[atlas] Reasons to celebrate - passed 1K active probes :)
Philip Homburg philip.homburg at ripe.net
Wed Dec 28 19:51:56 CET 2011
On 12/28/11 18:52 , Richard L. Barnes wrote: > Hi Philip, > > On this point: > >> So, assuming for a moment that we cannot let 'third party' probes connect to the Atlas infrastructure, because we cannot trust the results, what would be the point of releasing the source? One is that somebody may want to run his own private copy of the whole Atlas system. But that is going to to be a lot of work setting it all up. > ... > >> If we would allow third party probes to connect, but it ignore their results and not schedule any UDMs on those probes. Just publish the raw results somewhere. Would that be a net benefit to the community, or just a PR disaster waiting to happen? > I think you may be skipping a potential middle point here. Thinking back to RIPE 61, there were some folks who were offering to manufacture probes if the firmware were open-source. That seems to indicate that a "partnership" model might be viable, in which anyone can get the source code, but if a probe maker signs a contract with RIPE, then their probes can feed information into the real RIPE Atlas system. Having contracts would provide a way for RIPE NCC to get guarantees related to security, fraud, etc. Let me once again emphasize that I'm looking at this from a technical point of view. There are many other issues to consider, which I'm ignoring here. I'd say if a party were to manufacture probes under supervision of RIPE NCC then that is independent of the issue of open source. That's just a normal business relationship. It is possible that an organization would agree to sponsor probes in return for Atlas to become open source. But then the source would effectively be payment for something. That would be similar to the Android model: you can download the source, but there is no guarantee that you can actually install it on your own phone and some functionality, like connecting the Android market, may be unavailable. From a technical point of view, just releasing the probe sources is the easiest, because it is a relatively small amount of code. Relatively easy to compile and install. The back-end systems are way more complex. > A more open model might not be useless, either. After all, one can make much richer decisions based on data sources than "accept/ignore". As long as the data is source-tagged, then different sources can be compared for consistency, which would provide some validation that the probes aren't providing completely bogus data. At the moment, analysis is already hard. The Internet is an extremely diverse landscape. It is very much a research question whether adding untrusted data is good or not. I certainly don't know the answer to that question. > Putting these two ideas together, it seems like you could enable two "classes" of data, "high assurance" from probes made by RIPE NCC and its partners, and "low assurance" from anyone else. Think of it as a "freemium" model -- it's cheap and easy for small-scale projects to feed into the "low assurance" class, but if you want to be a real contributor, do the work to get into the "high assurance" class. You could even provide additional features to "high assurance" sources (UDM access / management, say) as an incentive. > One issue is what do you do with the data in the low assurance class. At the moment, probe hosts have access to data of their own probe and RIPE NCC researchers have access to all data. If researchers want to have that low assurance data, then great. If not, then it may be a waste of resources.