A REBOL challenge - The Information World

Hello all! A REBOL challenge [Permission is explicitly granted to publish this document on the REBOL Zine, on REBOLForces or on any other REBOL-related publication/site/whatever.] With this message, I'm going to launch a challenge. The goal is to create a peer-to-peer communication system as described below; implementations will be judged by the members of the REBOL mailing list, with regards to: * Code elegance and simplicity * Efficiency * Usability If my free time will permit, I'll partecipate to the challenge too; a time limit will be set in agreement with the participants. The resulting code is required to be freely distributable at least inside the REBOL mailing list; freely distributable software will be preferred over restricted software because to be useful the system has to be available to all the users of the Internet. [I'm quite sure Maarten will participate with a Rugby based implementation; I'd like to have someone doing a REBOL/IOS based implementation too...] If you are interested, please read the following document carefully; comments or requests for clarifications will be gratefully accepted. [Since this version can be considered a sort of draft, I would be vert grateful to those of you that will really be brave enough to read it all and offer me some comments.] The "Information World" I want to create a sort of "virtual world". I will call it the Information World (IW). This world is made of informations, from static data to "live" entities able to interact with the rest of the IW. The IW is based on three simple entities that the implementation has to represent. These are "Places", "Objects" and "Agents". Places A "Place" is a location in the IW. It can contain objects and agents, and it can be connected to other places. (The connection does not necessarily need to be a TCP/IP connection or something like that; you can think of it as a "road" going from one place to another. Also notice that if place A is connected to place B, automatically place B is connected to place A.) Agents can move from one place to another only using a connection (normal agents cannot create a new connection). The implementation of a place has to provide a way for agents to know what other objects and agents are present in the place. I.e. the agents will have to be able to query the place where they are to know what's there besides of them. Objects Objects are "things", such as repositories, containers, documents, and so on. An object can contain other objects; for example, a book shelf object might contain book objects. By themselves, objects cannot move from one place to another or interact with other objects or agents. Only agents are able to iteract with other agents or objects. The implementation should make it easy for objects to be moved from a place to another (by agents); also, agents must be able to query an object to know what actions it can perform on it (for example, a book shelf might provide a "search" action to allow an agent to search for a book, and so on). The implementation has to provide an easy way for users to create new objects. Also, objects can be cloned. Agents Agents are the most interesting entity of the IW. They are the key for the communication, since they are the only entity that can move from a place to another and interact with other entities. They can also carry objects, but there should be a limit on the size of the objects an agent can carry on a given connection. Implementations have to deal with security issues raised by the presence of agents. In particular, two categories of agents have to exist: "Residents" and "Tourists". The only resident agents available should be: * The "Road Builder", which creates connections with other places. It is the only entity that can create connections; of course it can destroy a connection too. * The "Sentinel". A sentinel can be placed on every connection to verify the identity of coming tourists and place restrictions on them or even disallow their entrance. Each sentinel should be in communication with the one on the other side (if present) to be able to identify coming tourists. (Identifying might just mean assigning a "trust level" or something like that.) * The "Mail Agent", which is responsible of sending (big) objects to other places. The mail agents can be asked by an agent to send an object to another mail agent on another place; it should also be possible for mail to be delivered to a specific agent in a place (passing thru the mail agent of that place). The implementation should provide an efficent way to transfer any amount of data. (This makes up for the limit of agents to carry objects; place-to-place connections should be optimized for the transport of tourists with rather small baggage, while mail agent-to-mail agent "connections" might be optimized for transferring big objects.) * The "Banker". A place might have a banker which holds important objects. Objects available in the place can be used (and cloned) by any agent, so a banker might be needed to restrict access to some objects. The implementation should not allow for a tourist to become a resident, unless the user explicitly wants it to (and he/she should be warned that this is a security issue). Residents (sentinels and mail agents in particular) should have a secure way to identify themselves. (There's no reason for a resident to become a tourist and to move from one place to another; anyway, if an implementation allows the user to do this, it should take care of any security issue that may rise.) Tourists can be of any kind and freely move from one place to another (provided they get permission from the sentinels) traveling the IW. The implementation should provide a way for the user to create new tourists. Tourists can be cloned (with or without their baggage :). Also, the user has to have a simple way to instruct a tourist to do something (such as "Go on and search for this book!"). But why? Because it looks like a lot of fun. :-) And also because our brain is just a network of rather simple things... ;) Being visionary today, ;-) Gabriele. -- Gabriele Santilli <[giesse--writeme--com]> - Amigan - REBOL programmer Amiga Group Italia sez. L'Aquila -- http://www.amyresource.it/AGI/

Go Gabrielle, Go ! I am totally supportive to your challenge, however I don't see that newbie like me can be a part of it. Nevertheless I will enjoy seeing you all gurus and Rebol jedi in a fair and loyal joust. Patrick

Cool Idea Gabrielle, kinda like the Daliworld virtual ocean project and the Aglet system. This could be a fun challenge and with the ability of rebol to redefine itself dynamically the ability of self modifying Agents becomes a lot simpler. James.

Hi Gabrielle, All. /. had an article linking to a P2P project at University of Bologna (Italy) called Anthill. Code is freely available and they have an example of one which uses agents to simulate a document sharing network. http://www.cs.unibo.it/projects/anthill/description.htm Gabriele Santilli wrote:

Very interesting, one of the best proposements for creating virtual world where AI would emerge from the interaction of artificial objects, users and programmers... Have you thougth about what could be the main goals in this world? The goals are needed for evolution to work... 8) Cheers, Mikko Mäkelä

Since a Tourist can carry baggage, wouldn't he be a special case of a Mail Agent who can only carry his own objects?

A site like http://www.cornerhost.com/cvs/ might be a better forum for the jousting than on this list.

Hi Gabriele, On further consideration REBOL is perhaps not the safest choice of language for this sort of project as there are lots of security issues involved due to its self-modifying abilities. In theory it would be rather simple to create a P2P agent world with REBOL but in practice you would have to severely limit the freedoms of the agents involved - almost to the point of re-writing the language. Let me give you some scenarios as an example: An agent is sent from one zone to another - is scanned by a sentinel for ??? The agent is then activated - at which point it begins to execute itself (assuming some sort of rate timer). If the agent posesses a physical face the possibility of malicious code is a very real threat - an agent could bring down an entire node by just accessing self/parent-face/... etc and deleting nodes. Other more insidious behaviours could also be initiated where an agent overwrites global functions and replaces them with its own ones, eg an agent re-writes the parse function, or the show function, etc. These behaviours become almost impossible to prevent by a Sentinel as an agent could (due to the power of REBOL) just hide command strings in an encrypted format and then decompress and run them with a little remold, do etc.. The only way to guarentee that none of this behaviour (from what I know of REBOL so far) is to either NEVER let an agent become autonomous to the point of being allowed to execute, to use non-changable templates for all agents that are checksummed for validity (this limits AI learning etc), or to never open up your local nodes to the rest of the world which kind of defeats the purpose of the exercise. IMHO the only truly safe way to ensure proper security would be to have the environment shell in a separate language that cannot be modified by rebol agents directly except in predefined ways- thus limiting self expansion or remote modification of nodes. Just my 5c :) James

--- James Marsden <[james--mustard--co--nz]> wrote:

> Hi Gabriele, > > On further consideration REBOL is perhaps not the > safest choice of language for this sort of project > as there are lots of security issues involved due > to its self-modifying abilities.

Christopher Dicely wrote:

>You could probably do it in /Core or /View with >a seperate native program to handle launching >nothing but launch agents, etc., than the >whole enviromnent, so its not so bad).

Hi Petr, Problems exist when you want agents to be able to interact with each other and their environment - it is the interaction itself that can be a security risk as stated earlier, hence the need for some level of shell which is not directly linked to the rebol language. James.

Mikko Mäkelä wrote:

> Very interesting, one of the best proposements for > creating virtual world where AI would emerge from the > interaction of artificial objects, users and > programmers...

> Have you thougth about what could be the main goals in > this world? The goals are needed for evolution to > work... 8)

[Been busy this week... still have to catch up on emails...] chaz wrote:

> Since a Tourist can carry baggage, wouldn't he be a special case of a Mail > Agent who can only carry his own objects?

James Marsden wrote:

> On further consideration REBOL is perhaps not the safest choice of language > for this sort of project as there are lots of security issues involved due > to its self-modifying abilities.

> An agent is sent from one zone to another - is scanned by a sentinel for ???

> eg an agent re-writes the parse function, or the show function, etc. These > behaviours become almost impossible to prevent by a Sentinel as an agent

> IMHO the only truly safe way to ensure proper security would be to have the > environment shell in a separate language that cannot be modified by rebol

James Marsden wrote:

> Problems exist when you want agents to be able to interact with each other > and their environment - it is the interaction itself that can be a security

Heh - about time I memorized the REBOL dictionary ;) never had to use protect or secure before - time for a little reading! James

Hi Gabriele, << I've yet to see someone deciding to participate, tough. >> I want to, but I have these annoying work projects getting in my way at the moment. :( One of the areas that interests me is self organizing systems. Regarding use of 'protect: Can you protect an entire context, or the words *in* a context? I haven't figured out how to do that yet. --Gregg

--- Petr Krenzelok <[petr--krenzelok--trz--cz]> wrote:

> Christopher Dicely wrote: > > > eh, what is the problem us usin 'launch function > provided in both Core and View by default?

--- James Marsden <[james--mustard--co--nz]> wrote:

> Hi Petr, > Problems exist when you want agents to be able to > level of shell which is not > directly linked to the rebol language.

Hi Gregg,

> Regarding use of 'protect: Can you protect an entire context, or the words > *in* a context? I haven't figured out how to do that yet. >

>> use [a] [a: 1 protect 'a loc-a: does ['a]]

>> a: 52

>> loc-a

>> get loc-a

>> set loc-a 2

>> unprotect loc-a >> set loc-a 2

>> get loc-a

--- Gabriele Santilli <[g--santilli--tiscalinet--it]> wrote:

> [Been busy this week... still have to catch up on > emails...] > object you are able to know from where it is coming > from, thus deciding if to trust or not its contents;

Thanks Larry, << For local contexts created by MAKE FUNCTION! and MAKE OBJECT! the situation is more complex and the usefulness of PROTECT is limited. >> Yeah, that's kind of what I surmised. << BTW In future, with REBOL/Core 3.0, we have been told that REBOL will have modules, which should alleviate most of the currently existing namespace issues. >> That would be great! --Gregg

Hello Christopher! On 07-Dic-01, you wrote: CD> Surely, if you use an digital signature of some CD> kind, you can also identify tourists. It would About tourists, I can see some problems. Tourist are not expected to be immutable: they will at least change state while they are travelling. (For example, a tourist that is searching for something will have at least two states --- "searching" and found --- and will behave differently depending on the state.) This way, the signature CAN change while the tourist is travelling, thus making any attempt to identify them rather risky IMHO. I'd like to know if someone knows a way to identify tourists that would not be easily hacked by a malicious user. Regards, Gabriele. -- Gabriele Santilli <[giesse--writeme--com]> - Amigan - REBOL programmer Amiga Group Italia sez. L'Aquila -- http://www.amyresource.it/AGI/