So, this book that I have in my hand is a directory of everybody who had an email address in 1982. (Laughter) Actually, it's deceptively large. There's actually only about 20 people on each page, because we have the name, address and telephone number of every single person. And, in fact, everybody's listed twice, because it's sorted once by name and once by email address. Obviously a very small community. There were only two other Dannys on the Internet then. I knew them both. We didn't all know each other, but we all kind of trusted each other, and that basic feeling of trust permeated the whole network, and there was a real sense that we could depend on each other to do things.
嗯,我手上的這本書 是 1982 年所有電子信箱的 地址通訊錄。(笑聲) 實際上,它的大小是騙人的。 其中每頁根本就只有將近 20 人的資料, 因為那包含每個人的 人名、地址、 及電話號碼。 而實際上,每個人都出現了兩次, 因為一次是用人名排列, 而一次是用信箱位址排列。 很明顯是一個小族群。 當時的網路中只有另外兩個人也叫 Danny。 (和講者同名) 兩個人我都認識。 我們並不全然知道對方, 但是我們都一定程度地信任對方, 而這種基本的信任感, 瀰漫了整個網路世界, 進而存在一種真實的感覺, 彷彿我們可以仰賴彼此來做些事情。
So just to give you an idea of the level of trust in this community, let me tell you what it was like to register a domain name in the early days. Now, it just so happened that I got to register the third domain name on the Internet. So I could have anything I wanted other than bbn.com and symbolics.com. So I picked think.com, but then I thought, you know, there's a lot of really interesting names out there. Maybe I should register a few extras just in case. And then I thought, "Nah, that wouldn't be very nice."
為了讓各位對這種信任的程度有個概念, 讓我來告訴你們 在早些年代註冊一個網域名稱 是什麼樣子。 嗯,意外地我那時註冊的 是整個網際網路中 第三個網域名稱。 所以我可以用任何我喜歡的名字, 只要不是 bbn.com 或是 symbolics.com。 所以我選了 think.com,但是我又想, 你知道的,還有一堆有趣的名字可以用。 也許我可以多註冊幾個 以備哪天不時之須。 但最後我想:「算了,這樣不太好。」
(Laughter)
(笑聲)
That attitude of only taking what you need was really what everybody had on the network in those days, and in fact, it wasn't just the people on the network, but it was actually kind of built into the protocols of the Internet itself. So the basic idea of I.P., or Internet protocol, and the way that the -- the routing algorithm that used it, were fundamentally "from each according to their ability, to each according to their need." And so, if you had some extra bandwidth, you'd deliver a message for someone. If they had some extra bandwidth, they would deliver a message for you. You'd kind of depend on people to do that, and that was the building block. It was actually interesting that such a communist principle was the basis of a system developed during the Cold War by the Defense Department, but it obviously worked really well, and we all saw what happened with the Internet. It was incredibly successful.
這種須要多少拿多少 的態度 真的就是那年代的網路中 每個人心中所想的, 而事實上,並不只有人這麼想, 實際上這想法也建立到網路本身 的通訊協定中。 所以 I.P.,或是所謂的網路協定, 的基本概念, 還有它基於這協定的路由演算法, (譯註:即決定由哪臺電腦接手傳輸的演算法。) 基本上就是「盡其所能, 各取所需。」 所以,如果你有多的頻寬, 你會幫別人傳些訊息。 而如果他們有多的頻寬, 他們也會幫你傳遞訊息。 一定程度上你必須依賴人們這麼做, 而這是網際網路的構成要素。 很有趣的是,這樣一種 共產主義的原則 是冷戰時期國防部所開發的一個系統, 它的基礎, 是冷戰時期國防部所開發的一個系統, 它的基礎, 但很明顯地它運作得非常好, 而我們都見證了網際網路的發展。 簡直是不可思議地成功。
In fact, it was so successful that there's no way that these days you could make a book like this. My rough calculation is it would be about 25 miles thick. But, of course, you couldn't do it, because we don't know the names of all the people with Internet or email addresses, and even if we did know their names, I'm pretty sure that they would not want their name, address and telephone number published to everyone.
事實上,網際網路實在太成功, 以致於你不可能 在現代做出這麼薄的通訊錄。 我粗略估計那會有 25 哩長。 但當然地,你不可能完成它, 因為我們不知道所有 網路或電子信箱擁有者的名字, 因為我們不知道所有 網路或電子信箱擁有者的名字, 而即使我們知道了名字, 我很確定大家並不希望他們的名字、 信箱、以及電話號碼 被公開。
So the fact is that there's a lot of bad guys on the Internet these days, and so we dealt with that by making walled communities, secure subnetworks, VPNs, little things that aren't really the Internet but are made out of the same building blocks, but we're still basically building it out of those same building blocks with those same assumptions of trust. And that means that it's vulnerable to certain kinds of mistakes that can happen, or certain kinds of deliberate attacks, but even the mistakes can be bad.
所以結果就是現今的網路中 有許多壞人, 因此我們藉由許多機制來面對, 這包含: 有防火牆的社群、 安全子網路、虛擬私人網路, 一些小方法, 它們並不真的是網際網路 卻都建構於 先前所提的構成要素, 但我們基本上還是用那些構成要素, 以及那些信任感的前提, 來建構網路。 而這表示當面對 某些可能發生的錯誤, 或是某些蓄意的攻擊時, 它是脆弱的, 但只是錯誤也可以變得很糟糕。
So, for instance, in all of Asia recently, it was impossible to get YouTube for a little while because Pakistan made some mistakes in how it was censoring YouTube in its internal network. They didn't intend to screw up Asia, but they did because of the way that the protocols work. Another example that may have affected many of you in this audience is, you may remember a couple of years ago, all the planes west of the Mississippi were grounded because a single routing card in Salt Lake City had a bug in it. Now, you don't really think that our airplane system depends on the Internet, and in some sense it doesn't. I'll come back to that later. But the fact is that people couldn't take off because something was going wrong on the Internet, and the router card was down.
所以,舉例來說, 最近在整個亞洲, 使用 YouTube 是幾乎不可能的, 因為巴基斯坦在為內部網路 審查 YouTube 時 發生了些錯誤。 他們並不希望把亞洲網路搞亂, 但是他們還做了, 這歸咎於網路協定的運作方式。 另一個可能影響在座於多人的是, 你可能記得幾年之前, 所有密西西比河以西的飛機 都停飛了, 因為一塊鹽湖城的路由卡中 有一個小錯誤。 現在,你並不真的認為 我們的飛航系統必須仰賴網路, 而某些角度來說並不是的。 我等等再回來談這個。 但事實就是人們沒辦法讓飛機起飛, 因為網路出了錯, 而那張路由卡停止運作。
And so, there are many of those things that start to happen. Now, there was an interesting thing that happened last April. All of a sudden, a very large percentage of the traffic on the whole Internet, including a lot of the traffic between U.S. military installations, started getting re-routed through China. So for a few hours, it all passed through China. Now, China Telecom says it was just an honest mistake, and it is actually possible that it was, the way things work, but certainly somebody could make a dishonest mistake of that sort if they wanted to, and it shows you how vulnerable the system is even to mistakes. Imagine how vulnerable the system is to deliberate attacks.
因此,許多這類的事情開始發生。 嗯,有件有趣的事發生在去年四月。 剎那之間, 非常大量的流量,佔滿整個網際網路, 還包含了美國軍方各裝置間的網路, 並開始重新導向到中國。 所以有幾個小時,這流量在中國流通。 而現在,中國電信說那只是一個純然的錯誤, 而那的確也有可能,由於網路的運作方式, 但是無礙地,有人可以做出 蓄意的那類錯誤,只要他們願意, 而這告訴你整個系統即使對於錯誤, 是多麼脆弱。 再想想面對蓄意攻擊時, 會有多脆弱。
So if somebody really wanted to attack the United States or Western civilization these days, they're not going to do it with tanks. That will not succeed. What they'll probably do is something very much like the attack that happened on the Iranian nuclear facility. Nobody has claimed credit for that. There was basically a factory of industrial machines. It didn't think of itself as being on the Internet. It thought of itself as being disconnected from the Internet, but it was possible for somebody to smuggle a USB drive in there, or something like that, and software got in there that causes the centrifuges, in that case, to actually destroy themselves. Now that same kind of software could destroy an oil refinery or a pharmaceutical factory or a semiconductor plant. And so there's a lot of -- I'm sure you've read a lot in papers, about worries about cyberattacks and defenses against those.
如果近期真的有人想要攻擊美國、 或是西方文明, 他們並不會用訴諸坦克。 那將不會成功。 他們可能做的是某些 和伊朗核能裝置攻擊事件 非常類似的攻擊。 和依朗核能裝置攻擊事件 非常類似的攻擊。 沒人承認做了這件事。 基本上就是有一個工廠的工業機械。 沒人覺得它們會連在網路上。 大家認為機器是和網際網路沒有通連的, 但很有可能某人偷偷帶了 一個 USB 到那裡,或是類似的東西, 而軟體得以侵入並造成廠房離心機 ,在這個例子裡,自我破壞。 而同一類的軟體也可以破壞石油精煉場、 或是製藥場、或是半導體工廠。 因此有很多,我相信你們在文獻中看到很多, 關於網路攻擊的擔心、 或是如何去防衛。
But the fact is, people are mostly focused on defending the computers on the Internet, and there's been surprisingly little attention to defending the Internet itself as a communications medium. And I think we probably do need to pay some more attention to that, because it's actually kind of fragile. So actually, in the early days, back when it was the ARPANET, there were actually times -- there was a particular time it failed completely because one single message processor actually got a bug in it. And the way the Internet works is the routers are basically exchanging information about how they can get messages to places, and this one processor, because of a broken card, decided it could actually get a message to some place in negative time. So, in other words, it claimed it could deliver a message before you sent it. So of course, the fastest way to get a message anywhere was to send it to this guy, who would send it back in time and get it there super early, so every message in the Internet started getting switched through this one node, and of course that clogged everything up. Everything started breaking. The interesting thing was, though, that the sysadmins were able to fix it, but they had to basically turn every single thing on the Internet off. Now, of course you couldn't do that today. I mean, everything off, it's like the service call you get from the cable company, except for the whole world.
但事實上,人們主要關注於 防衛有連上網的電腦, 而只有少到令人訝異的心力 是用於防衛 當作通訊媒介的網路本身。 而我認為我們可能真的須要 更加關注這件事,因為 網路確實有些脆弱。 所以,事實上,前些日子, 回到 ARPANET 的時代, (譯註:ARPANET 為美國網際網路的前身。) 實際上有好幾次,其中還有一次網路完全停擺, 就因為一個訊息處理器 有些內部錯誤。 而網路運作的方式是 不同路由器基本上會交換資訊, 這資訊是關於 如何將訊息傳到目的地, 而這一個出錯的處理器, 因為一張損壞的電路板 而決定它會在一個時間為負數的時刻 來傳遞訊息。 所以,也就是說,它宣聲它可以 在你傳出訊息前就把訊息傳出去。 當然地,最快傳播訊息的方法 就是把訊息傳給這個人, 他可以準時回傳訊息並在 「超早」的時間點送達訊息, 所以網路上的每個訊息 漸漸開始想藉由這個節點 來交換訊息, 而當然網路就塞爆了。 所有通路開始攤瘓。 而儘管如此,有趣的是 系統管理員是有辦法修正這個錯誤的, 但他們基本上必須暫停 網路上每一個傳輸任務。 嗯,當然,在今日你不可能這麼做。 我的意思是,暫停每個傳輸任務 就像是 整個世界裡你只接得到 電纜公司的服務電話一般。
Now, in fact, they couldn't do it for a lot of reasons today. One of the reasons is a lot of their telephones use IP protocol and use things like Skype and so on that go through the Internet right now, and so in fact we're becoming dependent on it for more and more different things, like when you take off from LAX, you're really not thinking you're using the Internet. When you pump gas, you really don't think you're using the Internet. What's happening increasingly, though, is these systems are beginning to use the Internet. Most of them aren't based on the Internet yet, but they're starting to use the Internet for service functions, for administrative functions, and so if you take something like the cell phone system, which is still relatively independent of the Internet for the most part, Internet pieces are beginning to sneak into it in terms of some of the control and administrative functions, and it's so tempting to use these same building blocks because they work so well, they're cheap, they're repeated, and so on. So all of our systems, more and more, are starting to use the same technology and starting to depend on this technology. And so even a modern rocket ship these days actually uses Internet protocol to talk from one end of the rocket ship to the other. That's crazy. It was never designed to do things like that.
實際上,今日的社會裡, 他們還有很多原因不能這麼做。 其中一個原因是許多人的電話 是使用 IP 協定並使用 Skype 之類的軟體, 而這些軟體是藉由網路傳輸訊息的, 所以我們開始在愈來愈多的事務上, 漸漸和網路分不開, 就像是當你從洛山機國際機場起飛, 你不會認為你正在使用網路。 當你在加油時,你更不認為你用有到網路。 然而這些系統中,正加速發生的 就是開始使用網路的這個事實。 它們大部份還沒架構於網路之上, 但他們正開始將網路用於 各種服務、 以及管理功能, 所以如果你以手機系統, 這種多數時候還與網路較無關聯的事物為例, 所以如果你以手機系統, 這種多數時候還與網路較無關聯的事物為例, 網路已經開始 由某些控制及管理等功能 潛入其中, 而使用同樣的建構要素, 是那麼誘人, 因為它們運作得很理想,它們便宜, 他們可以重覆利用,等等。 所以我們所有的系統,愈來愈多, 開始使用這同一項科技 且開始依賴這項科技。 因此就算是現代的火箭 實際上也使用網際網路來做 兩火箭之間的通訊。 這很瘋狂。網路並不是為了這個設計的。
So we've built this system where we understand all the parts of it, but we're using it in a very, very different way than we expected to use it, and it's gotten a very, very different scale than it was designed for. And in fact, nobody really exactly understands all the things it's being used for right now. It's turning into one of these big emergent systems like the financial system, where we've designed all the parts but nobody really exactly understands how it operates and all the little details of it and what kinds of emergent behaviors it can have. And so if you hear an expert talking about the Internet and saying it can do this, or it does do this, or it will do that, you should treat it with the same skepticism that you might treat the comments of an economist about the economy or a weatherman about the weather, or something like that. They have an informed opinion, but it's changing so quickly that even the experts don't know exactly what's going on. So if you see one of these maps of the Internet, it's just somebody's guess. Nobody really knows what the Internet is right now because it's different than it was an hour ago. It's constantly changing. It's constantly reconfiguring.
所以我們已經建構這個系統, 在這系統中我們了解每一個部份, 但我們使用的方法 完完全全超出我們預設的模式, 而它已經到了和一個原本設計 非常非常不一樣的境界。 而它已經到了和一個原本設計 非常非常不一樣的境界。 而實際上,沒有人真正完全了解 現今用到的所有網路科技。 它已經變成眾多巨大不穩定系統 的其中之一, 好比說是經濟體系,我們設計了它的每一個部份 但是根本沒有人完全了解 它怎麼運作、 它的所有小細節、 以及可能會有什麼意外事故。 因此如果你聽到一個專家在談論網路 並聲稱它可以做這事、或是它確實做了這事、 又或者它將可以做這事, 你應該要抱持同樣的懷疑, 就是那種面對經濟專家談論經濟時 會有的懷疑 或是面對預報員報氣象時的懷疑, 或是類似的事。 他們有有根據的主張, 但它瞬息萬變,即使是專家學者 也不完全了解全盤的運作。 所以如果你見到一些網路地圖, 那不過是某人的猜測而已。 沒人真的知道現在的網路是什麼樣子 因為它和一小時之前的樣子 就已經不一樣了。 它持續地改變中。 也持續地改變設定。
And the problem with it is, I think we are setting ourselves up for a kind of disaster like the disaster we had in the financial system, where we take a system that's basically built on trust, was basically built for a smaller-scale system, and we've kind of expanded it way beyond the limits of how it was meant to operate. And so right now, I think it's literally true that we don't know what the consequences of an effective denial-of-service attack on the Internet would be, and whatever it would be is going to be worse next year, and worse next year, and so on.
而問題是, 我想我們正在把自己置於災難之中 就像是我們在經濟體系裡面臨的災難一般, 那也是一個類似的系統, 它基本上建構於信任之上、 它基本上也是為小規模的系統而建立、 而我們同樣有點把它擴張 並超過 它原先預定運作的極限。 所以現在,我想它是對的, 就是說我們並不知道 當網路遇到 有效的阻斷服務攻擊時 會是什麼樣子, 而不論怎樣的結果 都將會一年 比一年更糟。
But so what we need is a plan B. There is no plan B right now. There's no clear backup system that we've very carefully kept to be independent of the Internet, made out of completely different sets of building blocks. So what we need is something that doesn't necessarily have to have the performance of the Internet, but the police department has to be able to call up the fire department even without the Internet, or the hospitals have to order fuel oil. This doesn't need to be a multi-billion-dollar government project. It's actually relatively simple to do, technically, because it can use existing fibers that are in the ground, existing wireless infrastructure. It's basically a matter of deciding to do it.
所以我們須要 B 計劃。 現今並沒有這項替代計劃。 也沒有明顯的備援系統, 讓我們得以小心地 避免對網路的依賴, 就是那個已經和原本建構理念 完全不一樣的網路系統。 所以我們所須要的是 某種不見得須要網路、 而警察局得以在沒有網路的情況下 也可以和消防局通聯、 且醫院也可以訂購燃油。 這並不須要一個 數十億美元的政府計劃。 這實際上是相對來說簡單的, 技術上來說, 因為可以利用 現有那些埋在地裡的光纖、 現有的無線網路設施。 這基本上只是 有沒有決心要做的問題。
But people won't decide to do it until they recognize the need for it, and that's the problem that we have right now. So there's been plenty of people, plenty of us have been quietly arguing that we should have this independent system for years, but it's very hard to get people focused on plan B when plan A seems to be working so well.
但人們在體認到對這計劃的需求前, 根本不會下定決心去做, 而這才是我們現在所面臨的問題。 所以有一群人、 一群我們的伙伴 已經默默地主張 「我們應該要有有獨立的系統」許多年, 但要人們專注於 B 計劃是非常困難的, 尤其是當 A 計劃看起來是這麼完美的情況下。
So I think that, if people understand how much we're starting to depend on the Internet, and how vulnerable it is, we could get focused on just wanting this other system to exist, and I think if enough people say, "Yeah, I would like to use it, I'd like to have such a system," then it will get built. It's not that hard a problem. It could definitely be done by people in this room.
所以我在想,如果人們能理解 我們對網路的依賴有多深、 以及網路有多脆弱, 我們就可以專注於 對其它系統存在的渴望, 而我想如果有足夠的人說: 「對,我想要使用它, 我想要有這樣的一個系統。」那它就會實現。 這不是那麼困難的問題。 這當然可以靠在座的各位來完成。
And so I think that this is actually, of all the problems you're going to hear about at the conference, this is probably one of the very easiest to fix. So I'm happy to get a chance to tell you about it.
所以我想這實際上, 在所有你在這次會議會聽到的議題之中, 這也許是最容易解決的一個。 所以我很高興有這個機會來告訴你們。
Thank you very much.
謝謝。
(Applause)
(掌聲)