's not something you can try to design away. Maybe next we should create voting machines which filter out votes for the wrong guy, to protect people from their own wrong thinking. Wait a second...
posted by team lowkey at 11:34 AM on December 21, 2005


There is no doubt that government and corporations will eventually create a new system to replace TCP/IP. It will start like this, scientists devise a new protocol stack to address national security concerns. Most likely the old stack will emulate on top of the new stack but the native stack will run better so it will quickly be adopted and TCP/IP will go the way of BBS's.
posted by stbalbach at 11:46 AM on December 21, 2005


SlashdotFilter?
posted by ZenMasterThis at 11:49 AM on December 21, 2005


There is no doubt that government and corporations will eventually create a new system to replace TCP/IP. It will start like this, scientists devise a new protocol stack to address national security concerns. Most likely the old stack will emulate on top of the new stack but the native stack will run better so it will quickly be adopted and TCP/IP will go the way of BBS's.

er, um.
posted by cytherea at 1:11 PM on December 21, 2005


Because Market Rules that

*if it works
*break it
* ?
*profit !

! Market will fix it ! Market Market Market Market ♫ Oy ! ♫ Market Oi ♫ ! Market Oi ! ♫

It's a lighting ? No iiiiittttsssss Supermarket !
Oh Supermarket, you saved me !
posted by elpapacito at 1:32 PM on December 21, 2005


Lodurr's comment above seems right on, and would also be germain to the wikipedia thread.
posted by sneebler at 2:11 PM on December 21, 2005


This "solution" is akin to replacing blacktop roads with concrete because cars crash. Better to make the "cars" smarter first, but I don't know how profitable that would be.
posted by tommasz at 2:18 PM on December 21, 2005


The current mindset seems to be "don't let errors happen", which is a very corporate attitude.

Excuse me but error prevention has a cost , so this statement "don't let errors happens" needs to be enhanced to "don't let costly error happen unless the prevention costs is higher then the cost of error"

Not letting errors happens, as a mentality, is more of an engineer mentality of approximating 0 errors, building in redundancy etc. Cost is a secondary issue, prevention of error or reduction of its impact becoming THE priority.

TCP/IP was built around a mentality of redundancy and cost wasn't really an issue, both because taxpayers financed it (ARPANET) and because talking about costs, expecially monetary, becomes almost irrelevant in the event of a nuclear holocaust.
posted by elpapacito at 2:19 PM on December 21, 2005


Note that David Clark is the guy who wrote the original TCP code, so if he's saying that the Internet is broken, perhaps he should be taken seriously. The articles are from an MIT publication (which is where Clark is).

Vint Cerf's reaction:

... skeptics claim that a smarter network could be even more complicated and thus failure-prone than the original bare-bones Internet. Conventional wisdom holds that the network should remain dumb, but that the smart devices at its ends should become smarter. "I'm not happy with the current state of affairs. I'm not happy with spam; I'm not happy with the amount of vulnerability to various forms of attack," says Vinton Cerf, one of the inventors of the Internet's basic protocols, who recently joined Google with a job title created just for him: chief Internet evangelist. "I do want to distinguish that the primary vectors causing a lot of trouble are penetrating holes in operating systems. It's more like the operating systems don't protect themselves very well. An argument could be made, 'Why does the network have to do that?'"

According to Cerf, the more you ask the network to examine data -- to authenticate a person's identity, say, or search for viruses -- the less efficiently it will move the data around. "It's really hard to have a network-level thing do this stuff, which means you have to assemble the packets into something bigger and thus violate all the protocols," Cerf says. "That takes a heck of a lot of resources." Still, Cerf sees value in the new NSF initiative. "If Dave Clark...sees some notions and ideas that would be dramatically better than what we have, I think that's important and healthy," Cerf says. "I sort of wonder about something, though. The collapse of the Net, or a major security disaster, has been predicted for a decade now." And of course no such disaster has occurred -- at least not by the time this issue of Technology Review went to press.

posted by russilwvong at 5:17 PM on December 21, 2005


Security has very little place at the level of packet transport. There's some, of course: every host has the right to discard or refuse to accept or forward traffic from actively hostile hosts.

But all the handwaving about Mobile IP's flaws -- which remains to this day almost as completely unused in the real world as IPv6 -- and bitching that IP addresses no longer equate to identities (because of the artificial scarcity of addresses imposed by hoarding as well as Big Content's strenuous objections to independent, permanent hosts) hardly constitutes justification for reexamining our entire internetworking architecture.

I appreciate that the author is apparently distinguished in several ways, but the article reads like an example text from a treatise on muddy thinking.
posted by majick at 5:47 PM on December 21, 2005


oddly enough, the proposed architecture is to be called 'esperanto'. lets see if it takes off.
posted by Tryptophan-5ht at 6:08 PM on December 21, 2005


IPv6, anyone?
posted by sfenders at 6:16 PM on December 21, 2005


Anyway, I'm sort of relieved that it's just a bunch of random nonsense. I was expecting something more sinister, like some kind of TCPA advocacy.
posted by sfenders at 6:20 PM on December 21, 2005


At its best, TCP/IP is a broken hack to get data to move over "networks" composed of questionable links which maybe (and often are) poorly designed. But in a textbook case of Gresham's Law in real world operation, IP protocol is now king of the hill in data networking, while superior, scalable and proven technology like ATM is largely relegated to acting as a link layer for inferior, but "open" TCP/IP "networks." Not that ATM is the be-all and end-all of network design, but it sure as hell had some engineering, and it was built big, fast, long haul, and reliable from Day 0.

In most of the developed world, we could have already had OC-3 level or better ATM to the desktop for what TCP/IP has cost, and will continue to cost us. But instead, we've got craptastic TCP/IP, whose only consistently claimed benefit was it's price (free). But as usual when such discussions come up, a number of folks immediately pop in to say "TCP/IP works for me!"

I'm glad for you. But that doesn't change the fact that TCP/IP is a bag on the side, and more and more, literally, on the side of some other earlier bag on the side.

Anyone who has ever plugged a Marconi ATM NIC into a workstation on a directly mapped global ATM business network can tell you what a steaming pile TCP/IP really is. And the sad thing for most of us in North America and Europe is that we drive by ATM end points every day, in those little windowless, nondescript telco central office buildings in most residential neighborhoods. Inside those generally dark little buildings, we've installed lots of equipment to pull data streams off the ATM telco networks, repackage it in TCP/IP and shoot it in slow dribbles of unreliable but often repeated IP packet streams to our homes and businesses. There is one of those central office ATM endpoints 1,130 feet from my home, and the crushing irony I live with is that I will probably end my days in sight of a low latency engineered global network, but never taste any of its digital water, except through the Brita bucket of TCP/IP cable and DSL connections.

Statistically, I've only got probably 20 years, if that, left in this life, and so it is unlikely I'm going to see TCP/IP canned. Too bad, as I'd of liked to show up at the party that is bound to be held in commemeration of its demise. I'd have paid money to be one of the guys to pull the last plug on the last TCP/IP network segment in operation, and I'd have felt I'd done something good for posterity.

Since that's not gonna happen, let me just say for that posterity "Sorry, and better luck with Gresham's Law than we had." and wish those dreamers and visionaries referenced in the OP "God speed." Because if you can't even be bothered to imagine something better, you deserve what you've got.
posted by paulsc at 9:29 PM on December 21, 2005


The internet works just fine, stay the F*** out of my business.
Let 'em spend money "fixing" it so BB can monitor us more closely. They cost is included in the NEW version.
It's a good thing fascists only have 20/20 vision for hind sight, not foresight.
Yikes!
posted by indifferent at 1:00 AM on December 22, 2005


elpapacito: The current mindset seems to be "don't let errors happen", which is a very corporate attitude.

Excuse me but error prevention has a cost , so this statement "don't let errors happens" needs to be enhanced to "don't let costly error happen unless the prevention costs is higher then the cost of error"
Excuse me, but I think you're over-rating the people I'm talking about [g /], and I think that your "engineer" example, in a sense, supports that: Engineers pursue that goal primarily for aesthetic reasons, not cost-effectiveness. In any case, I still think it's mostly a "business" mindset, and more specifically founded in a misapprehension of TQM.
posted by lodurr at 2:53 AM on December 22, 2005


paulsc: At its best, TCP/IP is a broken hack to get data to move over "networks" composed of questionable links which maybe (and often are) poorly designed. ...
OK, that's far enough. First: Are you saying that you haven't just described the global network?

And as I read your language, it seems clear to me that you're driven by aesthetic concerns: You want to can IP because it's a "hack", because it's a "bag on the side" -- it's imperfect. So it needs to go.

I've often had the same issue, so I sympathise, but you know what? Solutions evolve. I don't like the current trend to elevate the market to the status of deistic god, but it's a fact that the market ecology drives adaptation and evolution, and in so doing produces fairly optimal results. Complaining about the fact that we ought to have ATM instead of TCP/IP is a bit like complaining about the fact that hyaenas out-compete cheetahs.
posted by lodurr at 3:00 AM on December 22, 2005


So, Paul, yeah, a bit bitter...about a network protocol?

Golly, maybe you should go outside for a while, get some sun, eh? Might help with that SAD.

As long as TCP/IP keeps me in clover by providing work for IT providers, I'm sayin, keep it running! Keep it running!
posted by Slap Incognito at 4:46 AM on December 22, 2005


I hate Internet.

But the internet works just fine. Everyone want!
posted by kiha1972 at 11:18 PM on December 23, 2005


"Anyone who has ever plugged a Marconi ATM NIC into a workstation on a directly mapped global ATM business network can tell you what a steaming pile TCP/IP really is."

Actually, that's a great way to find out what a steaming pile of shit ATM is. TCP/IP can be hammered onto ATM infrastructure, but it's not because ATM was well-designed for internetworking. Remember, ATM is brought to you by the people who thought they ought to charge you money on a circuit completion basis -- and the design reflects that mentality.
posted by majick at 7:50 AM on December 27, 2005


« Older Absolve Big Box shopping guilt!...  |  Take a trip with me to 1913.... Newer »


This thread has been archived and is closed to new comments