Slashdot Mirror

And the tarball (the bigger one, about 129 KB, it has get_iplayer & get_iplayer.cgi added) is also on Bitzi with its various hashes (SHA1, ed2k). Kind of a Streisand effect?

There are successful reputation systems out there. For instance, Credence can avoid Gnutella spam. They have a cool algo for detecting when a group of fake users all rate the same bogus files up. Wish this sort of thing was more widely deployed. Bitzi is the dumb version of the same idea, but never worked for me.

The name you're looking for is bitzi ticket.

Hasnt Bitzi been doing this for years? The major pain about Bitzi thought is that people are too lazy to comment on good files, its only when they get VISTA's ;) that they comment.

FYI, Virii/Infections/Spyware/Trojans/Adware

How is this any better than Bitzi and its Bitprints, which are already built into popular Gnutella servents like BearShare?

"Our client provides a peer-based judgement that a given object will possess the properties with which it is labeled and enables users to evaluate search results for authenticity before downloading."

Sounds exactly like Bitzi to me...

"Many peer-to-peer reputation schemes have been proposed in academia. Credence is the first practical implementation of a peer-to-peer reputation scheme."

I don't think so.

All that does is block bad IPs. That won't do squat if you're downloading and running an application with malware inside. The real solution is to use something like bitzi which lets you check if a given file/app you are downoading is known to have "issues."

Libby Hoeler Part 3 - Hot College Freshman Masturbates.mpeg

Regarding the "catalog [of] every human creation in existence that can be expressed by a digital medium" -- there's already an open source, open data collaborative project to build that: Bitzi, "the free universal media catalog."

It uses MFC, which is fine for Windows apps, but makes it a poor candidate for cross-platform.

But now at least it can be ported to wxWidgets and turned into a cross-platform application.

Can anyone tell me what half decent, file sharing apps there are that use one of these cross-platform widget sets?

Not one of those you mentioned - but at least one P2P program (Limewire) is written in Java and simply runs cross-platform anyway. For the others... well take a look for yourself over on Bitzi.

The old saying 1% inspiration, 99% perspiration is true in this case. I think a lot of people have had this idea, but it takes a lot of work. For example, in the very first post on Slashdot about Gnutella, two separate people had the idea that hashes (both mentioned the CRC hash) would be a good idea to implement on the network. Which indeed it was, but it would take quite a while before any client implemented hashing (SHA1 in Gnutella's case), and then there is the question of how much time it takes to get into other clients and be in the majority of responses in the network. In fact, someone mentioned that tigertree made an even better hash than SHA1 and people want to begin implementing that as the next generation Gnutella hash now. No idea how long that will take. The point is that people obviously had the idea for hashing immediately, but it was quite a while before one saw query responses (or "hits") with hashes, and a while after that before it became commonplace for a query hit.

Actually I'll go a little more into the hashing - you mention one attack, here's another. Gnutella currently only hashes the whole file afterward, if you know of a good hash (say through Bitzi), you won't know if the file is good or bad until afterwards. So if you are downloading a file from three sources, and one of them is bad, it will corrupt the file. That's why tigertree is a solution - you can hash any portion of the file and see if it's good or not.

Anyhow, regarding meta information and so forth - a lot of it has been centralized on web sites. Edonkey, Kazaa (which is more clunky) and Gnutella all have hash web sites. Actually, the Edonkey hash web sites have been going under left and right in the past months due to receiving legal letters. After all, that's all Napster was right, a centralized store of meta information about files? The meta-information needs to be distributed more. People need to be able to rate files and then sign their rating, then maybe there can be key rings where people sign that they trust this person or moderate this or that.

It can be done, some of it being trial and error I'm sure. But it takes a lot of work. I am a really crappy C programmer, but I wrote a Gnutella servent (server/client) that can connect to Gnutella, search for a file and download it. I just knocked a lot of bugs out of it and once I'm sure all of the bugs are gone I will add the features of allowing incoming connections as well as sharing files. After I get all the basic features, and the ones needed for running on the modern Gnutella network, I will begin working on hashing, trust and that sort of thing.

If I were a better developer I would contribute to one of the existing free software projects that ran on an open p2p protocol. But I am not, and barely know C, let alone C++, C#, Java and Python. I don't want my crappy programming skill to bring down another client, for now it's limited to my client. Anyhow, eventually I think we'll see a system like this. It take a lot of labor-time though - you mut learn a programming language, and then you have to program, dealing with sockets, threads, user interfaces and that sort of thing along the way.

I don't care about warez too much one way or the other, but I would like people to feel safe downloading software that no so-called authority has unauthorized download of.

One solution of sorts is all of the major p2p programs have hashes for different files (the best being tigertree hashes). So all you need then is have a group with a good reputation give a list of hashes and then PGP sign it or whatnot. There are web sites like Bitzi that list hashes for a file in the different hash formats (Gnutella, Kazaa, EDonkey), along with user comments and the like. So there are definitely mechanisms where you can easily get a hash to compare the files against the OK of a trusted person or group, be the software "authorized" or "unauthorized".

Um... you need to try Shareaza. It's currently the king of P2P clients (but Windows only):

* Swarming - Yes.
* Privacy/anonymity - No (you're going to make performance sacrifices if you do that).
* Good searching - Yes.
* Open-source - No.
* No ads/spyware - Yes. No adds, no spyware.
* Decentralized/self-organizing networks - Yes.
* Browser/web server hooks - Yes. They're 'magnet:' links.

So close.

Anyway, there's a list of the bleeding-edge P2P applications over on Bitzi. My favorite (besides Shareaza) would have to be Mutella simply because it's open source, cross platform - and has an absolutely badass logo. The UI being command-line based also means I can easily search and download files via a SSH shell (and the screen utility) when I'm not at home. But it doesn't have swarming or support 'magnet:' links, so it's kind of limited at the moment.

If you want "infiltration" of other P2P networks, what about Shareaza (Windows only).

It supports Gnutella 2 (& file swarming), Gnutella 1, EDonkey 2k networks, has BitTorrent support - plus it understands "magnet://" and "ed2k://" web links to P2P content (more about those standards here). It contains absolutely no spyware and is one of the best-written apps I've ever used.

For file sharing, you don't need anything else.

you choose

Congrats Gojomo!

This project was written by the brains behind bitzi and some really cool P2P stuff.

He's one of those guys thats going to be working on important stuff for years to come.

Wrong.

You just don't know how to use p2p effectively. What most people learn to do is combine p2p with a trustable source (of file "fingerprints"). You've never really been able to trust random search results. e.g. Searching for "paris hilton sex tape" turns up a LOT of renamed fakes, unless you know who to trust for verified file hashes.

Now, eventually trust networks will be built into the p2p protocols, but until then there are central and not-so-central websites that serve as very trustworthy indexes of p2p content.

A few of the more popular ones:

• BitTorrent: NovaSearch, torrentlinks
• eDonkey: ShareReactor, FileNexus
• Kazaa: FastTrackmovies -CLOSED - never really used kazaa much myself.
• Gnutella: Bitzi

--

Might look Here as well.

Parents who give their children unrestricted access to $2000 worth of anything (like, say, a computer with internet access) are idiots.

Problem: Some vehicles are used to transport illegal drugs.

Your solution: THINK OF TEH CHILDREN!!! NOBODY SHOULD BE ALLOWED TO DRIVE A CAR.

The P2P networks are a communications medium, based on the idea that there are routes from each user to everyone else on the internet. Everything - email, games, web, ftp, P2P - uses this mechanism. You can't arbitrarily stop a particular type of traffic or you'll break the internet. Saying that all P2P networks are filthy because they're used for child porn and then rambling on about beacons is about as stupid as saying:

YOU'RE USING THE INTERNET AT THE SAME TIME AS CHILD PORNOGRAPHERS!! EEEEWWWW!!

I don't doubt that illicit material is out there. However, P2P networks still aren't anonymous and it's easy to track down who is sharing any particular files. The RIAA managed to find and attempt to prosecute hundreds of music sharers. Their attempt failed because nobody cares for the RIAA given their bullying attitude. People certainly DO care about the children being abused because of porn, and I think there's no problem with the public wanting child pornographers prosecuted. However, linking sharing music and sharing kiddie porn is a crass, stupid and blatantly self-serving move.

(Besides: The music industry's been pushing ever younger stars, get their singers to show more skin, stage fake lesbian kisses on MTV for the sake of ratings, been accused and convicted of price fixing - and *THEY* want to take the moral high ground? [no offense to any lesbians, I just find MTV's sexual exploitation to be slimy])

The P2P networks do have many legitimate uses. In the future I will be pushing for my company to make promotional material (including demos and several hundred MB of example movies) officially released using P2P. Probably with BitTorrent, but maybe also Gnutella2 via "magnet://[checksum]" links (because I think linking the web and P2P in such as way is a fantastic idea). This should help relieve some of our bandwidth costs and allow users to still be get to the content while our conventional FTP servers are full.

You can use Bitcollider instead. It allows you to make lookups to a database using the hash of a file. (Several different hashes are available.) You can also make comments on the file regarding quality and descriptions, which are then available online.

But how do you get illegal MD5 check sums with out possesing the files?

Not a problem. When you do a search on the file sharing network, the responses tell you what the hash is. This is used for 1) error checking, and 2) so that you can download from multiple sources (that have the same hash) simultaneously, secure in the knowledge that all the pieces will fit back together into a single file that replicates the original Or just go somewhere that has a library of hashes, like Bitzi or Sharereactor and collect hashes there.

Well, you can download it on Gnutella2 (using Shareaza) here. A torrent for this small file is kind of a waste.

waste-setup.exe waste-setup.exe
waste-source.tar.gz waste-source.tar.gz
waste-source.zip waste-source.zip

waste-setup.exe waste-setup.exe
waste-source.tar.gz waste-source.tar.gz
waste-source.zip waste-source.zip

waste-setup.exe waste-setup.exe
waste-source.tar.gz waste-source.tar.gz
waste-source.zip waste-source.zip

Look on Bitzi (a searchable P2P index).

I noticed that the movie was available a week before the official release, but at the time I was only looking for the soundtrack (which I have since purchased after listening to).

There's also Bitzi.

Suppose for example that new p2p networks use a weighted reputation system where individual content files can be rated by the users of the network.

Visit Bitzi.com.

Search for the file you're looking for. View the ratings people have given files, click on the 'magnet://' link for the file you want.

The 'magnet://' link (actually a crytographic hash) opens in Shareaza (see Shareaza.com for the excellent Windows client, bitzi lists a few other clients for other platforms), finds the exact file you're looking for (or waits and keeps searching every now and then if it's not available) and downloads the file.

When downloading (while simultaneously uploading to your peers in a swarming fashion - just like BitTorrent), Shareaza uses cryptographic hashes to make sure the download you asked for comes through intact, uncorrupted, complete and exactly the right file you asked for.

Ta-Da! Problem solved and you never have to bitch about P2P networks again.

I got a copy of it thanks to the earlier article; there's a bitzi ticket for it.

Only problem is they don't have a plug-in for Kazaa, which has by far the most content.

Quicktime:
4.8 meg, 320x180: bitzi
11.6 meg, 428x240: bitzi

I'd provide eDonkey or Gnutella links but the links get broken here.

Quicktime:
4.8 meg, 320x180: bitzi
11.6 meg, 428x240: bitzi

I'd provide eDonkey or Gnutella links but the links get broken here.

Do you want suggestions? It would be nice to point toward alternate sources... You could post a mirror, or post some bitzi tickets for those episodes.

We've also poisoned your P2P services, so you can't download music either. It's all static.

Not if + and - ratings are associated with each encoded file's hash. That's a bit harder to poison.

Slashdot seems extremely bad at magnet links, so:

Sharelive

or

Bitzi.com

Oh cool. This helped me verify that I got the right file from a mirror mentioned here. There's now a Bitzi ticket with a working link for eDonkey, plus Gnutella & Kazaa links.

Here are the bitzi tickets for the largest version and its zipped version. This is good for Kazaa (with sig2dat), Shareaza, Limewire, and eDonkey stuff.

Here are the bitzi tickets for the largest version and its zipped version. This is good for Kazaa (with sig2dat), Shareaza, Limewire, and eDonkey stuff.

Kazaa goes by the first 300k, IIRC. If you've got another P2P system, check the bitzi pages for 120-241.mpeg (11.4MB) and 245.mpeg (8.1MB) for the files if necessary. It looks like the main site is still working, after all.

Kazaa goes by the first 300k, IIRC. If you've got another P2P system, check the bitzi pages for 120-241.mpeg (11.4MB) and 245.mpeg (8.1MB) for the files if necessary. It looks like the main site is still working, after all.

The Open Directory License, used by dmoz isn't a copyleft but was authored roughly for "DB data". At Bitzi we use the similar OpenBits License. One could also choose a Creative Commons license. Or maybe the GNU Free Documentation License. Also see the FSF's licenses page. I wouldn't get enthusiastic about any community contributed data project until license issues are clarified.

What about a catalog w/ digital signatures like Bitzi? It allows files to be found on p2p networks but does not require your application to interface with them directly.

Also, you forgot the first and biggest site with MAGNET links. Still, an excellent tutorial, thanks for writing it!

Here are some Bitzi tickets, with information on getting those files via Kazaa, Gnutella, and eDonkey: small, medium, and large. The md5sums I have:
c8c87e303453c8ef9d7215f41e67b55f animatrixlgfinal_dl.mov
446364e1c337cd0ddbb33fa11 0ce5d91 animatrixmedfinal_dl.mov
2aeb9a06a808788a304993e9 57474108 animatrixsmfinal_dl.mov

Here are some Bitzi tickets, with information on getting those files via Kazaa, Gnutella, and eDonkey: small, medium, and large. The md5sums I have:
c8c87e303453c8ef9d7215f41e67b55f animatrixlgfinal_dl.mov
446364e1c337cd0ddbb33fa11 0ce5d91 animatrixmedfinal_dl.mov
2aeb9a06a808788a304993e9 57474108 animatrixsmfinal_dl.mov

Here are some Bitzi tickets, with information on getting those files via Kazaa, Gnutella, and eDonkey: small, medium, and large. The md5sums I have:
c8c87e303453c8ef9d7215f41e67b55f animatrixlgfinal_dl.mov
446364e1c337cd0ddbb33fa11 0ce5d91 animatrixmedfinal_dl.mov
2aeb9a06a808788a304993e9 57474108 animatrixsmfinal_dl.mov

This could be correctable via a web site (or database) that p2p programs could validate against.

Bitzi does exactly what you describe. Several Gnutella clients have built-in support for it.

This could be correctable via a web site (or database) that p2p programs could validate against.

Bitzi does exactly what you describe. Several Gnutella clients have built-in support for it.

• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. htm
• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. pdf
• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. txt

• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. htm
• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. pdf
• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. txt