Slashdot Mirror

Java is already fragmented. The result of open sourcing Java will actually be consolidation, i.e. killing of competing VMs. And a huge open source test suite will greatly benefit all surviving JVMs, which is a good thing.

How can you not see this?

Javas problem is not that it might get fragmented, the problem is that it IS fragmented. Do something about it! Let Java free!

More, this doesn't give us anything more than the traditional p2p proggies, so why use it?

Hmm, let's see...
There are three generations of p2p protocols. The 1st are the centralized protocols. This isn't. The 2nd are descentralized. The 3rd gives us stuff like efficiency, reliability and anonymity. This doesn't.

I undertand why thy did this (I'm quite sure they'll win some good money with it...) but I don't understand why will people still use old-generation p2p proggies...

Take a look on GNUnet, Freenet, I2P, Entropy...

And before you say that swish is only for the WWW, read the docs for swish-e: for indexing collections of Web pages or other files . Just the PR ("desktop search", "google your computer") is what is new here, the actual tools have been out there for Linux forever (maybe not as user-friendly as their Win32 counterparts, but free and stable).

Now what I'd like to see is a performance comparison (indexing speed, search speed, completeness of search results). Any takers?

Wakeup: doodle does it.

"What I would like to see is some kind of encrypted, p2p, email/IM replacement that doesn't rely on centralized servers"

Well why not go looking for them then, rather than writing it on slashdot. Many exist. Even something like InvisibleNet's IIP (invisible IRC proxy) would do lots of what you want, Konspire2B would do more, there are more encrypted P2P and chat tools than you can shake a stick at, plus protocols that offer what you want with many different clients. Or go all the way and try GNUNet (replacement for freenet) and such like.

People are always posting "oh if only there was a distributed deniable torrented video blogging system with a pseudononymous web-of-trust" or something, yet I never see you on my Konspire2B client. Just download the damn things and see what they do, some of the apps are really quite cool.

There's also GNUnet, which is similar to Freenet but with files broken up into equal-sized chunks to allow parallel downloads. All these systems are fine for avoiding an adversary like the RIAA that has limited powers and only wants to collect a few IP addresses for lawsuits, but they shouldn't be considered anonymous or censorship-resistant in any strong sense. Freenet, MUTE and JetiAnts can be DOSed pretty easily and GNUnet's anonymity can be undermined. I'm researching censorship-resistant communication for my PhD so I've got a literature review and bibliography online if you're interested.

There's also GNUnet, which is similar to Freenet but with files broken up into equal-sized chunks to allow parallel downloads. All these systems are fine for avoiding an adversary like the RIAA that has limited powers and only wants to collect a few IP addresses for lawsuits, but they shouldn't be considered anonymous or censorship-resistant in any strong sense. Freenet, MUTE and JetiAnts can be DOSed pretty easily and GNUnet's anonymity can be undermined. I'm researching censorship-resistant communication for my PhD so I've got a literature review and bibliography online if you're interested.

Within the past few months, as they've released the "next generation" routing protocol and made it the standard protocol, Freenet has sped up considerably.

Personally, I think that the only thing that's keeping Freenet from being truly suited for file-sharing is that damn necessity to "insert" files into the network, instead of having them on your harddrive and just having them inserted when someone requests them for the first time.

On the other hand, GNUNet is anonymous, and does allow you to do that, as well as perform keyword searches on the files that people are shareing. The only major problem that I see with it is that it's not available on Windows right now, nor does it look as if it will ever be.

Great. So now this'll just further fuel the movement of the extremely large file-sharers to move to those P2P networks that are completely anonymous, like GNUNet or Freenet.

Well, the only two that are worth mentioning are GNUnet and Entropy. GNUnet has it's advantages but lacks the concept of "homepages," aka. Freesites (freenet's version of a webpage.) This is a real drawback when it comes to attracting newbies. Entropy on the other hand has the advantage of being written in C (or ++) and having a http proxy/interpreter... but development is slow and the userbase is very very small.

In the end, when it comes to security, freenet is probably the most secure, it has the largest userbase but it's flakey as hell.. Ever since March 31st/April 1st of 2003, it's just been downhill.

Get doodle
or simply do a
#apt-get install doodle

You might like it.

Check for instance GNUnet to know how they achieve it.

Linux is written in C. One buffer overflow exploit could compromise the whole network. It needs expert review before the claim of being secure has any meaning.

Does that sound silly? You can say that about any network program. In practice, things keep humming along because of diversity {versions, codebases}, etc. For example, browsing the GNUnet site I see a Java GNUnet port. No need to worry about stack smashing attacks there. Just the 100 or so other vulnerabilities (eg. race conditions) that make software insecure...

Yep, anonymity is a favourite topic of conversation of me and my colleagues.

Frankly, I do not understand the concerns of the "Entropy" project leader.

Theoretically, it is impossible to have anonymous communication on the Internet.

Finally, I do not understand the author. He just seems pissed.

Still, even with this project retreating, the subject remains interesting.

Yep, anonymity is a favourite topic of conversation of me and my colleagues.

Frankly, I do not understand the concerns of the "Entropy" project leader.

Theoretically, it is impossible to have anonymous communication on the Internet.

Finally, I do not understand the author. He just seems pissed.

Still, even with this project retreating, the subject remains interesting.

What if the project defines itself as a network, rather than a framework, or even a file-sharing application?

What if its not much different than installing a virtual ethernet adapter, or if all your experience setting your computer up for TCP/IP counts for something on it?

GNUnet is written in C. One buffer overflow exploit could compromise the whole network.

Not quite true IMHO: it's obviously not sufficient to compromise one client/server to compromise the whole network. If it was, it would be a piece of cake to take the existing source code and use it to build this "compromised" client/server.

If you want to compromise the whole network with one buffer overflow exploit, I guess you will have to find an exploit that works with all versions of GNUnet, and you will have to run it against all (ok, most) clients/servers on the network (most of the traffic seen by one computer on the network doesn't make sense for it, it just relays the packets to other computers).

And there is also a Java implementation under development.

GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. A first service implemented on top of the networking layer allows anonymous censorship-resistant file-sharing. GNUnet uses a simple, excess-based economic model to allocate resources. Peers in GNUnet monitor each others behavior with respect to resource usage; peers that contribute to the network are rewarded with better service.

Soon there will be encrypted networks to replace the current crop of kazaa replacements.

Quit using Kazaa or you'll get busted! The Mpa is living on that network. Try Imesh or ES5 !

Check these links.
Article about Anonymous Filesharing.

Some more program links

Mute program

Gnu filesharing

EarthStation5

Stop the Mpaa ! We have a right to checkout software before we buy.

All this is doing is pushing people into using anonymous p2p applications. The four main ones are:

Freenet

Mute

I2P

GNUnet

t's pretty easy to design a network that will at least frustrate attempts to recover identities of sharers.

Ever heard about GNUnet?

For a both anonymous and secure filesharing system take a look on GNUnet.

As it gets more and more insecure to use P2P filesharing services, the users should consider switching to a filesharing network which fully respects privacy and completely disables censorship (achieved by encryption)

For details see the Freenet Project homepage.

BTW there is another interesting (though by far not as widely used) filesharing network, called GNUnet.

"we're no longer able to get oodles of bandwidth like we used to. Please be understanding while the servers undergo a slashdotting :)"

BitTorrent
Konspire
GNUNet

Because its dreadfully slow, and mostly unusable. Better off using Entropy or GNUnet, like we discussed last week

How can he explain This monstrosity? Nobody, not even geeks are going to use this for serious work!

Gnome 2.4 was a total disaster too! Crippled bookmark system in epiphany? Still no split pane support in nautilus? No extract here in file roller? Still has the smelly foot logo (which violates their own hig no less) Still looks like Chicago?

better run this
ln -s "-1, flamebait" "5, insightful"

Take GNUnet for example: an anonymous and encrypted network: the future. It's not even good for file-sharing (because it's slow) but people still want to use this network, it's development is growing wide and it's users too... GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. GNUnet is a p2p app, not a copyrighted-files-sharing-utility...

Don't mix all in one bag.

Mind Booster Noori

See GNUnet, a secure, anonymous, searchable p2p network with support for other nice stuff like signed files and namespaces.

Freenet doesn't offer very strong guarantees of anonymity. See the FAQ for details. Maybe you're thinking of GNUnet.

"Our government is incapible of becoming like Orwell's 1984"

Nope, too many diaries

too many non-state newspapers

or they can run waste or GNUnet

encrypted p2p is highly neat.

Actually this is what GNUnet was designed for. From the GNUnet FAQ:

Why did you change the project goal from a pure anonymous file-sharing network to a peer-to-peer framework with focus on security?

First of all, the goal to provide the best anonymous file-sharing system available is still on our minds. Why we want GNUnet to become a framework actually follows from this goal. If other peer-to-peer applications use the GNUnet framework and tunnel their traffic in link-to-link encrypted GNUnet channels, the traffic on the GNUnet network and the number of participants rises -- which can increase anonymity significantly. Furthermore, additional applications would provide us with additional programmers and testers which should make the core code even more solid. Finally, we believe that certain general features of GNUnet, in particular peer discovery, link-to-link encryption, authentication and transport layer abstraction are going to be useful for other free software projects, so making them easily accessible will benefit free software development as a whole. Note that this works only for free software, GNUnet is released entirely under the GPL, not the LGPL.

I agree entirely with your desire, but I find GNUnet is exactly the implementation we seek. In your post, you seek a reimplementation even of DNS, but in my opinion, centralized namespace control is one of the failings of the IPv4 internet we know and hate, and GNUnet fixes even that because its namespaces are "first-come, first-serve," enforced through public-key cryptography, and thus not subject to any centralized authority. This is A Good Thing(TM).

It sounds like GNUnet might be something you would be interested of.

Mod this guy up. The paper is more about routing, like finding an ip on the regular internet (BGP and so on). Not searching for keywords.

It would be nice if freenet had searching. For that, you need gnunet

Someone here introduced me to it, and I have dumped Gnutella since (Not that many files yet, but that will change soon . . .).

GNUnet: Encryption (RSA), pulls files together from different parts of the network, and since they have incorporated "GNU" into the name, you don't have to worry about putting a "GNU/" or not.

In other P2P networks. Freenet and GNUnet both offer crypto and anonymity. Freenet isn't a P2P app in the pure sense. It's more of an underground www. GNUnet has better anonymity (theoretically - due to it's ability to resist traffic analysis attacks), but it is a younger project.

When it's time to retreat from gnutella, these represent the next stage in the information war.

See GNUnet GNUNET
Research

Some introductory material first:

Projects like Freenet, GNUnet and IIP are creating decentralized, anonymous Peer-to-Peer networks that can strongly resist censorship by any attacker. I believe that if (when?) these kinds of secure networks replace currently popular networks (FastTrack, IRC, etc) as IP infringement tools, your job of effectively finding, stoping and prosecuting IP infringers will become much, much harder, and will require many more computer resources (perhaps impossibly many resources, both in computing time and in network bandwith).

Now my questions:

For how long do you think mass IP infringement will continue to take place in plain view, rather than on decentralized, anonymous, P2P networks?

If mass IP infringment does move to those kinds of networks, what kind of resources will your office be able to expend to attack those networks?

Would you be allowed to attack those networks at all without violating their user's First Ammendment right to anonymous speech?

What changes to IP law do you think would be needed to address decentralized anonymous networks?

I for one will not support the RIAA/MPAA/US Governement in their actions.[...]It's time to act my brothers

Alternatively, you can realise that these SOBs are going to continue to crap all over anybody who tries to share anything in networks like Kazaa and Gnutella, and as such, those people who remain trying to just download things (that group is already growing rapidly as they wise up to the fact) will end up hammering the resources of the few who continue to share (until they too get stamped on).

So those people in traditional filesharing networks are clearly DOOMED in their pursuit- one way or another, it can't last, the amount of content will shrivel up and the ability to download anything will peter out, all because everybody knows that such groups as the RIAA will be able to spot the few glaringly visible sharers, identify them, and pretty much destroy their lives.

So the other solutions?

• Give up filesharing altogether. The RIAA would like that, it would like that a lot. Vast numbers of people around the world (America in particular, but many other places too) would rather not.
• Simply use a filesharing network like GNUnet that is wholly anonymous (and has other benefits such as resistance to DOS attacks, and relatively high availability, thanks to a pretty smart design), so that you can share vast amounts with impunity.
  You can already share, search for, and download content; under discussion is the extension of the system to support namespaces, under which people can put up content such that it's identified with them (but they're still anonymous) and collected together so that people can find it easier- in this way you could make yourself practically into a publisher or a webmaster, maybe put up writings expressing all sorts of things that would probably get you modded down on slashdot, or censored (by those in power, your ISP, or random hackers that disagree with you) on a website you might think of as "your own". You could create the next deCSS to help the Free Software movement, without having to fear the DMCA or any similar draconian laws.
  GNUnet is very actively under development, already pretty good and stable on Linux and many other Unices (not sure about OS X), and work is being done to port it to Windows.

Last I heard GnuNet didn't even address the problem of how to find information in a distributed scalable manner.

Here is the current development plan:
fix bugs
add directories and namespaces
add additional transports
add support for internationalization (GNU gettext)
port to OS X
port to Win32

Anonymity is the lack of distinction of an individual from a (large) group. A central goal for GNUnet is to make all users (peers) form a group and to make communications in that group anonymous, that is, nobody (but the initiator) should be able to tell which of the peers in the group originated the message. It should be impossible for an adversary to distinguish between the originating peer and all other peers. In particular, even peers should not be able to recognize from which node the message originated.
Of course, in practice, it may be possible for a powerful adversary to do some analysis and potentially assign higher probabilities for being the originator of a message to a subset of the peers. GNUnet tries to make this as hard as possible (see our paper on anonymity). The degree of anonymity (how hard it would be to distinguish an individual from the group) in GNUnet depends on the resources (mostly bandwidth) that the individual has available to achieve anonymity.

In the case that an extremely powerful adversary was to break the anonymity of a peer, GNUnet provides deniability. Deniability means that the communication is secret in the sense that only the final recipient knows the key to decrypt the message. The sender and the intermediaries are unable to determine the actual contents. Since content migrates in the network, the originator of the content can often plausibly deny knowledge of the contents since the content could have migrated to the peer, making the originator indistinguishable from an intermediary. Since intermediaries have no means of decrypting the content and are (in all sane legal systems) thus not legally responsible for them (if you use the Internet to send an encrypted E-mail, your Internet Service Provider (ISP) will typically not be held responsible for the content that its servers transmit; in GNUnet, every peer plays the role of an ISP, providing Internet services to other peers).

Here is the current development plan:
fix bugs
add directories and namespaces
add additional transports
add support for internationalization (GNU gettext)
port to OS X
port to Win32

Anonymity is the lack of distinction of an individual from a (large) group. A central goal for GNUnet is to make all users (peers) form a group and to make communications in that group anonymous, that is, nobody (but the initiator) should be able to tell which of the peers in the group originated the message. It should be impossible for an adversary to distinguish between the originating peer and all other peers. In particular, even peers should not be able to recognize from which node the message originated.
Of course, in practice, it may be possible for a powerful adversary to do some analysis and potentially assign higher probabilities for being the originator of a message to a subset of the peers. GNUnet tries to make this as hard as possible (see our paper on anonymity). The degree of anonymity (how hard it would be to distinguish an individual from the group) in GNUnet depends on the resources (mostly bandwidth) that the individual has available to achieve anonymity.

In the case that an extremely powerful adversary was to break the anonymity of a peer, GNUnet provides deniability. Deniability means that the communication is secret in the sense that only the final recipient knows the key to decrypt the message. The sender and the intermediaries are unable to determine the actual contents. Since content migrates in the network, the originator of the content can often plausibly deny knowledge of the contents since the content could have migrated to the peer, making the originator indistinguishable from an intermediary. Since intermediaries have no means of decrypting the content and are (in all sane legal systems) thus not legally responsible for them (if you use the Internet to send an encrypted E-mail, your Internet Service Provider (ISP) will typically not be held responsible for the content that its servers transmit; in GNUnet, every peer plays the role of an ISP, providing Internet services to other peers).

Here is the current development plan:
fix bugs
add directories and namespaces
add additional transports
add support for internationalization (GNU gettext)
port to OS X
port to Win32

Anonymity is the lack of distinction of an individual from a (large) group. A central goal for GNUnet is to make all users (peers) form a group and to make communications in that group anonymous, that is, nobody (but the initiator) should be able to tell which of the peers in the group originated the message. It should be impossible for an adversary to distinguish between the originating peer and all other peers. In particular, even peers should not be able to recognize from which node the message originated.
Of course, in practice, it may be possible for a powerful adversary to do some analysis and potentially assign higher probabilities for being the originator of a message to a subset of the peers. GNUnet tries to make this as hard as possible (see our paper on anonymity). The degree of anonymity (how hard it would be to distinguish an individual from the group) in GNUnet depends on the resources (mostly bandwidth) that the individual has available to achieve anonymity.

In the case that an extremely powerful adversary was to break the anonymity of a peer, GNUnet provides deniability. Deniability means that the communication is secret in the sense that only the final recipient knows the key to decrypt the message. The sender and the intermediaries are unable to determine the actual contents. Since content migrates in the network, the originator of the content can often plausibly deny knowledge of the contents since the content could have migrated to the peer, making the originator indistinguishable from an intermediary. Since intermediaries have no means of decrypting the content and are (in all sane legal systems) thus not legally responsible for them (if you use the Internet to send an encrypted E-mail, your Internet Service Provider (ISP) will typically not be held responsible for the content that its servers transmit; in GNUnet, every peer plays the role of an ISP, providing Internet services to other peers).

I tried to install freenet, but it was written in Java, and hence was total crap and wouldn't even run.

It has a few advantages, like far better usage of (and anonymity for) dial-up users, plus greater protection against DOS type attacks. It also has some disadvantages against Freenet, but AFAICT, none that won't be addressed in future versions.

called GNUnet

Come on,
We all knew this would happen. Didn't we?

A couple of projects worth a quick plug here are GNUnet and Spana/Panorama , both of which have the aim of allowing anonymous peer-to-peer transfers.

I say GNUnet has a great chance of becoming truly worthwhile, but of course, it's already quite usable on *nix systems (possibly including OSX). Why not have a look (and if you use Windows, watch out for when they'll have a port for you). Remember to keep downloading the new versions, as it is changing rapidly.