Plan, Update, Etc
14 views
Skip to first unread message
Adeona Team
Apr 21, 2009, 1:26:27 PM4/21/09
to adeona-users
Dear Adeona-Users,
Thank you all for your interest in Adeona. As you know, Adeona is
currently not living up to its expectations, largely because the back-
end OpenDHT system is not able to tolerate the load imposed by Adeona.
We are actively trying to fix this. But, to be honest, one of the
biggest challenges is finding suitable resources to do this within a
university environment. We keep thinking we are "almost there," only
to have setbacks. For too long we have though that the fix would be
right around the corner, but it now seems that taking such a strategy
is not sufficient, and we apologize for not realizing this sooner.
Despite our best efforts, we are realizing that we cannot do this
alone. We need your help. We have put the source code for Adeona
online here: <https://edge.launchpad.net/adeona>, and we have added
some new people to our team as maintainers of this code. We actively
seek your open source contributions. This is the code for the Adeona
client and the retrieval program.
However, in order for Adeona to work correctly, more than the client
and retrieval code need to work. Namely, Adeona needs a remote
"service" to store values. Currently OpenDHT on PlanetLab, which is
another research project from a different team, is not able to handle
the Adeona load. We need something simpler and more streamlined (not
a DHT) to handle Adeona.
We are therefore asking for assistance. There are at least two
possible directions to proceed in. (1) Move Adeona from OpenDHT to a
DHT that is more "production" quality. (2) Create a new back end
service (not a DHT). We think (2) is the right strategy because it
would allow all existing installations of Adeona to once again work.
Fortunately, for (2), OpenDHT exposes a clean RPC interface, so the
new back end service would simply need to implement that interface.
The downside with (2) is that it would require an entity to run the
service; we have not calculated the exact costs for running such a
service, but we would like to be able to support it once the service
is created.
We will also create a new mailing list, adeona-developers, for those
interested in helping with future development. Once it is created, we
will post a link to this new mailing list on the Adeona web page once
it is created. We sincerely look forward to your contributions.
Thank you very much,
Thank you all for your interest in Adeona. As you know, Adeona is
currently not living up to its expectations, largely because the back-
end OpenDHT system is not able to tolerate the load imposed by Adeona.
We are actively trying to fix this. But, to be honest, one of the
biggest challenges is finding suitable resources to do this within a
university environment. We keep thinking we are "almost there," only
to have setbacks. For too long we have though that the fix would be
right around the corner, but it now seems that taking such a strategy
is not sufficient, and we apologize for not realizing this sooner.
Despite our best efforts, we are realizing that we cannot do this
alone. We need your help. We have put the source code for Adeona
online here: <https://edge.launchpad.net/adeona>, and we have added
some new people to our team as maintainers of this code. We actively
seek your open source contributions. This is the code for the Adeona
client and the retrieval program.
However, in order for Adeona to work correctly, more than the client
and retrieval code need to work. Namely, Adeona needs a remote
"service" to store values. Currently OpenDHT on PlanetLab, which is
another research project from a different team, is not able to handle
the Adeona load. We need something simpler and more streamlined (not
a DHT) to handle Adeona.
We are therefore asking for assistance. There are at least two
possible directions to proceed in. (1) Move Adeona from OpenDHT to a
DHT that is more "production" quality. (2) Create a new back end
service (not a DHT). We think (2) is the right strategy because it
would allow all existing installations of Adeona to once again work.
Fortunately, for (2), OpenDHT exposes a clean RPC interface, so the
new back end service would simply need to implement that interface.
The downside with (2) is that it would require an entity to run the
service; we have not calculated the exact costs for running such a
service, but we would like to be able to support it once the service
is created.
We will also create a new mailing list, adeona-developers, for those
interested in helping with future development. Once it is created, we
will post a link to this new mailing list on the Adeona web page once
it is created. We sincerely look forward to your contributions.
Thank you very much,
Dave Clark
Apr 21, 2009, 1:38:07 PM4/21/09
to adeona...@googlegroups.com
Well, we got someone's attention.
"[N]ot living up to its expectations" is an understatement.
Maybe they can fix it. I have neither the time nor resources to help
in that massive a project.
Dave
"[N]ot living up to its expectations" is an understatement.
Maybe they can fix it. I have neither the time nor resources to help
in that massive a project.
Dave
Glenn Rempe
Apr 21, 2009, 3:16:24 PM4/21/09
to adeona-users
Thank you for your response and I congratulate the team on the <first>
steps to truly behaving like a responsible open source project. I
just received an email in response to the letter I wrote this morning
to the President of the University of Washington. I am saddened that
I had to go to that level of escalation to elicit a response from the
team. I am heartened by the actions that Yoshi and the team have
taken today in response, and I hope they continue on the right path.
I see that new home page content has just been pushed. It states:
"WARNING Adeona is currently not working because the back-end service
(OpenDHT on PlanetLab) is proving to be unreliable. If you would like
to help us, please see subscribe to the adeona-developers mailing list
and see this initial post. Users may wish to subscribe to adeona-users
for announcements."
This, along with the other actions, are a very good first step,
however I think that it is CRITICAL to prevent and actively discourage
further downloads and installation of the Adeona software until the
new architecture discussed above is determined and incorporated. The
download links on the home page are still available and working and I
think these need to be removed as well to prevent further
installations by those who ignore warnings.
I also think the team should spend some time thinking about ways to
notify existing users. If there is no way to do so it should be a key
requirement for the next version to have a notification mechanism to
alert users in the future about critical issues, software updates or
warnings.
If you are interested, here is a link to the letter I sent this
morning including some of my suggestions as well as Yoshi's thoughtful
and constructive response..
http://gist.github.com/99315
Regarding the architectural questions. Obviously the pro's and cons
of various solutions should be discussed on the open developers
mailing list, now that there is one. I will join this list and
provide insight or guidance as appropriate and desired, and in my area
of expertise. There are many new services available that would
provide this type of service layer. Amazon SimpleDB, as well as
Google's AppEngine come to mind. They both provide the scale as well
as simple HTTP based API's. If a self hosted solution is desired
something like Tokyo Tyrant or CouchDB could be fronted with an API
like CloudKit to provide a REST interface. I am pretty certain that
through donations you could afford any of these solutions. There are
a lot of discussion that needs to happen.
I wish the project good luck and I will help where I can as long as
the core team is committed to staying involved and active. If not,
then the project should be shuttered now, or a new team of owners
sought ought from the open source community.
Cheers.
Glenn
steps to truly behaving like a responsible open source project. I
just received an email in response to the letter I wrote this morning
to the President of the University of Washington. I am saddened that
I had to go to that level of escalation to elicit a response from the
team. I am heartened by the actions that Yoshi and the team have
taken today in response, and I hope they continue on the right path.
I see that new home page content has just been pushed. It states:
"WARNING Adeona is currently not working because the back-end service
(OpenDHT on PlanetLab) is proving to be unreliable. If you would like
to help us, please see subscribe to the adeona-developers mailing list
and see this initial post. Users may wish to subscribe to adeona-users
for announcements."
This, along with the other actions, are a very good first step,
however I think that it is CRITICAL to prevent and actively discourage
further downloads and installation of the Adeona software until the
new architecture discussed above is determined and incorporated. The
download links on the home page are still available and working and I
think these need to be removed as well to prevent further
installations by those who ignore warnings.
I also think the team should spend some time thinking about ways to
notify existing users. If there is no way to do so it should be a key
requirement for the next version to have a notification mechanism to
alert users in the future about critical issues, software updates or
warnings.
If you are interested, here is a link to the letter I sent this
morning including some of my suggestions as well as Yoshi's thoughtful
and constructive response..
http://gist.github.com/99315
Regarding the architectural questions. Obviously the pro's and cons
of various solutions should be discussed on the open developers
mailing list, now that there is one. I will join this list and
provide insight or guidance as appropriate and desired, and in my area
of expertise. There are many new services available that would
provide this type of service layer. Amazon SimpleDB, as well as
Google's AppEngine come to mind. They both provide the scale as well
as simple HTTP based API's. If a self hosted solution is desired
something like Tokyo Tyrant or CouchDB could be fronted with an API
like CloudKit to provide a REST interface. I am pretty certain that
through donations you could afford any of these solutions. There are
a lot of discussion that needs to happen.
I wish the project good luck and I will help where I can as long as
the core team is committed to staying involved and active. If not,
then the project should be shuttered now, or a new team of owners
sought ought from the open source community.
Cheers.
Glenn
Dave Clark
Apr 21, 2009, 3:33:54 PM4/21/09
to adeona...@googlegroups.com
I posted some of these problems and the website that Glenn referred us
to on my Twitter & Facebook page, and my Windoze friends are asking
about Laptop Security for them. Does anyone have any good references?
Thanks, Glenn, for your standing up and doing this great job.
Thanks,
Dave
to on my Twitter & Facebook page, and my Windoze friends are asking
about Laptop Security for them. Does anyone have any good references?
Thanks, Glenn, for your standing up and doing this great job.
Thanks,
Dave
Glenn Rempe
Apr 21, 2009, 4:01:43 PM4/21/09
to adeona-users
A google on the topic popped up a few of possible solutions. As I am
a Mac user I have not tried any of these alternatives myself but
perhaps someone on the list has and can share their experiences.
http://www.nerdden.com/prevent-laptop-theft-six-remote-laptop-tracking-softwares/
http://www.lojackforlaptops.com/
http://www.gadgettrak.com/products/windows/standard/
http://www.thecyberangel.com/usingthecyberangel.aspx
http://www.backstopp.com/
Cheers,
Glenn
a Mac user I have not tried any of these alternatives myself but
perhaps someone on the list has and can share their experiences.
http://www.nerdden.com/prevent-laptop-theft-six-remote-laptop-tracking-softwares/
http://www.lojackforlaptops.com/
http://www.gadgettrak.com/products/windows/standard/
http://www.thecyberangel.com/usingthecyberangel.aspx
http://www.backstopp.com/
Cheers,
Glenn
Adeona Team
Apr 21, 2009, 4:02:15 PM4/21/09
to adeona-users
Hi Glenn,
> This, along with the other actions, are a very good first step,
> however I think that it is CRITICAL to prevent and actively discourage
> further downloads and installation of the Adeona software until the
> new architecture discussed above is determined and incorporated. The
> download links on the home page are still available and working and I
> think these need to be removed as well to prevent further
> installations by those who ignore warnings.
variant of this, now at <http://adeona.cs.washington.edu/
downloads.html>. It is still possible to download the client (for
those who are willing to help us work on a replacement back-end), but
it should be extremely obvious to all non-developers that this is not
something they would want to download. Please take a look.
>
> I also think the team should spend some time thinking about ways to
> notify existing users. If there is no way to do so it should be a key
> requirement for the next version to have a notification mechanism to
> alert users in the future about critical issues, software updates or
> warnings.
do have a stable replacement back end in place that can once again
support users.
Regarding your technical suggestions, thank you very much for making
them, and for joining adeona-developers. We look forward to your
insights there.
Thank you very much,
Yoshi
Glenn Rempe
Apr 21, 2009, 4:05:42 PM4/21/09
to adeona-users
And for the Mac LoJack has a Mac version as well:
http://www.lojackforlaptops.com/
I personally chose to use Orbicule's solution (although I have never
put it to the test thankfully with a stolen laptop). One of the
reasons I chose them is that there is no annual fee, just the initial
purchase price.
http://www.orbicule.com/undercover/mac/
Cheers,
Glenn
On Apr 21, 1:01 pm, Glenn Rempe <gl...@rempe.us> wrote:
> A google on the topic popped up a few of possible solutions. As I am
> a Mac user I have not tried any of these alternatives myself but
> perhaps someone on the list has and can share their experiences.
>
> http://www.nerdden.com/prevent-laptop-theft-six-remote-laptop-trackin...
http://www.lojackforlaptops.com/
I personally chose to use Orbicule's solution (although I have never
put it to the test thankfully with a stolen laptop). One of the
reasons I chose them is that there is no annual fee, just the initial
purchase price.
http://www.orbicule.com/undercover/mac/
Cheers,
Glenn
On Apr 21, 1:01 pm, Glenn Rempe <gl...@rempe.us> wrote:
> A google on the topic popped up a few of possible solutions. As I am
> a Mac user I have not tried any of these alternatives myself but
> perhaps someone on the list has and can share their experiences.
>
Glenn Rempe
Apr 21, 2009, 4:13:33 PM4/21/09
to adeona-users
On Apr 21, 1:02 pm, Adeona Team <ade...@cs.washington.edu> wrote:
> Hi Glenn,
>
> > This, along with the other actions, are a very good first step,
> > however I think that it is CRITICAL to prevent and actively discourage
> > further downloads and installation of the Adeona software until the
> > new architecture discussed above is determined and incorporated. The
> > download links on the home page are still available and working and I
> > think these need to be removed as well to prevent further
> > installations by those who ignore warnings.
>
> This is indeed again a great suggestion. We have implemented a
> variant of this, now at <http://adeona.cs.washington.edu/
> downloads.html>. It is still possible to download the client (for
> those who are willing to help us work on a replacement back-end), but
> it should be extremely obvious to all non-developers that this is not
> something they would want to download. Please take a look.
>
discourage users from new installs until you are ready with a future
release.
> > I also think the team should spend some time thinking about ways to
> > notify existing users. If there is no way to do so it should be a key
> > requirement for the next version to have a notification mechanism to
> > alert users in the future about critical issues, software updates or
> > warnings.
>
> This is another great suggestion, and one we hope to implement when we
> do have a stable replacement back end in place that can once again
> support users.
> Regarding your technical suggestions, thank you very much for making
> them, and for joining adeona-developers. We look forward to your
> insights there.
going.
I understand, and I hope everyone else does as well, that some of the
steps you have taken today are painful. But I think we would all
agree that they are the right thing to do. I appreciate the courage
to do so.
danboarder
Apr 22, 2009, 1:58:58 AM4/22/09
to adeona-users
How is this for an 'easy fix':
Let the user select their own SFTP/SSH account as an option for
storing data instead of OpenDHT.
FTP accounts come with many broadband subscriptions, and hosting
accounts like Dreamhost with SFTP and SSH are very cheap. So for me
SSH or SFTP would make good solution, where I can retrieve my Adeona
data easily if and when I need it. Any ideas?
Dave Clark
Apr 22, 2009, 9:55:25 AM4/22/09
to adeona...@googlegroups.com
I'm checking with dyndns.org, they're on Twitter as dyninc
Maybe they could take over the entire project from U/Wash
Dave
Maybe they could take over the entire project from U/Wash
Dave
Matthias Schnizer
Apr 22, 2009, 10:22:22 AM4/22/09
to adeona...@googlegroups.com
I think that's an excellent idea - decentralized servers - cheap and under
the users control.
I Like it.
the users control.
I Like it.
Nick Boyle
Apr 22, 2009, 10:55:32 AM4/22/09
to adeona...@googlegroups.com
Hey, I suggested this a short while back. :(
I've no interest in having my data going onto an unproven system,
where I could handle and monitor the load on my own FTP service.
One of the main functions that I'm keen on, is limiting the amount of
data through specific connections. E.g. I don't want to spank my 3GB a
month dongle, but am happy for as much as I like across wifi and
ethernet.
Nick
I've no interest in having my data going onto an unproven system,
where I could handle and monitor the load on my own FTP service.
One of the main functions that I'm keen on, is limiting the amount of
data through specific connections. E.g. I don't want to spank my 3GB a
month dongle, but am happy for as much as I like across wifi and
ethernet.
Nick
Tadayoshi Kohno
Apr 22, 2009, 11:20:31 AM4/22/09
to adeona...@googlegroups.com, adeona-d...@googlegroups.com
Hi all,
I don't want to speak for the rest of the original Adeona folks, but
I also think this is a great idea. I'd love to move this thread to
the adeona-developers list, now that we've recently created it:
<http://groups.google.com/group/adeona-developers>. I'm going to
cross-post this email to both lists.
A few additional thoughts on this. The first is that we would really
like to be able to support existing users who aren't reading adeona-
users, who have Adeona installed, and who won't visit our website to
look for updates. For this reason, replacing the back-end OpenDHT
infrastructure with something more reliable would be very
advantageous -- or at least still providing that support while we
explore new options (more below).
There are also a bunch of other potential alternatives, such as
having the Adeona client email the encrypted location information to
a user's web mail account, etc. For those interested in helping with
Adeona development, I would encourage you to read our original
technical paper, which is available online here <http://
www.usenix.org/events/sec08/tech/full_papers/ristenpart/
ristenpart.pdf> (USENIX Security 2008). This paper will help give
you a sense for where we're coming from, discusses some alternatives
(like email), and why we chose not to pursue them in the context of
Adeona. Specifically, our goal with Adeona was to provide a system
that was very privacy-respecting, and we found that some approaches
(like email) did not achieve the level of privacy that we desired.
One strategy, which I think might be attractive, is for the Adeona
client to allow the user to select one or more approaches from a set
of options.
Thank you again for all your input,
Yoshi
On Apr 21, 2009, at 10:58 PM, danboarder wrote:
>
>
I don't want to speak for the rest of the original Adeona folks, but
I also think this is a great idea. I'd love to move this thread to
the adeona-developers list, now that we've recently created it:
<http://groups.google.com/group/adeona-developers>. I'm going to
cross-post this email to both lists.
A few additional thoughts on this. The first is that we would really
like to be able to support existing users who aren't reading adeona-
users, who have Adeona installed, and who won't visit our website to
look for updates. For this reason, replacing the back-end OpenDHT
infrastructure with something more reliable would be very
advantageous -- or at least still providing that support while we
explore new options (more below).
There are also a bunch of other potential alternatives, such as
having the Adeona client email the encrypted location information to
a user's web mail account, etc. For those interested in helping with
Adeona development, I would encourage you to read our original
technical paper, which is available online here <http://
www.usenix.org/events/sec08/tech/full_papers/ristenpart/
ristenpart.pdf> (USENIX Security 2008). This paper will help give
you a sense for where we're coming from, discusses some alternatives
(like email), and why we chose not to pursue them in the context of
Adeona. Specifically, our goal with Adeona was to provide a system
that was very privacy-respecting, and we found that some approaches
(like email) did not achieve the level of privacy that we desired.
One strategy, which I think might be attractive, is for the Adeona
client to allow the user to select one or more approaches from a set
of options.
Thank you again for all your input,
Yoshi
On Apr 21, 2009, at 10:58 PM, danboarder wrote:
>
>
Eric
Apr 24, 2009, 12:29:15 PM4/24/09
to adeona-users
Glenn,
I installed GadgetTrak on my Mac as they have the same privacy
philosophy as Adeona, no data centers where your data is sent and no
remote access to the system. Same one time fee as well.
MacTrak
http://www.gadgettrak.com/products/mac/
PC-Trak
http://www.gadgettrak.com/products/pc/
None of the data goes to their data center like Orbicule and Lokack
for Laptops. I emailed Orbicule support asking them quite a few
questions about privacy and they did not respond, I don't think they
liked some of my questions. I also found their domain is hosted on a
shared hosting provider and quite a few other security issues via
Google. The Mactrak info goes to my email and Flickr account. A cool
thing I found as well is that it doesn't just get the IP address, it
gets the actual location via wifi positioning tech, when I tested it
out it put me at my front door. The software also uses the camera to
take photos of of the thief and sends it to my Flickr and email every
30 minutes or so, like Adeona
A few articles on various security apps, I have bookmarked that may
help folks:
What I Leared from Having My Laptop Stolen
http://db.tidbits.com/article/10165
4 Mac Security Apps Compared
http://theappleblog.com/2008/11/21/4-mac-security-apps-compared/
Software can help retrieve your stolen laptop
http://seattletimes.nwsource.com/html/businesstechnology/2008938290_ptstolenlaptop28.html
I installed GadgetTrak on my Mac as they have the same privacy
philosophy as Adeona, no data centers where your data is sent and no
remote access to the system. Same one time fee as well.
MacTrak
http://www.gadgettrak.com/products/mac/
PC-Trak
http://www.gadgettrak.com/products/pc/
None of the data goes to their data center like Orbicule and Lokack
for Laptops. I emailed Orbicule support asking them quite a few
questions about privacy and they did not respond, I don't think they
liked some of my questions. I also found their domain is hosted on a
shared hosting provider and quite a few other security issues via
Google. The Mactrak info goes to my email and Flickr account. A cool
thing I found as well is that it doesn't just get the IP address, it
gets the actual location via wifi positioning tech, when I tested it
out it put me at my front door. The software also uses the camera to
take photos of of the thief and sends it to my Flickr and email every
30 minutes or so, like Adeona
A few articles on various security apps, I have bookmarked that may
help folks:
What I Leared from Having My Laptop Stolen
http://db.tidbits.com/article/10165
4 Mac Security Apps Compared
http://theappleblog.com/2008/11/21/4-mac-security-apps-compared/
Software can help retrieve your stolen laptop
http://seattletimes.nwsource.com/html/businesstechnology/2008938290_ptstolenlaptop28.html
Tadayoshi Kohno
Jul 31, 2009, 1:37:25 PM7/31/09
to adeona...@googlegroups.com
Thank you all again very much for your interest in Adeona, and for subscribing to adeona-developers/adeona-users.
As you all probably know by now, Adeona currently relies on OpenDHT for back-end, private storage of encrypted location information. Earlier this year the original author of OpenDHT stepped down from his role as the OpenDHT maintainer. We took this as an opportunity to try to support OpenDHT ourselves, and are excited to say that we now seem to have OpenDHT up and running. We have been experimenting with Adeona combined with our maintained version of OpenDHT for about a month now.
We believe that people who have already installed Adeona should now be able to use it to recover the recent past locations of their computers (under certain caveats that we mentioned before, e.g., the computers would need to be on and connected to the Internet in order to report their location, and location records are only kept for a short period of time). Still, since we only recently took over control of OpenDHT, we are hesitant to encourage the installation of Adeona on new systems until after additional experimentation and use by the existing Adeona community. We are also working on more permanent solutions and look forward to updating you all as soon as we can.
Thank you very much,
Yoshi
Beau
Aug 1, 2009, 12:15:23 PM8/1/09
to adeona-users
Yoshi
Great news! Glad that you got OpenDHT up and running again.
I tried to install adeona to check on a stolen laptop (over 3 months
ago, sure its probably wiped, but I can always hope) and had some
issues with compiling. I've filed a bug on launchpad for it.
Thanks for the hard work
Beau
Great news! Glad that you got OpenDHT up and running again.
I tried to install adeona to check on a stolen laptop (over 3 months
ago, sure its probably wiped, but I can always hope) and had some
issues with compiling. I've filed a bug on launchpad for it.
Thanks for the hard work
Beau
TheJoe
Aug 1, 2009, 4:22:58 PM8/1/09
to adeona...@googlegroups.com
Ummhh.. at this time i don't see the warning message vanished in the adeona site.. it is placed again in the same place i found it last time.. Are you sure the OpenDHT running again??
Anyway Prey IS still a good alternative. XD
Anyway Prey IS still a good alternative. XD
2009/8/1 Beau <beau....@gmail.com>
Reply all
Reply to author
Forward
0 new messages