Slashdot Mirror

• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. htm
• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. pdf
• Cory_Doctorow_-_Down_and_Out_in_the_Magic_Kingdom. txt

• Starship Exeter - Teaser.mov
• Starship Exeter - Act One.mov
• Starship Exeter - Act Two.mov
• Starship Exeter - Act Three.mov
• Starship Exeter - Tag+End Credits.mov

• Starship Exeter - Teaser.mov
• Starship Exeter - Act One.mov
• Starship Exeter - Act Two.mov
• Starship Exeter - Act Three.mov
• Starship Exeter - Tag+End Credits.mov

• Starship Exeter - Teaser.mov
• Starship Exeter - Act One.mov
• Starship Exeter - Act Two.mov
• Starship Exeter - Act Three.mov
• Starship Exeter - Tag+End Credits.mov

• Starship Exeter - Teaser.mov
• Starship Exeter - Act One.mov
• Starship Exeter - Act Two.mov
• Starship Exeter - Act Three.mov
• Starship Exeter - Tag+End Credits.mov

• Starship Exeter - Teaser.mov
• Starship Exeter - Act One.mov
• Starship Exeter - Act Two.mov
• Starship Exeter - Act Three.mov
• Starship Exeter - Tag+End Credits.mov

Or did you mean that most people are too poor or too cheap to pay to have their content distributed? That may be true. But if that's the case, then they certainly don't need their content distributed, do they?

That's an amazing statement. Do you really believe the only people that should be able to distribute information widely are those that can afford to pay for high end services?

Arranging an ftp mirroring system is not scalable or accessible to any significant number of people.


Why do you keep trying to distort the argument? If a tool is used primarily for illegal purposes, that tool shouldn't be around.

I'll repeat, the law does not agree with you with respect to prior restraint of speech for which there is possible noninfringing uses.

The introduction of every new technology which can copy has seen cries to strangle it, photocopiers, VCRs, even the printing press. This is no distortion.

It's not like your files will get automatically mirrored on somebody else's system. Somebody has to do it deliberately, just like an FTP mirror.

Most p2p systems by default share what has been downloaded. Its reasonable to think that a significant number of people will share what they have downloaded whether its pirated or not. There are networks that have the idea of karma which lets you download in proportion to how much you share.

If you used an FTP server instead, you'd have a convenient little "read me" describing the copyright status of your content, granting explicit permission to download and mirror your content.

This is possible using digital signatures and catalogs like Bitzi and technologies for expressing licenses like the Creative Commons.

There's one simple way to change my opinion on this subject. Get the college kids and whomever to stop using P2P for widespread, large-scale piracy.

This is a matter for law enforcement. It is known that the copyright industry tracks IP addresses of those sharing on p2p networks and what is being shared, they can get court orders to make the ISP cooperate to go after end users. They are obviously biding their time, probably because its bad for business to sue your customers. But in Denmark end users have been pursued, so it is probably just a matter of time.

>This is a very distasteful way of expressing yourself.

So is ignoring the plague of lawlessness and piracy that Napster and its successors brought about. Turns my stomach, it does.

First I have not ignored "the plague of lawlessness", I very clearly stated that copyright laws should be enforced.

Second, I thought we were engaging in a civil discussion. You flamed ("full of shit") rather than address the ideas, I called you on it civilly while not returning your flames and continuing to engage your ideas. From this and your cracks about taking over the world I can see I was mistaken to do so.

Check out http://www.bitzi.com.
New programs like Shareaza are using 'bitprints' of songs to help you find good quality songs verses corrupted ones.

Check out http://www.bitzi.com.
New programs like Shareaza are using 'bitprints' of songs to help you find good quality songs verses corrupted ones.

While I'm not sure of the other Gnutella clients, Shareaza does have Bitzi ticket support, which in a way addresses one of your problems. You can look up a file and Bitzi will display ratings as well as magnet/EDonkey links and more. The biggest drawback is finding information for anything that isn't mainstream. It only has as much data as that submitted by other users. For an example take a look at the OpenOffice ticket.

It's not a perfect solution, but it works somewhat and it better then nothing.

The Mexican Staring Frog of Southern Sri Lanka

Thank you Trey and Matt.

MD5 Checksums have a higher rate of collisions, both in the wild and artifically. A machine can be built for only around $100k or less which can find collisions in less than 24 hours. Hell, in a few years standard computers could probably generate collisions easily. SHA1 (Simple Hash Algorithm) is a much better alternative over MD5.

The previous version of MD5, MD4, was so flawed it is now considered "broken". "Dobbertin [Dob95] has shown how collisions for the full version of MD4 can be found in under a minute on a typical PC... Clearly, MD4 should now be considered broken.".

SHA1, while of the same family of hashes as MD4 and MD5, remains uncompromised by any research discoveries, and is widely used in many applications requiring the highest levels of security.

Gnutella, the File Sharing Protocol, uses SHA1 over MD5 for the same reasons I state here. A developer of Bitzi (the Metadata/Hash catalog) has also recommended to the Gnutella Developer Forum not to use MD5, but SHA1 instead. Thus, people should be using SHA1 instead of MD5. I've noticed some major websites and companies are using MD5 hash's now, such as Adobe and Roxio. I would recommend to them to change them to SHA1 instead, since Gnutella supports it (and the fact that it is a much more secure and stronger hash algorithm)... and they can use MAGNET URI's to link to the files on Gnutella.

For those Gnutella users, here is a MAGNET URI for the Quicktime file (with it's SHA1 hash, 2 Sources):

magnet:?xt=urn:sha1:HEIRRDQ25N4KBFO3TKV45CXIJWHY DD AT&dn=Lord%20of%20the%20Rings%20(Two%20Towers)%20T railer%20%232%20(9.30.02).mov&xs=http%3A//12.233.1 20.175%3A6346/uri-res/N2R%3Furn%3Asha1%3AHEIRRDQ25 N4KBFO3TKV45CXIJWHYDDAT&xs=http://progressive.stre am.aol.com/aol/us/aolentertainment/movies/2002/lot r/132757_638498_dl.mov

For Gntuella, I recommend using Shareaza, as you can download off HTTP sources as well.

If you want to download it off eDonkey, Kazaa (FastTrack) etc. click here to view it's Bitzi Ticket for more links/rating options/metadata.

Kazaa's new rating feature mimics what my company, Bitzi, has been offering for many months.

Further, our file ratings and metadata is freely reusable in any P2P program or other application, under a DMOZ-like license.

Kazaa's new rating feature mimics what my company, Bitzi, has been offering for many months.

Further, our file ratings and metadata is freely reusable in any P2P program or other application, under a DMOZ-like license.

Create a website with logins for the users. Users of this web site can create lists of checksum for the files they create or have downloaded and verified as valid.

Other users can check any given user's list, and perhaps even post comments about the user's list, a form of moderation, if you will.

Create a website with logins for the users. Users of this web site can create lists of checksum for the files they create or have downloaded and verified as valid.

Other users can check any given user's list, and perhaps even post comments about the user's list, a form of moderation, if you will.

Someone posted here - "Checksumming - no good. Any program could pretend to have the right checksum, but send false data. No point in figuring out *afterwards* the download is corrupt." This is incorrect. Gnutella currently does HUGE-format full file hashes. If you are doing a multiple source download on Gnucleus, it overlaps data eg it downloads 0-10K from one source and 9-19K from another and 18-28K from another. If 2 and 3 (and 4 and 5) hook up, but 1 and 2 don't, it dumps 1. Actually tiger hashes are an even better method of doing this, you can hash any portion of the file to see if it is good or not, that is coming soon to Gnutella within the partial file sharing scheme. So in Gnutella, fake hash senders are already put down in the current system during multi-source downloads, and when tiger hashing is implemented, they will be eliminated.

The 3 components I see in solving this problem are hashes, unique IDs and distributedness. It is a very complex problem because it is not a technical problem, it is a security problem, e.g. you will have thinking humans on the other end of it trying to foul it up. A bad guy (RIAA/MPAA) can send out good data for weeks and then shift to all bad - by that time s/he will probably be trusted and their shift will have to be dealt with. But then we have to consider people who download bad data and then accidentally distribute it - we don't want them blackballed for becoming an unwitting dupe one time. It's complex and I doubt will ever be 100% solved, the best that we can do is make the network as usable as possible and filtering out as much junk as possible. Basically score data on it's likelihood of being good or bad. As long as we can keep the system 80-99% usable I think we're OK.

The best ideas I have seen here are voting on bad server, a ring of trust and gojomo's post about Bitzi.com. As far as voting on bad servers, or server keys, or user keys - I think we need to vote on bad AND good user keys, if it's just bad keys they'll keep coming back with new keys and it will be futile - the core of good keys will be what is more constant.

As far as a ring of trust - that's a good idea, especially if it's scored, e.g. people I directly endorse get 1.000, people that two of them endorse get a .9500, and so forth. One thing that can be done is all the prominent developers can get keys and then mark hosts which are transmitting legitimate data (mp3's of Martin Luther King Jr.'s I Have a Dream speech and whatnot) and sign each others keys. That's an easy base of trust of a handful of people, and I'm sure other bases of trust will arise. Once the tiger tree hashing gets in place on Gnutella, we can start seeing stuff like the latest linux kernel distributed on Gnutella. This will be a great way to allow for distribution of popular programs that can't afford expensive hosting.

As far as gojomo's Bitzi.com post, that is the most concrete example of this stuff being currently implemented. Someone responded to his post that the data is centralized on his web site. Well, he has an opend ata policy so anyone can download the whole database and set up their own website with it - as long as they credit the Bitzi data as coming from Bitzi. I do agree that the hash and trust metric has to be distributed within P2P (or concurrent with it to where it's transparent), but right now it's a beacon of what will be, and since the database is open all the work put into it can exist indefinitely even if the RIAA and/or MPAA sues Bitzi.

Cool. So where do you find a trusted checksum directory on a p2p network?

I've also posted elsewhere on this thread, but this is exactly what my company, Bitzi, offers. See http://bitzi.com.

As a number of posters have pointed out, you want some shared database/website which collects strong file checksums (crypto hashes), accurate descriptions of the corresponding files, and has a login/reputation system that allows bad users/data to eventually be weeded out.

Then third parties, no matter how prevalent on the P2P networks, can't mislead you about file contents, and their attempts to pollute the shared database can be more easily detected and suppressed.

This is exactly what my company, Bitzi, does. It is a general tool for disseminating accurate descriptive, rating, and editorial information about files -- as collected and cross-checked by an open community process.

Check it out.

As a number of posters have pointed out, you want some shared database/website which collects strong file checksums (crypto hashes), accurate descriptions of the corresponding files, and has a login/reputation system that allows bad users/data to eventually be weeded out.

Then third parties, no matter how prevalent on the P2P networks, can't mislead you about file contents, and their attempts to pollute the shared database can be more easily detected and suppressed.

This is exactly what my company, Bitzi, does. It is a general tool for disseminating accurate descriptive, rating, and editorial information about files -- as collected and cross-checked by an open community process.

Check it out.

Bitzi stores information on files found on P2P networks, indexed by a TigerTree hash appended to a SHA1 hash. Support for it has been integrated into several Gnutella clients (ShareAza, Limewire, etc.), which have also come up with their own URL systems (gnutella:// and magnet:// are the two existing ones right now).

The crew at the Open Content Network have released a specification for serializing hash trees. The specification is called the Tree Hash EXchange (THEX) and is being implmented in both the Open Content Network and Gnutella. Furthermore, this specification is compatible with the TigerTree hashes used for Bitzi.

I was going to download it and make a MAGNET link, but I can't even get the file :P If you have it, run it through Bitzi and share the Hash with us!

If you want to share it the right way, share it on Shareaza, then right click the file in your library and go to "Copy URL". Then paste the URL up here =)

Yeah, Sealab 2021, Aqua Teen Hunger Force, The Brak Show, and Harvey Birdman Attorney at Law, are my 4 favorite shows on TV now. Incidentally, I am sharing .avis of all the episodes of all 4 shows on Gnutella. You can find the links for them here: ATHF, HBAL, SL21, and BRAK. But don't tell Ashcroft!

Yeah, Sealab 2021, Aqua Teen Hunger Force, The Brak Show, and Harvey Birdman Attorney at Law, are my 4 favorite shows on TV now. Incidentally, I am sharing .avis of all the episodes of all 4 shows on Gnutella. You can find the links for them here: ATHF, HBAL, SL21, and BRAK. But don't tell Ashcroft!

Yeah, Sealab 2021, Aqua Teen Hunger Force, The Brak Show, and Harvey Birdman Attorney at Law, are my 4 favorite shows on TV now. Incidentally, I am sharing .avis of all the episodes of all 4 shows on Gnutella. You can find the links for them here: ATHF, HBAL, SL21, and BRAK. But don't tell Ashcroft!

Yeah, Sealab 2021, Aqua Teen Hunger Force, The Brak Show, and Harvey Birdman Attorney at Law, are my 4 favorite shows on TV now. Incidentally, I am sharing .avis of all the episodes of all 4 shows on Gnutella. You can find the links for them here: ATHF, HBAL, SL21, and BRAK. But don't tell Ashcroft!

Currently, anyone can rate a file, but perhaps Bitzi could be expanded into a kind of web of trust thing by allowing people to pick friends and enemies, for example. Friends' reviews of a file would have more impact on the score you see than an enemie's for example. And then you can perhaps rate each user's file ratings and say if the rating was helpful or unhelpful.

Without this, even Bitzi can be abused, but with thousands, if not millions, of people rating files and then, well, "metamoderating" the file ratings, fakers would have to organize a huge crowd of people to have an impact.

I am surprised that I hadn't heard about Bitzi until I read about it in the Slashdot post just before yours. It is a great idea, and I am sure there is plenty in store for it in the future. Let's hope they will expand the concept and "integrate" it with even more file sharing software.

Stop the FUD.

People need to realize that Gnutella is now fastly becoming a big player in the function and value of the Internet.

Gnutella, in my view (and many others), is not a mecca for porn, warez, and MP3's - but a pool where anyone can share any type of file.

A bigger trend now showing up is linking to files on the Gnutella network instead of the common http://site.com/file.zip. How does this benfit you? You get faster downloads by utilizing partial file sharing, swarm downloads, etc. It also benfits servers greatly. They now aren't the only source for the download, because once the file gets onto a Gnutella client, it searches for more peers, and shares the load with them. This can save TREMENDOUS bandwidth.

For example, Linux can link to Linux links as such: magnet:?xt=urn:sha1:(InsertSHA1)&dn=Linux&xs=http: //www.linux.org/linux.iso

(not an actual correct MAGNET link, but you get the idea)

When someone clicks that, it opens it up in a Gnutella client. It begins downloading from that source, and searching for the same file on the Gnutella network. Through the entire life of the download, it will continue to add sources. You could then be downloading from over 30 people at once, gaining speeds of up to 10MBPS+.

Oh, the power of Gnutella. Can KazAa (FastTrack) do that?! (Well, it can, kind of :P)

Oh, how do you know if that's the correct file? Hashing. Gnutella servents are implamenting hashing now, where each file has it's own hash. So when searching for files, they can swarm you downloads. You are GUARANTEED that all the sources your downloading from are in fact the same file, because they have the same hash (SHa1). That's whats getting the RIAA so scared :P No longer can they infect files and make them the same file size/file name.

Also new on the scene (well, new as in new popularity) is Bitzi. Bitzi catologs hashs (bitprints). You can search through their database, and find files with hashes. Click the hashes, and you can download a file. Each file on bitzi has a "Bitzi Ticket" where you can rate the file. You can mark it "Invalid/Misleading" which means it is not the file you want. You can mark them if they contain virus's too. I can almost hear the sweat dripping from the RIAA Lawyers foreheads.

Want to see the future of Gnutella? Check out Shareaza (WINE Compatable).

Supports all of what I discussed in this post.

Or if you're using a real OS :) check out this ticket. MAGNET, ed2k and FastTrack links within.

GNUTELLA URL:
gnutella://sha1:WS6E5RWNP2AYFTTE5ZJI2QB675PS4QA5/m ozilla-win32-1.1b-installer.exe/
OR MAGNET:
magnet:?xt=urn:sha1:WS6E5RWNP2AYFTTE5ZJI2QB675PS4Q A5&dn=mozilla-win32-1.1b-installer.exe

VIEW BITZI TICKET:
http://bitzi.com/lookup/WS6E5RWNP2AYFTTE5ZJI2QB675 PS4QA5.SPSSPXIBDT3665WC4CVDWULYHD6JPSGBOOEYAZI

... uh, oh.. somebody doesn't have a MAGNET or GNUTELLA supported Gnutella client? Look's like somebody needs Shareaza ;)

Bitzi offers a solution similar to the one proposed in the parent's parent(? file ratings and other metadata associated with full file hashes). For partial/subrange verification, check out the proposed Tree Hash EXchange format.

So as I said, I do see this as one of the problems to be solved, although I feel it's of lesser importance. There are many ways of doing this. One of them is previewing - when downloading an audio or video file, when you're about 100k into it (100-200k if it's video), do a preview and see what you're getting. With this looping stuff you have to go farther than 100k however - preview one fourth to one third of the way into the audio files. Many Gnutella clients have a preview feature, as does Fasttrack (Kazaa).

Another method is to ban IP's and IP ranges spreading this. This is already being done - it's only a minor fix because they will always get around it, but it will help somewhat, they won't be able to have big servers spewing this stuff 24/7

The real way to fix this however is hashes. Which are already ubiquitous - they already exist and are known on Gnutella (Shareaza, Gnucleus, Morpheus, Bearshare, Limewire), Fasttrack (Kazaa) and Edonkey2000. On Gnutella (Shareaza) and Edonkey2000, you can click through or cut and paste these URI's (URLs) to files from web sites (or Usenet, IRC, e-mail, instant messengers, whatever) and start searching and downloading the files - for FastTrack (Kazaa), it is a little bit more time-consuming and complex, but worth it if you're going to be downloading a large file. The hash technology is already there, the key now is finding a trusted source for hashes which are both good and whose data is findable and downloadable on p2p networks, and for those sources to survive. I guess I'll detail how this is currently working with the various p2p networks, why not?

There are four major p2p networks - Gnutella, Fasttrack, Edonkey and Freenet. Freenet is a publishing network, the others are all file sharing networks, which is what we're concerned with. Gnutella and Fasttrack are the two largest networks. Edonkey2000 specializes somewhat in large files however, so if it's 100MB+ files you're after, Edonkey2000 is on par, and perhaps better in some ways currently, than Gnutella and FastTrack. Edonkey2000 and FastTrack are closed networks - closed source server/clients and closed protocol networks. Gnutella is open, the protocol is open, and robust open source server/clients like Gnutizen exist for it. This gives Gnutella advantages, such as a choice of multiple clients for virtually every platform, as well as other advantages. Of all the file sharing p2p networks, Gnutella is my favorite and I believe Gnutella is the future of p2p. I think competition amongst p2p networks is healthy however as every can steal everyone elses best features and innovations.

Gnutella files are hashed for HUGE with an implementation called sha1. You can read about the technical aspects here if you wish to. These hashes are useful for finding additional sources for found files so that one can resume downloads or download from multiple sources with integrity. Actually there's one caveat to that - if you are downloading from an honest client, it will tell you a truthful hash of it's data. A client could give a fake hash and then send other data - but you would have to directly download from the rogue. How clients deal with this is even more complex - Gnucleus downloads overlapping chunks - it downloads 1-2000 from one source and 1950-3950 from another - if 1950-2000 do not match from both sources, it marks both chunks as possibly bad. You can read more details about this in Gnutella documentation and discussion groups.

Aside from this usage, these hashes can be used externally as well. Currently, Shareaza, which is a pretty good servent (server/client), is the only one from which URI's (URL's) can be cut, paste, and clicked through to from the web/IRC/e-mail etc. I'm sure clients like Gnucleus will have this ability in the future. If you had Shareaza installed, you could click on a link like this - which is an, I believe uncopyrighted, Chomsky speech, Shareaza would launch (if you don't have it already) and would ask you if you want to download the file or cancel. If you select download it would connect to GnutellaNet, search for the file, and if it found a host which has the file and which has upload slots open, would start downloading it. Actually, the Slashdot "allowed HTML" filters are pulling some necessary characters out of the above link, so you can't click through on /., although you can on a normal HTML web page. I can't post an URL that you can cut and paste either since /. forces a line break after 40 characters or so, if /. didn't do this and the below was in one line, you could have cut and paste it into Shareaza, I'll show it here for an example, imagine this was all on one line for you to cut and paste, or better was just a link to cut. You can do this on any HTML page, it's just the Slashdot HTML parsing messing it up -

gnutella://sha1:HXHSJ6ATN3LQCCIOBGUEWV5FFCKP2KBL/N oam%20Chomsky%20-%20Audio%20Book%20-%20Noam%20Chom sky%20-%20At%20Johns%20Hopkins%20University.mp3/

I would give the above link a rank of "7", because the last time I searched for it, 7 people replied they had it. I have several hashes with a score of 80-90, meaning you're more likely to find or download them, but the above is the only one I have that I have enough confidence in that the data is uncopyrighted.

So now you have one link to a hash - where can you find trusted sources which tell you what hashes are ubiquitous, making it more likely you will find and be able to download them, are rated in terms of quality by multiple sources and so forth? Well for Gnutella, one source is Bitzi. You can search for data there, see what is the most reported, what things are ranked, see comments, see bit rates, file sizes, artists, titles and so forth. It is very cool. Most interaction is from Bitzi into Shareaza (the only Gnutella client that does this currently), but from within Shareaza if you find a file you can type "find Bitzi ticket" and see if the hash has been reported on already. One thing which I'm sure will soon be remedied is that Bitzi does not have direct clickthrough to Shareaza, I have to copy hashes to my clipboard, edit them to Shareaza format and paste them into Shareaza. I'm sure soon Shareaza and Bitzi will agree on a standard and remove this step so I can just click through. And soon Gnutella clients other than Shareaza will have this ability as well. Bitzi's data base is open to the public, you can read their open data policy on their web site, anyone is free to use the data as long as Bitzi is credited. Bitzi.com is the only large, good source of Gnutella hashes I know of. Edonkey2000 has had hashes for a while, and has several good, large sources for hashes such as Filenexus.com and Sharereactor.com. Since Gnutella is a larger network and it just implemented this ability, I'm sure it will have even more and larger sources in addition to Bitzi. And since Bitzi's database is open to all, if Bitzi goes down someone else can open the database up again somewhere else. I'm sure in the future, even the trusted rating system will become distributed.

Gnutella uses the sha1 hash, Edonkey2000 uses another, and Kazaa uses another. Web sites exist that centralize the hashes for these. I'm sure soon web sites will exist that coalesces and translates all of this. Gordon Mohr, who runs Bitzi, wants to see a universal p2p tag, magnet, which is agnostic about which p2p backend it is using. Why not? We can have a tag that we (more or less) trust, and can retrieve the data from Gnutella, FastTrack, Edonkey2000 or Freenet. It's a great idea.

I am less interested in other p2p networks than Gnutella but I'll discuss their hash and meta-data web sites a little. The most interesting one is Edonkey2000, which as I said, has come to specialize in large (100MB+) files, and which I have to admit is a pretty good way to download large files with some guarantee of integrity. There are two major meta data sites for Edonkey - Filenexus and Sharereactor. There are other sites as well. If you're looking for large files, they do a pretty good job currently.

Fasttrack (Kazaa) uses hashing, but the Kazaa client is not that friendly to this kind of thing. So Fasttrack/Kazaa is more of a pain in this respect than any of the others. Nonetheless, you can download a program called Sig2dat that helps you copy and paste FastTrack's UUhashes. The you can go to web sites that give meta data, rankings and so forth to these hashes. Kazaa/FastTrack is unfriendly to all of this so it is much more of a pain - you have to install files that help you do this (sig2dat), you have to restart Kazaa for every file you want to download in this fashion and so forth. With Kazaa, all of this is a hassle, it's much easier to do in Gnutella (Shareaza), Edonkey2000 and Freenet.

And lastly there is Freenet. Freenet has been using hashes since the beginning. Freenet is a publishing network, not a file sharing network. That is nomenclature - file can be and are shared on Freenet - from html pages to gifs and jpgs, to mp3's, to avi's, although Freenet is the last place you want to look for large files, Freenet's bailiwick is small files. Even a 4 meg mp3 on Freenet is harder to find and slower to download than any of the other 3 networks. Small files are the domain of Freenet - HTML pages and images. The Freenet protocol is more rich than the other protocols in many ways, thus you have more than just audio and video files going over it, you have third-party applications utilizing it, thus you have things like Fproxy (A world-wide web equivalent which runs over Freenet) and Frost and Freenet message board (Usenet equivalents - both for text and binaries). One benefit of Freenet is it's hard to crack down on people for publishing information - because no one knows who data is coming from or going to. This is not absolute, but it is much safer than the file sharing p2p networks in this respect. Also, people publish data, so that what you put out is stored somewhere other than your computer, and if your web site or shared file or whatnot is popular, it will be out there all the time without your node needing to be connected. Freenet also used a lot of signatures, encryption and so forth, so you already have a pretty solid trust mechanism and data integrity. It depends on what hash is used - KSK hashes are insecure, but SSK are signed. So with Freenet there are large upsides and downsides - the downsides are downloading is much slower, since you're downloading via intermediaries, not directly, and the larger the file, the slower the download and the harder it is to find a complete file. The upshot of Freenet is that there is less of a legal risk with regards to sharing/publishing data, data is signed by the publisher which greatly helps integrity, and also Freenet's protocol allows extensions other than file sharing with it's own internal network - web and Usenet like applications, and I'm sure there will be more in the future.

That's the general idea of Bitzi.

Would this be useful (and not get itselt sued)?

I hope so!

Tree Hash EXchange describes a cool way of doing this. That's a big reason Bitzi uses the top of a tiger hash tree in its bitprint file identifier (a sha1 hash is the other part).

The moderations don't comment on the content ("this song sucks") but rather on the accuracy and reliability and so on ("good quality" or "corrupt data" or "incomplete" or "claimed to be a music video but was actually an advert for a pr0n site" or, I guess, "first 20 seconds over and over").

It has quite a lot of potential, as a way of location (legitimate) data, as P2P clients integrate Bitzi (plus you can do a website lookup). So you can Bitzi lookup a distro (or the Bitzi Bitprint for the distro might be on the distro's home page) and then use that to locate it on P2P networks -- and be able to verify its integrity -- thus reducing the bandwidth hit on host sites. A bit like some of the moves towards "swarm distribution" but without requiring a specific client or server setup -- it piggybacks on existing P2P services like Gnutella. Here's an example BitTicket: linux-2.4.0.tar.bz2

The moderations don't comment on the content ("this song sucks") but rather on the accuracy and reliability and so on ("good quality" or "corrupt data" or "incomplete" or "claimed to be a music video but was actually an advert for a pr0n site" or, I guess, "first 20 seconds over and over").

It has quite a lot of potential, as a way of location (legitimate) data, as P2P clients integrate Bitzi (plus you can do a website lookup). So you can Bitzi lookup a distro (or the Bitzi Bitprint for the distro might be on the distro's home page) and then use that to locate it on P2P networks -- and be able to verify its integrity -- thus reducing the bandwidth hit on host sites. A bit like some of the moves towards "swarm distribution" but without requiring a specific client or server setup -- it piggybacks on existing P2P services like Gnutella. Here's an example BitTicket: linux-2.4.0.tar.bz2

It's definitely do-able, although no solution would really be perfect.

The CBDTPA could require billions of individual "digital media devices" -- every TV, stereo, speaker, PC, walkman, hard drive, monitor, and scanner -- to carry enforcement circuitry -- but there are only 300 million people in the country. Mathematically astute readers will note that's less than 600 million each of eyes and ears.

Further, a single economical helmet can cover four of these analog holes at once!

I humbly suggest the most cost-effective and reliable solution to the copyright industries' troubles will be DRM helmets, bolted onto each dutiful consumer at the neck. When these helmets sense watermarked audio or video within earshot/eyeshot, they check their local license manager and instantly "fog up" if payment has not been delivered.

This will especially teach people not to use unauthorized copies of music while driving.

By bolting a suitably-small DRM helmet onto people at an appropriately-early age, the citizenry's consumptive habits can be "arrested" (along with cranial volume) at a revenue-maximizing developmental stage. I'd guess this is around age 13, but I'm open to the latest research. Give and take is what policymaking is all about.

So step up to the plate, senators, lobbyists, and titans of industry. Write this into the next rev of the CBDTPA. Why try to imperfectly plug billions of analog holes, when you can just cap the problem at far fewer endpoints? The end-to-end design principle is your friend!

[Intellectual Property Disclosure: The "DRM Helmet" and the "Cranial Arrest Adolescent DRM Helmet" may be covered by patents granted or applied for by Gordon Mohr. Licensing will be available on unreasonable and discriminatory terms.]

Gordon Mohr is the founder and Chief Technology Officer of Bitzi, a cooperative, universal metadata catalog for all kinds of discrete files. Gordon's personal page is at http://xavvy.com.

The current Bitzi catalog/service is in preview mode. It'll be more comprehensive once we get past that stage.

[disclaimer: I work at Bitzi]

Then I guess Bitzi is safe, 'cause they catalog files but provide no download link unless you're keen to have RDF describing a file instead of the file itself!

A few categorization tools in development are using the MusicBrainz catalog. Bitzi (warning: I'm an interested party) is attempting to create an open metadata catalog for all content that can be encoded in files.

I think it's an open question whether a "whitelist" or "blacklist" approach would be better for freedom. Whitelists could lead to basically everything being off-limits, as most files won't be marked. Blacklists could explicity take a huge amount of content out of play (if you care to abide by the list), though a huge amount would be left on the table by default . OTOH a whitelist scenario in which everything not whitelisted is not defacto blacklisted would leave things as they are and help a highlight a growing culture of freedom. Chances are we'll have dueling whitelists and blacklists, with most files remaining in the murky middle.

With Bitzi:
* You can look up descriptions, comments, and ratings about your files - or contribute such info yourself
* Our precise digital fingerprints match info to exact files, so you can distinguish between similar files and search for the very best versions
* Future file-sharing tools can assure you of a file's contents before you begin downloading
* Infected or mislabeled files can be flagged, and so discovered or ignored before doing any harm

The Bitzi catalog is an open resource built by a community of fans, developers, and creators. To get started:

Yes, but even though Bitzi is a general file catalogueing project, taking information from other, more specific sources can help (when their license allows it, of course)

For music files, this would of course be FreeDB. For movies, a good choice would be IMDB etc.

For instance, if I look up one of my Nightwish songs, Bitzi gives me the following information:
http://bitzi.com/lookup/TTGZBRZLZ2HLXDHSQYBTEJD33M Y4OA2X.46IPPFIFT353PXN2BWBZEMYBF3ASZXTCWJN43RY
the data from FreeDB is more accurate, giving the album the song belongs to, the playtime etc.
http://www.freedb.org/freedb_search_fmt.php?cat=ro ck&id=c011130f

Bitzi (the "another" link in the article's "yet another" statement) isn't primarily an audio fingerprinting application. It's a file metadata catalog, audio fingerprints being just one sort of metadata collected. File metadata is keyed by a "bitprint" composed of two cryptographic hashes. The code for generating bitprints and contributing metadata to the catalog is in the public domain and the catalog itself is available for free reuse and redistribution under a dmoz-like license. Disclaimer: I work for Bitzi.

Bitzi (the "another" link in the article's "yet another" statement) isn't primarily an audio fingerprinting application. It's a file metadata catalog, audio fingerprints being just one sort of metadata collected. File metadata is keyed by a "bitprint" composed of two cryptographic hashes. The code for generating bitprints and contributing metadata to the catalog is in the public domain and the catalog itself is available for free reuse and redistribution under a dmoz-like license. Disclaimer: I work for Bitzi.

Bitzi (the "another" link in the article's "yet another" statement) isn't primarily an audio fingerprinting application. It's a file metadata catalog, audio fingerprints being just one sort of metadata collected. File metadata is keyed by a "bitprint" composed of two cryptographic hashes. The code for generating bitprints and contributing metadata to the catalog is in the public domain and the catalog itself is available for free reuse and redistribution under a dmoz-like license. Disclaimer: I work for Bitzi.

There's no reason to fear downloading any content from anywhere so long as your checksum is secure.