The Now Economy

Several people from CommerceNet attended CodeCon last weekend for varying amounts of time. The Wheat project, which we’ve contributed to, presented on Sunday and got a very good audience reception; Walter Landry of ArX, a variant of the GNU arch revision control system, presented a fascinating table of comparisons between the different free-software decentralized revision-control systems.

Decentralized source-code revision-control systems are at an interesting intersection; they allow any person to modify a piece of software with total independence, while facilitating their cooperation with others as much as possible. Historically, distributed systems have often achieved cooperation at the expense of independence, and this has limited their size or resulted in unfortunate social problems. Rohit Khare, the Director of CommerceNet zLab, wrote his doctoral thesis on architectural styles that support this intersection of cooperation and independence, and that area has been the focus of zLab.

ArX, along with several other projects presented at CodeCon, are at the forefront of real-world advances in this area: ApacheCA, a CA that makes trust decisions based on the GnuPG/PGP web of trust; OTR, an extension for instant messaging clients that provides cryptographic privacy for conversations without depending on third-party privacy infrastructure; and i-brokers, an Identity Commons/2idi project to develop a decentralized naming system for people on the internet.

I really appreciated the opportunity to spend a weekend with the people who are already doing the things that CommerceNet, so far, only dreams about.

Bruce Schneier says SHA-1 is broken in a preprint paper from the same Chinese research group that broke MD5 and SHA-0 last year, as noted in our blog post at the time. Watch my delicious linklog for more details as they roll in over the next few days.

Like the earlier attacks, this is a collision attack, not a preimage attack, so it isn’t likely to actually break very many systems. But it’s a big warning sign that we should switch to new algorithms.

This is also definitive evidence that our government’s policies discouraging domestic cryptographic research have backfired, since now some Chinese university researchers are ahead of our own NSA. (*)

(*) Footnote: I believe this to be true because if this were an attack the NSA were aware of, they’d have released a SHA-2, the same way they replaced SHA with SHA-1.

(Change notes: previous version of this post said “they’d be working towards” rather than “they’d have released”, which is clearly an absurd thing to say. Also, it said “would be aware” rather than “were aware”, and “it aided the creation of a SHA-1″ rather than “they replaced SHA with SHA-1″; these changes were made for clarity.)

WOW: “The speed of light is too slow.” They noted that firms located further away from the market center were being shut out because the speed of light could not carry their orders to market fast enough…Whether it’s the 7-millisecond delay between Chicago and New York, or the 35-millisecond delay between the Big Apple and San Francisco, increasingly, if you are not co-located near where you execute, you’re just not fast enough to grab the brass ring.

Light Speed and The Buttonwood Tree

A few weeks ago, The Tabb Group hosted a focus group on connectivity in which we brought in some of the best and brightest industry connectivity specialists. What they said surprised me. They basically said that “The speed of light is too slow.” They noted that firms located further away from the market center were being shut out because the speed of light could not carry their orders to market fast enough.

That amazed me. Now, anyone sitting far away from a noisy event knows that there is certainly a gap between the speed of sound and the speed of light. But who, besides Einstein, ever thought that the speed of light (299,792,458 meters per second) would be too slow?

But as our markets increasingly become more electronic, time matters. Whether it’s the 7-millisecond delay between Chicago and New York, or the 35-millisecond delay between the Big Apple and San Francisco, increasingly, if you are not co-located near where you execute, you’re just not fast enough to grab the brass ring.

While you might think, “Who cares?”, it’s impacting the market in very real ways. Hedge funds are saying that market opportunities they were able to take advantage of last year are no longer accessible.

(more…)

In a development that reminds me of the Avalanche consortium of corporate open source users, this is an academic effort to avoid the high costs of commercial EAI brokers…

Developers at the University of Illinois are working on a major upgrade to their Java-based OpenEAI project, an Open Source alternative to expensive and proprietary ERP/EAI middleware solutions.

The OpenEAI framework 4.0 is due for release in March, is modeled after Apache, and sports a wide array of integration-enabling technologies for architects and developers, including templates, business workflow rules and components for Java, XML and ERP APIs.

The 4.0 upgrades on tap look to fill in support for XML Schema and key JDKs, but also bring added testing, visibility and management to the OpenEAI suite.

(from OpenEAI 4.0 News Story)

(more…)