Slashdot Mirror
Peer-to-Peer Goodness
Masem writes "ZDNet is reporting on two products that are based off the peer-to-peer sharing idea that Napster made popular to release two useful tools to the community. First, "Rumor" is a p2p program that helps to spread the updates to virus protections programs by having each client on an intranet act as a p2p node, reducing the load on servers and speeding the distrubtion of the update. The second new program called "Groove Transceiver", designed by Ray Ozzie of Lotus Notes fame, acts like an extended AIM client, allowing large groups of people to communicate as a whole, but without the need for something like an IRC server. It's good to see potentally useful programs attributing their success to the Napster model - hopefully they will help with further defence of it.
"
p2p sharing of mp3 files is one thing, but sharing executable files is absolutely inexcusable. the potential for trojans is staggering, unless there is a central source for a key and signature.
I wonder how long it is going to be before someone hacks the distributed anti-viral updates so it spreads a nice and mallicious trojan.
Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
... isn't spreading AV updates through insecure nodes a BAD idea? I thought the point of those is that you want them to be secure and good, not themselves compromised!
Its bad enough that theoretically someone with an important enough of a router could screw with stuff as it is being downloaded, I don't want this to be too easy...
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
before some enterprising individual writes a virus to exploit this, say, automatic sharing of updates to virus protectors? Say, removing the signatures of certain virii? Or possibly, hell, just turning the protector itself into an infector?
/msg over irc now. But usually it's on a private server, and the nut-kicking principle can apply. Not so if everyone is suddenly a "peer".
As for distributed conversations, unless there's some strong crypto in there, not to mention good anonymization of the packets, I sure wouldn't want to discuss anything private, since any old schmoe with a little know-how along the conversation path would be able to read all about whatever I was discussing.
Yes, I
What I'd prefer to see is something similar to the cypherpunk remailer networks for irc, something akin to onion routing or somesuch. Probably too much overhead though, and living in the States, I couldn't even work on it and release it.
--
It's pretty pathetic when karma can drop when you do nothing
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
Burris
A way for groups of people to communicate online in real time! For only $50-$100 per seat! Wow!!! The world will never be the same! I'm so glad to live at the turn of the millennium where we have such radical new technologies.
Include concepts from the Eternity Service and you could make a real good case for adopting this tool in an environment where The Powers That Be decided to adopt a monolith document repository system or a centralized email system that seem to be down way too much.
How soon before we see an open source version?
Ignoring the obvious stuff about hax0red antivirus updates...
Groove looks pretty cool. First the bad news: Right now it's Windows-only, the protocols are undocumented, and there may be patents involved. But the good news is that these guys seem to have a good attitude. They're definitely in it for the long haul, actually thinking their design through (unlike Napster, Gnutella, etc.), and putting in security that would make a cypherpunk proud. And they're promising to release protocol docs so that other apps can interoperate with it.
This interview at the O'Reilly Network seems to have some interesting technical bits.
I had at least made it to the minimum requirements section. PII, 50MB for applications, 150MB for data? I thought ICQ 99 and ICQ2000b were fat bloated blimps...
But then it is supposed to be more/different than ICQ/AIM or the P2P flavor of the month. Somewhere I saw it described at NetMeeting on steroids. The Next Generation of Groupware. I'm not exactly sure what it is supposed to be, the few pages of the site that I could get to download weren't exactly descriptive.
Still, I wanna check it out, even if it just becomes more trash clogging up my Windoze Registry. Mainly cause I've got assorted projects spread across the world with mainly Windows Users (must... resist... temptation... to insert L there) to deal with. Anything to make it easier. So, UH, anyone played with it yet? Or should I listen to that little (BSD) devil on my shoulder saying "200MB? you should know it will suck regardless of who designed it. STICK TO EMAIL"
Bleh!
err, yeah... let me write my own virus def file and then spread it around. it'll include portions of 'win.com' and the office package, so that they are scanned and deleted like the viruses they are. :)
eudas
Blessed is he who expects the worst, for he shall not be disappointed.
I'm surprised that I haven't seen something like this for the warez and iso scene. Of course with the large file sizes, it's not nearly as effective as napster.
One, I know I've played with that update model. Two, didn't we discuss the peer-to-peer update on a old Ask Slashdot? Or mabye it was an article on DDOS..
I hope they have patented it, cuz some lawyer is going to have fun talking to me!
.sig: Now legally binding!
All the little hacker kids out there really need to open their eyes to what myCIO has done with their implementation of p2p. Though Rumor supports the same acronym as Napster, they're very different.
/stated in the article/, Rumor uses token level authentication. As a network admin, Rumor's implications on a pure technology level intruiges me. No longer do I have to manage 450 desktops which each must go out onto the Internet to grab antivirus dat files. Instead, I spend a significantly smaller amount of time managing one SINGLE access point. Much more secure/efficient, and it gives me more time for Quake. ;)
First off, application/enterprise p2p is Intra-p2p, not extra. That means that all p2p file sharing is done inside your network, behind your firewall. Additionally, as
And Kudos to myCIO for developing Rumor as an application indepedent technology. From perusing their website, they offer everything from at-the-gateway virus scanning, desktop virus scanning, VPN, firewall... One can only hope that they can integrate all these services into a single p2p platform. What I'd give to manage all my security measures from a single access point and control console.
And to anyone who mention sharing of executables... go back to a refresher CS course. ZDNet's right. Implemented correctly, Intra-p2p could possibly be the wave of the future.
~SunRunner~
I can't help but wonder..
Woudl this work much better if it was in a LAN environment? That is where much of this really appeals...
And I can't help but think some of this is just to 'cash in' on the big p2p frenzy these days.
Gimme a break. p2p is *old* technology, not new. It's using p2p in a large, distributed fashion that is new.
As a distribution model, this might seem neat. It also could be considered distributed caching, or something like freenet.
Really, as an organization, I have no problems haveing my few hundred or thousand users grab virus updates off a central server; how is having them fetch it off their neighbors somehow better? In certain network architectures, this may work better.... but really.
Instant messaging? You mean like... talk in unix?
Certainly, there is an application for instant messaging. Part of the centralized nature of instant messaging is so peopel can find each other; with a slight bit more effor,t ICQ woudl not NEED a server.. but that's too much work for joe average to do. Heck.. most of the reason for the central server is due to dynamic IP addressing anyway..
Would P2p gaming work? I'm tired of not being able to play Cstroke/TFC/Quake because of goofy server hang-ups. Or would this just be a cheaters' haven?
Speaking as someone who has to use Notes every day, I'd like the programmers responsible for Notes to keep their new projects to themselves. :-)
Please.
Question, is the Groove Transciever Open Source etc? I know that many OS MMORPGs are basing a large part of their servers off of IRC servers. If this technology is freely available, then the expensive server end of OS MMORPGs may have a very valid workaround that would remove an almost prohibitive cost from the system.
So far I've gotten all my Karma from telling people they are wrong... :)
I agree, it's very good to see new, innovative applications built on a p2p model. However, this will NOT help Napster because these programs are not Napster-like! These programs are true p2p, whereas Napster is only pseudo-p2p. The term Napster-like is very nice because EVERBODY knows what Napster is, so if you say "Napster-like" everyone knows what that means (or at least, they think they do). An illustration of why this is misleading:
Napster looks like this:
client <--> Napster-server <--> client
True the server is only involved in the initial phase of a transaction, acting as the "negotiator" of a file-sharing session; once the two clients are talking the server drops out. But the server is, BY DESIGN, involved in every client-to-client session, and you can never have a client that is more than once removed from the server (i.e. no client can turn around and act as the server to another client, and the chain is never more than two clients long).
By contrast, a true peer-to-peer implementation is "smooth" - that is, all the nodes are clients. So it looks like this:
client <--> client <--> client <--> client <--> ...
If there is ANY server involved (which must be the case with Rumour, though not with Groove), it is at the END of the chain:
server <--> client <--> client <--> client <--> ...
Thus one client talks to the server and then shares that information with other clients, which share the info with other clients... In reality the "chain" I've drawn is actually a tree, but the topology isn't important. The important point is that most of the clients NEVER talk to the server, whereas with Napster every client MUST talk to the server!
The terms "server" and "client" are themselves ambiguous, but that's at least partially the fault of trying to force an apricot (Napster) to be an orange (p2p)! In Napster, what I have called the "server" is more of a broker between "clients" (user's computers). One of the clients acts as a "server" in each transaction, in the sense that it's serving files out, but no client can serve files to another client without going through the Napster server/broker. So it only makes sense to call the machine/site that brokers EVERY single session the "server". In the "true" p2p model the server (if there is one at all) acts in the more traditional sense (serving files), but is not generally involved in any given transaction.
And, of course, there's the small point that neither chat (ala AIM, ICQ, or NetMeeting) nor virus-information-file sharing involves potential copyright infringement. Chat's pretty self-explanatory, and virus info is "safe" because you still have to have a working copy of the anti-virus engine in order to use it.
I defy anyone to present a good reason why any of this should HELP Napster's defence(sic).