https://bford.info/ Recent content on Bryan Ford's Home Page Hugo -- gohugo.io en-us Sat, 25 Jul 2026 00:00:00 +0000 https://bford.info/selforg/intro/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/selforg/intro/ https://bford.info/selforg/arch/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/selforg/arch/ https://bford.info/selforg/people/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/selforg/people/ https://bford.info/selforg/money/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/selforg/money/ https://bford.info/selforg/comm/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/selforg/comm/ https://bford.info/selforg/info/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/selforg/info/ https://bford.info/selforg/choice/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/selforg/choice/ https://bford.info/pub/lang/paradox/ Sat, 25 Jul 2026 00:00:00 +0000 https://bford.info/pub/lang/paradox/ Ananthajit Srikanth and Bryan Ford Isabelle Workshop 2026 June 24–25, 2026 Lisbon, Portugal Abstract: Standard logical foundations in theorem proving constrain the set of recursive functions that are directly expressible to avoid inconsistencies. However, this prevents us from expressing all Turing-complete computations via direct recursive definitions. We consider Grounded Arithmetic, a reasoning framework that avoids inconsistency from unconstrained recursive definitions by “dynamically type-checking” terms. Using the formalization of GA in Isabelle/HOL, we prove three self-referential statements to be nonterminating computation: the Liar Paradox, the Truthteller sentence, and Curry’s paradox. https://bford.info/thesis/2026-b%C3%BCrki/ Tue, 23 Jun 2026 00:00:00 +0000 https://bford.info/thesis/2026-b%C3%BCrki/ Benjamin Bürki M.Sc. thesis in Cyber https://bford.info/talk/2026-03-23-kripke-paradox/ Mon, 23 Mar 2026 00:00:00 +0000 https://bford.info/talk/2026-03-23-kripke-paradox/ Talk at Saul Kripke Center, CUNY March 23, 2026 – CUNY Graduate Center, New York, NY, USA Abstract: While Kripke inspired numerous alternative approaches to truth and paradox, could we accomplish something like ordinary “working mathematical reasoning” in any of them? Yes. Grounded arithmetic (GA) combines paracomplete reasoning and computational semantics into a concrete, usable, and powerful Peano-esque formal theory of natural numbers and computation. GA weakens key classical inference rules with “habeas quid” preconditions: obligations to prove we “have a thing” before using it in subsequent reasoning. https://bford.info/post/2026-02-24-history/ Tue, 24 Feb 2026 00:00:00 +0000 https://bford.info/post/2026-02-24-history/ The core purpose of this architectural layer is digital preservation: to maintain a highly resilient, tamper-resistant, and transparent record or history of events. Events recorded in the history may be of all kinds, but the primary emphisis is on recording human-initiated events and processes: the organization and in-person meetups typically including PoP parties, and asynchronous posts, discussions, votes, and other participatory processes occurring sporadically or continuously in the meantime. Key goals of the history layer include: Human centric: a history by, for, and about human participants Inclusive: anyone anywhere should be able to participate at low cost Resilient to failure, delay, disruption, and censorship Transparent by default but privacy-preserving as needed Autonomy and (self-)sovereignty: users and groups organize bottom-up Compatibility: browsable and transferable via web protocols This history layer is intended to be first and foremoest a human process, starting from and grounded in a commitment by human users of the process to the best-effort and good-faith preservation of human history. https://bford.info/pub/net/limix-full/ Tue, 10 Feb 2026 00:00:00 +0000 https://bford.info/pub/net/limix-full/ Cristina Băsescua, Georgia Fragkouli, Enis Ceyhun Alp, Jose M. Faleiro, Kelong Cong, Vero Estrada-Galiñanes, Michael F. Nowlan, Gaylor Bosson, Pierluca Borsò-Tan, Bryan Ford New Ideas in Networked Systems (NINES) February 10, 2026 Abstract: Globalized computing infrastructures offer the convenience and elasticity of globally managed objects and services, but lack the resilience to distant failures that localized infrastructures such as private clouds provide. Providing both global management and resilience to distant failures, however, poses a fundamental problem for configuration services: How to discover a possibly migratory, strongly-consistent service/object in a globalized infrastructure without dependencies on globalized state? https://bford.info/post/2026-02-09-aymara/ Mon, 09 Feb 2026 00:00:00 +0000 https://bford.info/post/2026-02-09-aymara/ Last week my EPFL colleague Martin Rohrmeier (Digital and Cognitive Musicology) pointed out to me the truly fascinating Aymara people and their language, which can directly express 3-valued logic (true, false, uncertain). Aymara is an “existence proof” that the rules of human reasoning are elastic and need not necessarily be dominated exclusively by the classical 2-valued Aristotelian standard. Paracomplete or “gappy” reasoning can be natural and intuitive; it depends on what you're accustomed to. https://bford.info/thesis/2025-merino/ Fri, 05 Dec 2025 00:00:00 +0000 https://bford.info/thesis/2025-merino/ Louis-Henri Manuel Jakob Merino Ph.D. thesis advised by Bryan Ford December 5, 2025 Abstract: Online voting promises greater convenience and accessibility, but moving from supervised polling places to unsupervised settings magnifies the risk of coercion and vote buying. A compelling strategy is to give voters fake credentials: credentials that look and behave like real voting credentials but whose ballots are silently excluded from the tally. Despite its conceptual appeal, practical realizations and usability evidence for fake credentials have remained limited. https://bford.info/talk/2025-10-31-e-voting/ Fri, 31 Oct 2025 00:00:00 +0000 https://bford.info/talk/2025-10-31-e-voting/ Talk at Swiss Crypto Day 2025 - Halloween Edition October 31, 2025 – EPFL, Lausanne, Switzerland Slides: PDF Related: TRIP system paper TRIP usability paper https://bford.info/pub/lang/ga/ Wed, 29 Oct 2025 00:00:00 +0000 https://bford.info/pub/lang/ga/ Elliot Bobrow, Bryan Ford, and Stefan Milenković arXiv preprint 2510.25369 October 29, 2025 (first version) Abstract: Neither the classical nor intuitionistic logic traditions are perfectly-aligned with the purpose of reasoning about computation, in that neither tradition can permit unconstrained recursive definitions without inconsistency: recursive logical definitions must normally be proven terminating before admission and use. We introduce grounded arithmetic or GA, a formal-reasoning foundation allowing direct expression of arbitrary recursive definitions. https://bford.info/pub/sec/trip/ Mon, 13 Oct 2025 00:00:00 +0000 https://bford.info/pub/sec/trip/ Louis-Henri Merino, Simone Colombo, Rene Reyes, Alaleh Azhir, Shailesh Mishra, Pasindu Tennage, Mohammad Amin Raeisi, Haoqian Zhang, Jeff Allen, Bernhard Tellenbach, Vero Estrada-Galiñanes, and Bryan Ford SOSP 2025: The 31st Symposium on Operating Systems Principles October 13–16, 2025 Online voting is convenient and flexible, but amplifies the risks of voter coercion and vote buying. One promising mitigation strategy enables voters to give a coercer fake voting credentials, which silently cast votes that do not count. https://bford.info/talk/2025-10-08-democracy/ Wed, 08 Oct 2025 00:00:00 +0000 https://bford.info/talk/2025-10-08-democracy/ Talk at Dagstuhl Seminar on Trustworthy Evidence-Based Elections October 8, 2025 – Schloss Dagstuhl, Germany Slides: PDF Related: Coercion-resistant E-voting talk Identity and personhood paper TRIP system paper TRIP usability paper https://bford.info/talk/2025-10-07-e-voting/ Tue, 07 Oct 2025 00:00:00 +0000 https://bford.info/talk/2025-10-07-e-voting/ Talk at Dagstuhl Seminar on Trustworthy Evidence-Based Elections October 7, 2025 – Schloss Dagstuhl, Germany Slides: PDF Related: Beyond voting talk TRIP system paper TRIP usability paper https://bford.info/thesis/2025-kehrli/ Tue, 30 Sep 2025 00:00:00 +0000 https://bford.info/thesis/2025-kehrli/ Sascha Kehrli B.Sc. thesis advised by Bryan Ford and Roger Wattenhofer September 30, 2025 Abstract: This thesis presents a foundational formalization of Grounded Arithmetic (GA), a first-order arithmetic based on the principles of Grounded Deduction (GD), directly within the Isabelle/Pure framework. Unlike classical and constructive logics, which impose strict termination requirements on definitions to preserve consistency, GD admits arbitrary recursion at the definitional level. To remain consistent, GA weakens other inference rules, many of which demand explicit habeas quid termination proofs of subexpressions as premises. https://bford.info/thesis/2025-holzwarth/ Thu, 28 Aug 2025 00:00:00 +0000 https://bford.info/thesis/2025-holzwarth/ David Nicolaus Matthäus Holzwarth B.Sc. thesis advised by Bryan Ford and Pramod Bhatotia August 28, 2025 Abstract: This thesis explores fractional delegation in Liquid Democracy, where voters can split their vote among multiple delegates, aiming to reduce vote concentration and improve representational fairness. We formalize the mode and a method of resolving the final voting power of each participant. We then present and evaluate three implementations of this method: using a solver for systems of linear equations, a linear programming solver, and an iterative implementation. https://bford.info/thesis/2025-tennage/ Fri, 15 Aug 2025 00:00:00 +0000 https://bford.info/thesis/2025-tennage/ Pasindu Nivanthaka Tennage Ph.D. thesis advised by Bryan Ford August 15, 2025 Abstract: Deploying consensus protocols in the wide-area is challenging due to unpredictable and adversarial nature of wide-area networks. This thesis explores five critical challenges that affect the operation of consensus protocols in the wide-area networks; (1) performance vulnerability of leader-based protocols to leader-targeted attacks, (2) losing liveness under adversarial network conditions, (3) throughput bottlenecks caused by leader overload, (4) recovery time versus liveness trade-off caused by sub-optimal manually configured timeouts, and (5) high commit latency in DAG-based asynchronous byzantine fault tolerant protocols. https://bford.info/thesis/2025-colombo/ Fri, 10 Jan 2025 00:00:00 +0000 https://bford.info/thesis/2025-colombo/ Simone Maria Stefano Colombo Ph.D. thesis advised by Bryan Ford January 10, 2025 Abstract: Secure messaging systems are essential for ensuring privacy and confidentiality in today’s digital communication. Thanks to the widespread adoption of end-to-end encryption, messages are accessible only to intended users, and advancements in protocol resilience against secret compromise have enhanced messaging systems’ protection guarantees. However, several open challenges remain. This thesis investigates three of these challenges—active attack detection, metadata protection during key retrieval, and real-world deniability—and presents cryptographic and system-level solutions to strengthen the security and privacy of modern secure messaging systems. https://bford.info/talk/2025-01-06-coercion-resistance/ Mon, 06 Jan 2025 00:00:00 +0000 https://bford.info/talk/2025-01-06-coercion-resistance/ Keynote at IC3 Winter Retreat 2025 January 6, 2025 – Engelberg, Switzerland Slides: PDF https://bford.info/talk/2024-11-28-democratic-dao/ Thu, 28 Nov 2024 00:00:00 +0000 https://bford.info/talk/2024-11-28-democratic-dao/ Invited talk at DAO Symposium 2024 November 28, 2024 – Zürich, Switzerland Slides: PDF https://bford.info/pub/lang/gd/ Thu, 12 Sep 2024 00:00:00 +0000 https://bford.info/pub/lang/gd/ Bryan Ford arXiv preprint 2409.08243 September 12, 2024 (first version) Abstract: How can we reason around logical paradoxes without falling into them? This paper introduces grounded deduction or GD, a Kripke-inspired approach to first-order logic and arithmetic that is neither classical nor intuitionistic, but nevertheless appears both pragmatically usable and intuitively justifiable. GD permits the direct expression of unrestricted recursive definitions -- including paradoxical ones such as 'L := not L' -- while adding dynamic typing premises to certain inference rules so that such paradoxes do not lead to inconsistency. https://bford.info/talk/2024-09-04-quepaxa/ Wed, 04 Sep 2024 00:00:00 +0000 https://bford.info/talk/2024-09-04-quepaxa/ Talk at Seminar 24362 – Next-Generation Secure Distributed Computing September 4, 2024 – Schloss Dagstuhl, Germany Slides: PDF https://bford.info/pub/sec/trip-usability/ Mon, 20 May 2024 00:00:00 +0000 https://bford.info/pub/sec/trip-usability/ Louis-Henri Merino, Alaleh Azhir, Haoqian Zhang, Simone Colombo, Bernhard Tellenbach, Vero Estrada-Galiñanes, Bryan Ford 45th IEEE Symposium on Security and Privacy May 20-23, 2024 Abstract: Online voting is attractive for convenience and accessibility, but is more susceptible to voter coercion and vote buying than in-person voting. One mitigation is to give voters fake voting credentials that they can yield to a coercer. Fake credentials appear identical to real ones, but cast votes that are silently omitted from the final tally. https://bford.info/talk/2024-04-05-democratizing/ Fri, 05 Apr 2024 00:00:00 +0000 https://bford.info/talk/2024-04-05-democratizing/ Keynote at ChainScience 2024 April 5, 2024 – Zürich, Switzerland Slides: PDF https://bford.info/pub/dec/zeroauction/ Fri, 08 Mar 2024 00:00:00 +0000 https://bford.info/pub/dec/zeroauction/ Haoqian Zhang, Michelle Yeo, Vero Estrada-Galinanes, and Bryan Ford 8th Workshop on Trusted Smart Contracts (WTSC) March 8, 2024 Abstract: Auctions, a long-standing method of trading goods and services, are a promising use case for decentralized finance. However, due to the inherent transparency property of blockchains, current sealed-bid auction implementations on smart contracts requires a bidder to send at least two transactions to the underlying blockchain: a bidder must first commit their bid in the first transaction during the bidding period and reveal their bid in the second transaction once the revealing period starts. https://bford.info/thesis/2024-alp/ Fri, 19 Jan 2024 00:00:00 +0000 https://bford.info/thesis/2024-alp/ Enis Ceyhun Alp Ph.D. thesis advised by Bryan Ford January 19, 2024 Abstract: Smart contracts have emerged as the most promising foundations for applications of the blockchain technology. Even though smart contracts are expected to serve as the backbone of the next-generation web, they have several limitations that hinder their widespread adoption, namely limited computational functionality, restricted programmability, and lack of data confidentiality. Moreover, addressing these challenges manually in application-specific ways requires a lot of developer effort and time due to the monolithic architecture of smart contracts. https://bford.info/talk/2023-12-12-dicg/ Tue, 12 Dec 2023 00:00:00 +0000 https://bford.info/talk/2023-12-12-dicg/ Keynote at 4th International Workshop on Distributed Infrastructure for Common Good (DICG) December 12, 2023 – Bologna, Italy Slides: PDF https://bford.info/pub/os/quepaxa/ Mon, 23 Oct 2023 00:00:00 +0000 https://bford.info/pub/os/quepaxa/ Pasindu Tennage, Cristina Basescu, Eleftherios Kokoris-Kogias, Ewa Syta, Philipp Jovanovic, Vero Estrada-Galiñanes, and Bryan Ford 29th ACM Symposium on Operating Systems Principles October 23-26, 2023 Abstract: Leader-based consensus algorithms are fast and efficient under normal conditions, but lack robustness to adverse conditions due to their reliance on timeouts for liveness. We present QuePaxa, the first protocol offering state-of-the-art normal-case efficiency without depending on timeouts. QuePaxa uses a novel randomized asynchronous consensus core to tolerate adverse conditions such as denial-of-service (DoS) attacks, while a one-round-trip fast path preserves the normal-case efficiency of Multi-Paxos or Raft. https://bford.info/pub/sec/apir/ Thu, 10 Aug 2023 00:00:00 +0000 https://bford.info/pub/sec/apir/ Bryan Ford 32nd USENIX Security Symposium August 10, 2023 Abstract: This paper introduces protocols for authenticated private information retrieval. These schemes enable a client to fetch a record from a remote database server such that (a) the server does not learn which record the client reads, and (b) the client either obtains the “authentic” record or detects server misbehavior and safely aborts. Both properties are crucial for many applications. Standard private-information-retrieval schemes either do not ensure this form of output authenticity, or they require multiple database replicas with an honest majority. https://bford.info/thesis/2023-basescu/ Fri, 26 May 2023 00:00:00 +0000 https://bford.info/thesis/2023-basescu/ Cristina Băsescu Ph.D. thesis advised by Bryan Ford May 26, 2023 Abstract: Distributed systems designers typically strive to improve performance and preserve availability despite failures or attacks; but, when strong consistency is also needed, they encounter fundamental limitations. The bottleneck is in replica coordination, which is impacted by partitions and slowdowns that can occur anywhere. We believe the present ecosystem fails to recognize that not all failures and partitions are supposed to be equal — at least from a user-centric performance and availability standpoint. https://bford.info/talk/2023-01-16-personhood-credentials/ Mon, 16 Jan 2023 00:00:00 +0000 https://bford.info/talk/2023-01-16-personhood-credentials/ Talk at IC3 Winter Retreat 2023 January 16, 2023 – Les Diablerets, Switzerland Slides: PDF https://bford.info/2023/01/02/matchertext/ Mon, 02 Jan 2023 00:00:00 +0000 https://bford.info/2023/01/02/matchertext/ We often need to embed strings written in one programming language into code written in another. For example, we routinely embed regular expressions and SQL queries within shell scripts or string literals in C-like languages. HTML pages routinely contain embedded JavaScript and CSS code fragments. We often need to embed one URI into another, such as to formulate a query to a Web service that validates, archives, translates, or otherwise refers to other websites. https://bford.info/pub/lang/matchertext/ Thu, 29 Dec 2022 00:00:00 +0000 https://bford.info/pub/lang/matchertext/ Bryan Ford Abstract: Embedding text in one language within text of another is commonplace for numerous purposes, but usually requires tedious and error-prone “escaping” transformations on the embedded string. We propose a simple cross-language syntactic discipline, matchertext, which enables the safe embedding a string in any compliant language into a string in any other language via simple “copy-and-paste” – in particular with no escaping, obfuscation, or expansion of embedded strings. https://bford.info/2022/12/28/minml/ Wed, 28 Dec 2022 00:00:00 +0000 https://bford.info/2022/12/28/minml/ Could you use a markup syntax that supports the full expressive power and richness of HTML or XML, but is more terse, easier to type, and less frankly ugly? To emphasize text, for example, would it be nice just to write em[emphasize] instead of <em>emphasize</em>? If so, pleae read on. The tussle between generality and writer-friendliness Markup languages derived from SGML, like HTML and XML, are powerful and have many uses but are verbose and often a pain to write or edit manually. https://bford.info/thesis/2022-fragkouli/ Mon, 29 Aug 2022 00:00:00 +0000 https://bford.info/thesis/2022-fragkouli/ Georgia Fragkouli Ph.D. thesis co-advised by Katerina Argyraki and Bryan Ford August 29, 2022 Abstract: From medical support to education and remote work, our everyday lives increasingly depend on Internet performance. When users experience poor performance, however, the decentralization of the Internet allows limited visibility into which network is responsible. As a result, users are promised Service Level Agreements (SLAs) they cannot verify, regulators make rules they cannot enforce, and networks with competitive performance cannot reliably showcase it to attract new customers. https://bford.info/pub/sec/f3b/ Sun, 10 Jul 2022 00:00:00 +0000 https://bford.info/pub/sec/f3b/ Haoqian Zhang, Louis-Henri Merino, Vero Estrada-Galiñanes, and Bryan Ford Decentralized Internet, Networks, Protocols, and Systems (DINPS) Bologna, Italy – July 10, 2022 Abstract: Front-running, the practice of benefiting from advanced knowledge of pending transactions, has proliferated in the cryptocurrency space with the emergence of decentralized finance. Front-running causes devastating losses to honest participants—estimated at $280M each month—and endangers the fairness of the ecosystem. We present Flash Freezing Flash Boys (F3B), an architecture to address front-running attacks by relying on a commit-and-reveal scheme where the contents of a transaction are encrypted and later revealed by a decentralized secret-management committee (SMC) when the transaction has been committed by the underlying consensus layer. https://bford.info/talk/2022-07-06-metaverse/ Wed, 06 Jul 2022 00:00:00 +0000 https://bford.info/talk/2022-07-06-metaverse/ Invited talk at INRIA prospective seminar on Distributed Systems and Middleware July 6, 2022 – Rungis, France Slides: PDF https://bford.info/pub/sec/swisspost-evoting/ Mon, 04 Apr 2022 00:00:00 +0000 https://bford.info/pub/sec/swisspost-evoting/ Bryan Ford Swiss Federal Chancellery – Independent examination of Swiss Post system 2021 Scopes 1, 2 and 3 Final Report – April 4, 2022 Abstract: Switzerland is one of the few countries globally that has a national program for electronic voting (E-voting), which has been evolving in several stages for well over a decade. For the past several years, the program’s most recent stage has focused on introducing strong cryptographic verifiability into the system, together with security features such as trust splitting and a software implementation open to public inspection. https://bford.info/thesis/2022-apostoli/ Tue, 22 Mar 2022 00:00:00 +0000 https://bford.info/thesis/2022-apostoli/ Ksandros Apostoli M.S. thesis advised by Simone Colombo and Bryan Ford March 22, 2022 Abstract Recent anonymous credential schemes present major advances in the way digital identities are treated, empowering users with fine-grained control over their personal data. While limiting the amount of user-data that is accessible to third parties paves the way to stronger privacy guarantees, it also leads to new challenges in preserving accountability and Sybil-Resistance. In this work, we present 3PBCS, a novel credential system, which integrates existing anonymous credential schemes with the notion of Proof-of-Personhood to achieve privacy, accountability and Sybil-Protection. https://bford.info/pub/sec/moby/ Wed, 16 Mar 2022 00:00:00 +0000 https://bford.info/pub/sec/moby/ Amogh Pradeep, Hira Javaid, Ryan Williams, Antoine Rault, David Choffnes, Stevens Le Blond, and Bryan Ford Proceedings on Privacy Enhancing Technologies March 16, 2022 Abstract: Internet blackouts are challenging environments for anonymity and censorship resistance. Existing popular anonymity networks (e.g., Freenet, I2P, Tor) rely on Internet connectivity to function, making them impracticable during such blackouts. In such a setting, mobile ad-hoc networks can provide connectivity, but prior communication protocols for ad-hoc networks are not designed for anonymity and attack resilience. https://bford.info/talk/2022-02-17-personhood/ Thu, 17 Feb 2022 00:00:00 +0000 https://bford.info/talk/2022-02-17-personhood/ Invited talk at SI Summit 2022 February 17, 2022 – Virtual Slides: PDF https://bford.info/thesis/2021-nikitin/ Fri, 26 Nov 2021 00:00:00 +0000 https://bford.info/thesis/2021-nikitin/ Kirill Nikitin Ph.D. thesis advised by Bryan Ford November 26, 2021 Abstract: Secure retrieval of data requires integrity, confidentially, transparency, and metadata-privacy of the process. Existing protection mechanisms, however, provide only partially these properties: encryption schemes still expose cleartext metadata, protocols for private information retrieval neglect data integrity, and data-distribution architectures forego transparency. In this dissertation, by designing new cryptographic primitives and security architectures that provide a more comprehensive protection, we improve on the current security and privacy practices in data retrieval. https://bford.info/pub/net/limix/ Wed, 10 Nov 2021 00:00:00 +0000 https://bford.info/pub/net/limix/ Cristina Băsescu and Bryan Ford Twentieth ACM Workshop on Hot Topics in Networks (HotNets) November 10-12, 2021 Abstract: Failures far away from a user should intuitively be less likely to affect that user. Today's ecosystem miserably fails this test, however, despite high-availability best practices. Correlated and cascading failures – triggered by misconfigurations, bugs, and network partitions – often invalidate assumptions of failure independence. We propose that distributed services need not and should not expose local activities to distant failures or partitions, no matter how severe. https://bford.info/talk/2021-11-05-defi/ Fri, 05 Nov 2021 00:00:00 +0000 https://bford.info/talk/2021-11-05-defi/ Talk at Finance & Technology Conference 2021 on Crypto-assets and Asset Tokenization EPFL Center for Digital Trust (C4DT) November 5, 2021 – Lausanne, Switzerland Slides: PDF https://bford.info/talk/2021-10-25-consensus/ Mon, 25 Oct 2021 00:00:00 +0000 https://bford.info/talk/2021-10-25-consensus/ Talk at Seminar 21431 – Rigorous Methods for Smart Contracts October 25, 2021 – Schloss Dagstuhl, Germany Slides: PDF https://bford.info/talk/2021-10-13-personhood/ Wed, 13 Oct 2021 00:00:00 +0000 https://bford.info/talk/2021-10-13-personhood/ Distinguished Lecture at Vienna CyberSecurity and Privacy Research Cluster October 13, 2021 – Virtual Slides: PDF https://bford.info/thesis/2021-froelicher/ Fri, 01 Oct 2021 00:00:00 +0000 https://bford.info/thesis/2021-froelicher/ David Jules Froelicher Ph.D. thesis advised by Jean-Pierre Hubaux and Bryan Ford October 1, 2021 Abstract: Analyzing and processing data that are siloed and dispersed among multiple distrustful stakeholders is difficult and can even become impossible when the data are sensitive or confidential. Current data-protection and privacy regulations (e.g., GDPR) highly restrict the sharing and outsourcing of personal information among stakeholders that are in different jurisdictions. Sharing data is, however, required in many domains such as finance and medicine. https://bford.info/thesis/2021-barman/ Fri, 17 Sep 2021 00:00:00 +0000 https://bford.info/thesis/2021-barman/ Ludovic Barman Ph.D. thesis advised by Jean-Pierre Hubaux and Bryan Ford September 17, 2021 Abstract: Most communication systems (e.g., e-mails, instant messengers, VPNs) use encryption to prevent third parties from learning sensitive information. However, encrypted communications protect the contents but often leak metadata: the amount of data sent and the time it was sent, the way the data should be decrypted, the identity of the sender and the recipient. These metadata are a pervasive threat to privacy: They enable a variety of attacks that range from recovering plaintext contents from encrypted communications to inferring communicating parties. https://bford.info/pub/sec/calypso/ Mon, 16 Aug 2021 00:00:00 +0000 https://bford.info/pub/sec/calypso/ Eleftherios Kokoris-Kogias, Enis Ceyhun Alp, Linus Gasser, Philipp Jovanovic, Ewa Syta, and Bryan Ford 47th International Conference on Very Large Data Bases (VLDB 2021) Copenhagen, Denmark – August 16-20, 2021 Abstract: Distributed ledgers provide high availability and integrity, making them a key enabler for practical and secure computation of distributed workloads among mutually distrustful parties. Many practical applications also require strong confidentiality, however, the third pillar of the CIA triad. https://bford.info/talk/2021-07-28-votegral/ Wed, 28 Jul 2021 00:00:00 +0000 https://bford.info/talk/2021-07-28-votegral/ Talk at IC3 Blockchain Summer Camp July 28, 2021 – Virtual Slides: PDF https://bford.info/talk/2021-07-27-personhood/ Tue, 27 Jul 2021 00:00:00 +0000 https://bford.info/talk/2021-07-27-personhood/ Keynote at Internet of Humans Workshop #1 July 27, 2021 – Virtual Slides: PDF https://bford.info/pub/soc/dt2-chapter-abs/ Mon, 01 Feb 2021 00:00:00 +0000 https://bford.info/pub/soc/dt2-chapter-abs/ Bryan Ford Appears in Digital Technology and Democratic Theory by Lucy Bernholz, Hélène Landemore, and Rob Reich (editors) published by the University of Chicago Press Abstract While technology is often claimed to be “democratizing”, the technologizing of society has more often yielded undemocratic or even anti-democratic outcomes. Is technology fundamentally at odds with democracy, or is it merely a rich and infinitely-adaptable toolbox that we’re using the wrong way? We explore how technology has failed to support robust democracy – but could do better – in the context of four basic social processes: collective deliberation and choice, information distribution and filtering, economic commerce, and identity. https://bford.info/post/2020-11-18-ai-governance/ Wed, 18 Nov 2020 00:00:00 +0000 https://bford.info/post/2020-11-18-ai-governance/ AI in Policy? This post contains an address delivered at the IRGC conference on Governance Of and By Digital Technology. The separation of mechanism and policy Computer science has a well-established design principle known as separation of mechanism and policy. I think this principle may be equally applicable to human governance – especially in considering the question of where AI does and does not belong. I believe the cautious use of today’s powerful AI technologies based on machine learning can justifiably play many useful roles in implementing low-level mechanisms used in governance. https://bford.info/talk/2020-11-05-personhood/ Thu, 05 Nov 2020 00:00:00 +0000 https://bford.info/talk/2020-11-05-personhood/ Talk at Digital Democracy Workshop November 5, 2020 – Virtual Slides: PDF https://bford.info/pub/soc/personhood/ Wed, 04 Nov 2020 00:00:00 +0000 https://bford.info/pub/soc/personhood/ Bryan Ford November 2020 (first draft) arXiv preprint Abstract: Digital identity seems at first like a prerequisite for digital democracy: how can we ensure “one person, one vote” online without identifying voters? But the full gamut of digital identity solutions – e.g., online ID checking, biometrics, self-sovereign identity, and social/trust networks – all present severe flaws in security, privacy, and transparency, leaving users vulnerable to exclusion, identity loss or theft, and coercion. https://bford.info/talk/2020-07-30-randomness/ Thu, 30 Jul 2020 00:00:00 +0000 https://bford.info/talk/2020-07-30-randomness/ Talk at IC3 Blockchain Camp July 30, 2020 – Virtual Slides: PDF https://bford.info/pub/dec/cbdc/ Thu, 23 Jul 2020 00:00:00 +0000 https://bford.info/pub/dec/cbdc/ Sarah Allen, Srdjan Capkun, Ittay Eyal, Giulia Fanti, Bryan Ford, James Grimmelmann, Ari Juels, Kari Kostiainen, Sarah Meiklejohn, Andrew Miller, Eswar Prasad, Karl Wüst, and Fan Zhang Global Economy & Development Working Paper 140, Brookings Institution, July 23, 2020. Abstract: Central banks around the world are exploring and in some cases even piloting central bank digital currencies (CBDCs). CBDCs promise to realize a broad range of new capabilities, including direct government disbursements to citizens, frictionless consumer payment and money-transfer systems, and a range of new financial instruments and monetary policy levers. https://bford.info/pub/sec/prifi/ Mon, 13 Jul 2020 00:00:00 +0000 https://bford.info/pub/sec/prifi/ Ludovic Barman, Italo Dacosta, Mahdi Zamani, Ennan Zhai, Apostolos Pyrgelis, Bryan Ford, Jean-Pierre Hubaux, and Joan Feigenbaum Privacy Enhancing Technologies Symposium July 13, 2020 Proceedings on Privacy Enhancing Technologies Volume 2020, Issue 4. Abstract: Organizational networks are vulnerable to traffic-analysis attacks that enable adversaries to infer sensitive information from the network traffic – even if encryption is used. Typical anonymous communication networks are tailored to the Internet and are poorly suited for organizational networks. https://bford.info/pub/net/qsc/ Wed, 04 Mar 2020 00:00:00 +0000 https://bford.info/pub/net/qsc/ Bryan Ford, Philipp Jovanovic, and Ewa Syta March 4, 2020 arXiv preprint Abstract: It is commonly held that asynchronous consensus is much more complex, difficult, and costly than partially-synchronous algorithms, especially without using common coins. This paper challenges that conventional wisdom with que sera consensus QSC, an approach to consensus that cleanly decomposes the agreement problem from that of network asynchrony. QSC uses only private coins and reaches consensus in O(1) expected communication rounds. https://bford.info/talk/2020-01-29-blockchain/ Wed, 29 Jan 2020 00:00:00 +0000 https://bford.info/talk/2020-01-29-blockchain/ Guest lecture at TransformTech January 29, 2020 – Lausanne, Switzerland Slides: PDF https://bford.info/talk/2020-01-23-fintech/ Thu, 23 Jan 2020 00:00:00 +0000 https://bford.info/talk/2020-01-23-fintech/ Talk at Caspian Week, World Economic Forum 2020 January 23, 2020 – Davos, Switzerland Slides: PDF https://bford.info/talk/2020-01-22-trust/ Wed, 22 Jan 2020 00:00:00 +0000 https://bford.info/talk/2020-01-22-trust/ Talk at House of Switzerland, World Economic Forum 2020 January 22, 2020 – Davos, Switzerland Slides: PDF https://bford.info/talk/2020-01-20-voting/ Mon, 20 Jan 2020 00:00:00 +0000 https://bford.info/talk/2020-01-20-voting/ Talk at Geneva Blockchain Congress 2020 January 20, 2020 – Geneva, Switzerland Slides: PDF https://bford.info/thesis/2019-kokoris-kogias/ Fri, 27 Sep 2019 00:00:00 +0000 https://bford.info/thesis/2019-kokoris-kogias/ Eleftherios Kokoris Kogias Ph.D. thesis advised by Bryan Ford September 27, 2019 Abstract: One of the core promises of blockchain technology is that of enabling trustworthy data dissemination in a trustless environment. What current blockchain systems deliver, however, is slow dissemination of public data, rendering blockchain technology unusable in settings where latency, transaction capacity or data confidentiality is important. In this thesis, we focus on providing solutions on two of the most pressing problems blockchain technology currently faces: scalability and data confidentiality. https://bford.info/2019/09/23/rational/ Mon, 23 Sep 2019 00:00:00 +0000 https://bford.info/2019/09/23/rational/ by Bryan Ford and Rainer Böhme — PDF preprint version available Many blockchain and cryptocurrency fans seem to prefer building and analyzing decentralized systems in a rational or “greedy behavior” failure model, rather than a Byzantine or “arbitrary behavior” failure model. Many of the same blockchain and cryptocurrency fans also like open, permissionless systems like Bitcoin and Ethereum, which anyone can join and participate in using weak identities such as anonymous cryptography key pairs. https://bford.info/2019/07/29/go-generics/ Mon, 29 Jul 2019 00:00:00 +0000 https://bford.info/2019/07/29/go-generics/ The Go language appears to be getting slightly closer to supporting generics, with the recent release of a new proposal for generics based on type parameters and contracts. I generally like the direction this proposal is going, with one significant reservation. I feel that the current proposal both unnecessarily limits how “generic” Go’s generics will be, and risks painting the language into a corner in the long term. This is because the proposal single-mindedly assumes that the only compile-time generic parameters we will ever want are type parameters, which seems like an unnecessary and undesirable restriction. https://bford.info/pub/sec/purb-abs/ Thu, 18 Jul 2019 00:00:00 +0000 https://bford.info/pub/sec/purb-abs/ Kirill Nikitin, Ludovic Barman, Wouter Lueks, Matthew Underwood, Jean-Pierre Hubaux and Bryan Ford EPFL - IC - DEDIS Privacy Enhancing Technologies Symposium July 2019. Proceedings on Privacy Enhancing Technologies Volume 2019, Issue 4. Abstract: Most encrypted data formats leak metadata via their plaintext headers, such as format version, encryption schemes used, number of recipients who can decrypt the data, and even the recipients’ identities. This leakage can pose security and privacy risks to users, e. https://bford.info/pub/net/tlc/ Tue, 16 Jul 2019 00:00:00 +0000 https://bford.info/pub/net/tlc/ Bryan Ford July 16, 2019 arXiv preprint Abstract: Consensus protocols for asynchronous networks are usually complex and inefficient, leading practical systems to rely on synchronous protocols. This paper attempts to simplify asynchronous consensus by building atop a novel threshold logical clock abstraction, which enables upper layers to operate as if on a synchronous network. This approach yields an asynchronous consensus protocol for fail-stop nodes that may be simpler and more robust than Paxos and its leader-based variants, requiring no common coins and achieving consensus in a constant expected number of rounds. https://bford.info/pub/sec/two-round-multisig-abs/ Mon, 20 May 2019 00:00:00 +0000 https://bford.info/pub/sec/two-round-multisig-abs/ Manu Drijvers, Kasra Edalatnejad, Bryan Ford, Eike Kiltz, Julian Loss, Gregory Neven, and Igors Stepanovs 40th IEEE Symposium on Security and Privacy May 2019 Abstract: A multi-signature scheme allows a group of signers to collaboratively sign a message, creating a single signature that convinces a verifier that every individual signer approved the message. The increased interest in technologies to decentralize trust has triggered the proposal of highly efficient two-round Schnorr-based multi-signature schemes designed to scale up to thousands of signers, namely BCJ by Bagherzandi et al. https://bford.info/pub/os/protean-abs/ Sun, 12 May 2019 00:00:00 +0000 https://bford.info/pub/os/protean-abs/ Enis Ceyhun Alp, Eleftherios Kokoris-Kogias, Georgia Fragkouli, and Bryan Ford EPFL - IC - DEDIS 17th Workshop on Hot Topics in Operating Systems (HotOS XVII) May 12-15, 2019. Abstract: While showing great promise, smart contracts are difficult to program correctly, as they need a deep understanding of cryptography and distributed algorithms, and offer limited functionality, as they have to be deterministic and cannot operate on secret data. In this paper we present Protean, a general-purpose decentralized computing platform that addresses these limitations by moving from a monolithic execution model, where all participating nodes store all the state and execute every computation, to a modular execution model. https://bford.info/pub/net/morphit-abs/ Sat, 04 May 2019 00:00:00 +0000 https://bford.info/pub/net/morphit-abs/ Georgia Fragkouli, Katerina Argyraki, and Bryan Ford EPFL Winner of Applied Networking Research Prize (ANRP) Proceedings on Privacy Enhancing Technologies May 4, 2019. Abstract: Can we improve Internet transparency without worsening user anonymity? For a long time, researchers have been proposing transparency systems, where traffic reports produced at strategic network points help assess network behavior and verify service-level agreements or neutrality compliance. However, such reports necessarily reveal when certain traffic appeared at a certain network point, and this information could, in principle, be used to compromise low-latency anonymity networks like Tor. https://bford.info/pub/dec/medchain/ Mon, 25 Mar 2019 00:00:00 +0000 https://bford.info/pub/dec/medchain/ Juan Ramón Troncoso-Pastoriza, Jean Louis Raisaro, Linus Gasser, Bryan Ford, and Jean-Pierre Hubaux AMIA Informatics Summit, March 25—28, 2019. Abstract: The current trend towards personalized medicine creates an urgent need to share data among different hospitals and health institutions, which endangers the privacy of the data subjects if not done with the appropriate precautions. Conversely, the frequency of data breaches in the healthcare industry has been rising since 2010, severely holding back health institutions from exposing and sharing their data for the fear of being the next target of cyberattacks. https://bford.info/2019/02/22/voting/ Fri, 22 Feb 2019 00:00:00 +0000 https://bford.info/2019/02/22/voting/ The absentee ballot fraud in North Carolina shows how current vote-by-mail methods are fundamentally flawed and vulnerable to vote-buying and coercion. But banning remote voting of any kind would disenfranchise everyone not living in their country of citizenship; that is not a real option. It is important to understand in this light the context of the Swiss e-voting project, one of whose two implementations was recently opened to public inspection by the Swiss Post for inspection and analysis by international experts. https://bford.info/2019/02/08/identity/ Fri, 08 Feb 2019 00:00:00 +0000 https://bford.info/2019/02/08/identity/ Note: this blog post was a brief sketch of ideas elaborated in a longer paper written later. The problem of identity has become a hot topic, with the idea of self-sovereign identity in particular attracting significant excitement. The essence of the idea, in short, is to put users in charge of how their identities and personal data are used. Self-sovereign identity posits that users should decide how much and what aspects of their identities to disclose in any situation, and should know and have control over what that information is used for. https://bford.info/draft/biometric-id/ Wed, 06 Feb 2019 00:00:00 +0000 https://bford.info/draft/biometric-id/ Are biometrics good for determining whether a digital identity uniquely represents a real person? Break this down: Does it represent [the characteristics of] a person? Does it uniquely represent a person: i.e., the only identity of that person? Does it uniquely represent a real living person? Authentication, Identification, and Real Personhood Biometric authentication is practical, and not necessarily a privacy disaster. Biometric template only needs to be stored on the device, … https://bford.info/pub/soc/liquid/ Thu, 01 Nov 2018 00:00:00 +0000 https://bford.info/pub/soc/liquid/ Bryan Ford November 2018 (first draft) arXiv preprint Abstract: The idea of liquid democracy responds to a widely-felt desire to make democracy more "fluid" and continuously participatory. Its central premise is to enable users to employ networked technologies to control and delegate voting power, to approximate the ideal of direct democracy in a scalable fashion that accounts for time and attention limits. There are many potential definitions, meanings, and ways to implement liquid democracy, however, and many distinct purposes to which it might be deployed. https://bford.info/2018/09/11/blockchain/ Tue, 11 Sep 2018 00:00:00 +0000 https://bford.info/2018/09/11/blockchain/ Blockchain is certainly one of the hot technology topics today. Yes, it’s probably in part a hype bubble – but from my perspective as a long-time researcher in decentralized systems I believe there is also a lot of potential value in the concept, which is why my DEDIS lab at EPFL has been investing years of effort in building next generation blockchain architectures. I also believe the value of the blockchain concept is relatively independent of the unpredictable and scam-riddled financial market for cryptocurrencies. https://bford.info/pub/dec/medco-abs/ Fri, 13 Jul 2018 00:00:00 +0000 https://bford.info/pub/dec/medco-abs/ Jean Louis Raisaro, Juan Ramón Troncoso-Pastoriza, Mickaël Misbach, João Sá Sousa, Sylvain Pradervand, Edoardo Missiaglia, Olivier Michielin, Bryan Ford, and Jean-Pierre Hubaux IEEE/ACM Transactions on Computational Biology and Bioinformatics, July 13, 2018. Abstract: The increasing number of health-data breaches is creating a complicated environment for medical-data sharing and, consequently, for medical progress. Therefore, the development of new solutions that can reassure clinical sites by enabling privacy-preserving sharing of sensitive medical data in compliance with stringent regulations (e. https://bford.info/2018/06/27/muslim-ban/ Wed, 27 Jun 2018 00:00:00 +0000 https://bford.info/2018/06/27/muslim-ban/ So the U.S. Supreme Court has upheld Trump’s so-called “travel ban” – more honestly labeled a Muslim ban. More precisely, it is a ban on people from Muslim-majority countries not hosting Trump business properties (see map and fact check). Where to Hold Conferences? This development naturally and rightfully raises again to prominence the question of where responsible scientists should hold their international conferences. We may soon see renewed calls to boycott US-based conferences, in solidarity with the many scientists around the world who can no longer attend conferences held in the U. https://bford.info/2018/06/16/lausanne/ Sat, 16 Jun 2018 00:00:00 +0000 https://bford.info/2018/06/16/lausanne/ For the benefit those visiting but not yet familiar with EPFL, Lausanne or other parts of the Lake Geneva Region, I thought I'd write a quick summary of some of my personal favorite places and sights in the area. This is completely my personal perspective; I make no pretense at being objective or unbiased here and am not trying to write a proper travel guide. But with that in mind, I hope you might find something interesting here. https://bford.info/pub/soc/money/ Fri, 01 Jun 2018 00:00:00 +0000 https://bford.info/pub/soc/money/ Bryan Ford June 2018 (first draft) arXiv preprint Abstract: Classical monetary systems regularly subject the most vulnerable majority of the world's population to debilitating financial shocks, and have manifestly allowed uncontrolled global inequality over the long term. Given these basic failures, how can we avoid asking whether mainstream macroeconomic principles are actually compatible with democratic principles such as equality or the protection of human rights and dignity? This idea paper takes a constructive look at this question, by exploring how alternate monetary principles might result in a form of money more compatible with democratic principles -- dare we call it " https://bford.info/pub/dec/omniledger-abs/ Tue, 22 May 2018 00:00:00 +0000 https://bford.info/pub/dec/omniledger-abs/ Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ewa Syta, and Bryan Ford IEEE Security & Privacy (IEEE S&P) May 22, 2018 Abstract: Designing a secure permissionless distributed ledger (blockchain) that performs on par with centralized payment processors, such as Visa, is a challenging task. Most existing distributed ledgers are unable to scale-out, i.e., to grow their total processing capacity with the number of validators; and those that do, compromise security or decentralization. https://bford.info/pub/dec/immunity-abs/ Tue, 22 May 2018 00:00:00 +0000 https://bford.info/pub/dec/immunity-abs/ Stevens Le Blond, Alejandro Cuevas, Juan Ramón Troncoso-Pastoriza, Philipp Jovanovic, Bryan Ford, and Jean-Pierre Hubaux EPFL Winner of Distinguished Paper Award IEEE Security & Privacy (IEEE S&P) May 22, 2018 Abstract: Humanitarian action, the process of aiding individuals in situations of crises, poses unique information-security challenges due to natural or manmade disasters, the adverse environments in which it takes place, and the scale and multidisciplinary nature of the problems. Despite these challenges, humanitarian organizations are transitioning towards a strong reliance on the digitization of collected data and digital tools, which improves their effectiveness but also exposes them to computer-security threats. https://bford.info/draft/stake/ Tue, 31 Oct 2017 00:00:00 +0000 https://bford.info/draft/stake/ Proof-of-What? Currently-deployed permissionless blockchains such as Bitcoin and Ethereum rely on proof-of-work (PoW) to distribute both the computational networking costs, and the financial rewards, of maintaining and extending the blockchain. In proof-of-work systems, participating miners race (“work”) to compute solutions to cryptographic puzzles. These puzzles effectively act like self-printed lottery tickets, in that a miniscule fraction of these proof-of-work solutions may be easily verified by anyone as “winning” the lucky miner the right to add one block to the blockchain and collect associated rewards. https://bford.info/pub/dec/atom-abs/ Mon, 30 Oct 2017 00:00:00 +0000 https://bford.info/pub/dec/atom-abs/ Albert Kwon MIT Henry Corrigan-Gibbs Stanford Srinivas Devadas MIT Bryan Ford EPFL 26th ACM Symposium on Operating Systems Principles (SOSP) October 30, 2017 Abstract: Atom is an anonymous messaging system that protects against traffic-analysis attacks. Unlike many prior systems, each Atom server touches only a small fraction of the total messages routed through the network. As a result, the system’s capacity scales near-linearly with the number of servers. At the same time, each Atom user benefits from “best possible” anonymity: a user is anonymous among all honest users of the system, even against an active adversary who monitors the entire network, a portion of the system’s servers, and any number of malicious users. https://bford.info/pub/dec/chainiac-abs/ Fri, 18 Aug 2017 00:00:00 +0000 https://bford.info/pub/dec/chainiac-abs/ https://bford.info/2017/08/01/skipchain/ Tue, 01 Aug 2017 00:00:00 +0000 https://bford.info/2017/08/01/skipchain/ A blockchain, or distributed ledger, is a log maintained collectively by a distributed group of participants who agree on and record transactions without relying for security on any single trusted party. While initially popularized by Bitcoin and its derivatives, the blockchain abstraction is not specific to currencies, and there is exploding industry interest in many non-currency uses. Many of these diverse use-cases, however, require users to be able to verify whether or not some transaction has been committed to a blockchain. https://bford.info/pub/dec/unlynx-abs/ Wed, 19 Jul 2017 00:00:00 +0000 https://bford.info/pub/dec/unlynx-abs/ David Froelicher, Patricia Egger, João Sá Sousa, Jean Louis Raisaro, Zhicong Huang, Christian Mouchet, Bryan Ford, and Jean-Pierre Hubaux Privacy Enhancing Technologies Symposium (PETS) July 19, 2017 Abstract: Current solutions for privacy-preserving data sharing among multiple parties either depend on a centralized authority that must be trusted and provides only weakest-link security (e.g., the entity that manages private/secret cryptographic keys), or leverage on decentralized but impractical approaches (e.g., secure multi-party computation). https://bford.info/2017/06/23/turing50/ Fri, 23 Jun 2017 00:00:00 +0000 https://bford.info/2017/06/23/turing50/ This blog post is a transcript of my opening remarks on the panel "Restoring Personal Privacy without Compromising National Security" at the 50 Years of the ACM Turing Award Celebration. We now live in a world in which the rules coded into the technology we use plays as important a role in governing our lives as the formal laws written in the public law books. Code is law already, for better or worse. https://bford.info/pub/dec/random-abs/ Tue, 23 May 2017 00:00:00 +0000 https://bford.info/pub/dec/random-abs/ Ewa Syta, Philipp Jovanovic, Eleftherios Kokoris Kogias, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Michael J. Fischer, and Bryan Ford IEEE Security & Privacy (IEEE S&P) May 23, 2017 Abstract: Bias-resistant public randomness is a critical component in many (distributed) protocols. Generating public randomness is hard, however, because active adversaries may behave dishonestly to bias public random choices toward their advantage. Existing solutions do not scale to hundreds or thousands of participants, as is needed in many decentralized systems. https://bford.info/pub/dec/pop-abs/ Sat, 29 Apr 2017 00:00:00 +0000 https://bford.info/pub/dec/pop-abs/ Maria Borge, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, and Bryan Ford EPFL IEEE Security & Privacy on the Blockchain (IEEE S&B) April 29, 2017 Abstract: Permissionless blockchain-based cryptocurrencies commonly use proof-of-work (PoW) or proof-of-stake (PoS) to ensure their security, e.g. to prevent double spending attacks. However, both approaches have disadvantages: PoW leads to massive amounts of wasted electricity and re-centralization, whereas major stakeholders in PoS might be able to create a monopoly. https://bford.info/pub/sec/lawful-surveillance/ Mon, 20 Mar 2017 00:00:00 +0000 https://bford.info/pub/sec/lawful-surveillance/ https://bford.info/2016/xx/xx/selfish/ Mon, 31 Oct 2016 00:00:00 +0000 https://bford.info/2016/xx/xx/selfish/ XXX intro summary of selfish mining selfish mining as a transparency problem: you get to build on a blockchain head you haven’t published. same as transparency problem in Apple FBI case for example; that’s what CoSi is for. solution: any keyblock you build on is collectively signed, and the next block’s hash covers the last block’s signature. if you withhold a block, you can’t get a collective signature on it; without that collective signature, you can’t secretly mine a next block on top of it. https://bford.info/2016/10/25/mining/ Tue, 25 Oct 2016 00:00:00 +0000 https://bford.info/2016/10/25/mining/ As the first widely-deployed cryptocurrency, Bitcoin has proven hugely successful and inspired a blockchain fever (or is it a bubble?). Bitcoin's security and economic assumptions are showing significant fractures, however. Following previously-identified selfish mining and stubborn mining attacks, new research from Princeton being presented at CCS identifies further incentive weaknesses that appear as transaction fees supplant block rewards as the primary incentive for mining. In short, miners motivated by transaction fees have even greater incentive to deviate strategically from the standard Bitcoin protocol in selfish and potentially destructive ways. https://bford.info/pub/sec/contact-chaining/ Mon, 24 Oct 2016 00:00:00 +0000 https://bford.info/pub/sec/contact-chaining/ https://bford.info/pub/dec/byzcoin-abs/ Wed, 10 Aug 2016 00:00:00 +0000 https://bford.info/pub/dec/byzcoin-abs/ https://bford.info/pub/dec/riffle/ Tue, 19 Jul 2016 00:00:00 +0000 https://bford.info/pub/dec/riffle/ https://bford.info/pub/sec/open-surveillance/ Wed, 13 Jul 2016 00:00:00 +0000 https://bford.info/pub/sec/open-surveillance/ https://bford.info/pub/dec/cosi/ Mon, 23 May 2016 00:00:00 +0000 https://bford.info/pub/dec/cosi/ https://bford.info/pub/dec/anonrep-abs/ Wed, 16 Mar 2016 00:00:00 +0000 https://bford.info/pub/dec/anonrep-abs/ https://bford.info/pub/sec/crypto-book-codaspy/ Wed, 16 Mar 2016 00:00:00 +0000 https://bford.info/pub/sec/crypto-book-codaspy/ https://bford.info/2016/03/10/apple/ Thu, 10 Mar 2016 00:00:00 +0000 https://bford.info/2016/03/10/apple/ *This post [originally appeared](https://freedom-to-tinker.com/blog/bford/apple-fbi-and-software-transparency/) on the [Freedom to Tinker](https://freedom-to-tinker.com/) blog by the [Center for Information Technology Policy](https://citp.princeton.edu) at [Princeton University](http://www.princeton.edu/).* The Apple versus FBI showdown has quickly become a crucial flashpoint of the “new Crypto War.” On February 16 the FBI invoked the All Writs Act of 1789, a catch-all authority for assistance of law enforcement, demanding that Apple create a custom version of its iOS to help the FBI decrypt an iPhone used by one of the San Bernardino shooters. https://bford.info/2016/03/08/crypto/ Tue, 08 Mar 2016 00:00:00 +0000 https://bford.info/2016/03/08/crypto/ {{ page.title }} Interesting features: An abstract group arithmetic framework for public-key cryptography based on the discrete logarithm problem. Several alternative concrete instantiations of this abstract group arithmetic framework, based on the NIST elliptic curve implementations in the Go standard library and in the OpenSSL crypto library, and implementations of both generic Edwards curves and an adaptation of Adam Langley’s Ed25519-curve-specific optimized group arithmetic code to the abstract group API. https://bford.info/2016/03/08/backdoors/ Tue, 08 Mar 2016 00:00:00 +0000 https://bford.info/2016/03/08/backdoors/ {{ page.title }} To my knowledge there are currently only two fundamentally distinct approaches to achieving strong anonymity online, and the same legendary computing figure, David Chaum, pioneered both. His first approach, mixes, relay messages over multi-hop paths around the network to obscure their source and destinations. State-of-the-art deployed anonymity systems such as Tor are highly evolved and performance-optimized variants of this basic relaying idea. Chaum’s second approach, dining cryptographers, instead uses information-coding principles to hide the sender of a message among a group of nodes all of whom seem to be spewing gibberish at once. https://bford.info/2016/03/08/dnssec/ Tue, 08 Mar 2016 00:00:00 +0000 https://bford.info/2016/03/08/dnssec/ {{ page.title }} … https://bford.info/pub/net/tlsmeta-abs/ Sun, 21 Feb 2016 00:00:00 +0000 https://bford.info/pub/net/tlsmeta-abs/ Bryan Ford EPFL TLS 1.3 Ready or Not (TRON) Workshop February 21, 2016 Abstract: TLS 1.3 takes important steps to improve both performance and security, so far offers little protection against traffic analysis or fingerprinting using unencrypted metadata or other side-channels such as transmission lengths and timings. This paper explores metadata protection mechanisms for TLS, including already-included provisions (e.g., record padding), provisions not yet included but potentially feasible in TLS 1. https://bford.info/2015-10-20-cosi-ct/ Tue, 20 Oct 2015 00:00:00 +0000 https://bford.info/2015-10-20-cosi-ct/ Bryan Ford draft-ford-trans-witness-00 Abstract: This document proposes a backward-compatible extension to CT enabling log servers to obtain compact collective signatures from any number of well-known "witness" servers, which clients can check without gossip to verify that log server records have been widely witnessed. Collective signatures proactively protect clients from man-in-the- middle attackers who may have stolen the private keys of one or more log servers, even if the attacker controls the client's network access, the client is unwilling to gossip for privacy reasons, or the client does not wish to incur the network bandwidth and/or latency costs of gossip. https://bford.info/2015/10/07/names.html Wed, 07 Oct 2015 00:00:00 +0000 https://bford.info/2015/10/07/names.html On Monday the EFF, together with a “Nameless Coalition” of like-minded groups, escalated the backlash against Facebook’s “real names” or “authentic identities” policy with an open letter urging Facebook to end this policy like Google Plus did last year. Facebook’s response cites concerns about pseudonyms helping to hide “terrorist organizations”, “school bullies”, and “criminal behavior.” While I support anonymity and have spent years working to strengthen it, terrorist fearmongering aside, Facebook is right that anonymity is often abused. https://bford.info/pub/os/determ-timing/ Sun, 04 Oct 2015 00:00:00 +0000 https://bford.info/pub/os/determ-timing/ https://bford.info/pub/net/panopticon-cacm/ Thu, 01 Oct 2015 00:00:00 +0000 https://bford.info/pub/net/panopticon-cacm/ https://bford.info/thesis/2015-zhai/ Tue, 11 Aug 2015 00:00:00 +0000 https://bford.info/thesis/2015-zhai/ Ennan Zhai Ph.D. thesis advised by Bryan Ford August 11, 2015 Abstract: Today’s cloud computing systems pervasively rely on redundancy techniques to enhance reliability and availability. In complex multi-layered hardware/software stacks, however, seemingly independent components used redundantly might share deep, hidden dependencies. These common dependencies may potentially result in unexpected correlated failures, thus undermining redundancy efforts. Heading off correlated failures is extremely challenging in cloud-scale systems for the following three reasons. https://bford.info/thesis/2015-syta/ Tue, 11 Aug 2015 00:00:00 +0000 https://bford.info/thesis/2015-syta/ Ewa Syta Ph.D. thesis advised by Bryan Ford August 11, 2015 Abstract: Maintaining privacy on the Internet is increasingly difficult in this ever-connected world. In most cases, our online interactions are a highly personalized experience and require some form of identity verification, most commonly, logging into an account. Unfortunately, people frequently give away a lot of information while obtaining accounts, reuse usernames and passwords across different services, or link their accounts to take advantage of single sign-on to avoid retyping passwords. https://bford.info/thesis/2015-wu/ Mon, 10 Aug 2015 00:00:00 +0000 https://bford.info/thesis/2015-wu/ Weiyi Wu Ph.D. thesis advised by Bryan Ford August 10, 2015 Abstract: XXX Ph.D. Thesis: PDF https://bford.info/pub/sec/private-eyes-abs/ Mon, 20 Jul 2015 00:00:00 +0000 https://bford.info/pub/sec/private-eyes-abs/ Ewa Syta, Michael J. Fischer, David Wolinsky, Abraham Silberschatz, Gina Gallegos-García, and Bryan Ford 12th International Conference on Security and Cryptography (SECRYPT) July 2015. Abstract: We propose an efficient remote biometric authentication protocol that gives strong protection to the user’s biometric data in case of two common kinds of security breaches: (1) loss or theft of the user’s token (smart card, handheld device, etc.), giving the attacker full access to any secrets embedded within it; (2) total penetration of the server. https://bford.info/pub/sec/certco/ Thu, 02 Jul 2015 00:00:00 +0000 https://bford.info/pub/sec/certco/ https://bford.info/thesis/2015-maheswaran/ Wed, 24 Jun 2015 00:00:00 +0000 https://bford.info/thesis/2015-maheswaran/ John Maheswaran Ph.D. thesis advised by Bryan Ford June 24, 2015 Abstract: Third-party applications such as Quora or StackOverflow allow users to log in through a federated identity provider such as Facebook (Log in with Facebook), Google+ or Twitter. This process is called federated authentication. Examples of federated identity providers include social networks as well as other non-social network identity providers such as PayPal. Federated identity providers have gained widespread popularity among users as a way to manage their online identity across the web. https://bford.info/page/about/ Fri, 03 Apr 2015 02:13:50 +0000 https://bford.info/page/about/ About Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean nec dolor in magna lobortis egestas. Suspendisse eu erat tempor, tristique neque eu, convallis nulla. Curabitur vel bibendum lacus, at semper mauris. Suspendisse aliquet commodo ex, sed sagittis metus aliquam id. Maecenas feugiat rutrum lorem vel imperdiet. Nullam ornare lectus ut enim finibus, et porttitor mi tincidunt. Aenean lacinia, leo quis vehicula eleifend, quam libero sagittis erat, at euismod augue mauris et sapien. https://bford.info/pub/os/gpufs-cacm/ Mon, 01 Dec 2014 00:00:00 +0000 https://bford.info/pub/os/gpufs-cacm/ https://bford.info/2014/11/16/deleg.html Sun, 16 Nov 2014 00:00:00 +0000 https://bford.info/2014/11/16/deleg.html Over a decade ago I wrote up some ideas I called “Delegative Democracy,” which has also become known as “Liquid Democracy.” My draft paper from 2002 took a first stab at laying out the general idea, though I never finished or tried to publish it. Since a lot has happened in this space since then, and I get regular inquiries about it, I thought it was high time to revisit the idea and review more recent developments. https://bford.info/2014/10/22/cs-growth.html Wed, 22 Oct 2014 00:00:00 +0000 https://bford.info/2014/10/22/cs-growth.html Yesterday the Yale Daily News ran an article on our CS department’s faculty shortage, which generated some discussion among CS colleagues. Yale’s CS faculty shortage is not really news: for example, another YDN article over a year ago made basically the same point, and that probably wasn’t the first. Setting aside Yale in particular, however, it is interesting to notice some broader trends in CS department growth. So here are a couple charts I recently put together. https://bford.info/post/2014-10-22-open-surveillance/ Tue, 21 Oct 2014 00:00:00 +0000 https://bford.info/post/2014-10-22-open-surveillance/ https://bford.info/pub/os/cloud-indaas/ Tue, 07 Oct 2014 00:00:00 +0000 https://bford.info/pub/os/cloud-indaas/ https://bford.info/pub/sec/bandits/ Mon, 18 Aug 2014 00:00:00 +0000 https://bford.info/pub/sec/bandits/ https://bford.info/pub/sec/nymboxes/ Fri, 01 Aug 2014 00:00:00 +0000 https://bford.info/pub/sec/nymboxes/ https://bford.info/pub/sec/dissent-analysis/ Fri, 01 Aug 2014 00:00:00 +0000 https://bford.info/pub/sec/dissent-analysis/ https://bford.info/pub/sec/torcoin/ Fri, 18 Jul 2014 00:00:00 +0000 https://bford.info/pub/sec/torcoin/ https://bford.info/pub/sec/onions-to-shallots/ Fri, 18 Jul 2014 00:00:00 +0000 https://bford.info/pub/sec/onions-to-shallots/ https://bford.info/pub/net/taq-abs/ Mon, 14 Apr 2014 00:00:00 +0000 https://bford.info/pub/net/taq-abs/ https://bford.info/thesis/2014-nowlan/ Fri, 07 Mar 2014 00:00:00 +0000 https://bford.info/thesis/2014-nowlan/ Michael F. Nowlan Ph.D. thesis advised by Bryan Ford March 7, 2014 Abstract: Despite alternative transport protocols more suitable to latency-sensitive applications, TCP remains the de facto standard for Internet traffic, including many low-latency, interactive applications. As such, applications often tweak the TCP protocol to better suit their needs but run the risk that any change to TCP’s wire format can cause reachability issues or complete failure. This work presents a modified TCP implementation to reduce end-to-end latency without modifying TCP’s wire format. https://bford.info/pub/sec/crypto-book/ Fri, 22 Nov 2013 00:00:00 +0000 https://bford.info/pub/sec/crypto-book/ https://bford.info/pub/os/cloud-psra/ Fri, 08 Nov 2013 00:00:00 +0000 https://bford.info/pub/os/cloud-psra/ https://bford.info/pub/sec/conscript/ Mon, 04 Nov 2013 00:00:00 +0000 https://bford.info/pub/sec/conscript/ https://bford.info/pub/sec/randomness-keygen/ Mon, 04 Nov 2013 00:00:00 +0000 https://bford.info/pub/sec/randomness-keygen/ https://bford.info/pub/sec/buddies/ Mon, 04 Nov 2013 00:00:00 +0000 https://bford.info/pub/sec/buddies/ https://bford.info/pub/os/irec/ Sun, 03 Nov 2013 00:00:00 +0000 https://bford.info/pub/os/irec/ https://bford.info/pub/sec/verdict/ Wed, 14 Aug 2013 00:00:00 +0000 https://bford.info/pub/sec/verdict/ https://bford.info/pub/net/maple-abs/ Tue, 13 Aug 2013 00:00:00 +0000 https://bford.info/pub/net/maple-abs/ Andreas Voellmy, Junchang Wang, Y. Richard Yang, Bryan Ford, and Paul Hudak ACM SIGCOMM 2013 August 12-16, 2013 Abstract: Software-Defined Networking offers the appeal of a simple, centralized programming model for managing complex networks. However, challenges in managing low-level details, such as setting up and maintaining correct and efficient forwarding tables on distributed switches, often compromise this conceptual simplicity. In this paper, we present Maple, a system that simplifies SDN programming by (1) allowing a programmer to use a standard programming language to design an arbitrary, centralized algorithm, which we call an algorithmic policy, to decide the behaviors of an entire network, and (2) providing an abstraction that the programmer-defined, centralized policy runs, conceptually, “afresh” on every packet entering a network, and hence is oblivious to the challenge of translating a high-level policy into sets of rules on distributed individual switches. https://bford.info/pub/sec/tor-unordered/ Tue, 13 Aug 2013 00:00:00 +0000 https://bford.info/pub/sec/tor-unordered/ https://bford.info/pub/os/lazy-tree-mapping/ Mon, 29 Jul 2013 00:00:00 +0000 https://bford.info/pub/os/lazy-tree-mapping/ https://bford.info/pub/sec/human-rights-abs/ Thu, 23 May 2013 00:00:00 +0000 https://bford.info/pub/sec/human-rights-abs/ Henry Corrigan-Gibbs and Bryan Ford Yale University Cyber-security Research Ethics Dialog & Strategy Workshop (CREDS 2013) May 23, 2013 Abstract: We draw an ethical analogy between Internet freedom efforts and humanitarian aid work. This parallel motivates a number of ethical questions relating to anonymity and censorship-circumvention research. Paper: PDF https://bford.info/pub/os/gpufs/ Wed, 20 Mar 2013 00:00:00 +0000 https://bford.info/pub/os/gpufs/ https://bford.info/pub/os/middleware12-abs/ Mon, 03 Dec 2012 00:00:00 +0000 https://bford.info/pub/os/middleware12-abs/ Nuno Santos, Rodrigo Rodrigues, and Bryan Ford ACM/IFIP/USENIX 13th International Conference on Middleware December 2012 Abstract: The consequences of security breaches due to system administrator errors can be catastrophic. Software systems in general, and OSes in particular, ultimately depend on a fully trusted administrator whom is granted superuser privileges that allow him to fully control the system. Consequently, an administrator acting negligently or unethically can easily compromise user data in irreversible ways by leaking, modifying, or deleting data. https://bford.info/pub/sec/dissent-in-numbers/ Mon, 08 Oct 2012 00:00:00 +0000 https://bford.info/pub/sec/dissent-in-numbers/ https://bford.info/thesis/2012-aviram/ Thu, 20 Sep 2012 00:00:00 +0000 https://bford.info/thesis/2012-aviram/ Amittai F. Aviram Ph.D. thesis advised by Bryan Ford September 20, 2012 Abstract: Researchers widely agree that determinism in parallel programs is desirable. Although experimental parallel programming languages have long featured deterministic semantics, in mainstream parallel environments, developers still build on non-deterministic constructs such as mutexes, leading to time- or schedule-dependent heisenbugs. To make deterministic programming more accessible, we introduce DOMP, a deterministic extension to OpenMP, preserving the familiarity of traditional languages such as C and Fortran, and maintaining source-compatibility with much of the existing OpenMP standard. https://bford.info/pub/sec/blogdrop/ Mon, 09 Jul 2012 00:00:00 +0000 https://bford.info/pub/sec/blogdrop/ https://bford.info/pub/os/scaling-sdn-abs/ Sun, 01 Jul 2012 00:00:00 +0000 https://bford.info/pub/os/scaling-sdn-abs/ Andreas Voellmy, Bryan Ford, Paul Hudak, and Y. Richard Yang Yale University Department of Computer Science Technical Report YALEU/DCS/TR-1468 July 2012 Abstract: Software defined networks (SDN) introduce centralized controllers to drastically increase network programmability. The simplicity of a logical centralized controller, however, can come at the cost of controller programming complexity and scalability. In this paper, we present McNettle, an extensible SDN controller system whose control event processing throughput scales with the number of system CPU cores and which supports control algorithms requiring globally visible state changes occurring at flow arrival rates. https://bford.info/pub/os/non-linear/ Thu, 14 Jun 2012 00:00:00 +0000 https://bford.info/pub/os/non-linear/ https://bford.info/pub/os/tifc-hotcloud12/ Wed, 13 Jun 2012 00:00:00 +0000 https://bford.info/pub/os/tifc-hotcloud12/ https://bford.info/pub/os/icebergs/ Tue, 12 Jun 2012 00:00:00 +0000 https://bford.info/pub/os/icebergs/ https://bford.info/pub/sec/biometric-auth/ Fri, 25 May 2012 00:00:00 +0000 https://bford.info/pub/sec/biometric-auth/ https://bford.info/pub/net/nsdi12-minion-abs/ Fri, 27 Apr 2012 00:00:00 +0000 https://bford.info/pub/net/nsdi12-minion-abs/ https://bford.info/pub/sec/faceless-abs/ Tue, 10 Apr 2012 00:00:00 +0000 https://bford.info/pub/sec/faceless-abs/ Xiaoxiao Song, David Isaac Wolinsky, and Bryan Ford Yale University 5th Workshop on Social Network Systems April 10, 2012 Abstract: Social networks (SNs) enable physically distributed groups to communicate seamlessly. Unfortunately such communi- cation can be easily mined by adversaries in attempts to breach users’ privacy or suppress open discussion on sensi- tive topics. While anonymous posting can help protect users by hiding the link between individuals and the messages they post, existing anonymization schemes are centralized or vul- nerable to well-known attacks. https://bford.info/pub/sec/anytrust/ Tue, 10 Apr 2012 00:00:00 +0000 https://bford.info/pub/sec/anytrust/ https://bford.info/pub/os/determ-vm/ Mon, 11 Jul 2011 00:00:00 +0000 https://bford.info/pub/os/determ-vm/ https://bford.info/pub/os/certikos-apsys11/ Mon, 11 Jul 2011 00:00:00 +0000 https://bford.info/pub/os/certikos-apsys11/ https://bford.info/pub/net/eyo-usenix-abs/ Wed, 15 Jun 2011 00:00:00 +0000 https://bford.info/pub/net/eyo-usenix-abs/ Jacob Strauss, Justin Mazzola Paluska, Chris Lesniewski-Laas, Bryan Ford, Robert Morris, and Frans Kaashoek 2011 USENIX Annual Technical Conference June 15-17, 2011, Portland, OR, USA Abstract: Users increasingly store data collections such as digital photographs on multiple personal devices, each of which typically offers a storage management interface oblivious to the contents of the user’s other devices. As a result, collections become disorganized and drift out of sync. This paper presents Eyo, a novel personal storage system that provides device transparency: a user can think in terms of “file X”, rather than “file X on device Y”, and will see the same set of files on all personal devices. https://bford.info/pub/os/determ-openmp/ Thu, 26 May 2011 00:00:00 +0000 https://bford.info/pub/os/determ-openmp/ https://bford.info/pub/os/workspace-consistency/ Sun, 06 Mar 2011 00:00:00 +0000 https://bford.info/pub/os/workspace-consistency/ https://bford.info/pub/net/druid-abs/ Fri, 24 Dec 2010 00:00:00 +0000 https://bford.info/pub/net/druid-abs/ Joe Touch, Ilia Baldine, Rudra Dutta, Gregory G. Finn, Bryan Ford, Scott Jordan, Dan Massey, Abraham Matta, Christos Papadopoulos, Peter Reiher, George Rouskas Computer Networks December 24, 2010 Abstract: The Dynamic Recursive Unified Internet Design (DRUID) is a future Internet design that unifies overlay networks with conventional layered network architectures. DRUID is based on the fundamental concept of recursion, enabling a simple and direct network architecture that unifies the data, control, management, and security aspects of the current Internet, leading to a more trustworthy network. https://bford.info/pub/net/pfldnet10-minion-abs/ Sun, 28 Nov 2010 00:00:00 +0000 https://bford.info/pub/net/pfldnet10-minion-abs/ https://bford.info/pub/os/timing-abs/ Fri, 08 Oct 2010 00:00:00 +0000 https://bford.info/pub/os/timing-abs/ Amittai Aviram, Sen Hu, Bryan Ford Ramakrishna Gummadi Yale University University of Massachusetts Amherst The ACM Cloud Computing Security Workshop (CCSW 2010) October 8, 2010, Chicago, IL, USA Abstract: Timing side-channels represent an insidious security challenge for cloud computing, because: (a) massive parallelism in the cloud makes timing channels pervasive and hard to control; (b) timing channels enable one customer to steal information from another without leaving a trail or raising alarms; (c) only the cloud provider can feasibly detect and report such attacks, but the provider's incentives are not to; and (d) resource partitioning schemes for timing channel control undermine statistical sharing efficiency, and, with it, the cloud computing business model. https://bford.info/pub/os/determ-osdi10/ Tue, 05 Oct 2010 00:00:00 +0000 https://bford.info/pub/os/determ-osdi10/ https://bford.info/pub/net/dissent-abs/ Mon, 04 Oct 2010 00:00:00 +0000 https://bford.info/pub/net/dissent-abs/ Henry Corrigan-Gibbs and Bryan Ford Yale University Winner of ACM CCS Test-of-Time Award 17th ACM Conference on Computer and Communications Security (CCS 2010) October 4-8, 2010, Chicago, IL, USA Abstract: Users often wish to participate in online groups anonymously, but misbehaving users may abuse this anonymity to disrupt the group's communication. Existing messaging protocols such as DC-nets leave groups vulnerable to denial-of-service and Sybil attacks, Mix-nets are difficult to protect against traffic analysis, and accountable voting protocols are unsuited to general anonymous messaging. https://bford.info/pub/os/certified-kernels-abs/ Thu, 15 Jul 2010 00:00:00 +0000 https://bford.info/pub/os/certified-kernels-abs/ Zhong Shao and Bryan Ford Department of Computer Science, Yale University Yale University Technical Report TR1436 July 15, 2010 Abstract: Operating System (OS) kernels form the bedrock of all system software—they can have the greatest impact on the resilience, extensibility, and security of today’s computing hosts. A single kernel bug can easily wreck the entire system’s integrity and protection. We propose to apply new advances in certified software to the development of a novel OS kernel. https://bford.info/pub/net/rfc5684-abs/ Mon, 01 Feb 2010 00:00:00 +0000 https://bford.info/pub/net/rfc5684-abs/ Pyda Srisuresh and Bryan Ford IETF RFC 5684 February 2010 Abstract: This document identifies two deployment scenarios that have arisen from the unconventional network topologies formed using Network Address Translator (NAT) devices. First, the simplicity of administering networks through the combination of NAT and DHCP has increasingly lead to the deployment of multi-level inter-connected private networks involving overlapping private IP address spaces. Second, the proliferation of private networks in enterprises, hotels and conferences, and the wide-spread use of Virtual Private Networks (VPNs) to access an enterprise intranet from remote locations has increasingly lead to overlapping private IP address space between remote and corporate networks. https://bford.info/pub/net/nego-abs/ Thu, 22 Oct 2009 00:00:00 +0000 https://bford.info/pub/net/nego-abs/ Bryan Ford Janardhan Iyengar Yale University Franklin & Marshall College Published in Eighth ACM Workshop on Hot Topics in Networks (HotNets-VIII) October 22-23, 2009, New York City, NY, USA Abstract: Internet evolution often depends on either inserting new protocol layers or upgrading existing layers to new protocols, but both of these evolutionary paths are obstructed by the difficulty and inefficiency of determining which protocols a pair of hosts mutually support and prefer. https://bford.info/pub/net/devtransp-abs/ Sun, 11 Oct 2009 00:00:00 +0000 https://bford.info/pub/net/devtransp-abs/ Jacob Strauss Chris Lesniewski-Laas Justin Mazzola Paluska Bryan Ford Robert Morris Frans Kaashoek Published in SOSP Workshop on Hot Topics in Storage and File Systems (HotStorage '09) October 11, 2009, Big Sky, MT, USA Abstract: This paper proposes a new storage model, device transparency, in which users view and manage their entire data collection from any of their devices, even from disconnected storage-limited devices holding only a subset of the entire collection. https://bford.info/pub/net/rfc5508-abs/ Wed, 01 Apr 2009 00:00:00 +0000 https://bford.info/pub/net/rfc5508-abs/ Pyda Srisuresh, Bryan Ford, Senthil Sivakumar, and Saikat Guha IETF RFC 5508 April 2009 Abstract: This document specifies the behavioral properties required of the Network Address Translator (NAT) devices in conjunction with the Internet Control Message Protocol (ICMP). The objective of this memo is to make NAT devices more predictable and compatible with diverse application protocols that traverse the devices. Companion documents provide behavioral recommendations specific to TCP, UDP, and other protocols. https://bford.info/pub/net/logjam-abs/ Mon, 06 Oct 2008 00:00:00 +0000 https://bford.info/pub/net/logjam-abs/ Bryan Ford Janardhan Iyengar Massachusetts Institute of Technology Franklin & Marshall College Published in Seventh ACM Workshop on Hot Topics in Networks (HotNets-VII) October 6-7, 2008, Calgary, Alberta, Canada Abstract: Current Internet transports conflate transport semantics with endpoint addressing and flow regulation, creating roadblocks to Internet evolution that we propose to address with a new layering model. Factoring endpoint addressing (port numbers) into a separate Endpoint Layer permits incremental rollout of new or improved transports at OS or application level, enables transport-oblivious firewall/NAT traversal, improves transport negotiation efficiency, and simplifies endpoint address space administration. https://bford.info/pub/net/rfc5382-abs/ Wed, 01 Oct 2008 00:00:00 +0000 https://bford.info/pub/net/rfc5382-abs/ Saikat Guha, Kaushik Biswas, Bryan Ford, Senthil Sivakumar, and Pyda Srisuresh IETF RFC 5382 October 2008 Abstract: This document defines a set of requirements for NATs that handle TCP that would allow many applications, such as peer-to-peer applications and online games to work consistently. Developing NATs that meet this set of requirements will greatly increase the likelihood that these applications will function properly. Final RFC: Plain text Early drafts: IETF working group draft versions: 06 05 04 03 02 01 00 Individual draft versions: 02 01 00 https://bford.info/pub/net/phd-abs/ Mon, 01 Sep 2008 00:00:00 +0000 https://bford.info/pub/net/phd-abs/ Bryan Ford Ph.D. thesis, Massachusetts Institute of Technology, September 2008. Abstract: The Internet's architecture, designed in the days of large, stationary computers tended by technically savvy and accountable administrators, fails to meet the demands of the emerging ubiquitous computing era. Nontechnical users now routinely own multiple personal devices, many of them mobile, and need to share information securely among them using interactive, delay-sensitive applications. Unmanaged Internet Architecture (UIA) is a novel, incrementally deployable network architecture for modern personal devices, which reconsiders three architectural cornerstones: naming, routing, and transport. https://bford.info/thesis/2008-phd/ Mon, 01 Sep 2008 00:00:00 +0000 https://bford.info/thesis/2008-phd/ https://bford.info/pub/os/vx32-abs/ Fri, 27 Jun 2008 00:00:00 +0000 https://bford.info/pub/os/vx32-abs/ Bryan Ford and Russ Cox Massachusetts Institute of Technology Winnder of Best Student Paper Award USENIX Annual Technical Conference June 22-27, 2008, Boston, Massachusetts. Abstract: Code sandboxing is useful for many purposes, but most sandboxing techniques require kernel modifications, do not completely isolate guest code, or incur substantial performance costs. Vx32 is a multipurpose user-level sandbox that enables any application to load and safely execute one or more guest plug-ins, confining each guest to a system call API controlled by the host application and to a restricted memory region within the host’s address space. https://bford.info/pub/net/sybil-abs/ Tue, 01 Apr 2008 00:00:00 +0000 https://bford.info/pub/net/sybil-abs/ Bryan Ford and Jacob Strauss Massachusetts Institute of Technology First Workshop on Social Network Systems April 1, 2008 Abstract: Online anonymity often appears to undermine accountability, offering little incentive for civil behavior, but accountability failures usually result not from anonymity itself but from the disposability of virtual identities. A user banned for misbehavior—e.g., spamming from a free E-mail account or stuffing an online ballot box—can simply open other accounts or connect from other IP addresses. https://bford.info/pub/net/rfc5128-abs/ Sat, 01 Mar 2008 00:00:00 +0000 https://bford.info/pub/net/rfc5128-abs/ Pyda Srisuresh, Bryan Ford, and Dan Kegel IETF RFC 5128 March 2008 Abstract: This memo documents the various methods known to be in use by applications to establish direct communication in the presence of Network Address Translators (NATs) at the current time. Although this memo is intended to be mainly descriptive, the Security Considerations section makes some purely advisory recommendations about how to deal with security vulnerabilities the applications could inadvertently create when using the methods described. https://bford.info/pub/net/transport-ietf-abs/ Sat, 01 Dec 2007 00:00:00 +0000 https://bford.info/pub/net/transport-ietf-abs/ https://bford.info/pub/net/alpaca-abs/ Mon, 29 Oct 2007 00:00:00 +0000 https://bford.info/pub/net/alpaca-abs/ Chris Lesniewski-Laas, Bryan Ford, Jacob Strauss, Robert Morris, and M. Frans Kaashoek Massachusetts Institute of Technology Published in 14th ACM Conference on Computer and Communications Security, Oct 29-Nov 2, 2007, Alexandria, VA. Abstract: Traditional Public Key Infrastructures (PKI) have not lived up to their promise because there are too many ways to define PKIs, too many cryptographic primitives to build them with, and too many administrative domains with incompatible roots of trust. https://bford.info/pub/net/sst-abs/ Mon, 27 Aug 2007 00:00:00 +0000 https://bford.info/pub/net/sst-abs/ Bryan Ford Massachusetts Institute of Technology Published in ACM SIGCOMM 2007, August 27-31, 2007, Kyoto, Japan. Abstract: Internet applications currently have a choice between stream and datagram transport abstractions. Datagrams efficiently support small transactions and streams are suited for long-running conversations, but neither abstraction adequately supports applications like HTTP that exhibit a mixture of transaction sizes, or applications like FTP and SIP that use multiple transport instances. Structured Stream Transport (SST) enhances the traditional stream abstraction with a hierarchical hereditary structure, allowing applications to create lightweight child streams from any existing stream. https://bford.info/pub/net/uia-osdi/ Mon, 06 Nov 2006 00:00:00 +0000 https://bford.info/pub/net/uia-osdi/ Persistent Personal Names for Globally Connected Mobile Devices Bryan Ford, Jacob Strauss, Chris Lesniewski-Laas, Sean Rhea, Frans Kaashoek, Robert Morris Massachusetts Institute of Technology Published in 7th USENIX Symposium on Operating Systems Design and Implementation, November 6-8, 2006. Abstract: The Unmanaged Internet Architecture (UIA) provides zero-configuration connectivity among mobile devices through personal names. Users assign personal names through an ad hoc device introduction process requiring no central allocation. Once assigned, names bind securely to the global identities of their target devices independent of network location. https://bford.info/pub/net/uia-osdi-abs/ Mon, 06 Nov 2006 00:00:00 +0000 https://bford.info/pub/net/uia-osdi-abs/ Bryan Ford, Jacob Strauss, Chris Lesniewski-Laas, Sean Rhea, Frans Kaashoek, Robert Morris Massachusetts Institute of Technology 7th USENIX Symposium on Operating Systems Design and Implementation November 6-8, 2006 Abstract: The Unmanaged Internet Architecture (UIA) provides zero-configuration connectivity among mobile devices through personal names. Users assign personal names through an ad hoc device introduction process requiring no central allocation. Once assigned, names bind securely to the global identities of their target devices independent of network location. https://bford.info/log/2006/0924-SybilParties.html Sun, 24 Sep 2006 00:00:00 +0000 https://bford.info/log/2006/0924-SybilParties.html Bryan Ford - September 24, 2006 Preliminary draft: see here for the final published paper The Human Recognition Problem Today's online ecosphere continually suffers from its inability to tell who is a genuine, unique human and who isn't. Because open-access messaging systems cannot isolate or authenticate the human source of messages for the purpose of suppressing abuses, spam has already relegated USENET to historical obscurity [Templeton01], threatens the usability of E-mail [Wouters05], and is even advancing on Skype. https://bford.info/pub/net/uia-iptps-abs/ Mon, 27 Feb 2006 00:00:00 +0000 https://bford.info/pub/net/uia-iptps-abs/ Bryan Ford, Jacob Strauss, Chris Lesniewski-Laas, Sean Rhea, Frans Kaashoek, and Robert Morris Massachusetts Institute of Technology 5th International Workshop on Peer-to-Peer Systems February 27-28, 2006 Abstract The User Information Architecture, or UIA, is a peer-to-peer connectivity architecture that provides users a simple, intuitive, and secure way to share information and services between personal devices by assigning ad hoc names that act like “virtual cables.” Users assign names by “introducing” devices to each other on a common network. https://bford.info/pub/os/vxa-abs/ Fri, 16 Dec 2005 00:00:00 +0000 https://bford.info/pub/os/vxa-abs/ Bryan Ford Massachusetts Institute of Technology 4th USENIX Conference on File and Storage Technologies (FAST '05) December 16, 2005, San Francisco, California, USA. Abstract: Data compression algorithms change frequently, and obsolete decoders do not always run on new hardware and operating systems, threatening the long-term usability of content archived using those algorithms. Re-encoding content into new formats is cumbersome, and highly undesirable when lossy compression is involved. Processor architectures, in contrast, have remained comparatively stable over recent decades. https://bford.info/pub/net/p2pnat-abs/ Sun, 10 Apr 2005 00:00:00 +0000 https://bford.info/pub/net/p2pnat-abs/ Bryan Ford Massachusetts Institute of Technology baford (at) mit.edu Pyda Srisuresh Caymas Systems, Inc. srisuresh (at) yahoo.com Dan Kegel dank (at) kegel.com Presented at the USENIX Annual Technical Conference, April 10-15, 2005. Abstract: Network Address Translation (NAT) causes well-known difficulties for peer-to-peer (P2P) communication, since the peers involved may not be reachable at any globally valid IP address. Several NAT traversal techniques are known, but their documentation is slim, and data about their robustness or relative merits is slimmer. https://bford.info/pub/net/p2pnat/ Thu, 17 Feb 2005 00:00:00 +0000 https://bford.info/pub/net/p2pnat/ Peer-to-Peer Communication Across Network Address Translators Bryan Ford Massachusetts Institute of Technology baford (at) mit.edu Pyda Srisuresh Caymas Systems, Inc. srisuresh (at) yahoo.com Dan Kegel dank (at) kegel.com J'fais des trous, des petits trous toujours des petits trous      - S. Gainsbourg Abstract: Network Address Translation (NAT) causes well-known difficulties for peer-to-peer (P2P) communication, since the peers involved may not be reachable at any globally valid IP address. Several NAT traversal techniques are known, but their documentation is slim, and data about their robustness or relative merits is slimmer. https://bford.info/2005/02/01/behave-app/ Tue, 01 Feb 2005 00:00:00 +0000 https://bford.info/2005/02/01/behave-app/ Bryan Ford, Pyda Srisuresh, and Dan Kegel draft-ford-behave-app Abstract: This document defines guidelines by which application designers can create applications that communicate reliably and efficiently in the presence of Network Address Translators (NATs), particularly when the application has a need for "peer-to-peer" (P2P) type of communication. The guidelines allow a P2P application to work reliably across a majority of existing NATs, as well as all future NATs that conform to the behave requirements specified in companion documents. https://bford.info/2005/02/01/behave-gen/ Tue, 01 Feb 2005 00:00:00 +0000 https://bford.info/2005/02/01/behave-gen/ Bryan Ford and Pyda Srisuresh draft-ford-behave-gen Abstract: This document discusses the operating principles of Network Address Translator (NAT) devices and the behavioral properties required to make NAT more predictable and compatible with diverse application protocols. First, this document presents an architectural model for NAT devices and defines important terms used in conjunction with NAT operation. The architectural model sets the stage for a set of concrete recommendations for NAT implementers. https://bford.info/2004/11/23/indrep/ Tue, 23 Nov 2004 00:00:00 +0000 https://bford.info/2004/11/23/indrep/ Real Choice for Voters, Democratic Currency for Activists Introduction The traditional purpose of popular elections is primarily to elect candidates to government offices or legislative seats, but this is not the only way we could use elections to facilitate democracy. Individual Representation, or indrep, provides a new and different reason to hold popular elections: as a tool for directly promoting the growth of grassroots social and political relationships throughout the basic fabric of society. https://bford.info/2004/08/16/wiki-democracy/ Mon, 16 Aug 2004 00:00:00 +0000 https://bford.info/2004/08/16/wiki-democracy/ https://bford.info/cachedir/ Mon, 19 Jul 2004 00:00:00 +0000 https://bford.info/cachedir/ Version 0.6 (Changes) Proposed by Bryan Ford Abstract Many applications create and manage directories containing cached information about content stored elsewhere, such as cached Web content or thumbnail-size versions of images or movies. For speed and storage efficiency we would often like to avoid backing up, archiving, or otherwise unnecessarily copying such directories around, but it is a pain to identify and individually exclude each such directory during data transfer operations. https://bford.info/pub/lang/peg/ Wed, 14 Jan 2004 00:00:00 +0000 https://bford.info/pub/lang/peg/ Bryan Ford Massachusetts Institute of Technology Symposium on Principles of Programming Languages, January 14-16, 2004, Venice, Italy Abstract For decades we have been using Chomsky's generative system of grammars, particularly context-free grammars (CFGs) and regular expressions (REs), to express the syntax of programming languages and protocols. The power of generative grammars to express ambiguity is crucial to their original purpose of modelling natural languages, but this very power makes it unnecessarily difficult both to express and to parse machine-oriented languages using CFGs. https://bford.info/pub/os/uip-case-abs/ Thu, 20 Nov 2003 00:00:00 +0000 https://bford.info/pub/os/uip-case-abs/ Bryan Ford Massachusetts Institute of Technology Second Workshop on Hot Topics in Networks November 20-21, 2003 Abstract: Though appropriate for core Internet infrastructure, the Internet Protocol is unsuited to routing within and between emerging ad-hoc edge networks due to its dependence on hierarchical, administratively assigned addresses. Existing ad-hoc routing protocols address the management problem but do not scale to Internet-wide networks. The promise of ubiquitous network computing cannot be fulfilled until we develop an Unmanaged Internet Protocol (UIP), a scalable routing protocol that manages itself automatically. https://bford.info/pub/os/uip-abs/ Fri, 31 Oct 2003 00:00:00 +0000 https://bford.info/pub/os/uip-abs/ Bryan Ford Massachusetts Institute of Technology Technical Report MIT-LCS-TR-926 October 31, 2003 Abstract: Unmanaged Internet Protocol (UIP) is a fully self-organizing network-layer protocol that implements scalable identity-based routing. In contrast with address-based routing protocols, which depend for scalability on centralized hierarchical address management, UIP nodes use a flat namespace of cryptographic node identifiers. Node identities can be created locally on demand and remain stable across network changes. Unlike location-independent name services, the UIP routing protocol can stitch together many conventional address-based networks with disjoint or discontinuous address domains, providing connectivity between any pair of participating nodes even when no underlying network provides direct connectivity. https://bford.info/2003/08/28/fx86/ Thu, 28 Aug 2003 00:00:00 +0000 https://bford.info/2003/08/28/fx86/ https://bford.info/2003/07/24/service-duality/ Thu, 24 Jul 2003 00:00:00 +0000 https://bford.info/2003/07/24/service-duality/ https://bford.info/2002/10/21/deleg-voting/ Mon, 21 Oct 2002 00:00:00 +0000 https://bford.info/2002/10/21/deleg-voting/ https://bford.info/pub/lang/packrat-icfp02/ Fri, 04 Oct 2002 00:00:00 +0000 https://bford.info/pub/lang/packrat-icfp02/ Bryan Ford Massachusetts Institute of Technology International Conference on Functional Programming, October 4-6, 2002, Pittsburgh Abstract Packrat parsing is a novel technique for implementing parsers in a lazy functional programming language. A packrat parser provides the power and flexibility of top-down parsing with backtracking and unlimited lookahead, but nevertheless guarantees linear parse time. Any language defined by an LL(k) or LR(k) grammar can be recognized by a packrat parser, in addition to many languages that conventional linear-time algorithms do not support. https://bford.info/pub/lang/thesis/ Tue, 03 Sep 2002 00:00:00 +0000 https://bford.info/pub/lang/thesis/ Bryan Ford Master's Thesis Massachusetts Institute of Technology Abstract Packrat parsing is a novel and practical method for implementing linear-time parsers for grammars defined in Top-Down Parsing Language (TDPL). While TDPL was originally created as a formal model for top-down parsers with backtracking capability, this thesis extends TDPL into a powerful general-purpose notation for describing language syntax, providing a compelling alternative to traditional context-free grammars (CFGs). Common syntactic idioms that cannot be represented concisely in a CFG are easily expressed in TDPL, such as longest-match disambiguation and " https://bford.info/thesis/2002-masters/ Tue, 03 Sep 2002 00:00:00 +0000 https://bford.info/thesis/2002-masters/ https://bford.info/2002/05/15/deleg/ Wed, 15 May 2002 00:00:00 +0000 https://bford.info/2002/05/15/deleg/ https://bford.info/pub/os/atomic-osdi99-abs/ Wed, 24 Feb 1999 00:00:00 +0000 https://bford.info/pub/os/atomic-osdi99-abs/ Bryan Ford, Mike Hibler, Jay Lepreau, Roland McGrath, and Patrick Tullmann Department of Computer Science, University of Utah 3rd Symposium on Operating Systems Design and Implementation February 22-25, 1999 Abstract: We have defined and implemented a kernel API that makes every exported operation fully interruptible and restartable, thereby appearing atomic to the user. To achieve interruptibility, all possible kernel states in which a thread may become blocked for a “long” time are represented as kernel system calls, without requiring the kernel to retain any unexposable internal state. https://bford.info/pub/os/oskit-sosp16-abs/ Mon, 06 Oct 1997 00:00:00 +0000 https://bford.info/pub/os/oskit-sosp16-abs/ Bryan Ford, Godmar Back, Greg Benson, Jay Lepreau, Albert Lin, and Olin Shivers Proceedings of the 16th ACM Symposium on Operating System Principles October 5-8, 1997 Abstract: Implementing new operating systems is tedious, costly, and often impractical except for large projects. The Flux OSKit addresses this problem in a novel way by providing clean, well-documented OS components designed to be reused in a wide variety of other environments, rather than defining a new OS structure. https://bford.info/pub/lang/flick-pldi97-abs/ Sun, 15 Jun 1997 00:00:00 +0000 https://bford.info/pub/lang/flick-pldi97-abs/ Eric Eide, Kevin Frei, Bryan Ford, Jay Lepreau, and Gary Lindstrom University of Utah, Department of Computer Science ACM SIGPLAN Conference on Programming Language Design and Implementation June 15-18, 1997. Abstract: Modern operating systems must support a wide variety of services for a diverse set of users. Designers of these systems face a tradeoff between functionality and performance. Systems like Mach provide a set of general abstractions and attempt to handle every situation, which can lead to poor performance for common cases. https://bford.info/pub/os/oskit-hotos6-abs/ Mon, 05 May 1997 00:00:00 +0000 https://bford.info/pub/os/oskit-hotos6-abs/ Bryan Ford, Kevin Van Maren, Jay Lepreau, Stephen Clawson, Bart Robinson, and Jeff Turner University of Utah 6th Workshop on Hot Topics in Operating Systems (HotOS-VI) May 5-6, 1997 Abstract: To an unappreciated degree, research both in operating systems and their programming languages has been severely hampered by the lack of cleanly reusable code providing mundane low-level OS infrastructure such as bootstrap code and device drivers. The Flux OS Toolkit solves this problem by providing a set of clean, well-documented components. https://bford.info/pub/os/inherit-sched-abs/ Wed, 30 Oct 1996 00:00:00 +0000 https://bford.info/pub/os/inherit-sched-abs/ Bryan Ford and Sai R. Susarla Department of Computer Science, University of Utah Proceedings of the Second Symposium on Operating Systems Design and Implementation October 28-31, 1996 Abstract: Traditional processor scheduling mechanisms in operating systems are fairly rigid, often supporting only one fixed scheduling policy, or, at most, a few “scheduling classes” whose implementations are closely tied together in the OS kernel. This paper presents CPU inheritance scheduling, a novel processor scheduling framework in which arbitrary threads can act as schedulers for other threads. https://bford.info/pub/os/fluke-rvm-abs/ Wed, 30 Oct 1996 00:00:00 +0000 https://bford.info/pub/os/fluke-rvm-abs/ Bryan Ford, Mike Hibler, Jay Lepreau, Patrick Tullmann, Godmar Back, and Stephen Clawson University of Utah USENIX 2nd Symposium on OS Design and Implementation (OSDI '96) October 28-31, 1996, Seattle, Washington, USA. Abstract: This paper describes a novel approach to providing modular and extensible operating system functionality and encapsulated environments based on a synthesis of microkernel and virtual machine concepts. We have developed a software-based virtualizable architecture called Fluke that allows recursive virtual machines (virtual machines running on other virtual machines) to be implemented efficiently by a microkernel running on generic hardware. https://bford.info/pub/os/iwooos96-flobs-abs/ Sun, 27 Oct 1996 00:00:00 +0000 https://bford.info/pub/os/iwooos96-flobs-abs/ Patrick Tullmann, Jay Lepreau, Bryan Ford, and Mike Hibler Department of Computer Science, University of Utah Proceedings of the Fifth IEEE International Workshop on Object Orientation in Operating Systems (IWOOOS) October 27-28, 1996 Abstract: Checkpointing, process migration, and similar services need to have access not only to the memory of the constituent processes, but also to the complete state of all kernel provided objects (e.g., threads and ports) involved. Traditionally, a major stumbling block in these operations is acquiring and re-creating the state in the operating system. https://bford.info/pub/os/dist-vs-local-abs/ Mon, 09 Sep 1996 00:00:00 +0000 https://bford.info/pub/os/dist-vs-local-abs/ Jay Lepreau, Bryan Ford, and Mike Hibler Department of Computer Science, University of Utah Proceedings of the Seventh ACM SIGOPS European Workshop September 9-11, 1996 Abstract: The growth and popularity of loosely-coupled distributed systems such as the World Wide Web and the touting of Java-based systems as the solution to the issues of software maintenance, flexibility, and security are changing the research emphasis away from traditional single node operating system issues. https://bford.info/pub/lang/presint3-abs/ Wed, 01 Mar 1995 00:00:00 +0000 https://bford.info/pub/lang/presint3-abs/ Bryan Ford, Mike Hibler, and Jay Lepreau University of Utah, Department of Computer Science Technical Report UUCS-95-014 March 1995. Abstract: In RPC-based communication, it is useful to distinguish the RPC interface, which is the “network contract” be- tween the client and the server, from the presentation, which is the “programmer’s contract” between the RPC stubs and the code that calls or is called by them. Presentation is usually a fixed function of the RPC interface, but some RPC systems, such as DCE and Concert, support the notion of a flexible presentation or endpoint modifier, allowing controlled modification of the behavior of the stubs on each side without affecting the contract between the client and the server. https://bford.info/pub/lang/presint2-abs/ Thu, 01 Dec 1994 00:00:00 +0000 https://bford.info/pub/lang/presint2-abs/ Bryan Ford, Mike Hibler, and Jay Lepreau University of Utah, Department of Computer Science Technical Report UUCS-95-018 December 1994. Abstract: In RPC-based communication, we term the interface the set of remote procedures and the types of their arguments; the presentation is the way these procedures and types are mapped to the target language environment in a particular client or server, including semantic requirements. For example, presentation includes the local names assigned to RPC stubs, the physical representation of a logical block of data (e. https://bford.info/pub/os/thread-migrate-abs/ Mon, 17 Jan 1994 00:00:00 +0000 https://bford.info/pub/os/thread-migrate-abs/ Bryan Ford and Jay Lepreau Department of Computer Science, University of Utah Proceedings of the Winter 1994 USENIX Technical Conference January 17-21, 1994 Abstract: We have modified Mach 3.0 to treat cross-domain remote procedure call (RPC) as a single entity, instead of a sequence of message passing operations. With RPC thus elevated, we improved the transfer of control during RPC by changing the thread model. Like most operating systems, Mach views threads as statically associated with a single task, with two threads involved in an RPC. https://bford.info/pub/os/passive-abs/ Thu, 09 Dec 1993 00:00:00 +0000 https://bford.info/pub/os/passive-abs/ Bryan Ford and Jay Lepreau Department of Computer Science, University of Utah International Workshop on Object Orientation in Operating Systems (IWOOOS) December 9-10, 1993 Abstract: We believe that a passive object model, in which the active entities or threads migrate between passive objects, is more appropriate than an active object model, as the basic structure of a microkernel-based operating system. A passive object model provides enhanced performance and simplicity because it is more closely matched to the basic nature of microprocessors and the requirements of applications. https://bford.info/pub/lang/flex-wwos4-abs/ Thu, 14 Oct 1993 00:00:00 +0000 https://bford.info/pub/lang/flex-wwos4-abs/ John B. Carter, Bryan Ford, Mike Hibler, Ravindra Kuramkote, Jeffrey Law, Jay Lepreau, Douglas B. Orr, Leigh Stoller, and Mark Swanson University of Utah, Department of Computer Science 4th IEEE Workshop on Workstation Operating Systems (WWOS) October 14-15, 1993. Abstract: Modern operating systems must support a wide variety of services for a diverse set of users. Designers of these systems face a tradeoff between functionality and performance. Systems like Mach provide a set of general abstractions and attempt to handle every situation, which can lead to poor performance for common cases. https://bford.info/pub/os/inks-abs/ Mon, 19 Apr 1993 00:00:00 +0000 https://bford.info/pub/os/inks-abs/ Jay Lepreau, Mike Hibler, Bryan Ford, and Jeffrey Law Department of Computer Science, University of Utah Proceedings of the Third USENIX Mach Symposium April 1993 Abstract: The advantages in modularity and power of microkernel-based operating systems such as Mach 3.0 are well known. The existing performance problems of these systems, however, are significant. Much of the performance degradation is due to the cost of maintaining separate protection domains, traversing software layers, and using a semantically rich inter-process communication mechanism. https://bford.info/pub/os/threadmodel-93-abs/ Thu, 01 Apr 1993 00:00:00 +0000 https://bford.info/pub/os/threadmodel-93-abs/ Bryan Ford, Mike Hibler, and Jay Lepreau Department of Computer Science, University of Utah Technical Report UUCS-93-012 April 1993 Abstract: During the Mach In-Kernel Servers work, we explored two alternate thread models that could be used to support traps to in-kernel servers. In the “migrating threads” model we used, the client's thread temporarily moves into the server's task for the duration of the call. In the “thread switching” model, an actual server thread is dispatched to handle client traps. https://bford.info/pub/os/datenpresse/ Sat, 01 Aug 1992 00:00:00 +0000 https://bford.info/pub/os/datenpresse/ Urban D. Mueller, Christian Schneider, and Bryan Ford AmigaPlus, August 1992. Article: unavailable online to my knowledge ☹️ https://bford.info/pub/lang/call-lists/ Wed, 01 Apr 1992 00:00:00 +0000 https://bford.info/pub/lang/call-lists/ “CallLists is a refreshing way to keep your interactive programs up to date.” Bryan Ford AmigaWorld Tech Journal Volume 2 Number 2, April 1992 Article: PDF https://bford.info/draft/async/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/async/ For another thing, I’m personally not a big believer in the practical value of the asynchronous model anyway. I know I’m at odds here with most people with a theory/algorithms background; reasonable people may differ. :) Almost every practical distributed system that ever actually gets deployed has timeouts and such buried in it here, there, everywhere. User-experience expectations are synchronous, not asynchronous: even if the underlying protocol is in principle perfectly capable of tolerating arbitrarily-long adversary-controlled propagation delays among honest nodes, the real users relying on the system are going to start complaining rather soon after the expected/normal amount of transaction time elapses. https://bford.info/pub/os/vx32/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/pub/os/vx32/ Vx32: Lightweight, User-level Sandboxing on the x86 Vx32: Lightweight, User-level Sandboxing on the x86 Bryan Ford and Russ Cox Massachusetts Institute of Technology {baford,rsc}@pdos.csail.mit.edu Abstract Code sandboxing is useful for many purposes, but most sandboxing techniques require kernel modifications, do not completely isolate guest code, or incur substantial performance costs. Vx32 is a multipurpose user-level sandbox that enables any application to load and safely execute one or more guest plug-ins, confining each guest to a system call API controlled by the host application and to a restricted memory region within the host’s address space. https://bford.info/pub/os/vxa/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/pub/os/vxa/ VXA: A Virtual Architecture for Durable Compressed Archives Bryan Ford Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology Abstract: Data compression algorithms change frequently, and obsolete decoders do not always run on new hardware and operating systems, threatening the long-term usability of content archived using those algorithms. Re-encoding content into new formats is cumbersome, and highly undesirable when lossy compression is involved. Processor architectures, in contrast, have remained comparatively stable over recent decades. https://bford.info/album/2005/0717-Aachen/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2005/0717-Aachen/ Aachen (Aix-la-Chapelle) July 17, 2005   From the quiet and privincial side streets of Aachen...     ...you wouldn't know that it was the capital of the Holy Roman Empire.       Inside Charlemagne's cathedral   The remains of Charlemagne's palace with the Rathaus glued onto it and the local pub nestled in the middle.    Angels and devils live side by side on the walls.   https://bford.info/album/AntelopeIsland.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/AntelopeIsland.html Antelope Island No, I have no idea what it was... The Attack (yeah - she started it!!!) The Duel... The Reconciliation https://bford.info/album/2005/0305-Avignon/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2005/0305-Avignon/ Avignon March 5, 2005   Place de l'Horloge         Place du Palais     Rocher de Doms   Pont Saint Bénezet   Rue des Teinturiers https://bford.info/album/2002/0527-BarHarbor/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2002/0527-BarHarbor/ Bar Harbor, Maine (Memorial Day Weekend, May 24-27, 2002) A hazy view of Bar Harbor from the top of Mount Desert. (Yep, that's really its name.) A lovely day at the beach. And lo, the prophet Zebadia went down to the sea, and he spake unto the multitudes, saying... Seek, and ye shall find; but beware the curious onlooker... ...for she may attack without warning; yea, even flirt! Well, it's not quite Hawaii, but hey, they've got lobsters! https://bford.info/album/2003/0527-Barcelona/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2003/0527-Barcelona/ Barcelona May 2003 My colleague Athicha and I spent a week early in the summer exploring Barcelona and other nearby attractions in Catalonia, Spain. Walking the narrow streets Barcelona's version of the Arc de Triomphe (every European city's gotta have one) Getting trampled by a thundering herd of green-capped kids A perfectly ordinary building... with flaming torches at night One of the famous Gaudí buildings A presumably not-so-famous famous " https://bford.info/album/2005/0820-Berlin/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2005/0820-Berlin/ Berlin August 19-22, 2005 Potsdamer Platz The Sony Center (Helmut Jahn, 1996-2000) The Berlin Philharmonic in Kulturforum Friedrichstrasse The job of a checkpoint guard just ain't what it used to be. Just garbage.   Brides' Day Out on Gendarmenmarkt Inside Galeries Lafayette (Jean Nouvel, 1993-96) Berlin Mitte The Reichstag overlooking the Tiergarten. (Original by Paul Wallot, 1884-94; renovations by Norman Foster, 1994-99) Marie-Elisabeth-Lüders-Haus on the River Spree (Stephan Braunfels, 1998-2004) https://bford.info/draft/beso/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/beso/ (or JBIN? or…?) BESO provides a generic representation for any JSON, using JSON Schema information to provide a compact binary encoding. Unlike schema-free binary encodings like BSON and CBOR, BESO encoding leverages the schema to optimize the encoded representation, for example by replacing object tags specified in the schema with small integers, by representing numbers in binary integer or floating-point forms, etc. BESO Generic does not modify the JSON Schema language at all. https://bford.info/album/2005/0709-Bonn/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2005/0709-Bonn/ Bonn July 9, 2005 The Botanical Garden         Rheinaue Freizeitpark This metal ball is actually a giant merry-go-round that can be rotated manually and even ridden. The kid was fascinated.   Blindengarten     Nightlife   https://bford.info/album/Family.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Family.html Bryan's Family My father, Robert E. Ford  My mother Karen My little brother Colby  The family cat, Carmen San Diego,  in her natural furball state.  https://bford.info/album/Home.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Home.html Bryan's Home I'm now a proud first-time homeowner of a wee little place in Cambridge, Massachusetts! It's the second-floor condo in this cute old-style building near Inman Square: Of course, indoor shots in a small place are really difficult without a good wide-angle lens, which I don't have unfortunately, but here are a couple pitiful attempts anyway... The Living Room.  That's my dad on the futon. The Kitchen.  Yep, that's a piano on the right. https://bford.info/album/2005/0723-Cologne/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2005/0723-Cologne/ Köln (Cologne, Germany - July 23, 2005) Soap bubbles in front of the cathedral! There was absolutely no one to be found in St. Maria-im-Kapitol. The locals seem to have a Lace Curtain Competition running... but this is where we actually found them. In the Rheingarten.   Watching the trains from Köln's Gothic cathedral.     Looking up and down. The Rathaus and its guardians. It was getting late... but the bubbles were still there. https://bford.info/draft/cmark/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/cmark/ Matchup? (matchertext markup) Some goals: Matchertext: rigorously nested, verbatim embeddable Quick and easy to type More concise than SGML-derived markup languages More uniform and systematic than Markdown or Latex Rendering to HTML, Latex Aware text editors are welcome to recognize and convert directives into Unicode when feasible: eg for character sequences, single/double quoted text, etc. Hyphen X [-] Optional line-breaking hyphen??? – – [–] En-dash or numeric range — — [—] Em-dash … … […] Ellipsis “…” Quoted string: quotes become left/right https://bford.info/draft/cmath/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/cmath/ Symbols Arithmetic Basic: Plus sign − [-] Minus sign × Multiplication ÷ [d] Division / ⁄ [/] Fraction slash Technical: ± [+-] Plus-minus sign ∕ [d/] Division slash ⋅ [.] Multiplication or dot product √ [root] Square root - or [2rt]? ∛ [3root] Cube root - or [3rt]? ∜ [4root] Fourth root - or [4rt]? ∞ [inf] Infinity ∶ [:] Ratio ∷ [::] Proportion sum ∑ [sum] Sum prod ∏ [prod] Product 𝔼 [expect] Expected value pi π [pi] Mathematical value pi (3. https://bford.info/draft/ctml/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/ctml/ CTML is simply an alternate character-level syntax for HTML. It otherwise closes closely to HTML (currently HTML5 in particular), and is designed to be easily convertible both to and from HTML. The main goal of CTML is to satisfy the CTS metasyntactic discipline, so that CTML can be readily composed with other CTL-compliant languages without escaping. Secondary goals are to be more concise, readable, and easily typeable than HTML, while keeping the syntax simple and readily cross-convertible with HTML. https://bford.info/draft/cts/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/cts/ XXX to be written. goal: composability. A valid CTs text inserted into another should remain a valid CTS text. Matched open/close punctuation pairs, which we call matchers. Basic principle: matchers must match. This dominates all other more specialized syntaxes. We could define a variant of CTS for any particular set of matchers we want; all the principles would be the same. But to avoid further confusion, would be best to have one “standardized” set of matchers. https://bford.info/draft/follow/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/follow/ Orthogonal concepts to be defined independently but worked together: identification (e.g., by content hash) of current version linkage of versions into a linear series, SkipChain, or TimeTree update authorization by one or quorum of identities authentication of identities (people or devices) eg by signing registration of updates on authoritative registry or registries checking of witnesses by threshold definition of unambiguous authoritative chain by timescale? – Version Identifier (VID) scheme: Intended to be a type of URI that you put into your source Web content (or other content) to represent a trackable object, whose VIDs can be upgraded automatically when the target changes. https://bford.info/draft/delimited-syntax/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/delimited-syntax/ or Composable Text/Binary Syntax (CTS/CBS)? Goals: Text format self-describing and human-readable Binary format for compactness and efficiency Either self-describing or schema-dependent Easy cross-conversion between text and binary formats Easy for schemas to define both text and binary equivalents at once Streamable: encoder can start sending long composites before knowing length Embeddable: for embeddability, see for example JSON Schema’s desire to be able to embed arbitrary non-JSON data with a MIME Media Type: https://json-schema. https://bford.info/draft/drand/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/drand/ “The coin to us is sacred.” - Thomas Shelby (Peaky Blinders) Public randomness – or “flipping coins” in some way so that anyone can see (and trust) the outcome – is fundamental to numerous social and technical processes. Besides gambling and lotteries (obviously), we need public randomness to choose a sample of some population fairly. The ancient Greeks used sortition, or selection by random lottery, to appoint political officials to office. https://bford.info/album/2007/0622-Dresden/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2007/0622-Dresden/ Dresden June 21-28, 2007 The City   Dresden's "Little Louvre" Museum     The old city (Altstadt)   Odd little artworks lurk in unexpected places     After a bit of rain   Sunset over the Elbe Hiking near Schmilka (On the Elbe, within sight of the Czech border.) A climber's paradise, looks like. Everything alive. TU-Dresden The fantastic, audaciously colored new computer science building at Technische Universität Dresden, https://bford.info/draft/cbe/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/cbe/ (Alternate names: Blobifer? Binframe? Framer? Framify? Framifer? Byteframe? Bnest? Bytenest? Binest? Cobyfr (Compact Byte Framing)?) An old problem in data format design is embedding an arbitrary variable-length byte sequence in a longer one, so that a decoder can tell unambiguously where the embedded string ends. This problem is ubiquitous in the design of machine-readable data formats, which often hierarchically compose large and complex data streams from sequences of nested substrings and strings using simpler encodings. https://bford.info/draft/mri/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/mri/ Uniform resource identifiers or URIs were a genuinely great idea and have rightfully become the ubiquitous way to name things on the Internet. As the basis of web addresses or URLs, they are human readable (to varying degrees), manually transcribable, cut-and-pasteable, and have proven incrementally extensible to a vast multitude of schemes. Their later extension to internationalized resource identifiers or IRIs allow people whose native language is not English to type, and view, non-ASCII Unicode characters in web addresses. https://bford.info/draft/xson/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/xson/ Goals: Consistent with and easily convertible to and from JSON Support syntactic and semantic extensions for expressiveness Incremental complexity growth: simple formats and schemas stay simple Baseline even more minimalistic than JSON (“minXSON”) All elements have both human-readable and compact binary representations The XSON header An XSON stream starts with xson[imports], where imports is a comma-separated list of syntax imports. These can be simple identifiers for extensions defined in this document, or may (how? https://bford.info/album/2006/0430-Flowers/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2006/0430-Flowers/ Flowers in Lausanne Spring 2006 https://bford.info/album/2004/0617-Geneva/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2004/0617-Geneva/ Geneva June-August 2004 Walking along Lake Geneva Farther along, at the Botanical Garden Landscapes and contemporary art along the Arve A geek trying to get work done in Geneva Paragliders jumping off Mont Salève Someone else getting ready to fly   Waiting for Mme de Quevedo Our last supper together https://bford.info/draft/jbs/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/jbs/ JBS allows the specification of customized binary representations via extensions to the JSON Schema language. (or JBIN? or BINSON?) XXX allow specifying BESO (or CBOR or …) as a default binary encoding XXX related: Katai Struct, The Next 700 Data Description Languages, binpac, IDRIS, etc. Variable-width unsigned integers When the scheme type is integer, an encoding property of unsigned indicates that values greater than or equal to zero are to be encoded in a variable-length binary representation: https://bford.info/album/Lagoon.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Lagoon.html Lagoon Our latest trip to the world-famous amusement park that attracts millions of people from around the world to Utah each year...  (NOT!) Actually, it's a pretty decent place, and happens to be nearby and not too crowded.     https://bford.info/album/2001/1021-LakeLouise/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2001/1021-LakeLouise/ Lake Louise October 21, 2001 These pictures are from a day hike I took with others in the PDOS group during the ACM Symposium on Operating System Principles, which was held this year at Chateau Lake Louise in Banff, Canada. The lake and the Fairmont Chateau Gettin' a little stormy out there... Lake Louise from higher up. Chuck and Benji take time out for a little baseball practice. The view from midway up the trail. https://bford.info/draft/mag/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/mag/ Interesting uses: Side-channel leak control: PURBs Indexing and counting for divide-and-conquer algorithms. Example: binary search (works) vs linear search (breaks quickly); quick/merge sorts (works) vs naive sorts (breaks); … Related: summary data for large-scale data for parallel processing Efficient memory allocation with fragmentation control Use next mag to bucket allocation units; allocation can scavenge and split a larger bucket and (proof?) remainder will also fall into a valid bucket (subtraction closure: mag minus a mag is a mag if no underflow) https://bford.info/album/2005/0304-Marseille/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2005/0304-Marseille/ Marseille March 3-5, 2005   Le Vieux Port       Jeu de Boules &nbsp Eglise St. Victor       The much older crypt below St. Victor La Corniche         Le Panier         https://bford.info/draft/maxml/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/maxml/ Goal: extend XML as conservatively as possible to provide basic support for matchertext hosting and embedding. Other than that, remain as consistent as possible with XML syntax. Hosting: matchertext content tags: <name attrs [matchertext]> matchertext attributes: attrname=[matchertext] matchertext sections: <![MDATA[matchertext]]> Embedding: new character entity syntax &o[]; &c{}; etc. https://bford.info/album/2002/0713-MidsummersEve/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2002/0713-MidsummersEve/ Midsummer's Eve at Zebediah's (July 13, 2002) Our gracious host industriously overseeing the preparations... Think we'll have enough firewood? Zeb is a master at constructing fun toys involving swinging or flying. Here's his latest: a zip line across his back yard! The neighborhood folk trio Full Cold Moon treated us to some great music during the afternoon. One of those rare occasions when I feel almost conservative in comparison with others. https://bford.info/album/Cats.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Cats.html My Cat, Willow I found Willow at a nearby shelter in February 2001, while I was out helping a friend look for a second cat.  My friend loved Willow too, but she's allergic to long-haired cats - so I decided then and there that I was ready for a companion of my own. :-)  Willow is as sweet as she is pretty. My Family's Cat, Carmen San Diego So named by Colby because when we first got her as a kitten she would constantly hide out in the most unimaginable places. https://bford.info/album/Opus99.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Opus99.html My trip to Opus '99 Five of us drove from Salt Lake City to Longview, Washington, stopping along the way at Multnomah Falls near Portland: from left, myself, Melissa, Jana, Kabe, and Steve.   Yeah, we made it!!! My very special friend Zarrin     My touch group going on a hike that turned out to be a lot more adventurous than we expected... Emmie, Elisha, Al, Zarrin, Jeff, Candace, and David. https://bford.info/album/2005/0801-Paris/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2005/0801-Paris/ Paris August 1-3, 2005 Le petit parisien (Jardin du Palais Royal)     Rue St. Jacques Parc Monceau Square Jean XXIII Quai d'Anjou   https://bford.info/album/2003/0624-Peterhof/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2003/0624-Peterhof/ Peterhof June 24, 2003     Marly Pond and Golden Hill Cascade Hermitage Palace Lion Fountain Pyramid Fountain Sheaf Fountain Sun Fountain Little Oak Fountain   Chessboard Hill Cascade       The Grand Cascade and Samson Fountain   The Grand Palace and Upper Gardens https://bford.info/album/Piano.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Piano.html My favorite hobby...     (at home)   (at church - yeah, that's a real piano!)   Alright, does anyone know what the Academy of St. Martin in the Fields is? https://bford.info/2016/11/13/info/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/2016/11/13/info/ Hillary Clinton’s electoral college defeat has provoked many questions about how so many Americans could have choosen a misogynistic, xenophobic, pathologically lying, authoritarian ideologue as their next President – and one of many targets of their blame is social media. Compounding its polarizing “echo chamber” effect, online discussions were tarnished with deliberate misinformation, including incorrect instructions on how to vote. But is the solution for social media companies like Facebook to ``do a better job’’ at curating the world’s content to suppress out false or hateful speech? https://bford.info/album/2006/1225-Rome/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2006/1225-Rome/ Rome December 21-26, 2006   In winter, still bathed in the sun... Wood-burning in the sun for an artistic ceremony celebrating the centenary of Samuel Beckett   A glimpse of ancient times   The grandeur of Catholicism   ...and its mystery   Over 2000 years of art expressed in marble   Italian pine trees, rivaling the architecture in elegance   Walking the streets in daylight...   ...at sunset...   . https://bford.info/album/Rwanda.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Rwanda.html Rwanda, 1984-1987     At home with my family at the  Adventist University of Central Africa (AUCA)   Hiking with my best friend Paulo     Hiking up to see the gorillas   Me (top left) and all the other foreign faculty kids  out for a day at the beach at Lake Kivu, Gisenyi The same gang (mostly) as a Pathfinder group Our cat, Mimosa       https://bford.info/album/2003/0621-StPetersbourg/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2003/0621-StPetersbourg/ St. Petersburg June 20-27, 2003       Palace Square   Kazan Cathedral     St. Isaac's Cathedral         White nights in the channels Peter and Paul Fortress Atlas holding up the New Hermitage The Strelka of Vasilievsky Island The Bronze Horseman Along the banks of the Neva   Lilacs in the Field of Mars   Church of Our Savior on Spilled Blood (!!!) On and off Nevsky Prospekt Little Holland St. https://bford.info/draft/sybil-minions/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/sybil-minions/ My preliminary analysis of proof-of-personhood designs that assign a mixture of human and Sybil identities into random groups for simultaneous verification - as in Pseudonym Pairs, Idena, or Encointer - works out a bit differently. In my model, the attacker works in rounds, taking the time needed to double the number of Sybil identities in each round and reach a new sustainable state, where the attacker collects enough basic income from Sybils to (more than) cover the minions he hires to keep them verified. https://bford.info/album/2002/1122-Korea/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2002/1122-Korea/ South Korea (November 22-December 9, 2002) First Weekend: Daegu Despite my jet lag, we managed to get out and see Donghwasa Temple in Mt. Palgongsan, just north of Daegu. Home to a huge standing Buddha in a courtyard built into the side of the mountain. A view from some of the hiking trails on Mt. Palgongsan near the temple. No, Buddhist monks aren't Nazis. It's a reverse swastika, so maybe they're the exact opposite. https://bford.info/album/2002/0601-Spring/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2002/0601-Spring/ Spring (June 1-8, 2002) Spring is not just a season, but also a wonderful yearly week-long campout in New Hampshire organized by some friends of mine! I was having too much fun there to remember to take many pictures, but here are a few. There should be more soon at the camp's official site. An amusing sight we just had to stop at on the trip up... The swimming hole at the camp: beautiful, skin-numbingly cold, and C. https://bford.info/album/2004/0601-StataCenter/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2004/0601-StataCenter/ The Stata Center Cambridge, MA - June 2004 This is the year MIT's new Stata Center, designed by Frank Gehry, was finally finished and ready for our lab (among others) to move into. Old Office First, a historical shot of me in our old digs in Tech Square, just before the move (courtesy of my colleague JinYang Li). Can you tell we've been in here a while? Stata Center Construction July 2001 - Just a huge hole in the ground. https://bford.info/album/Tornado.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Tornado.html "The Great Salt Lake City Tornado of '99" OK, so it was pretty wimpy as far as tornados go compared with those in other areas, but it was sort of a novelty here.  Unfortunately, I wasn't in the area when it hit, so I missed most of the fun; however, I did get in on some of the aftermath on the way home.  The tornado passed just to the east of my house, so we didn't get any damage at all (although our yard did catch a few pieces of some less fortunate houses). https://bford.info/album/Travels.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Travels.html Snapshots from some of my other travels... Snorkeling with Colby in my trusty PocoMan T-shirt during my latest trip to the Bay Islands, April 1998 Taking a rest after climbing the Schilthorn, Switzerland, October 1986 Feeding the swans with Aunt Arlene in Hallstatt, Austria, October 1986     Nairobi, Kenya, April 1986   Mombasa, Kenya, April 1986   Our dog Penny patiently tolerates my ceremoniously conferring Dad's Ph.D. tassle on her ear Loma Linda, CA, June 1982         When's the last time you took a bath this way? https://bford.info/album/Hawaii.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Hawaii.html Hawaii How many people are lucky enough to be offered a free trip for two to Hawaii for a couple days of easy work? :-) (Actually, I learned later that those couple days of easy work saved someone $40,000, so I guess maybe it was worth it... :) This was the first trip I've been on with my new 48MB flash card for my Kodak DC240 digital camera, and I went berserk! https://bford.info/album/Utah.html Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/Utah.html Travels in and around Utah     The whole family in Southern Utah    OK, Mom, just take the picture!!!    Colby's way of playing 'possum...      Sunny in a cave with Michael and Monty    Me, Sunny, Colby, and his pal... (can you find him?)  https://bford.info/album/2004/0116-Venice/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2004/0116-Venice/ Venice (January 13-23, 2004) The Official Excuse ... er, Reason I was presenting a paper at Principles of Programming Languages 2004, a programming language theory conference. It's not too often that I get to go to a conference in such a place! Here's the conference croud, geeking away under centuries-old Italian frescoes in the Auditorium Santa Margherita, Dorsoduro. I stayed at Palazzo Zenobio, an old Armenian palace near the auditorium. https://bford.info/album/2001/0506-Vermont/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2001/0506-Vermont/ Vermont May 6, 2001 A quick Sunday road trip with my friend Zarrin to see a few historic sites in New England. Old Bennington, Vermont The Old First Church in Old Bennington... ...where William Ellery Channing died and where Robert Frost is buried. Covered Bridges We hunted down three of the classic covered bridges in Vermont. Silk Road Bridge Henry Bridge Paper Mill Bridge Turned out we weren't the only ones touring the countryside. https://bford.info/album/2004/0626-Vienna/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2004/0626-Vienna/ Vienna June 2004 Wien, Wein, und Gesang Bespectacled Renaissance Backgammon Cow Franz-Hochedlingergasse Tramwaychik! Garden at the Hundertwasser House Belvedere "Last year at Belvedere" Smiling ladies Wienerwald On a wine-tasting trip to a Heurigen outside the city Vienna Nights St. Stephan Peterskirche St.Ruprecht Donner Brunnen Fountain Student nightlife on the Danube Canal A furniture store on Rotenturmstrasse https://bford.info/album/2006/0119-Villars/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/album/2006/0119-Villars/ Villars, Switzerland January 2006 https://bford.info/draft/vipcode/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/vipcode/ In this post I would like to introduce VIPcode, a library that encodes and decodes structured data specified by verifiable interface presentations or VIPs in the Go language. In brief, VIPs are presentations or mappings of an abstract wire-format interface into the concrete data types of a specific target language (in this case Go). While embodying all information needed to marshal and unmarshall complex data, VIPs may also be verified automatically for compliance with a language-neutral interface specification, such as a . https://bford.info/draft/xtax/ Mon, 01 Jan 0001 00:00:00 +0000 https://bford.info/draft/xtax/