Slashdot Mirror
Peer-to-Peer for Academia
Andy Oram has a good speech online about peer-to-peer and universities. He discusses a variety of possible research topics under the p2p umbrella and urges university administrators to promote this instead of squashing it.
...peer-to-peer file sharing in a purely academic sense is not discouraged or directly banned. However, internet file sharing programs (beginning with Napster) were banned due to the hit that they put on my school's available bandwidth. With over 12,000 100Mbps dorm room connections, it proved a little bit too easy for the student body to overrun the entire network by queueing up 100+ songs on Napster.
I would imagine that it is the same for most universities...they don't discourage file sharing in a more academic capacity, but they know that it's going to be used for Napster-esque file sharing, and thus they are forced to implement an overall ban.
P2P is a topic of some interest for networking and distributed systems researchers. There are people all over the world already working hard on this topic for a few years and probably for more than that without even recognizing or uttering the word p2p. The speech strikes me as not terribly timely. Researchers don't give a damn about whether or not Napster is banned on the campus, at least with respect to working on, say, distributed file systems or reliable and efficient p2p routing. For example, at my school, I am working on an open reimplementation of a P2P routing scheme for a project course (the original implementation is closed as it was developed while working for the bad people). How many small teams of graduate students and seniors do you think are doing the same thing at other universities? I would guess a half dozen around the world. Academia is already busy fixing the problems with P2P and it has access to manpower and hardware (cluster machines and network simulators). We don't have to worry that people will be scared to think about this topic.
The real sticking point, however, is what happens when general file-sharing software becomes popular, and people are sending each other pictures of the kids, notes, and all other sorts of digital goodies in addition to music.
Napster was banned for two reasons: bandwidth and copyright infringement. What's likely to happen in the case of general purposes P2P apps is that universities and ISPs will start to block out the software(such as gnutella) rather than individual users when they get complaints of copyright infringement, making the public suffer for the actions of the few. Worse, all of those legitimate users of P2P software will be labeled as "pirates."
The society for a thought-free internet welcomes you.
College administrators have fallen into the same rut as telephone companies that are slow to roll out high-bandwidth lines, or the recording industry that is shutting down Napster. These institutions all find it more profitable to manage scarcity than to offer abundance.
(emphasis mine)
That's the problem right there. As resources become abundant, price should drop, availablility goes up, the product reaches a wider audience. It took how many years (lack of competition) for Microsoft to ship a decent product? How many DSL providers dissapeared? The RIAA and MPAA want to strangle any revolutions in the distribution of their product. What kind of market model is that!?!
When companies can hold back on the resources they control to keep profits rising, there's a problem.
It is often that I read knowledgeless prattle on Slashdot ... usually only from fellow commentors. This is not a troll, it is serious criticism of an article that is blatently wrong. Let's examine Mr. Oram's discussions of P2P ...
Did Universities try to stop P2P? Napster, certainly. Probably many other file sharing systems too. Why on earth would they do that? Bandwidth, security, liability. I'll elaborate later.
Mr. Oram asserts that P2P is a great way to overcome limited resources. Then expounds on how Internet2 and IPv6 are going to remove the resource barriers to P2P.
Is P2P new? No. IRC's DCC extensions have been around for at least 8 years; ytalk is even older. The idea of dsitributing information on a whole lot of servers without central control is, surprise surprise, the basis for the Web. P2P simply involves direct communication between clients, at most using a server to mediate discovery.
I'm going to ignore the anti-DMCA dissertation, because its been heard before. It also has nothing to do with P2P; just a few specialised services that use P2P as a means to swap copyright information. If it wasn't for people like Mr Oram confusing P2P with specific P2P applications, then P2P as a whole wouldn't have a bad name.
A little later we hit the "IPv6 will help" argument, to which I can only say: security. Sure, you get rid of NAT. But at the risk of placing your device in the line of fire. Even if it is "secure by default" (so end users don't have to worry too much), it is still accessible from everywhere. That means DOS vulnerable, attack vulnerable when a security hole is found, and each and every individual is responsible for their own security. That doesn't work in corporate of group/organization networking. A central point needs primary control over security for the entire network. NAT, firewalls, and prevention of arbitary data coming IN to the network unsolicited are significant defenses against attack.
Which brings up the strongest point for universities to deny P2P: they would have to allow access to P2P services (yes, P2P is actually a client and a server on each machine) behind their firewalls, causing a security risk. Typically universities have a limited number of computers providing services behind firewalls, and take care to guard them against attack, and quarantine them in case of breach. With P2P, this approach goes out of the window.
For the same reason Mr Oram has ignored the security communities hatred of SOAP, a protocol explicitly designed to penetrate those nasty firewalls that administrators put up. Tell me, why don't we just set up a public inbound IP-over-TCPIP tunnel available on all firewalls so that we can get past them?
Now Mr Oram turns to debunking the security argument. Totally missing the point of course. You can encrypt and sign until your CPU is blue in the face, and still have zero security because your computer has been compromised. Unless you can adequately secure ALL services on your computer, you are insecure. One of the best ways to secure a service is to shut it down. The more services, the more ports of entry. Not surprisingly, P2P is a service.
Sendmail and apache serve massive amount of network traffic every day. They have taken years to mature to a point where they are mostly secure, yet new hacks are found for them every so often. How long until P2P implementations reach this level of maturity, and security?
The McAfee example is laughable, to say the least. Multitier client-server technology isn't P2P, not matter what this supposed expert wants to believe. Oh yes -- what was that announcement two weeks ago about an attack on the McAfee auto-upgrade feature?
While most of the assertions regarding bandwidth are true (shock!), Mr Oram is WAY OUT on the University issue. You see, students may be downloading the same amount irrespective of whether they use P2P or FTP ... but there is the issue of UPLOADING. Having administered a network for just a small company at the time of Napsterism, I saw a massive increase in bandwidth use just from Napster fielding and responsing to queries, even before local users started downloading the music.
Finally we conclude by returning to nonsense: Seti@home is P2P?!? In what universe does distributed computing offloaded by a central server and in which none of the computing nodes communicate with each other get classified as P2P?
Please, Mr Oram. Understand at least the vaguest basics of a topic before spewing garbage about it.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
I'd be more worried about the tendency of some universities to build strong firewalls around their networks that filter out all incoming traffic, thus preventing the use of any private servers and peer-to-peer clients of students as well as researchers.
Our university did this, which has annoyed especially many computer science students. For me, it closed down my largeish website, together with many CGI programs for research (such as a data equalizer for neural net research) and personal purposes.
I wrote a long complaint (in Finnish sorry) about the problem, but since most people don't need (or don't know they need) the service, they don't care. The students still can put up their web page to a poorly administered and always outdated main server, which doesn't have any DB or other softwares, and has very severe restrictions on disk space (on the order of 10 megs while I'd need some 10 gigs).
I see this also as a serious threat to the development of new Internet services. If you look at most of the existing Internet technologies (http, nntp, smtp, bind...), they were all created in universities as "gray research", often by students. In a tightly firewalled Internet, they might never have made it out.
Sure, researchers and deparments of our university can theoretically have their own servers, if the department's head takes personal official responsibility and the department officially allocates money for the upkeep. This means absolute ban for almost all "gray research" projects (often part of larger projects.)
In our case, firewalling was explained with need for tighter security. However, an easy-to-use unofficial port registration would have solved most of the security problems. It's difficult to say what's the real reason; perhaps over-enthusiasm for "high-end security tech", or perhaps just low interest to administer the system - if the net isn't used it doesn't cause so much work, right?
Oh, and we pay for our connections, although they are partly subvented. Well, it might even be profitable for the university. (Note that studying doesn't cost anything here.)