Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Nov 26 10:12:44 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.14.1/8.14.1) with ESMTP id mAQICiLY027287 for ; Wed, 26 Nov 2008 10:12:44 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.14.2/8.14.1) with ESMTP id mAQIBfoX026368 for ; Wed, 26 Nov 2008 10:11:41 -0800 Message-Id: <200811261811.mAQIBfoX026368@bourbon.usc.edu> To: cs551@merlot.usc.edu Subject: Re: a little long email Date: Wed, 26 Nov 2008 10:11:41 -0800 From: Bill Cheng Someone wrote: > [1] [Fri, 14 Nov 2008 13:02:17] > Correct! This is mainly for grading purpose! If you flood a delete > with an invalid password, nodes should not delete the corresponding > file. > > [2] [Fri, 21 Nov 2008 13:42:52] > No. If you do not have a file that matches the FileName, you cannot > even verify that the SHA1 you have entered is correct. So, don't need > to prompt. Although you should print an error message because it may > be just a typo. > > [3] [Tue, 25 Nov 2008 11:49:17] > One important feature of the SERVANT network is that it provides > anonymity. It's not just about you cannot know who initiate a STORE > or who initiated a GET. > > [4] [Tue, 25 Nov 2008 22:34:56] > If there is no such file that matches FileName, SHA1, *and* Nonce, > then you should not prompt and just tell the user that there is no > such file on this node. > > We are doing this whole random-password thing for grading purpose. In > which case if there is no password information for a file on the node > where a delete was issued there is no way that file will ever be > deleted based on any random password. ( I remember you had announced a > prize for someone who finds sha1 collisions). According to point [3] > it is not difficult to prove that a certain node has no knowledge of > the files that may be present elsewhere in the network. This makes it > more difficult to argue that a delete command for a certain file > abcd.xyz on a certain node will be a "TYPO" just because IT does not > have this file. That file may be present on some other node and by not > sending a delete message we do not give it a fair chance to try out > the random password. If point [1] is valid for grading purposes then > we SHOULD ask for a random password in EVERY other case that we do not > have a matching fname,sha1,nonce. > > Bottom line is, we have to be fair to every node at trying out a > random password (sounds like our academic integrity policy) and since > we cannot say which file is where we have to ALWAYS ask a random > password when we have no hit and cannot assume that a filename or sha1 > will be a typo just because you don't have that file. > > I think there was no bug in the earlier grading guidelines. I agree with what you've said. The main reason I changed the grading guidelines was that I was inconsistent. Being inconsistent caused a "bug in the grading guidelines" because it did not match what I was talling everyone. Now you are pointing out that by changing the grading guidelines, I'm being inconsistent again! I think you are right. So, I've just changed the grading guidelines so that both cases are allowed! I splitted the +2 points between (A.1.a) and (A.2.a). In (A.1.a), the Nonce was wrong. So, you can either print an error message and not prompt; or, you can prompt the user for a random password. In (A.2.a), FileName, SHA1, and Nonce are all correct, but the node does not have the password. Therefore, you must prompt the user for a random password. Sorry about the confusion! -- Bill Cheng // bill.cheng@usc.edu