Slashdot Mirror
Collapsing P2P Networks
Andrew writes "I'm a undergraduate at the University of Washington, and after seeing this article on Salon, I dusted off a paper I had written last year. I examined P2P networks under a model usually used in describing animal populations, and found that it may be possible to cause a collapse in the network based on the intrinsic nature of the technology. Just as in animal populations, P2P networks require a sizable "critical mass" of users, and overharvesting can cause a systemic collapse - what if this were done on purpose? Quite ominously, my second recommendation on disruption was carrying damaged or incorrectly named files. You can read theabstract and the actual paper"
You know what we do with those types, don't you?
I have been pwned because my
As you have spent some time studying this field, you have probably run into realworld P2P happenings that follow the "rules" stated in your paper, could you name these, causes and results and the services in question?
True, the music industry could make tons of phony user aliases and bombard the servers with numerous useless queries and corrupt files. But where does it stop? This same technique could be used by companies to overload a competitors internet servers and capabilities... This method, though very possible, seems more like a mild virus attack that could potentially lead to a backlash of similar attacks from some pretty pissed off users.
Seems like a plausible solution, with some negative side effects.
my last sig was too controversial... now, a new and improved useless sig!
As stated in Salon there are a lot of bogus files. As for now there is enough stuff out there to get the song you want. However, maybe this is just a first try of the music industry to frustrate users of p2p networks. When they get things going they could probably flood the networks with songs, without any means to distinguish them from the good ones.
The practice of flooding the system with bad files is far more sinister than most of us realise.
This is actually the next step in the Taliban's fight against capitalism. They are continuing their religious war, attempting to reduce our morale by preventing us listening to music, except in short frustrating bursts of the same 10 seconds.
Their aim is to reduce us, to bring us down from within by sabotaging our right to Good Music In MP3 Format.
We Will NOT give in.
Uh, wait. Why did they start with 'No Doubt'?
Would a Slashdot style system of user moderation of shared files be a solution? Perhaps public and private keys to sign files as your online handle. Well known names would sson spring up and their signature could be used to verify the quality of the shared file before downloading. Of course there are many reasons people wouldn't want to sign files they might be sharing or have downloaded...
P2P as a concept is unlikely to collapse
Networks come and go, and encounter obstacles as the number of people using the network increases, but as one reaches "critical mass" another is born because the first became too unstable
There are a large number of p2p networks at the moment, some are more successful than others, but importantly they use very different technologies, some of which are less affected by increasing numbers of users
The fasttrack model appears quite comfortable with several million users, when the orignal gnutella protocol couldnt cope with that number (iirc)
I'm sure that a number of p2p protocol designers will attempt to use the ideas in the paper to avoid the various pitfalls
From the introduction in the paper:
> This paper aims to address the following
> questions:
> 1. How must the depensation model be modified
> in order to account for conceptual
> differences between P2P networks and animal
> populations?
> 2. What are the conditions necessary to cause
> catastrophes in P2P networks?
> 3. What does the model imply about other ways
> to limit or stop P2P networks?
> 4. What is the most effective method to stop
> P2P networks?
I bet if you'd set out to answer a more interesting question, you'd have obtained a more interesting answer.
Natural populations are well known for their ability to adapt to their environment; to mutate or change their behaviour in response to stimuli (threats) in their surroundings. If you truly wish to study P2P networks as if they are ecosystems or populations, there are plenty of more productive entymological questions to be asked.
This paper reads like a biologist saying "given, say, fish - how can we go about killing them?"
Nice to see *some* scientific analysis of this subject, however misdirected.
These sigs are more interesting tha
In fact, it was really a client server application which only on downloading a file did it actually make any connection with any other user.
True P2P has no server and needs no server. Napster had and needed such a thing to work.
Personally I wouldn't call it peer-to-peer at all, but if I was forced to, I'd far rather call it a hybrid P2P and Client/Server solution.
Avantslash - View Slashdot cleanly on your mobile phone.
Because everyone knows but none have yet said it.
Sharereactor/Edonkey cannot be flooded with damaged or renamed files and neither can any other network/client that relies on hashes of the downloads to ensure the file is the same.
As for using loads of bandwidth by doing loads of useless searches in an automated way, it would be very interesting to see how the different networks coped with this, especially the "next gen" edonkey, which is called "flock" and is in beta, and is supposed to use no servers...
graspee
A system that permits sharing of copyrighted material is hardly going to provide a simple way back to resolve the real originator of the material. It is difficult to prove but probably likely that many bad files come from persons connected with the production and distribution of the original material.
There are several sites now that publish checksums and sizes of P2P files. If you trust the site, then you have a way of validating files.
The main issue remains is so-called leaching. That is, those who take but do not give. This may be out of fear or out of selfishness or it may even be just that the user is new. The community response seems to allow small downloads to anyone but to restrict larger downloads to those who do share themselves. I believe there are even some automated tools that will perform this check.
Choice 4 is much more likely to give "good" results since more of the major holders of illegal material are targetted
Holywood would get better results by shutting down illegal DVD manufactureres of spiderman in korea (or wherever they are) rather than someone who makes a copy for his friends
Choice 1 gives everyone the same chance of being targetted and thus small time distributers/downloaders will be hit a higher percentage of the time and not have as great an effect on the overall level of content available
Collobarative Recommendations such as Amazon.com uses, (or Eigentaste or RecTree in academia) finally have algorithms that make it fast enough for an average PC to perform the operations. A decentralized version would not only foil spoofing and spamming, but would let you discover new things beyond the industry marketing machine. Does anyone have information on such work?
"There's so much left to know/ and I'm on the road to find out." -Cat Stevens
I agree that it would probably be possible to quite easily kill any P2P network; imagine one of the nodes in any Gnutella-type network sending faked information all over the place or something similar, or some kind of malignant Direct Connect client.
But let's say that the music industry/whoever did this, would it be legal just because P2P networks are "possibly used" for distributing copyrighted material?
I don't see the difference between sinking someones Direct Connect hub and launching a DoS attack against a webserver.
This is hardly news. I can't remember the last time that I shared a music file from gnutella that was correctly named, labelled, untruncated and not a radio edit (mea non culpla, the first thing that I do is to fix the damn things, before making them available for re-sharing).
For exe's, it's even worse. There seems to be a deliberate misnamimg of some files, e.g. GTA2 labelled as GTA3, or in some bizarre cases files named as "game Foo (actually game Bar)". What on earth is the point of that? If you're warning that there are misnamed versions out there with this filesize, then say that, otherwise just name it correctly and be done with it.
Porn is the worst of all. I've lost count of the number of god damn bangbus promos (or worse, trailers that spawn popups) that I've shared and ditched, and I'm now so sick of it that I won't download anything under 5MB (most of the trailers are smaller than that).
What I can't understand in all this is that I'm sharing these from other gnutella users. Sure, they are injected through malice (or avarice), but what is wrong in the heads of users that they don't understand that this is our network, and our responsibility to clean up the file naming? Nobody is going to step in and do it for us. It's only going to get worse over time, and I'd rather download three different but accurately named versions of the same file than one misnamed version that turns out to be another badly encoded asian lipstick lesbian popup spawning commercial.
Repeat the mantra: our network, our responsibility.
If you were blocking sigs, you wouldn't have to read this.
You've noticed this too? Is there any trend to the IPs of machines sharing these? Are they all at sony.com or something? (Hey, they could be grievously stupid...) In any case, perhaps some provider like Gnucleus could provide a realtime ban-list of this kind of abuse. Centralizing this information wouldn't have any legal ramifications, and while it's a flawed, stopgap solution, it would work, at least for a while.
.url files you get sometimes? I think it's just spammers doing some of this, and not the actual media industries.
I wonder if those results are virii or something. I usually just filter them out by requiring filesizes about 100k...
Have you noticed the "[searchterms] free bangbus passes.htm" and
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Unlike traditional web site DoS attacks, based on sending malformed messages (provable intent), DoS attacks in P2P can look like normal requests from normal clients that just come in really fast. IANAL, but much criminal law arises from intent, and the web DoSers (or bounce DoSers) clearly have intent. P2P networks just have a high-overhead protocol.
I don't think, in the end, that you can rely on laws to stop such problems. If you design a flooding mechanism into a protocol, you better be sure to rate-limit somehow... Maybe make people do some amount of work to perform a flood (though precomputation becomes problematic, because you want it to some extent, but not too extreme an extent).
The problem would be---what makes the rating system any more trustworthy than the files themselves? Remember, both eBay and Slashdot have centralized control, a metasystem above the individual users.
Such a metasystem, in a P2P environment, would need to be decentralized and yet trustworthy. (It's must not be as easy for a spoofing client to say "I'm trustworthy" as it is for them to say "I have files to share! Download my pustulent VBS payload!".) This is a complex research question, to which there's no one simple answer. A lot of people are trying, though... see some of the threads on this story for good links on the subject.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Good point. I actually very much approve of these tactics being used to hinder people freeloading, despite being shocked how expensive music and films are too buy.
However, I am very much for record compaies distributing music via the internet. By cutting out the end retailer, who typically take 50% of the final price of the CD, and removing the cost of media manufacture, there is no reason why these goods shouldn't be available for those that want to download them. There'll always be the hardcore fans who want the boxed editions (check out special edition box sets, etc..) but a lot of people also are only concerned about the actual music. In fact, it could probably even be argued that if music companies sold the music in MP3 formats, the die-hard music afficionardos would still buy the real CDs just for the quality difference.
But back to the P2P issue. You get what you pay for. If you expect to download things for free, you can hardly complain when those things aren't what you expected. If you use a warez search engine, chances are you'll spend the next 10 minutes closing all the popup windows, even if you never actually downloaded anything! You don't see many people up in arms about that.
And if you think the record companies don't deserve their profits, think again... Why do you think there are always scores of new bands signing up to these labels? Because the record companies invest heavily in lots of bands, many of whom will flop dismally. They invest in advertising, gigs, promotional CDs, PR parties, you name it. If they end up making 10 times the profit you think is far on a particular band, bear in mind that there were probalby four other bands that they promoted that didn't make it that got the chance.
There's a slight difference here between the Warez sites and these new "tactics".
With the warez sites, the ads are there because these guys can't find anyone else to host them, so they need the money for the ads. The ads are not being put up by Bungie, or Blizzard or EA or any of the other companies.
As for the p2p networks however, these files are being placed with the intent of misleading the consumer. Unfortunately for the people trying to use this tactic is in the same way that moderation works on slashdot, so does moderation work in p2p. If a file is a crappy sound loop, no one (or very few people) will keep the file. They will simply go back out untill they find the right file. Then once they have it, they'll keep it. So picture it like this.
The company distributes 100 sound loop files. After a month or so, the number of soundloop files is probably still 100 give or take (and with certain programs like Limewire, identical files are grouped). Now, as soon as one person buys the CD, there is a legit copy (legit meaning real). One person downloads his copy, now there are 2. One person downloads from each of them, 4. One download from each of them, 8. 16, 32, 64, 128. Etc etc etc. In the mean time, the sound loop is still at 100.
Sure the soundloop tactic would be effective maybe for the first few weeks, but afterwards, it's more a waste of money.
T Money
World Domination with a plastic spoon since 1984
The most interesting parallel animal model has got to be the experiment designed to reduce (or eliminate) Tsetse fly (and other insects ) populations by releasing large numbers of sterilized males into the natural population.
The process of P2P sharing would correspond to mating, since you have to have two participants. A successful mating would correspond to a user getting the file they wanted, and therefore being more likely to use the service in the future. Getting a dud file is like a wild female mating with a sterilized male. Yields no offspring, user is less likely to continue using service. One or two cases of sterile matings have no impact, but when it is a significant percentage the population will decline, I'm sure the parallel with P2P holds.
The author seems focused on studying the best way to eliminate P2P, though, so he's probably hoping to get research grant money from RIAA.
Light cup, beer drink, thin so chain, neck turtle fat, man I won't say it again
P2P is in an ever evolving state. Before Napster bit the dust, doomsayers were saying it would be the end of filesharing. Whoops, they missed the mark there. It's sort of like the Hydra. Cut off one head and 2 more take it's place. And in essence that's what will happen. IF the RIAA ever managed to kill gnutella (arguably the largest system currently), a whole bunch of people would be scrambling to create new networks. The result would be 3 or 4 new and effective networks. Sure they'd be smaller, but only temporarily.
Like it or not, P2P is here to stay. It's a system with legal and illegal uses. The legal nature is what keeps the creation of a complete ban impossible, and the illegal nature is what keeps the system evolving.
T Money
World Domination with a plastic spoon since 1984
P2P aint dying, it may however revert back to it's old form of personal ftp servers however (a la hotline)
T Money
World Domination with a plastic spoon since 1984
Sounds like a client side problem. I don't have popups in my browser. I can only wonder what messed up program would put popups in video files. Mplayer sure doesn't have that problem :-D
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Within so few sentences...
countermeasure: webs of trust & md5 hashes
and
the best way to deflect it would be hiding your identity
Put simply you cannot hide identity and be a trusted partner in a transaction. And the cost of setting up "trust" mechanisms should be understated, I can generate my own CA and own X509s from openssl. How will you know what CA to trust ? Commerical ones cost money.
An Eye for an Eye will make the whole world blind - Gandhi
most downloads you try on any p2p network fail. because the user is too stupid to open up their firewall, or they intentionally closed it so it looks like you are sharing files but you really aren't, or they fill it with bogus files, etc...
I have had to resort to a harvester approach on gnutella. set the bot looking for XY without Z and snag everything that matches this until I stop it. Yes I end up downloading that song 35 times, but out of those 35 files, maybe 2 are acceptable... so deleting I go.
It's getting worse based on lazyness and pure stupidity and including pure greed. (I downloaded an mp3 that was nothing but a porn site advertisment.. EVERYTHINg from this one user was that same porn advert.. and he had at least 60 files all named popular band/song)
unregulated P2P sucks and is getting worse. Most of us old-timers are reverting back to IRC and private ftp stashes (20-30 friends all dropping files there, retrieving etc...)
Do not look at laser with remaining good eye.
As a big bunch of CRAP! HaHA! I have seen though your clever FACADE! You will never work in this town again!
Aren't the users of these networks already doing this all on their own? I've seen versions of songs performed by bands that were dead by the time the song named in the title was actually written, Beethoven Symphonies attributed to nearly everyone else, etc. 99% of any group of users knows crap, and they seek to prove it at every turn, and yet these networks haven't killed themselves off from inside yet.
--- http://foo.ca
While the P2P networks may be similar to flesh and blood animals, the biggest difference is that evolution in P2P networking software occurs on timescales a biological system could not hope to match.
Given a threat to its existance, a P2P network can adapt in a matter of hours at best, weeks or months at worst. To change the behavior, defenses, etc... of a biological animal would take thousands of years at best. The flip side is that new threats are developed almost as fast. But the bottom line is, eventually the signal:noise ratio on a P2P system can be tuned enough to allow a signal to get through, no matter what problems might plague it.
Worst case scenario is that you have a voting system that allows *very* different users to vote on certain file share hosts, the ones with the most votes are generally going to be a valid source of the files... while this will present a higher profile target for the major corporations, if you have 10,000 of these high vote people, it's going to be financially problematic.
Even if you have one or two, (or 50) cases of ballot box stuffing when it comes to high vote hosts, an authorized admin of some sort could flag that particular host as being bogus.
There are many, many spin offs of this concept that would make it next to impossible for any single entity to compromise the P2P network into non-existance. It may be cumbersom, but it would work.
Let me guess... you've been reading a lot of cyberpunk fiction lately?
Learn to Play Go
Finally a little question for the P2P junks out there: many people claim they get to learn new kinds of music by P2P sharing. I won't say it isn't true, but how? You still need a handle to search new stuff? You just type in random keywords, or what? Just curious, because I'd like to broaden my musical horizonts a bit.
There are three things I do to find new music:
1) Type in random keywords. This may seem silly, but it can yield interesting results.
2) Search for a genre. You would be surprised at the amount of music that people catagorize/name by genre. Pick a genre that you don't know very well (IDM, dub, afrobeat) and search for it. You will get a seemingly random selection of music. Download these, listen to them and if you like them, search for the artist and/or stuff in the id3 tag. You will find more of their stuff, plus usually stuff they did with their friends.
3) Listen to KEXP. KEXP is possibly the best radio station in the world. They stream cd quality over the web. They are a public station (I'm a member) from Seattle. Check their time schedule (it's Pacific America time) and check out DJ Riz. This guy is the most inventive, relaxing, best DJ around.
I can't wait to see the RIAA on this one. The reason I assumed a singular distribution, or at least a limmited distribution is because I assumed that like all business entities, these companies would want to save money. To provide a constant stream of these files would have a rather heavy cost associated with them. Of course, we can safely assume that this would just be reflected back to the consumers in the form of higher prices and will be justified with graphs and charts showing how the evil napster pirates are costing the industry (whoops, I mean the artists) all of their money.
T Money
World Domination with a plastic spoon since 1984
Here's a wild-ass idea.
How do real life societies of humans and animals protect their communities from invasion?
I will assume that the number of "legitimate" users vastly outnumbers the invaders.
Could it be possible to mark or remember hosts who pass around bogus files, and then pass that information to other users on the network?
For example, I download a file from a user or group of users. When the download completes, I naturally check it. The P2P client then pops up a window asking me whether the file was valid or not. If not, I hit "no". This "no" could then be associated in some sort of metafile that inclues the IP address and other identifying information about the host, and this metafile can be shared with all other users on the network.
Like a virus, I could merge my metafile with the metafiles of other users on the system.
On subsequent searches, the client will check the host results list against my metafile and warn me who the probable invaders are. I could also set filters that automatically exclude hosts from uploading and downloading if they have more than say, 5, black marks against them, effectively blackballing them from the network.
I realise that the invaders could easily change their IP address, but after passing 5 bad files they'd be off the network again.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
I do. I live in Germany where we have a home recording tax on all recordable media including CD-R.
Yeah, but the costs of not only the programmer, but then the machines, the cost of producing the first corrupt file (these appear to be manufactured) and then tag on the costs of bandwidth, besides, even if it doesn't cost that much, they could say it does. More revenue, and who's any the wiser?
T Money
World Domination with a plastic spoon since 1984