Domain: theory.org
Stories and comments across the archive that link to theory.org.
Comments · 24
-
Re:Cue the haters [language feature wishlist]
To be fair, all the common scripting languages suck.
...
But, the common scripting/dynamic languages out there all suck in different ways. (I suppose a lot of it is subjective.) -
Re:Could this lead to false sharing allegations?
no, it doesn't really work that way.
https://wiki.theory.org/BitTor... is the protocol that has problems in it. the bit-torrent protocol
The things IP owners use to track people are DHT and public trackers which are an entirely different thing used only for discovery of peers.
Theoretically they should be spoofable too, using very similar technics(they too are built on top of udp(mostly)), but it's not related to this. -
Re:Aprils Fools?
No it means stop apologising for a shit language. http://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because:
-
Re:You were correcting someone?
WRONG! I don't give a shit what they teach at the MSCE classes or where ever you heard such a thing but my computer does not automatically configure DHCP. Even if I decided to use such a service (which as mentioned previously has security risks so most servers that are internet facing don't use these services) my OPERATING SYSTEM would use such a service, not my Computer.
Goodie that "YOU" don't use static addresses, but don't claim that the rest of the world is the same as you.
QFE. And to paraphrase... Goodie that "YOU" don't use DHCP, but don't claim that the rest of the world is the same as you.
And I would still be *extremely* surprised if you're not using some combination of DHCP and/or RADIUS as part of actually connecting to the Internet in the first place... if you have discovered an ISP that will allow its residential customers to configure their systems with a static IP address with no need to refresh configuration data from the centralized system, please do share it with the rest of us, as I'm sure there's some people here who would love to find out about it, for one reason or the other.
It was not a complaint and not a red herring, unless you take things way out of context, it was a statement of fact. My point with SMTP and HTTP is that you are claiming they are required services for the internet to function. My answer is the same, no they are not required. No more required than IMAP or POP. Those are SERVICES and service are not REQUIRED for the internet. Protocols are the only requirement for the internet to function. Do you get the difference? I'm guessing not.. but hell I'll try one more time
The Internet is a system to facilitate the exchange of information. Pray tell... if there's no information being exchanged, and no way to exchange said information, is there an Internet in the first place?
Also, the P in all of those acronyms you listed stands for Protocol. Simple Mail Transfer Protocol, HyperText Transfer Protocol, Internet Mail Access Protocol, and Post-Office Protocol. We'll throw in FTP, File Transfer Protocol, and for good measure, we'll also throw in BTP, though that's not what most users refer to it as. Perhaps, just maybe, their creators felt that they were protocols and not services. The service is the application listening on the open port you connect to (which is itself part of another protocol). These protocols are the language used to transfer information once you're connected.
I corrected your mistakes
You didn't, though. You squirrelled the discussion into something completely unrelated to the point I was making and made some false assertions, and when I called you on the bullshit, you proceeded to make ad hominem attacks. Incorrect ones, at that. I gave you an opportunity to avoid the ad hominem attacks, and in your next post, you continued with more of the same. My turn: you're either a troll or an idiot, and you're wasting my time.
-
Re:LOL spoofed IP
No, I'm not thinking of actual IP spoofing at all.
I'm referring to the ip parameter of the GET request that's sent to the tracker. Some trackers honor this, some don't. You'd think it would be redundant information, since your IP address is already transmitted as part of the IP packet header, but it isn't always the case that the IP address other peers should contact is the same as the IP address making the tracker GET request (e.g., if you have particular kinds of proxies). This is documented in the BitTorrent specification (Tracker HTTP Procotol: Request Parameters).
Also, connections to peers aren't over UDP; they're also TCP connections. (Same document, "Peer wire protocol".)
-
Re:Wasn't that site a hoax?
I'm sure it's easy to poison a tracker into giving out IPs that aren't actually torrenting.
The protocol is dead simple, actually. HTTP GET's and decoder for bencoded formats, and you're halfway to making a database already. Add some web crawling for torrents, and you're set.
Tracker protocol:
http://wiki.theory.org/BitTorrent_Tracker_ProtocolGET announce example from there:
hxxp://some.tracker.com:999/announce
?info_hash=12345678901234567890
&peer_id=ABCDEFGHIJKLMNOPQRST
&ip=255.255.255.255
&port=6881
&downloaded=1234
&left=98765
&event=stoppedAnd it will answer with a list of active peers (with IP) it already have on that info_hash, in bencoded format.
Bencoded format example:
d4:spaml1:a1:bee represents the dictionary { "spam" => [ "a", "b" ] }
This is more or less a weekend project, if even that.
-
Re:Wasn't that site a hoax?
I'm sure it's easy to poison a tracker into giving out IPs that aren't actually torrenting.
The protocol is dead simple, actually. HTTP GET's and decoder for bencoded formats, and you're halfway to making a database already. Add some web crawling for torrents, and you're set.
Tracker protocol:
http://wiki.theory.org/BitTorrent_Tracker_ProtocolGET announce example from there:
hxxp://some.tracker.com:999/announce
?info_hash=12345678901234567890
&peer_id=ABCDEFGHIJKLMNOPQRST
&ip=255.255.255.255
&port=6881
&downloaded=1234
&left=98765
&event=stoppedAnd it will answer with a list of active peers (with IP) it already have on that info_hash, in bencoded format.
Bencoded format example:
d4:spaml1:a1:bee represents the dictionary { "spam" => [ "a", "b" ] }
This is more or less a weekend project, if even that.
-
Re:This doesn't add up....
There are 100 or so really good proxies out there(maybe tor end nodes?)
Tor would be possible, but tor means that every X minutes you would get a random endnode (it might not be every X minutes, the way tor works in detail is not my area of expertise), which is suboptimal at best for bittorrent. Tor is also more often than not slow, and unreliable for connections that take a long time. Typical use such as HTTP consists of relatively short connections (a few text files, a few binary files for images), but I do have to admit that I don't know if HTTP Keep Alive is respected out of the box by the tor bundles (and I doubt HTTP Keep Alive is such a good idea on an "anonymous" network anyway).
In general, Tor is as reliable as the weakest node in your circuit of nodes you're using as a proxy, which in my experience is not all that reliable at all.
I have no idea what that would do to the torrenting protocol, but it might make it have issues recognizing available resources.
A peer in the bittorrent protocol put simply is a pair of an IP and a port, and it has no trouble distinguishing between other clients on the same IP. It's a little bit more complicated (there's a randomly generated 20 byte ID involved, but as far as I can remember trackers aren't required to send that to other peers in compact mode). Even when you're not using a tracker (by such extensions to the protocol as DHT or PEX), it's still not much of a problem. I've recently spent a bit of time reading up on the protocol (do check out the BEPs if interested, there's some really cool stuff in there) for a little hobby project.
The thing is, without joining the swarm there's really no way to keep track of the peers in the swarm other than by IP and port, and even then. Say for instance you're a member of the swarm and you've got a provider that uses DHCP. The researchers script then does the announce request to the tracker to get a list of peers and among the randomly returned peers is your IP and port number. After about an hour or so, you leave the swarm, shutdown your computer and go to bed. You release your IP back into the ISPs DHCP pool, and 10 minutes later the guy who lives next door turns on his computer and gets that IP. His bittorrent client by default chooses the same port number as you. Suppose that the tracker only returns IP-port pairs in compact mode, instead of the 20 byte id, ip, port triplet, then there is no way for those researchers to see that the peer has become someone else. The chances of this happening are small though, unless it's a really really popular torrent, and even then the handful or random peers returned by the tracker would require quite a bit of luck to have the same peer in it twice on sufficiently large torrent.
Next, even IF the tracker returns the 20 byte id, IP and port triplet, the 20 byteid is supposed to be randomly generated every time the bittorrent client starts. There is an optional field that you can pass as a unique id to the tracker for keeping track of you, but peers in the swarm will never see that. So basically, you can't really tell who is who from IP-port pair. It is a peer, but two different peers over a period of time could be the same person.
Everyone here has probably heard this, but an IP address does not represent a person.
From the press-release from the univesity about the paper:
"In order to remain anonymous, - explains Professor Rubén Cuevas - many of them rent servers from companies that perform this service and then publish contents from those servers".
Are you sure they are renting it, and didn't just script-kiddie their way into the server? Explain to me the logic in paying for something, with mon
-
Re:Pardon my ignorance... but tor for P2P?
When you connect to the tracker, you have to give it the same IP you'll be using to connect to clientes. Tor doesn't protect you, because even if the IP is anonymised in the Transport Layer, it'll still be sent in the Application layer: http://wiki.theory.org/BitTorrentSpecification#Tracker_HTTP.2FHTTPS_Protocol
-
Re:Surprised
Bittorrent, simplified:
- torrent file contains tracker and file information (sha1 for verification)
- client connects to tracker (http/https)
- tracker sends list of peers (up to 50, randomly selected)
- client connects to peers, determines what pieces peers have
- client uploads/downloads
So it would be straightforward to have a custom client poll the tracker for peers and then connect to determine if they have the full file or not. If they do, you can download entirely from them (they won't request any chunks from you) to prove full redistribution.
-
Re:C&C: Total Failure
Eh? The BitTorrent protocol specifies a completed message that is to be sent to the tracker once the torrent has been fully downloaded. What more do you need?
-
Re:Sweet!http://wiki.theory.org/BitTorrentSpecification#Tracker_Request_Parameters # ip: Optional. The true IP address of the client machine, in dotted quad format or rfc3513 defined hexed IPv6 address. Notes: In general this parameter is not necessary as the address of the client can be determined from the IP address from which the HTTP request came. The parameter is only needed in the case where the IP address that the request came in on is not the IP address of the client. This happens if the client is communicating to the tracker through a proxy (or a transparent web proxy/cache.) It also is necessary when both the client and the tracker are on the same local side of a NAT gateway. The reason for this is that otherwise the tracker would give out the internal (RFC1918) address of the client, which is not routeable. Therefore the client must explicitly state its (external, routeable) IP address to be given out to external peers. Various trackers treat this parameter differently. Some only honor it only if the IP address that the request came in on is in RFC1918 space. Others honor it unconditionally, while others ignore it completely. In case of IPv6 address (e.g.: 2001:db8:1:2::100) it indicates only that client can communicate via IPv6. Depending on the tracker, you may be able to impersonate anyone at all.
-
Here's how I think it works..
I've just read the nytimes article, but I think I know how this works.
A bittorrent tracker just keeps a list of clients that have said they're interested in the file, and gives ip's to new clients. The researchers probably connected a client to see how many was connected (get the list of ip's), and not actually downloading or uploading. I will guess that this is the exact same thing that *AA does, and don't check if any of those ip's the tracker gives actually do trade data.
Further on, you can manually set your ip address in most torrent clients, which gets reported to the tracker. Putting 2 and 2 together, you set the ip to some victim's ip, connect, and when *AA vacuums the tracker for ip's, the tracker gives out the fake ip address. No need for advanced mumbo jumbo, just tell the tracker that's your ip, and it'll believe you and tell all its friends.
The bittorrent protocol specification can be found here, btw. Look under "Tracker Request Parmenters", at the "ip" field.
Now, do anyone know the IP address of some judge/lawyer's home networks? ;) -
Re:The failure of Freenet
It's been many years since I've followed Freenet, but I'm pretty sure you're wrong on the "security through obscurity" bit. The security is derived from his graduate research on the properties of routing in small world and scale-free networks. Plenty of papers and presentations on the searching that made its way into the 0.7 release can be found at http://freenetproject.org/papers.html. And as for lack of documentation, I won't argue with that, but don't forget that early in BitTorrent's development lifetime, Bram Cohen only put up only a vague specification of the protocol (but now vastly updated, see http://bittorrent.org/beps/bep_0003.html), but a separate Wiki was established to document all its nuances after pouring over the source code (see http://wiki.theory.org/BitTorrentSpecification). This Wiki begat the hundreds of alternative BitTorrent clients you find today. The same thing could happen with FreeNet, by other people with "years of prior Java experience." (And please, it's not like Java was written for the programming elite and takes that much time to master. My first encounter with Python was reading over the piece-picker module for the original BitTorrent code, and the language barrier was easy to overcome.)
-
Re:Interdiction
.torrent files have a string of "20-byte SHA1 hash values, one per piece" (http://wiki.theory.org/BitTorrentSpecification). It must be a misinterpretation or something, because it sounds like other p2p systems and not BitTorrent. Having read through most of MediaDefender in the News, reporters tend to give unclear or incomplete explanations.
-
Re:In related news...
You are definitely right about the spec. The "official" spec from Bram Cohen was somewhat of a joke. The best that is available is:
http://wiki.theory.org/BitTorrentSpecification -
Re:Wow!
I've never used Fractint, but my lowly 700 Mhz PC can render fractals in real-time with Xaos.
-
Re:Good point!
There are many times when I think about some of the things that I do on computers today, and sometimes it seems like they aren't much faster than years ago.
Well, yeah, you don't need that much computing power to run a GUI word processor and a spreadsheet and an email program: "good enough" happened around 1987.
But you know, whenever I want to be reminded I'm living in the future, I set up Xaos to run at 1600x1200, 16-bit color (it's a little jerky on my laptop in 24-bit color), and autopilot... and remember I used to let my Atari 800 run overnight to get a 160x200, 4-color Mandelbrot/Julia set image. -
Re:Tried to read it
I remember typing that program in from one of the Antic magazines. Those were the good ol days. Between 1-2 days to generate each picture. Now we can do it in a matter of seconds on the average PC.
Why not do it in real time? A fairly old program, with smooth zooming into various fractals. Worked well on an old Pentium, looks bloody amazing on a modern machine!
Does various tricks to avoid calculating too much, and is rather clever about it... -
linkageIf you were wondering what this is all about... Annalee Newitz (with two N's) is the author of a regular print-media column called "Techsploitation", of which this story was an example. More on that: http://www.techsploitation.com/writing/ http://www.alternet.org/alsoby.html?Author=2188 More about CodeCon: http://en.wikipedia.org/wiki/CodeCon http://www.codecon.org/2004/ http://www.oblomovka.com/search.php3?q=%3Cspan%20
c lass= http://www.financialcryptography.com/mt/archives/0 00050.html The Schmoo Hacker Group: "The Shmoo Group is a non-profit think-tank comprised of security professionals from around the world who donate their free time and energy to information security research and development." http://www.shmoo.com/ Wi-Fi Remains a Work in Progress A latte, a Wi-Fi link and a hacker Wireless network worries? Get a dog! "Need To Know" (a zine in fixed-width font, the way god intended the net): http://www.ntk.net/ Ken Schalk, yo-yo hacker, is the author of Vesta: "Vesta is an advanced system for source code control, versioning, configuration management, and building. It is an alternative to CVS+make." http://freshmeat.net/projects/vesta/ http://sourceforge.net/project/shownotes.php?relea se_id=156198 Sparky's http://www.milkycat.com/toiletree.htm Jonathan Moore evidentally did a bunch of wifi networking down in Santa Cruz, and is the author of the MobileMesh software http://wiki.haven.sh/index.php/WikiWikiWan Jonathan Moore's CodeCon presentation was about: "Hacking Social Networks part II (Don't search private data)" http://more.theory.org/archives/000110.html#more Science Magazine is put out by the AAAS, and does great in-depth coverage of general science (and insanely detailed minutia about biology): http://www.sciencemag.org/ Placebos http://placebo.nih.gov/ Oh, and about "GenToo 2004": http://www.gentoo.org/news/20031203-news.xmlHeh... note the email address Annalee Newitz is using here... she evidentally creates a new mail alias for every column: sugarpill@techsploitation.com
Ah, slash ids pushing a billion and whining about what a sewer it's become...
-
Some fun stuffHow could anybody not mention The Best Game Ever? And, no, it's not (strictly) character-based any more.
Why not smack on a few IF interpreters for playing some of the excellent (and free) text adventures out there? I particuarly recommend (Win)Frotz.
Also, MAME and ZSNES are excellent arcade and SNES emulators.
For eye candy, I'm surprised nobody's mentioned Xaos. Mmm. Fractal zooming. So pretty. Plus, a good introduction to the mathematics of fractals.
-
direct link to BitTorrent installer
-
BT Link Here!Here is a link to the file published with BitTorrent, download away!
http://bittorrent.theory.org:8080/20020528_eff_ti
n seltown_club.mp3burris
-
Re:Okay, whateverThe numbers he picked were rather surprising to me too (and a little arbitrary I think.)
There is also the question of the numbers he left out -- certain numbers seem 'built-in' to the universe and I wonder why that is exactly -- are they a consequence of some baser truth or reality? If these physical constants mentioned in the article vary in other universes, would these mathematical constants also vary?
I'm talking about the famous Pi, Phi (ie, the Golden Ratio), and e (Euler's Constant) among others. Why is the ratio of a circle's diameter to its circumfirence exactly 3.1415...?
It's all very confusing to me. But then I like to look at the pretty fractals.
---