Slashdot Mirror
Overpeer Spewing Bogus Files on P2P Networks
nimec writes "Zeropaid.com has posted news of a company called Overpeer which is the source of all the bogus mp3 files that are popping up on the various P2P networks. Zeropaid, in the news article, said: 'If you've encountered the "loop" files, in which a section of the chorus or hook is repeated over and over, you've been tricked by OVERPEER. OVERPEER are doing this with the full knowlege and consent of Interscope and Universal Music, in fact they are under contract to Universal and other major record labels, and will be doing a LOT MORE of this type of "interdiction" in the near future.' Right now this doesn't bother me because these bogus files are few, very spread out and it is easy spot them. I'm just afraid that over time people will keep downloading these bogus mp3s and become too lazy to delete them, like they are when it comes to incomplete songs."
This doesn't bother me one bit, it only affects people pirating copyrighted music so in that respect it's certainly better than trying to shut the network down.
One of the peer-to-peer networks needs to change this in a way that makes this against the rules of using the client/network, yet doesn't open them up to litigation for not banning illegal mp3's/divx :)
Chris
Actually, if you are downloading files that they are doing this to, just look for someone with a low bandwidth and download from them overnight, unless they have downloaded from overpeer, you'll be fine. Or use the preview feature of your P2P.
"Da ist ein Technölüst in mein Unterpanten!"
There's nothing more annoying than finding a brand new album in a high quality bitrate and then finding out it's nothing but a loop of two seconds. There's nothing more annoying than finding a brand new album in a high quality bitrate and then finding out it's nothing but a loop of two seconds. There's nothing more annoying than finding a brand new album in a high quality bitrate and then finding out it's nothing but a loop of two seconds.
I don't know if this is possible or not, but a song with a repeated segment would likely have repeated data in it, or else the filesize would be too small to be a valid mp3 (if the data looped, for instance), so could this be detected and flagged as a possible bogus file?
Probably not, as you would have to download the file first to verify if it has repeated data.
Perhaps we can develop a header field to identify valid files and just assume the rest a potentially bogus.
There has to be a way around this.
Bullfrog
there is no sig
packet overpeer
I'm a signature virus. Please copy me to your signature so I can replicate.
That's the problem with running a service that's (for the most part) black market...when someone starts fucking it all up with counter-attacks, there's really not a lot of recourse.
I was thinking that a moderation system would work, if it's implemented correctly. For instance, once a person has been sharing X GB of files for, say, 2 weeks, they start getting moderation points....they can use these points to flag a file as being a dummy. (or just a shitty rip) If a user gets too many files modded down, he becomes unable to gain moderation points for a certain period. The sharing requirements will make it undesirable for RIAA droids to pollute the moderation system, since they'll have to be sharing material of their own. (and any dummy files they have will hopefully be moderated down...and if they ARE sharing valid material, well, cool, they're contributing to their own demise)
Please, nitpick at this suggestion, I'd like to see if it's feasible or not.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
... for people who download these thinking they are downloading the "real deal". At least the studios are using technical means and not legal means to attack those who break copyright (no I won't use the "p" word).
People who download songs and movies continuously only make bandwidth more expensive and/or capped for the rest of us.
I think it's kind of funny - we waited overnight to download "TPM" only to discover it was "Pearl Harbor" with the title changed.
be writtten to detect these types of things and put on the server side of p2p networks so that these files arent even allowed to be shared
what an infantile game!
All I do is NOT share my incoming folder then the files are moved to a shared folder after I verify them.
They do own the music.
What i think will be funny is when small college radio stations start playing these looped files, and it makes everyone look bad.
The record companies need to come to the party not hold onto the ball and refuse to play.
Hillary Rosenberg is gonna send Ariel Sharon and some tanks to destory your house and shoot your dad now.
So... the artists can't ever play the same sequence of music more than two or three times before it gets flagged as bogus?
That check would instantly trigger on pretty much every soft-pop-dance track that I currently spend most of my radio-listening time trying to avoid. Cool. :-)
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I do the exact same thing, only I never move anything to the Shared folder.
Will code a sig generator for food
wow! I only got that at the very end!
Will code a sig generator for food
I had this happen, at first it was annoying. I downloaded Soaking Up The Sun by Sheryl Crow. At first I got the looping chorus, then went and got the real one. After listening to both, I actually liked the looping one better. I've been listening to it for weeks. I guess it depends on the song, but it happened to work out for me. =)
... it's better than arresting you.
-pyrrho
I've got yet another work around suggestion.
Your p2p application (which supports metadata, hashes etc) will wait to add a downloaded file to the "shared" section until after you view it.
This would cut down on some short divx'd files (which won't play "out of the box") bogus mp3 files (overpeer) and whatever else.
A system which flags files as "ok" could come under attack because overpeer could just flag their files "ok" as well.
The system I suggested above would only of course work with files downloaded, not files you have existing on your computer. Of course through the hash system you could be verified against other people.
Overpeer... create mp3's backwards from one-way hashes! Good luck you bastards!
Considering we already have hash systems in Gnutella apps... they can suck me.
Get your Unix fortune now!
To some extent, the same thing is happening with DIVX's. In this case, someone will rename a given movie and upload it. People grab it and share it before they verify that it is what it says it is.
In this case, it does not appear to be the work of a concerted group - just trolly kids, I suspect.
Sometimes they rename pornos with titles like 'mulan.avi', etc. Sigh. Lots of wasted bandwidth.
I bet the movie industry will do that soon. They must be soiling themselves over people sharing cam grabs of every popular movie - with in hours of the opening. Download it and spend your savings on a Pizza.
The best solution that comes to mind is a file ratings system. The bogus files will get rated down, the legitimate files will get rated up.
The company could spam the ratings, but would have to connect to the network thousands of times.
There is also the challenge of developing a p2p distributed rating system..
The reason that the songs are blocked and return no results is because Overpeer is blocking all searches that include the word eminem on Fasttrack. They are only allowed to block the songs that contain 100% definately copyrighted material. If they blocked the name of the track then all kinds of non-eminem files would be blocked as well and therefore it would be an illegal DOS AFAIK.
1. Google search for CD track list
2. Enter titles only NOT artist in your P2P search
3. Burn, Burn, Burn RIAA.
It's good to see concise, objective journalism these days.
In spite of this article, there's already a bunch of good files (I didnt say good music....) carried by legit people. I just follow my own rules when I download stuff from P2P networks. Be aware that I search for j-(group) type music, so mine's much harder to find files...
1: If I get a good turnout on search, I look at most of files, bitrates, and times. I download what seems to be the mode of the similar type of files.
2: I tend to stick with files that many users have (eg: 7 people have file with size 4,032,112 and 1 person with size 4,129,326). I can resume easier with "popular one". I do the same thing with movies (anime mostly)
3: While I download, I play it with Winamp/Xmms. If there are errors/not what I expected/fake files , I can easily cancel the download and blacklist the user.
4: If I get corrupt movies, I use virtualdub to determine where in the file is the error. Then I use a snip tool and "cut" the file into N parts. I can then use resume on the P2P services and possibly fix the file. However, some files, like Serial Experiments Lain (AVI sub), 1 episode has a "divx freeze frame". That error'ed file has propigated on WInMX, Kazaa, Gnutella, and Nap-clones.
5: Even with my modem, I download "weird" files in hopes of getting unreleased/changed song. You occaisionally see stuff like this when you search for a popular song. Then you see a "somewhat changed name" but usually longer. I usually get them. If they're bad, I can find out in the first minute(remember, I play as I download).
I figure that this wont be as much helpful... It's just my skills I use in getting the "goods".
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.
=
Credentials? We don't need no stinkin' credentials!!
Because I don't FUCKING PIRATE MUSIC! I remember when this fight was about the right of artists to distribute their music freely without having to pander to the record industry.
Psycho-analytic discussion of the terror attacks of 9/11/2001 Many people believe that fundamentalist Islam is to blame for the terror attacks of 9/11, as the terrorist claimed that they were waging Jihad against the US and seeking revenge for the Palestinian refugees. However nothing could be more futher from the truth. An analysis with classical psycho-analytic methods will show why. As the infamous psychonalists Dr. Freud and Dr. Jung remarked, sexual desire the drive nearly behind every thing (expect perhaps breathing). What sexual desires were dominating the attacks of 9/11 ? The attacks against the twin towers were happing in New York. New York itself is famous for with broad homosexual scene with its Cristopher street days, dark rooms and Queens cafes. In fact, New York is sometimes called homosexual capital of the world. This might mean nothing, but during the attacks a phallid shaped Boing 747 was rammed into a phallid shaped skyscraper, ending with a huge explosion. And this effect was planned beforehand, so we can drop the possibility of an accidential sideeffect in our analysis. Well, you don't have to be Dr. Sigmund Freud to spot the subconsious allusion to a forced homosexual intercourse here. In fact, this refers to the common homosexual practice of cross-masturbation. So, the attackers subconsiously expressed their wishes of homosexual intercourse with the USians. The second attack can be viewed as an emphasis of this point. In the same light the attack on the pentagon can be interpreted. The phallid shaped Boing was meant to hit into the "bulls-eye" of the anus shaped pentagon. They just missed the middle of the pentagon, because it's technically impossible to make a vertical dive with a large jumbo jet - the jet goes supersonic too soon and the wings go off, making the whole thing uncontrollable. This was surely also known to the attackers. This analysis makes also sense in the geopolitical interpretation of the attacks. All of the attacks came from authoritarian arabic societies. It's a well known fact that these societies are strongly homoeroticized, encouranging paranoid fear versus women and female sexuality (circumcizing women etc). The moralic values of these societies carry a latent homosexuality drive. Homosexuality is outlawed in these countries, it's well known that a paranoid behavior towards homosexuals is a very sure sign of own suppressed homosexuality. However, we must blame the US for provoking these attacks itself. Most arabic countries had primarily a positive attitude towards the US. Probably because the US is the only country were sexual freedom is a standard and latent homosexuals can outlive their subconsious phantasies and desires. We can go so far that in fact there was a kind of love for the US in these countries. However the US did the worst thing one can do - THEY REJECTED THEM. Instead the US choosed strongly heterosexual countries like Israel and India as their partners. These countries even had WOMEN as heads of state a hellish thought for anyone from the anti-feminine arabic societies. And nothing, really nothing is worse than the wrath of a rejected lover (Jealousy driven crimes tend to be much more voilent in homosexual partnerships). This also explains the Taliban support of the terrorists, the Taliban being an openly homosexual, women-hating dictatorship. We can suppose that they had very such in common.
penis
Oh please these conspiracy theories are getting more and more ridiculous, gay arabs? what's next sanitation workers with disabilities?
Anyone with half a brain can tell it was the jews.
Consider the visual analog: a web photo album... pretty much every photo site automatically generates thumbnails (very small versions of pictures) for every full-size photo uploaded, so that a user may quickly see and find the photo desired without trial and error downloading.
I propose P2P programs should as a feature, for every MP3 file shared, create the musical equivalent of a thumbnail pic: a very low bit-rate, down-sampled "preview" version of a MP3 file that could be nearly instanteously downloaded and listened to, to determine its authenticity, before a user actually takes the time to download the real version. This downsampling would be automatic and transparent.
Prudent users would always "preview" before they download, and bogus files would be quickly identified thusly.
There's 10 types of people in this world, those who understand binary and those who don't.
Just more evidence that the zionist pigs in israel are in full control of america.
This is one of the reasons i like the FastTrack network (Kazza/Grokster) over the WinMx/Gnutella networks so much. Each file comes with a description that anyone can edit, and i can just look for the "bleep-less" version by searching for "*name* clean".
This sig was cut off by the sla
I seem to be alone in my opinion, but I don't see a problem so long as they restrict things to specific songs.
/. readers are anything like the posters on Zeropaid, this trend has reversed itself a whole lot. Overpeer are trying to prevent the sharing of songs it is obviously illegal to share. I don't see the problem.
If I want cheat codes, pr0n or misc. electronica, I can still get it on p2p. I only run into problems if I'm trying to get the latest Brit Speares song (and I'd obviously have problems already). As far as I can see, they are completely within their rights to obfuscate the downloading of that type of thing.
I recall a while ago with Napster; Slashdot readers appeared to be on the side that it was the people sharing files that were doing illegal stuff. (This was, of course, before it appeared that those people could be sued, which they now apparently can be). If
Did anyone find it funny that the same company is dealing with Enron? http://www.sk.com/products/energy_chem/energy_chem _enron_b.asp Or is Enron now a generic term that I just missed?
As they only seem to be doing it with Eminem and other recent releases. Since I don't listen to that crap, I ain't worried.
Hell, I encourage them to continue doing this with Eminem, Britney Spears, and other modern music (stretching the meaning of the work "music"). Maybe it'll drive these kids to start listening to more talented acts.
Every Eminem/Britney fan we prevent now is 1 less brain dead consumer that will take what the corporate establishment spoon feeds them. Oh crap, I'm starting to sound like a hippie!
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
#1. Many music companies hold the (sometimes exclusive) rights to distribute a musician's work ... but not the Copyright itself.
#2. I believe a strong case can be made for one of these bogus or loop MP3s being a derivative work.
If #1 and #2 hold, then the music companies are illegally creating and distributing derivative works, which puts musicians in a position to claim Copyright infringement and possibly damages.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
Judaism is the only religion that doesn't preach against greed and promote charity. That's why the jews where able to become rich off slave trading and loan sharking. The other religions didn't allow such filthy behavior. Of course you won't see a steven speilberg film about the jewish slave traders...But to a jew exploitation is a way of life, if it's not stealing land it's buying laws in congress to help them milk america dry and ship the profits back to their murderous friends in israel.
Film at 11.
Please do us all a favor and go check your own configs right now. These messages will be here when you get back, but somebody may be downloading one of your incomplete songs now.
Reminds me of the BBS days where the good sysops would scan and personally run each upload to ensure quality....
Don
Search the website for email addresses, then surf on over to google and search for "email newsletter signup" and put in the email addresses you found. If they like worthless files, lets help them stock up. This is also a good way to extract revenge on spammers. Gives them a dose of thier own medicine.
I'm ACTUALLY downloading independent label artists who YOU CAN'T TOUCH.
This method is tottaly sound if you want to catch the britney spears downloading crowd...but guess what your about to discover...most downloaders don't give two shits about your crappy music and aren't in any way affected by these cheap tricks.
Universal (supporter of this and the DMCA) is one of the largest music companies in the world and a subsidiary of Vivendi Universal. Vivendi announced this week that it's pretty damn close to total bankruptcy, in fact the news section of its own web site is all about restructuring and a need to raise cash fast due to its stock being lowered to junk bond status. So eventually what goes around comes around.
whats this shit I just downloaded - this ain't what it should be...... I am going to complain to Universal Music !!!!
oh wait.... that would be like bending over so their lawyer could......
why does this remind me of iMMERSION bitching about DEViANCE "stealing" one of their iso warez releases..... thats right - both cases are just mind numbingly ludicrous.
The key to beating RIAA and the major labels' spoofing the p2p networks is vigilance. I know when I download something, I check it out & make an immediate judgement whether it something that should occupy space on my harddisk. After all, if it's a piece of crap I pay the same price that someone who tries to download it does when I cue up what I'm hoping is nice set for a long coding session. Damn I get pissed when that RHCP tune ends mid chorus. Listen up & dump it if it's crap! Best regards & mind the puddin' dudes! =P
What is needed to stop this is a moderating system which ranks the various traded products, as identified by their MD5 checksum signatures, according to some "measure of quality". By rank ordering, it cannot be used to entirely shutdown a trading network since everything would still be available. Products at 50 out of 100 would have received a ratio of good vs. bad moderations better than 50% of other products, and worse than the other 50% of products. It would not necessarily be a 50/50 good/bad moderation. Thus flooding of bad moderations across the board would have no effect, though it could be used to drive very specific classes of products down the list. But eventually, people would see the abuse and mod them back up. It would be sort of like moderation on slashdot, but everyone gets to play.
Now would it be possible to have selective moderation like slashdot has? Only a central authority could do that the way slashdot does. The big question would be judging who gets moderation points. As far as I know, on slashdot, it's almost entirely automated. With product trading, it would be harder to measure the quality by automation, so someone has to manually make the judgement calls and that brings some risks as well.
If individuals could be identified uniquely in some way, without the risk of exposing real identity, then meta moderation might work. One way to do that would be a slow rate of generating some kind of signed digital certificate that allows only so many to be generated at a time per network that receives it (and no personal identifying info included, and no records kept). Moderations and meta moderations would be signed by these anonymous certificates. You wouldn't know who moderated, but what you would know is that a group of moderations by the same certificate are probably from the same person and can be judged accordingly, good or bad. Excessive levels of moderation would also weaken your merit and derate your contributions.
now we need to go OSS in diesel cars
This will just force the various P2P developers to scramble to develop counter-measures. The music companies are giving the developers a gift - not enough DoS to stop everybody from using P2P but still enough DoS to give the developers a decent target to aim at. The only realistic result is that the P2P programs will become "stronger" (ie, more resistant to future attacks).
It's as silly as a criminal wandering around a bank and informing the staff that he's casing the joint for the heist next week.
I got one of these when downloading Eminem's "Without Me" track.
I just thought it was a special dance mix.
Of course, the simple solution is to just download songs that aren't owned by RIAA members and covered by their copyright. Then you can be sure that you won't get bogus files.
It's not that much of a sacrifice because MP3 sharing systems are only ever used for fair use (where you know the origin, as it's just your home/work PC that you're fairly using from) or they're to promote unsigned bands for whom P2P is an important system.
Right?
In next week's Ask Slashdot: "Dear Slashdot, I like fast cars but they're so expensive. Recently more and more of them are getting lowjacked. Isn't this a disturbing trend? What technical means are open to defeating this system? I only steal from big company showrooms so it's effectively victimless."
Before you mod this down as a troll, think about what I'm actually saying. When did we lose the cool technology, the valid fair use claims and the arguments that these systems are useful promotional tools for those who want them... and reach the point where we're bitching about only being stopped from the unfair uses?
I'm surprised nobody has pondered the fact that this could be a Very Good Thing(TM). If they continue to do this, surely they'll be blowing big holes in any future court cases. They say "Napster [replace with future contentious system] can't feature songs which are copyright". Napster says "How do we tell?". Judge says "Fine, you have to filter by filename". Napster says "But wait a minute, half the stuff with filenames of copyright songs isn't those songs at all". The fact is, by engaging with these networks, even to undermine them, the record industry damages their own court defence. Basically they will single-handedly prove that these networks aren't just for exchanging copyright material which you might not have the right to do, but for just about anything. When a court realises that, their case is blown to hell... ...I guess it's wishful thinking to imagine they would notice, though...
What would be a problem is if they started doing this for content they don't own. For example, if there was an artist that put his work on P2P networks, started competing with them, and then they tried to sabotage his popularity by putting out junk under his name. That, however, is probably already prohibited by current trademark laws.
Palestinians are not saying that Israel has no right to exist. What they are saying is that Israel has no right to taking Palestinian land (all 100% of it) as the basis for their existance.
now we need to go OSS in diesel cars
Why not try some music that the artists want you to listen to freely? Enough with the commercial sludge out there, seek out some local music and hear it live the way it was meant to be heard. Go with friends, have some drinks, and stop feeding the huge corporate machines out there.
A safer countermeasure may be to develop an audio fingerprint system (the kind already used to identify what songs are played on the radio) and build a database of fingerprints computed from legitimately purchased CD's. You'd download a song, compute a fingerprint from its audio data, then compare it to a legitimate fingerprint of the same song (fingerprint collections could circulate above ground, since fingerprints themselves don't infringe copyright).
Of course if that catches on, Congress might eventually decide that audio fingerprints are infringing after all.
Regardless of copyright issues (including the possible right to withdraw your own work from distribution), the integrity of data disseminated through P2P technology should be preserved. P2P is at this time largely untouched by the intrusions made in the form of advertisements, spam, censorship, etc. that we put up with in other mediums. Let's keep it that way! P2P may become an enormously important Internet technology, and I feel that any potential it has should be defended.
(Come to think of it, what I am suggesting is not dissimilar to Vipul's Razor, only for P2P).
1. With file sharing networks flooded with fake songs from RIAA brand name artists, it will become annoyingly difficult to pirate RIAA music. While illegal data becomes very difficult to find, notice that this does not detract from our ability to trade LEGITIMATE data. Legitimate independent labels can still be easily searchable.
2. If no technological means can be found to curb rampant piracy, they will resort to dumb laws (DMCA, CBDTPA) and Microsoft Palladium to stop it. This would be a terrible hit to the American economy as well as cause serious trouble for Open Source Software.
If you get too many moderation points you will start to stand out from the crowd and become worth targetting by the content owners.
.idx file in the share directory with the same name as the requested file then it would grab that too. Sure most users wouldnt bother to populate the index, but the few that did bother would spread files that would become the preferred download choice.
Peer to peer sharing is likely to become a cat and mouse game with increased sophistication from the sharers' application being leapfrogged by better attack strategies.
The good news is that there are more savvy people out there doing the sharing than content owners doing the protection. So most of the time the sharers will be in the lead.
My suggestion would be to allow for some kind of index (same_name.idx) file that allowed for a bit more detail on what the main file contained. If Gnucleus or whatever spotted a
Once again I wonder how they're able to do this on DirectConnect hubs -- as soon as an op discovers someone is sharing fake crap, he gets booted out of there so fast his ass will leave skid marks.
To stop the DirectConnect sharing, they'll have to resort to the "tried and true" ways -- suing the hub owner into oblivion.
Sooner or later the file sharing protocols (is there really no p2p network that has this already?) will implement crc32/md5 checksums, and then you just need a release list from the group who released the CD (if you're downloading "deluxe stuff") and search for the checksums.
Leveling up builds character.
Let the RIAA take out those services which are too weak to defend themselves, it will only make the others stronger.
It is possible to design a filesharing service that defends itself against bogus files.
It is possible to define a protocol that hides the file lists of individual users.
It is possible to build CDRs that play, copy and rip copy-preventing CDs.
The pressure exerted by RIAA will turn these possibilities into realities - simple Darwinian evolution.
You don't really think that this is going to work do you? People will simply be annoyed and have to share more. Someone is going to have to pay for the increased bandwith usage and it's not Universal Music. So, Universal is stealing from cable opperators. It's like spam, but they don't even hope to make money off it.
You have not even thought that people might be trying to share files that were intended to be shared and are NOT owned by Unviersal Music. But that's like the big 5 music publishers, "No one but us can record music, right? Drool, Drool."
twitter, who has never bothered to download silly mass produced comercial music, is annoyed that Universal Music is going to waste his time. Universal, you suck.
Friends don't help friends install M$ junk.
Why should gay arabs be a conspiracy theory ?
There are some P2P networks that already do that. One of them is edonkey, and I am sure others do it as well.
Then you go to a trusted page like www.sharereactor.com where they publish checksums (this is legal, as far as I understand) and this way you know what you are getting.
If the checksums pages where to be made illegal you can put the checksum lists on the p2p network and use digital signatures, so you learn to trust that some signatures allways carry checksums for proper files.
When his defense asked, "Which computer has Jon Johansen trespassed upon?" the answer was: "His own."
Checksums.
Keep lists of good cheksums. Set up checksum servers. Add moderation. Stir.
Share Reactor. They release the files into the wild through edonkey2000, provide the MD5 checksums of the file you want to download, and edonkey2000 does everything for you. It already has a nice and juicy base of supporters (although I wouldnt say humongous, like Kazaa, specially because of the server "issue" in edonkey2000, but that is being taken care of anyways.)
Its a great system, Share Reactor cant get sued, edonkey2000 doesnt have centralized servers, and I get much greater speeds than in any other P2P program. Sure would be great to see other people take advantage of the great possibilities that edonkey2000 (and other P2P programs) can offer like Share Reactor does.
Needless to say, I highly recommend it.
I remember getting MP3's on Napster that would loop the chorus and/or would have 'Buy the CD' said over and over on top of the music. Not only was this anoying, it made me not want to to buy the CD (which I usually do if I like a song or two from the artist).
"By penetrating P2P networks such as Gnutella, Open Napster, and FastTrack, our solution can use the power of P2P against abusers, instead turning software pirates into customers"
Huh?
P2P Networks turn "pirates" into customers. Obstructing the network simply ensures that network users will never become customers of authors who have hired the obstructors.
All well-documented cases (think Baen Books for example) show that freely available works increase demand and improve artist-audience relations.
I don't see how these guys can possibly succeed. They will have to continually develop technology to beat the bleeding edge of the P2P arms race, but unlike antivirus companies which enjoy a huge market and a growing pool of evangelists, Overpeer's only cashflow will come from the RIAA and anybody who has not yet learned about the positive commercial power of P2P networks.
Yesterday I went to Networld+Interop in Tokyo. Best in 5 years easily. Wireless, Broadband, Streaming Video, it was all so huge they even rented the next building. The past President now statesman of NTT DoCoMo (most successful Japanese company, and partnered with AT&T) stood up in front of a thousand people and gave an extremely lucid presentation on the future of all this. Get this, they are DEPENDING on P2P!!
This I mention as I noticed today an interesting little socket with tape over it attached to the cash register of my local convenience store (think 7/11). The tape said, DoCoMo service starts July 16. There is already a bank machine and maybe a loan machine (the mafia got wise) in most every convenience store and now the loop is finally being closed. All we need now (maybe available next week, if not I'll sure work on it) is paying for cryptgraphic passwords at the register. Now that networks carry so much data it is hard to tell when an mp3 or divx is coming over the wire, it is just going to be very difficult to stop.
But I'm not talking about pirating. Overpeer (an oxymoron like "Big Brother" in case nobody noticed) is going to fail financially because the big boys need these P2P networks to work. Not a lot of people are making waves if it is just kiddiez and bored techies downloading a few mp3z. But P2P and open group-based data sharing is becoming important for business cooperation (think Groove), B2B (Enron was doing $1 billion/day of e-commerce transactions before they tanked), and distribution of large files and streams (think Akamai, the Perl CPAN, and FTTH - now a reality for Tokyo residents this year).
When these networks start getting used for serious data as well, Overpeer is going to be messing with the value of a network resource that real companies have a stake in.
Consider that if I already own an Eminem CD (not likely) I am completely within my fair use rights to use a digital copy of that. If I was paying for a P2P network to supply my fair-use needs, Overpeer might end up on the other end of the stick (in court).
What's needed to put the RIAA in its place (bankruptcy court) and promote music and P2P?
- Use P2P for lots of legitimate data and services. For example DoCoMo phones will be used (actually are now) for ticket purchases. A P2P solution would have ensured all seats for the World Cup got sold correctly. (Hmm maybe I'll work on that one).
- Build a service and liscensing scheme specifically to support P2P and fair use.
- Tie unobstructed P2P networks to commercial profits.
- Create a reasonable system for end-user licensing that will decriminalize fair-use music owner's P2P downloads, and not incidentally reduce the price of music.
- Make commercial use of cryptographically secure, anonymous data networks with the ultimate goal of having large chunks of them hosted by giant corporate data centers.
- Create hash tables which identify in realtime abusers of P2P, which is going to very soon become a critical component of the global infrastructure.
- Create tangible benefits for artists who use these networks, or in some other way stop supporting the RIAA.
I'm sure you guys can think of a few more ideas. Personally I don't see Overpeer as a very good investment move do you? I'd take my money out of Overpeer and hire some guys to build on P2P instead of obstructing it.http://www.ccci.org/whoisjesus/interactive-journey /
I know you Israelis love murdering peace activists and protesters but please don't spread your zionist hate on slashdot.
I use gnutella because of the convenience.
I feel guilty doing this and I would gladly pay for the songs
I download, but the possibility simply
does not exist!
Please...powers that be...create a framework
for legally downloading music, unencumbered by
silly copy protection schemes. I am convinced
that there will be enough paying people to offset
losses from (young?) people copying illegally.
With all the spyware and garbage in all these P2P clients, I had switched to IRC. less connect time, usually faster downloads, and I never get 'incomplete' file transfers.
I don't have any sympathy for that entire football team that caught the clap from your mother.
People who bang skanky whores deserve what they get, don't you agree?
IMHO, the key to making this Overpeer crap go away is to make it economically counterproductive. "Anti-crap" technical countermeasures are necessary also. The RIAA folks aren't the brights bulbs in the box; it may take them a while to realize how dumb Overpeer really is.
I can see this only being a factor in the regular "radio play" stuff that hits the top 40 stations. Otherwise, it's pointless to loop an entire cd. It would be more effective for them to only loopback the top 40 hit songs, thereby hitting more people.
Strangely enough (and I know I'm making a blanket statement here), most tech-oriented people (read: slashdot users) don't like top40 stuff. They prefer indie labels, songs by bands that don't hit the radio waves, underground stuff, live bootlegs, and the like. Some sleazebag company looping Britney Spears' new bland corporate single won't affect us.
Who it WILL effect is the casual pirate without broadband, which is what I think the RIAA is going for on this one. If Joe Average is using his spyware-laden program, and can't find a decent copy of the new Ricky Martin mp3, he'll eventually give up after 2 or 3 tries. Then it's back to the store for another 20 dollar piece of plastic...
Frankly, this looping campaign is easily defeated by my broadband connection and my persistance... if there are multiple copies of the song, I click on a bunch of them, and delete the looped ones. This shotgun approach works wonders. You should all try it.
It is good to know where the songs are coming from, though... perhaps you could blacklist the ip addresses at the source? The company has to introduce it into the sharing network at some point... logic dictates it would be either from their offices or from their homes, either of which should have a decent connection (if they're to spread the file efficiently). Killing the ips with some sort of filtering by the programs themselves (in future p2p programs, I'd imagine) would be a possible, if temporary, countermeasure.
Lordfly
hookers and grits.
It's not like you think. There not trying to stop piracy. They are trying to make everyone used to their repetetetetetive music. Because it is cheaper to produce. Because when people start buying music that cost nothing to produce, on discs that cost nothing to produce, then the company execs can start making the really FAT$$.
FRA: STFU GTFO
We just need P2P protocals to include anti-terrorist devices (these people are terrorists). For example, voting systems for users/files like eBay, finger-prints, and clients that download a second or two of the file from several points inside it so you can check its quality (some clients spilt up the file and download from different peers - this is similar). Or, even better, why not just serve massive pirate sites from big ships in international waters using satellite :), or pay the ruler of some small 3rd world country to host it and keep it all safe :)?
This comment does not represent the views or opinions of the user.
I'm working on a design for a peer-to-peer protocol that builds on the (few) mistakes of Freenet (which is also a worthy project, except for the reference implementation not being small, fast, or written in an efficient, easy-to-read language, but that's just my opinion, heh :)).
At the moment, my design is in a very early stage, but is already stronger than Freenet vis a vis anonymity and efficiency, and has a more elegant anonymous search. I've even come up with a way that prevents nodes being able to perform traffic analysis on this unless a large number of them collude.
It's also immune to rogue nodes - this protection only fails when a very large percentage (90% in simulations, but I'm not expecting the simulations to be very accurate) of the nodes are rogue.
The current working assumption is - downloads are anonymous and untraceable, uploads are pseudonymous - digitally signed, but with an untraceable point of origin. Pseudonyms actually use OpenPGP format keys, and the web of trust, in the same way, in the current prototype version.
The network also supports communications - at the moment, just nym-to-nym ES offline messages (like emails), using the underlying protocol to store, forward and anonymise message origin, size and destination and the end-to-end communication to encrypt and sign the message. I'll come up with even better ways soon, I hope. I'm already working on silc/irc-like "chatrooms" (why not use the popular word, after all?), and another member of the project is working on frost/usenet-like "groups", which are organised more like... again, save it for the paper I think.
We're going to open the protocol - and the clients - when we think it's more ready, obviously.
One big application of this will be signed releases based on a web of trust - one can expect that releases from big groups will eventually be authenticated in this manner if groups like overpeer start doing their stuff, and purely anonymous uploads serve little purpose (psuedonymous uploads make more sense - they're untraceable AND authenticated).
Now if we can just get the bootstraps working...
In short, this approach will not work forever. P2P systems will evolve, and are evolving, to combat all countermeasures, legal, quasi-legal and illegal, developed against them.
They are not unstoppable, but enough people want them to be - and as the bad ones are choked off, this serves simply to drive the critical mass towards better protocols... we hope.
Naturally, anyone seeking to drive overpeer out of business, though, has my full support no matter what means they use...
I'm mad as hell, and I'm not going to take it any more.
The blacklist can be distributed on the p2p networks or on www pages.
Your solution is pretty good. But there is one major problem. It creates a nick that can be tracked back to the original distributor with a much higher degree of confidence than previously possible. Nicks known for high-quality/quantity uploads will become low-hanging fruit targets for RIAA prosecution.
--LP
P.S. IANAL but given where the law is these days, I'd be surprised if ping floods were legal, at least in US jurisdictions.
Hm, this is what they do: "Through implementing our own patent-pending technology".
Well, are some P2P networks not using technology (protocols and/or source) that is in the GPL ??
Who checks out these guys that what they use is not just a heavily modified GPL P2P client ??
There sure is no 'download GPL software' link on their site !
As I mentioned to one previous poster, the main problem with signing users is that you've now created a pretty strong evidentiary chain implicating the original person who is distributing the song with his 'nickname'. Given the 80/20 rule that 20% of people share 80% of the songs, you've just made it possible for the RIAA to both identify and attempt to prosecute those 20%, and now the authenticity of the public key infrastructure gets turned against the pirates.
If the RIAA (or some other prosecuting agency) can track down your IP #, they'd probably have enough probable cause to supoena your ISP records, eventually visiting you and confiscating your hard drive, and/or easily tying you with your public key to dozens or hundreds of songs you've distributed.
--LP
First they have have make multiple bandwidths. Some people don't like anything less than 320kb/s while others will go down to 128kb/s.
Second anyone who has half a brain will check the file halfway through (on 1Mb/s DSL that's about 90 seconds into the download) and if it's not good they'll blackball the file (files are grouped by name/size.)
Third, and maybe even better, they download the whole thing and stick BS on it. Actually I'm thinking of just labeling them Overpeer. Wait, won't effect me anyway, I just download mixes you can't buy on CD anyway, and stuff the record companies don't sell in the US, and bands that they don't think worthy of signing.
Fourth, and final, is that the RIAA, Overpeer (basically the whole bunch), can burn. Record sales are down to cookie cutter groups (N'Sync, 98 Degrees, who can really tell the difference) and they'll lead themselves into their own destruction at this rate. Going after used sales? When I was a poor brat that's how I bought 500 of my now 2260+ CD's. I couldn't afford anything but used discs.
laters.
This method only works as long as all sites are equally trusted. If p2p software develops the idea of a web of trust, this method will fail quickly. Basically, a web of trust allows a user to mark a site as trusted or untrusted. You trust sites that sites you trust trust. In other words, I mark my client to trust foo.net and bar.com, because they always provide good stuff. They trust me as well, and a few other sites like fubar.cc. Since one or more of my trusted sites trusts fubar.cc, I trust fubar.cc.
Eventually this evolves such that sites which post bogus music, low-quality rips and the like will not get used, because no one will trust them. And a good web of trust allows you to see the trust path that led you to a server, so that if you get something bad you explicitly can mark as untrusted the nearest site to that (since they didn't do a good screening job) even though they would otherwise implicitly be trusted.
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
Wouldn't it be interesting to see P2P networks begin to mimic the immune system? Little armies of digital blood cells going out to fight off infections of various natures?
This is the smart way for the RIAA to go after the people who are (you can't really argue this one) engaging in copyright violations.
They can't just sit there and let you get their product for free, so they are trying to fight back.
This is better than them suing the P2P makers, suing the users. Nobody gets hurt here. Those of you looking to download legal material (underground bands, grateful dead concert bootlegs etc.) can still do so, but those who are looking for the latest Eminem smut may have to work a little harder to get their free music.
Exactly how is this a bad thing?
Captain_Frisk
Sounds like someone with a bladder control problem.
Just let the RIAA/MPAA do whatever they wanna do!
One day the come to realize they have to change their business model.
We should have more trust in the Internet.
Millions and millions of internet users will always find a way around restrictions.
MPIAA/RIAA = Don Quichote fights against windmills.
So, only MP3s are currently being bogofied? (And, I would assume, primarily the Windows-only networks?) That's good, actually. Those of us who prefer to share and download Ogg Vorbis files on predominantly Unix-based networks will remain largely unaffected.
Helpful users have been finding out the IP address blocks owned by the "bad guys" and submitting them to create a "ban list" for search results.
The new version of Gnucleus has a feature that allows users to simply click and filter hosts that they suspect to be sharing bogus files (and spam etc.).
There are plans to expand the distributed web-based host cache system in use in Gnucleus and a few other clients to also serve blacklists. Possibly there will even be a "vote" system that would allow users to dynamically change these ban lists to propagate information on "bad" hosts automatically.
I think that using hash information is pretty useless, it's easy to stick the right hash on the wrong file. What you'd need is a PGP-like public-key encryption system with signatures and trust structures and the like, but that'd be going to the extreme.
i mean obviously this may go through it...but such things exist, that can detect these 'dud' files...especially if they are careless enough to just use a cut & paste loop in them somewhere... ...the rest of us are depending on you...
i hope limewire does, anyways. i am not nearly leet enough to help on this front yet... keep up the good fight, fellow deckers
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
it's so easy to destroy things. it's much harder to build them. and this should be valued.
So, everyone here is going on about how moderation, authentication, etc. is going to solve this problem. it would, if uploading and downloading songs wasn't usually illegal. A couple people have caught on to this, but most haven't.
The problem has two aspects:
1) If the systems has strong identities, then you have a confession from every uploader - as long as you can find them.
2) If you don't have strong identities, then those who would interfere with your system can hijack the identity system.
In the strong identity case, those few people who have uploaded most of the songs that are floating around suddenly find themselves targets. A well-funded attacker, especially one with the Law on their side, could use traffic analysis to track down the high-use users. Recall, they don't need enough info from the traffic analysis to get a conviction, just enough to get a warrant. Frankly, I don't believe claims that "my system is immune to traffic analysis." If the Law can tap into UUNet's big NOCs, they can watch the majority of US internet traffic. MP3's are pretty big, and a small population of users uploads most of the songs. It doesn't matter if your data is encrypted/chunked/whatever, the Law just looks for lots of traffic and tracks the big dataflows to their source. Once they find you, they find your secret key, and you're in jail. Secondly, a digital signature is forever. If you share a bunch of files in college, but then clean up your act and lead a respectable life (in the eyes of the RIAA), your digital signature stays behind. A gun that smokes until the statute of limitations runs out is a little scary.
In the weak identity case, you're no better off than in the no-identity case. The people who want to stomp on your little piracy garden are better funded and less constrained in their action than you. Everyone has infinite moderation points? What's to stop the bad guys (good guys?) from modding everything totally randomly?Much faster than carefully listening to each song and clicking a button. Legitimate rankings get lost in the noise. Use hashes or song fingerprints? What's to stop someone from transmitting the hashes/fingerprints from non-bogus media?
No, I'm afraid that the solution is the same as the solution to the wAr3z distribution problem. Small groups can share with full impunity (this is actually legal to do with music). But sharing music with perfect strangers is not just illegal, it means that the Man can play, too -- and do everything in his power to stop you.
Make sure Universal's current catalog is always posted with high quality rips on or before the day of the album's release, with the MD5 prominently posted on a reputable P2P site. Let them suck on that. Of course, maybe that's their master plan--to cause us to flood the P2P networks with their current drek.
I don't see how they could be gay seeing as the tribal juries often hand down gang rape as a punishment. Oh well, they're just savages anyways i guess thats to be expected, but it's not gay.
So as I said, I do see this as one of the problems to be solved, although I feel it's of lesser importance. There are many ways of doing this. One of them is previewing - when downloading an audio or video file, when you're about 100k into it (100-200k if it's video), do a preview and see what you're getting. With this looping stuff you have to go farther than 100k however - preview one fourth to one third of the way into the audio files. Many Gnutella clients have a preview feature, as does Fasttrack (Kazaa).
Another method is to ban IP's and IP ranges spreading this. This is already being done - it's only a minor fix because they will always get around it, but it will help somewhat, they won't be able to have big servers spewing this stuff 24/7
The real way to fix this however is hashes. Which are already ubiquitous - they already exist and are known on Gnutella (Shareaza, Gnucleus, Morpheus, Bearshare, Limewire), Fasttrack (Kazaa) and Edonkey2000. On Gnutella (Shareaza) and Edonkey2000, you can click through or cut and paste these URI's (URLs) to files from web sites (or Usenet, IRC, e-mail, instant messengers, whatever) and start searching and downloading the files - for FastTrack (Kazaa), it is a little bit more time-consuming and complex, but worth it if you're going to be downloading a large file. The hash technology is already there, the key now is finding a trusted source for hashes which are both good and whose data is findable and downloadable on p2p networks, and for those sources to survive. I guess I'll detail how this is currently working with the various p2p networks, why not?
There are four major p2p networks - Gnutella, Fasttrack, Edonkey and Freenet. Freenet is a publishing network, the others are all file sharing networks, which is what we're concerned with. Gnutella and Fasttrack are the two largest networks. Edonkey2000 specializes somewhat in large files however, so if it's 100MB+ files you're after, Edonkey2000 is on par, and perhaps better in some ways currently, than Gnutella and FastTrack. Edonkey2000 and FastTrack are closed networks - closed source server/clients and closed protocol networks. Gnutella is open, the protocol is open, and robust open source server/clients like Gnutizen exist for it. This gives Gnutella advantages, such as a choice of multiple clients for virtually every platform, as well as other advantages. Of all the file sharing p2p networks, Gnutella is my favorite and I believe Gnutella is the future of p2p. I think competition amongst p2p networks is healthy however as every can steal everyone elses best features and innovations.
Gnutella files are hashed for HUGE with an implementation called sha1. You can read about the technical aspects here if you wish to. These hashes are useful for finding additional sources for found files so that one can resume downloads or download from multiple sources with integrity. Actually there's one caveat to that - if you are downloading from an honest client, it will tell you a truthful hash of it's data. A client could give a fake hash and then send other data - but you would have to directly download from the rogue. How clients deal with this is even more complex - Gnucleus downloads overlapping chunks - it downloads 1-2000 from one source and 1950-3950 from another - if 1950-2000 do not match from both sources, it marks both chunks as possibly bad. You can read more details about this in Gnutella documentation and discussion groups.
Aside from this usage, these hashes can be used externally as well. Currently, Shareaza, which is a pretty good servent (server/client), is the only one from which URI's (URL's) can be cut, paste, and clicked through to from the web/IRC/e-mail etc. I'm sure clients like Gnucleus will have this ability in the future. If you had Shareaza installed, you could click on a link like this - which is an, I believe uncopyrighted, Chomsky speech, Shareaza would launch (if you don't have it already) and would ask you if you want to download the file or cancel. If you select download it would connect to GnutellaNet, search for the file, and if it found a host which has the file and which has upload slots open, would start downloading it. Actually, the Slashdot "allowed HTML" filters are pulling some necessary characters out of the above link, so you can't click through on /., although you can on a normal HTML web page. I can't post an URL that you can cut and paste either since /. forces a line break after 40 characters or so, if /. didn't do this and the below was in one line, you could have cut and paste it into Shareaza, I'll show it here for an example, imagine this was all on one line for you to cut and paste, or better was just a link to cut. You can do this on any HTML page, it's just the Slashdot HTML parsing messing it up -
gnutella://sha1:HXHSJ6ATN3LQCCIOBGUEWV5FFCKP2KBL/N oam%20Chomsky%20-%20Audio%20Book%20-%20Noam%20Chom sky%20-%20At%20Johns%20Hopkins%20University.mp3/
I would give the above link a rank of "7", because the last time I searched for it, 7 people replied they had it. I have several hashes with a score of 80-90, meaning you're more likely to find or download them, but the above is the only one I have that I have enough confidence in that the data is uncopyrighted.
So now you have one link to a hash - where can you find trusted sources which tell you what hashes are ubiquitous, making it more likely you will find and be able to download them, are rated in terms of quality by multiple sources and so forth? Well for Gnutella, one source is Bitzi. You can search for data there, see what is the most reported, what things are ranked, see comments, see bit rates, file sizes, artists, titles and so forth. It is very cool. Most interaction is from Bitzi into Shareaza (the only Gnutella client that does this currently), but from within Shareaza if you find a file you can type "find Bitzi ticket" and see if the hash has been reported on already. One thing which I'm sure will soon be remedied is that Bitzi does not have direct clickthrough to Shareaza, I have to copy hashes to my clipboard, edit them to Shareaza format and paste them into Shareaza. I'm sure soon Shareaza and Bitzi will agree on a standard and remove this step so I can just click through. And soon Gnutella clients other than Shareaza will have this ability as well. Bitzi's data base is open to the public, you can read their open data policy on their web site, anyone is free to use the data as long as Bitzi is credited. Bitzi.com is the only large, good source of Gnutella hashes I know of. Edonkey2000 has had hashes for a while, and has several good, large sources for hashes such as Filenexus.com and Sharereactor.com. Since Gnutella is a larger network and it just implemented this ability, I'm sure it will have even more and larger sources in addition to Bitzi. And since Bitzi's database is open to all, if Bitzi goes down someone else can open the database up again somewhere else. I'm sure in the future, even the trusted rating system will become distributed.
Gnutella uses the sha1 hash, Edonkey2000 uses another, and Kazaa uses another. Web sites exist that centralize the hashes for these. I'm sure soon web sites will exist that coalesces and translates all of this. Gordon Mohr, who runs Bitzi, wants to see a universal p2p tag, magnet, which is agnostic about which p2p backend it is using. Why not? We can have a tag that we (more or less) trust, and can retrieve the data from Gnutella, FastTrack, Edonkey2000 or Freenet. It's a great idea.
I am less interested in other p2p networks than Gnutella but I'll discuss their hash and meta-data web sites a little. The most interesting one is Edonkey2000, which as I said, has come to specialize in large (100MB+) files, and which I have to admit is a pretty good way to download large files with some guarantee of integrity. There are two major meta data sites for Edonkey - Filenexus and Sharereactor. There are other sites as well. If you're looking for large files, they do a pretty good job currently.
Fasttrack (Kazaa) uses hashing, but the Kazaa client is not that friendly to this kind of thing. So Fasttrack/Kazaa is more of a pain in this respect than any of the others. Nonetheless, you can download a program called Sig2dat that helps you copy and paste FastTrack's UUhashes. The you can go to web sites that give meta data, rankings and so forth to these hashes. Kazaa/FastTrack is unfriendly to all of this so it is much more of a pain - you have to install files that help you do this (sig2dat), you have to restart Kazaa for every file you want to download in this fashion and so forth. With Kazaa, all of this is a hassle, it's much easier to do in Gnutella (Shareaza), Edonkey2000 and Freenet.
And lastly there is Freenet. Freenet has been using hashes since the beginning. Freenet is a publishing network, not a file sharing network. That is nomenclature - file can be and are shared on Freenet - from html pages to gifs and jpgs, to mp3's, to avi's, although Freenet is the last place you want to look for large files, Freenet's bailiwick is small files. Even a 4 meg mp3 on Freenet is harder to find and slower to download than any of the other 3 networks. Small files are the domain of Freenet - HTML pages and images. The Freenet protocol is more rich than the other protocols in many ways, thus you have more than just audio and video files going over it, you have third-party applications utilizing it, thus you have things like Fproxy (A world-wide web equivalent which runs over Freenet) and Frost and Freenet message board (Usenet equivalents - both for text and binaries). One benefit of Freenet is it's hard to crack down on people for publishing information - because no one knows who data is coming from or going to. This is not absolute, but it is much safer than the file sharing p2p networks in this respect. Also, people publish data, so that what you put out is stored somewhere other than your computer, and if your web site or shared file or whatnot is popular, it will be out there all the time without your node needing to be connected. Freenet also used a lot of signatures, encryption and so forth, so you already have a pretty solid trust mechanism and data integrity. It depends on what hash is used - KSK hashes are insecure, but SSK are signed. So with Freenet there are large upsides and downsides - the downsides are downloading is much slower, since you're downloading via intermediaries, not directly, and the larger the file, the slower the download and the harder it is to find a complete file. The upshot of Freenet is that there is less of a legal risk with regards to sharing/publishing data, data is signed by the publisher which greatly helps integrity, and also Freenet's protocol allows extensions other than file sharing with it's own internal network - web and Usenet like applications, and I'm sure there will be more in the future.
Why don't they put a way of doing crc checks into their software? This way if someone downloads a file and it happens to be one of these files then the user can flag it using something similar in function to RIP (the routing protocol) a list of all the user's flagged files could be transmitted to anyone he downloads or uploads from at the same time and added to his list.
Course then at that point Overpeer could do the same with legit files but then there could be moderating set up.
Ok this may not be a great idea but hell it is an idea (maybe I should patent it)
And I keep finding the same SPAM over and over again. Often times, a search will reveal the same small file(s) using the exact search criteria you specify.
It would seem to me that if an originator of such bogus files can be absolutely identified, that a peer black-list should be created to block these jokers out.
I know there are some obvious pitfalls to the idea but I am sure the notion can be refined with some careful thought. The list can specifiy the degree of the offense, (spam-bot, looped files and video files that are actually just music, etc) and the client can have a quality filter setting.
Now I know it can just be worked around in some way, but the hard-core hosts of bad files will eventually get blocked to the point that their effort is useless. And while we're at it, we can block out all know MPAA/RIAA IPs too.
Maybe it's a dumb idea... I can't be the first to think of it.
Gnucleus and BearShare currently use a hashing scheme to verify that one particular file is identical to another for the benefit of multisource downloads. If a user would be able to add a hash to a "block" list, these block lists could be updated frequently on the gnucleus web site and downloaded from a trusted source. All garbage files could be simply ignored.
Overpeer.com is getting IP service through Telemerc who, in turn, gets service through Sprintlink.net. Accroding to the Sprintlink.net's Acceptable Use Police , the following are prohibited:
7. Knowingly engage in any activities that will cause a denial-of-service (e.g., synchronized number sequence attacks) to any Sprint customers or end-users whether on the Sprint network or on another provider's network.
and
9. Using Sprint's Services to interfere with the use of the Sprint network by other customers or authorized users.
That's practically a description of overpeer.com's business model. They use their bogus material to interfere with the use of P2P services and to effectively create a Denial of Service attack against P2P services.
I encourage Slashdot readers to contact Telemerc and Sprintlink at helpdesk@telemerc.net and abuse@sprintlink.net respectively and explain (in a civil manner) that you wish them to stop providing services to Overpeer because of the DoS business model.
Never used edonkey/kaaza (running Linux only) or how the latest warez sw, used today is called. My firewall gets lots of hits, were DPT makes it self-evident, that it's one of those progs.
However, I don't get it, if you don't want to pay those heavy overprized CDs, just turn you radio on and don't buy any CD, it's pretty easy.
How do you stop Overpeer and like-minded companies from lying about the moderation points? Why can't they give it +100, CD Quality?
You can't trust the peers to be honest - assume that the RIAA will corrupt the client software.
You can't have a central server that controls the network - assume the RIAA will shut that down.
How about a central server for moderation? It can't stop the peering and doesn't know what is being shared or by who. But it gives out secure (ie public key) certificates to any client that logs on, and then any client can then rate another server anonymously.
To stop the RIAA from just setting up 1x10e5 clients and rating themselves as fantastic, each IP address could be limited to one vote for every peer out there, or something similar. That way 1000 votes from the RIAA are nullified by 1 bad vote from someone else.
Would that work? Its got to protect the privacy of the peers and have no influence over them.
Comments anyone?
Michael Veltman
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
There was a study that came out a while back, which I'm too lazy to look up right now. The test subjects were first interviewed about their thoughts on homosexuality, then watched some gay pr0n while their arousal level was measured. Sure enough, the ones who identified themselves as the most anti-gay in the interviews ended up getting off the most on the pr0n.
I get it. So the RIAA can use those against you in court. Just like insurance companies. Sweet.
Gentleman, you have your targets. I want a clean hit, with no civilian casualties... ;P
::.. check out some Cell Phone Reviews
I think you can still buy music in the unmodified form online, and even at retail stores! Believe it or not, its true, I know some of you have probably never experienced such an event, but basically you get a fucking job. You do some fucking work. You go to a fucking store (physical or Internet) and you buy the fucking music. Stop whining when someone protects copyright owner's interests. You sick bottom feeding pirates.
On another note, this demonstrates exactly how viral p2p networks can become.
scott
Ok, this will be one of the lengthier posts, but if you bare with me, there might be some shreds of information worth digesting in here...
/. over the past year and which would deal with camp no. two. We have the following requirements:
It seems that regardless of what P2P technology emerge, they all have a certain characteristic in common, abuse potentiality. This characteristic needs to be addressed, so that each p2p solution out there (and coming out in the future as well) won't suffer "pollution" effects by certain members of the community, be the effects intentionally inflicted or not.
Primary assumptions:
* All P2P solutions have aggregations of the user entity.
* Each user is to share and consume "high quality" files according to the P2P model.
* No single point of failure should exist for the P2P network.
And an assumption barely bordering on being implemented today, however, as there is an obvious demand for this, it might as well be listed.
* Each user is to be anonymous.
Now, this scheme works well as long as each and every user entity behaves in the spirit of P2P, which would be sharing good quality information/data of the kind the specific P2P network is designed for.
Now to the core problem:
As soon as one or more users start spreading low quality or outright bogus (read misappropriated) information/data the network starts to deteriorate.
Non functional requirements such performance means squat if the data contained on the network is crap. What you possibly end up with in a few years with the current model is a network which is very decentralized and efficient at spreading crap.
In the light of this, it's obvious that the primary concern to address is the "environmental pollution" on the P2P networks.
Now, a few schemes have been proposed and they seem to be in either one of two camps.
Camp one suggest encryption and "seemingly random" distribution of the entire data set, and the current solution symbolizing this would be Freenet.
* The advantage here is that these kinds of solutions would allow anonymity for the end users as well as making it immensely more difficult for a single entity (such as the RIAA for ex.) to shut down nodes and prosecute the owners of said nodes. Also, it's very distributed, so there is no single point of failure.
* The disadvantage is that a model such as Freenet in it's pure form would be unable to use any kind of search engine for finding data and would make rare / obscure data impossible to find since it would deteriorate out of the network (as the Freenet propagation is demand driven). In short, You'd know there are a billion stashed of Brittany Spears on the network but things like Neil Young or a paper on human cloning would perhaps only be available at the original node. This is a way of automatic moderation, however, as it will indivertibly "flag" even valid (obscure) data as bogus (or the consequences will be most similar) it might not be very optimal for a sharing a wide array of data. Also, how would you find Ms. Spears? You'd have to rely on another network for creating lists "by hand" and linking these entries to the Freenet like network. Searching of Freenet would still be out of the question.
Camp number two followers suggest a moderation scheme, which could be applied to most all existing P2P solutions. The security / anonymity and single points of failure is pretty much up in the air as there are a lot of different P2P implementations. The most popular is probably the Gnutella network and will be acting as the role model for this section. This network has no SPF but is rather lacking on security and anonymity.
Advantage: Search capability, no SPF.
Disadvantage: lacking anonymity and thus protection from prosecution.
Ok, now let's address the moderation scheme suggested countless times on
1. No SPF must exist.
2. The moderation must be performed without a central database as dictated by req. no. one.
3. Performance hits should be acceptable. This is something which can be tuned quite a lot, but whatever scheme design is agreed upon will obviously have to take this into account.
4. User overhead must be minimal (as compared to the current model, where no time at all is spent, just "d-click" a set of files and they download and are automatically shared)
These four above are essential for a scheme to work. Personally I'd like to add another requirement as well, but realize that it might not be feasible to implement this in an initial draft depending on how the current Gnutella designs look at present.
5. Users should be anonymous, ie. there should be a severe overhead at revealing a user. relate to decrypting a RSA key or similar, where one breach of the protection scheme does not compromise the entire community, just the single instance being attacked.
I'd love to see some dedicated souls of the P2P community establish a project on source forge or similar, where these issues are being addressed and hopefully the fruit of such an endeavor would result in some kind of standard draft which hopefully most P2P client and server developers would adhere to, propelling these implementations along rather swiftly and as a consequence giving us these feature in a relatively short amount of time.
As a note: I mentioned prosecution above. This isn't necessary related to just IP violations, but could relate to free speech as well. China is a good example where people aren't encouraged to speak up. Also the citizen in the US and many other western countries are being monitored more or less for one reason or another and this will only escalate in scope as time progress (I really hope no one is delusional enough to not realize this). Also note that by "High quality" it refers to the technical definition and not a subjective one.
In a society that believes in nothing, fear becomes the only agenda ~ Bill Durodié
Does audio fingerprinting work? I have seen implementations of it that do not work. Are there any that do? This would immediately solve the problem, if there were a database of audio fingerprints.
The party's oooover! If this ends up killing peer to peer music exchange, the regret I have is how will I discover music I never would've listened to.
That's how I use it.
I download many things but my rule is, if i listen to something more than 3 times, I pay for the CD.
No, really!
Cake or Death? Cake Please!
It should be possible to implement fingerprints for files being shared on P2P networks. For searches that get a few hits, the fingerprints can be checked to find huge differences (such as looping) between files. Legitimate files should have similarities to other hits.
Good idea! only I think you will find that boycotting the files is exactly what the RIAA wants. They want you to boycott the files and buy the smegging CD
Only the P2P people are already boycotting the CD because they are a bunch of theives who steal it via P2P rather than buy it
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I thought a bit about these issues (in a different context) and wrote a paper on a method for assigning identities to network participants in a fully peer-to-peer way using cryptographic techniques. The basic idea is to make identity generation computationally expensive and independently verifiable, so that you know without having to trust any third party that the user in question spent a significant amount of resources to create their identity. Though these identities are pseudonymous (they won't say "RIAA", unfortunately), they are associated with the user's behavior through message signing, so it becomes easy to build a blacklist of users that you don't like. In certain situations, you can even share unforgeable evidence of misdeed with others. With this as a start, I don't believe it's infeasible to do things like you describe...
Check it out:
http://www-2.cs.cmu.edu/~tom7/papers/peer.pdf
Seems pretty fair to me, at least they're acknowledging the technology by using it to accomplish their aims. Of course, now that it's public knowldge, those who know about it and want to avoid it will be able to do so.
Becuase homosexuality is a crime worse than murder or criticism of islam in most muslim countries and punishable by death.
If the men are going around getting each other off they don't produce as many little jr. jihadis.
The whole muslim system is based around breeding as many muslims as possible. 4 wives with 10 kids each, oh ya that's a lot of little jihadis...
Of course trying to outbreed your enemies is just gonna bring suffering on yourself as your money is spread thin and disease and famine spread, but hey muhammed was schizo who thought he was having conversations with god not a sociologist so you can't blame him if his religion is a little backwards...
Well how exactly did they measure their rate of arousal? If you make me watch videos of people eating a fat log of shit or some other disgusting crap my adrenaline and heart rate is probably going to go up?
I mean unless they slapped a monitor directly on the dudes pecker i don't think that's all that reliable.
You're forgetting the other side of the coin. (Some of) RIAA's clients could give bad votes to good files, nullifying positive votes by others, and making the whole rank system worthless.
- Tal Cohen
I wrote something about this at the bottom of another story, but it was WAY at the bottom, so no one read my comments.
You have to remember that generating certs is a very cpu-intensive process and is probably not too scalable. Therefore, I think you have to generate the certs only during the signup process.
However, the user IDs would be loosely (or not at all) tied to physical identities. This gives anonymity while minimizing resources needed (and risk of DoS attacks).
Also remember that the entire point of the central server is to act as a trusted third party. That means it should authorize "moderators" and assign authority to p2p users. If they go down in a legal battle, it would be possible to do a Ben Kenobi and live on. That is, they can give their authority to someone else so that the network does not die. Otherwise we could use the web-of-trust model and generate our own certificates which we sign for each other. Though IANAL, it may be possible to arrange the role of this server so that it won't get into Napster-trouble and get shut down.
Unfortunately, a peer-to-peer network with a centralized authority is not peer to peer! This creates a single point of failure and a stronger legal liability...
The solution is really very simple. All people have to do is set their download directory different than their upload directory. Just because I download something, I don't want to automatically offer it to the world. What if it had a virus? Doing it this way I at least have the chance to clean the file before letting anyone else have it.
What no one seems to have mentioned, is that the copyright hold is RELEASING songs to the public that it owns! Even though it may only be a few seconds worth...
;-) Even if there is not looped version available for a particular song, there's no way you could know that before downloading and listening to several versions of it...
Astonishing... the possible legal issues.
If nothing else, you could say they have been using P2P networks where illegial trading is 99% of the the traffic, to promote their own music. In other words, they've contradicted the ideas that they've testified to in court.
Also, does that make the few seconds being made available into public domain? Can I mix those into my own music for free? Surely they can't retain copyright while making it easilly available.
Does that have any effect on the legality of downloading the full song? Surely you were just trying to download the looped version and just happened to get the full version
Oh, and besides what has been said, FreeNET/GNUnet systems are not necessary. We still need a system which allows a lot of anonymous people to download from a lot of other people they don't know. FreeNet/GNUnet are no better than FTP sites in that regard.
Oh, and if you want to host copyrighted files but don't want to get sued, zip each of your files, and set a 1 or 2 digit password on it. You could include an unencrypted readme in each zip that says that very thing. This means that RIAA/MPAA would need to resort to illegial tactics to discover if you were actually hosting any illegial content (making it inadmisible).
Don't want to get a lot of spoofed results? Check the sha1 hash of the majority of the files before you download, don't automatically share files you've downloaded until you've opened them, then more them into a shared folder.
And don't forget, you can BLOCK THE SOURCE IP ADDRESS of all those morons sending out crap. A public block-list could be made available at gnutelliums.com or gnutella.co.uk . It's really not possible for a big corp to just up and change their range of hundreds of IP Addresses every month or so.
Beyond that, add download/upload queuing, and message passing (so that I know I'm in the queue after 10 others) and Gnutella will be fine for another half-decade.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
That's the problem with running a service that's (for the most part) black market...when someone starts fucking it all up with counter-attacks, there's really not a lot of recourse.
... not all artists trying to get exposure have signed recording contracts with the RIAA, or with anyone for that matter, and some use p2p networks to get their material heard by as many people as they can in the hopes of building name and brand recognition).
... the RIAA (and MPAA, who are the ones involved in the dummy DivX nonsense) will find themselves contributing to their own demise in any number of ways as they conduct attacks against basic internet protocols, be they p2p or client-server.
Copyright is irrelevant. This is a premeditated Denial of Service Attack against a service that may, or may not, be facilitating the sharing of copyrighted material (and is likely providing a conduit for both
What if this attack were against the entire http protocol throughout the internet, taking down web pages everywhere because a few were trading copyrighted material illegally? Would we tolerate it? Absolutely not. Not even if for every legitimate, google or slashdot style website there were ten websites trading Warez and mp3s.
The act of DOSing a service is illegal (at least in some places), regardless of whether it is a copyright cartel dinasaur leading the attack to protect their outdated business model, or script kiddies and l337 h4x0rs defacing or DOSing their least favorite corporate website to express disdain.
Gentoo, Source Mage, Debian, and other GNU/Linux distributions that use the internet to display information may well adopt p2p methods to eliminate bandwidth bottlenecks, particularly during the release of new versions of popular packages like Gnome, KDE, Mozilla, and Open Office. If Microsoft were performing such a DOS attack there would likely be people facing fines and perhaps jailtime.
This is an attack on the Internet itself. FTP, http, scp, all of these can be used to share copyrighted material. Shall we allow cartels a free hand in making those protocols unusable?
There are legal remedies for prosecuting copyright violation. There is absolutely no excuse for this kind of illegal activity in the name of 'protecting copyright', and while there will undoubtably be technical solutions to much of this kind of thing (anonymous GPG signatures and webs of trust, etc.), the bottom line is that you cannot have the majority of civilization constrained by one set of laws that make these sort of attacks illegal, while allowing another segment of society to engage in this sort of activity simply because they argue it protects their business interests.
I agree with the general sense of your post
The Future of Human Evolution: Autonomy
On second thought, maybe we need the technical upgrades in software ASAP. This concept of boycotting the product is too hard for some people to understand.
...is going to be stupid enough to leave bogus files on his HD? You listen to it...if it's shit you delete it! No more bogus file being shared! Problem solved!
Or is this going to be like the proverbial pissing contest where hidden under the straw inside the barn is an electrified metal plate and after you get zapped, ou don't want to tell the other guys outside waiting for their turn to compete because they'll laugh at you? So you say nothing and let them get zapped to!
You're using her as bait, Master!
Comment removed based on user account deletion
However, given a choose of evils, I would prefer these DoS attacks rather then legislation. On the other hand, however, couldn't these DoS attacks be considered illegal, or hacking, or terrorist acts by already too broad US legislation???
I hadn't thought of that, but I suppose injecting stuff like that into the network is a form of denial of service attack.
It's interesting, also, that a company which has to know that it will incur the electronic wrath of computer geeks everywhere, is foolish to run such an insecure webserver:
www.sk.com appears to run IIS on Windows NT.
www.overpeer.com appears to run IIS on Windows 2000. (I assume www.overpeer.com is theirs, but whois was inconclusive and there's a directory listing denied message up at their document root. Heh.)
Note that sk.com and therefore Overpeer both appear to operate out of third-world countries (Korea, China, whatever) and therefore are essentially immune to US-based prosecution for their network attacks, and, I'd imagine, immune to US protection from network attacks.
They're idiots and won't last very long.
Fire and Meat. Yummy.
Comment removed based on user account deletion
You want to publish a file.
2> Your system generates a public-private key pair for that file. This is *slow* because it's a big key.
3> Your sign the file. (actually, the hash of the file)
4> Optionally, you generate additional keys and re-sign the file.
5> You keep one or more of these keys. Not the first few, though, because that would identify you as the first person to sign this file.
6> You release the file on to the network.
When somebody downloads the file, if it's kosher, they:
1> Generate a key for the file.
2> Add the key they just generated to the file, sign the file, and every signature on the file.
3> Make a file, with all of the other signatures they signed, available to the machine you just downloaded the file from and to the network in general.
When you're searching for a file, you:
1> Find a file you think meets the search criteria you have.
2> Search the network for signature files for that file.
3> Down load them and check how many valid signatures the file has before you download it.
Now, here's the clever bit: when somebody asks you to download a file, you ask them for signatures: "Show me a file which contains a list of signatures to a key which you hold the private key for (i.e. x signed by y signed by z signed by x).
Each host answers download requests in a "most-signatures-first" format, and **never** honors the same signature file twice.
So, where does this take us?
1> Signatures simply attest that a file is what it says it is. Because the first N signatures are from keys you throw away, there is no evidence you uploaded the file.
2> Reputation is built on having signed a file which is what it says it is. Reputation is *diffuse* - because I sign every file with a different key, each act is atomic: I can't transfer rep. from one file to another.
3> You have to search for your credentials on the network, just like anything else: but only you can use them.
4> Fraud is quite possible: you can generate an endless number of keys and use them to garbage-sign files and propagate junk. However, and this is the key: can the RIAA afford to muster enough computing power to fight against a million hosts?
That's the key: reputation of a given file directly relates to the amount of computer power spent signing it.
You get a benefit from investing that power: first access to files on other machines.
They don't get any benefit at all: it's just a cost, and there are a lot more of us than them.
Finally, reputation is based not on making files available, but on reviewing them, which is clearly legal if you don't make the file available for download too - hence "third party review" becomes a way of building "karma" for the downloads you want.
That's clearly a desirable trait in a P2P system.
Hexayurt - open source refugee shelter,
perhaps you meant overPEER piddling files onto p2p networks?
since it is OVERpeer one would assume it's piddling onto instead of into?
code heads.... would it be possible for the software the read the file being downloaded, and check to see if it is looping over the firsts 20 seconds or so, and then alert you virus software style?
It could automatically stop the download, look for another file for you, and send that users name to a database as a bad file carrier.
pick this one apart please...
There's nothing Intelligent about Intelligent Design.
Most clients let you sample a file as it's downloading. Just listen to them as you are downloading them.
Also, some way needs to be incorporated into Gnutella to allow blackholing of IP's (at least personally on your client) that do this. Overpeer HAS to have a large network pipe somewhere (with a fixed IP) to be doing this from...
If there were some way to checksum MP3's, that could also be a way around it.
=== The price of freedom is eternal vigilance
While freenet is much too slow and problematic at this point for a vibrant P2P file sharing network. What about using it to perform the central server functions of such a network or for that matter any central server based function that might otherwise be subject a police state's laws and shutdown. If we use it for indexing only, it would not anonymize the IPs of the people sharing but it would make the list unstoppable, basically the best of both worlds.
SMILE
1) Why doesn't someone build a distributed.net client similar to the ongoing rc5 crack effort but for the specific purpose of bringing down things like www.sk.com, the Chinese firewall, etc?
2) someone mentioned signing up their email addresses for random mailing lists on the net. How about multiple people emailing them 25MB files. This should fill up their mailservers quickly and stop legitimate email.
3) How about finding the host(s) that are uploading the bogus files and everybody just ping flood it?
All you need is to have them cryptographically signed under a psuedonym. Pretty soon people will find out which psuedonyms to trust and which to not.
Unfortunately I don't think this will really work too well. If the bogus files are simply repeated sections of a song or silence, then surely there's a pretty easy way to detect them and have them not listed in a search. I'm sure somebody will hack the P2P clients (kazaa, audiogalaxy, etc.) to do this. Or just have the client detect when it's downloaded the same x bytes 10 times and stick the file in a separate bogus folder, like incomplete files are usually stuck in an incomplete folder.
Perhaps this is redundant, although I did skim the comments already posted to try to make sure it wasn't.
"Caffeine is not an option. Caffeine is a way of life."
Now we know who the enemy is! Hackers and crackers, get hackin' and crackin' Take the suckas out!
How ya like dat?
This action by overpeer, at the behest of the RIAA and the labels is harassment of music fans. What do they hope to gain by angering us? They stand to lose a great deal more. I call on everyone to Boycott the recording industry. Don't buy CDs, except used ones, which they get nothing from. If we put the corporate robber barons who hold the recording industry hostage out of business, then people who do it for the love of music can take the industry back.
The Uncoveror: It's the real news.
attack this like spam or a virus:
scan files for this 'loop' (i have never encountered it) or for a known checksum of a bad file (which would be gpg signed from some niffty person) which is auto downloaded.
seems like a small perl script to me.
members are seeing something, your seeing an ad
I'm sure these dumbasses at Overpeer are simply looping the data without adding any additional variants. It should be possible for P2P networks to intercept this and terminate downloads quickly.
MP3 transforms audio data using MDCT windows of 576 samples each. So unless the length of the looped data is exactly a multiple of 576 samples, quantization will introduce slight changes from one repetition of the data to the next. Besides, it wouldn't take much work to add some low (< 48 dB) noise to fool the quantizer into making slight rounding differences from one repetition to the next.
Will I retire or break 10K?
If files are looped, definitely the downloading software could spot the loop by analyzing the data and sounding an alarm as soon as the data repeats...
It's a bit harder than that. MP3 lossy compression will usually introduce slight variation in the exact composition of the signal unless 1. there hasn't been any hiss added to cause slight rounding differences in the quantizer, and 2. the repeated length is an exact multiple of the 576-sample MDCT window.
You have to do comparisons in the spectral domain and allow for a margin of error. Some companies are selling music hashing products based on this technology, so it must be possible, even though it may not be straightforward.
Will I retire or break 10K?
If clients checksum the file before uploading it all it would take is a distributed list of checksums. the first submission would generate a checksum which could then be uploaded to a website and mirrored to manage bandwidth.
when you do a search, check the results against the checksum database site. If the file has been reported by enough people as bad then either don't download it, don't list it in the search results, or flag it as such.
This method could easily be used to prevent viruses and ensure acuracy of content.
comment directly in my journal
would it be possible for the software the read the file being downloaded, and check to see if it is looping over the firsts 20 seconds or so, and then alert you virus software style?
Yes, it would be possible to detect repetition using sophisticated audio hashing software, but some musical genres thrive on (controlled) repetition.
Will I retire or break 10K?
Damn! I thought Overpeer was a new dj company with some kickass remixes (I burned quite the collection onto cd yesterday).
Oh well, hopefully someone won't flood Kazaa with Overpeer fakes! Now that would suck!
E
Of course if that catches on, Congress might eventually decide that audio fingerprints are infringing after all.
Actually, these audio hashes already do infringe somebody's exclusive rights, but not the copyright owner's. Most of the audio hashing algorithms are patented out the @$$ in the United States and other jurisdictions that allow patenting of a generic computer running a specific algorithm.
Good thing patents last 20 years, unlike copyrights, which last effectively forever. No sound recording will enter the public domain in the United States until 2068, when copyrights on works from 1972 (sound recordings were first granted Federal copyright in 1972) are supposed to expire, barring a Chastity Bono Further Copyright Term Extension Act.
Will I retire or break 10K?
Take a look. It's languishing.
This solves nothing. In general, trust is not transitive.
Advogato seems to have developed a trust metric that does work transitively.
The question then becomes, how does one enter the community in the first place? On Advogato, you can't post anything, not even comments to stories, until you have already been certified to at least level 1 by another level 1 user. (There are three levels.)
Will I retire or break 10K?
the parralels to epidemic theory are interresting. OverPeer is like the first aids monkey that some horny african dude f*cked in the ass and now its a problem all over the world.
This argument is inconsistent. You legitimize DeCSS because it helps people use "legally owned" DVDs. This implies that the law is the source of your morality. But distributing DeCSS is illegal, a violation of the DMCA. So obviously you have less respect for the DMCA than for traditional copyright. Therefore, whether something is legal is not really your criterion.
I think the generally accepted term for this is crapflooding, not Denial of Service.
YMMV.
seeing as how most people don't listen to Orbital, much less realize it is sampled form Worf (Star Treck).
These companies keep fighting p2p file sharing, when more of the piracy probably comes from people actually burning copies of CD's that they bought. If they make p2p unusable, people will have to resort to getting free music by copying entire CD's from friends rather than just downloading a song or 2 that was all they wanted in the first place.
if it takes a day to generate your pgp private key, the riaa will just buy an ASCII WHITE to generate a shitload of them
So, don't destroy the file content completely, only change some subtle details so that you won't detect the difference until you've heard the original version somewhere. Make people on the believe that the version they have is the real, unmodified version, but remove e.g. some vocals, samples etc. Create a "P2P remix" that sounds very realistic, but has something missing when compared directly to the CD version.
Of course, this has already to be done in the recording studio. But if the user detect that the songs they download may not be the "real" ones, they will quickly distrust P2P.
Don't drink and su! antidisestablishmentariazationally
He has a good point!!
..I guess it would take a couple days to code "review" feature in. Once you download a file from a particular client, you can remotely vote, for its quality (host will accept votes from clients that downloaded, probably by supplyoing a cookie with each session, that is kept on the host for some time) Records that are getting many negative votes will automatically "quaranteened" and taken off downloads. This will not stop malicious hosts, but will slow down spreading of corrupted files.. Should I patent this? ;)
<^>_<(ô ô)>_<^>
Lawrence Lessig said "code is law". Namely, he was talking about code that business', ISP', and government's write on top of standard protocols to regulate our behavior.
But code is also law for us.
We are the one's who write the code for P2P services like Phex, LimeWire, BearShear, etc. Thus, we are the one's who create the "law" for those services.
We have the ability to code away this problem, and any other problems presented to our P2P utopia.
So how do you deal with bogus files? Well, one way to do it is by detection. Write protocols into P2P programs to detect bogus music files. How do you do that? By reverse engineering their technology. Lets say that their "bogus" files appear the same size as normal files, but about 1/4 of the way through have a hitch in them w/c causes your player to play over the part over and over again. So you write code to detect that.
Another way to deal with it is the same way we deal with spammers: block unreliable sources. If a domain-name for e-mails often gives you spam, you block that domain name. Same thing w/ P2P networks with a little bit of ingenuity.
The only thing to worry about is the red queen effect; namely, we take counter-measures to their measures, and they take counter-counter measures to our counter-measures, and so on and so forth. This results in a lot of wasted time for us, and also will eventually make our code bloated.
Another alternative is the legal route. Contrary to what some say, there is a legal option. Their actions garble up the P2P network, which will negatively affect many who are sharing non-copyrighted files. Hence, a basis for a legal restraint.
The other possibility is a counter-attack. They've screwing up our networks, so we screw up theirs and their systems. The best defense is a good offense. This would be DoS attacks on their servers, or virus'/worms aimed specifically at their computers.
Another possibility is very simple. Rather than trying to weed out untrustworthy sources, try to find trustworthy ones. This is much easier as you'll get cooperation. Real netizens of the P2P community may put tags on their files, as identification, which would securely identify them; then, those files would be rated on two categories -- quality and completeness.
social sciences can never use experience to verify their statemen
Tome to DOS these dick's computers into a pool of molten metal...
Ok, I looked at OverPeer's parent company's website, SK.com. Apparently SK also owns SK Telecom which surprise surprise, has a BIG friggin network. Want to bet they're going to leverage some of this address space for their burgeoning new company? My suggestion is to black hole this huge frickin network. You can do what ever you want to your own machines, so I suggest adding "route add -net 63.106.192.0/18 127.0.0.1" to your rc.local, rc.net or autoexec.bat if you sit down to pee. If you run a web server add this command to that server too. If enough peeps do this, they're business will suffer (lets see them operate a telecom that can't get to a bunch of sites). And it's legal. Propagating that route to a misconfigured ISP would be illegal and I DO NOT ENCOURAGE ANYONE TO BREAK THE LAW. You are simply denying this company and it's clients access to your system for political reasons and as a side benefit, may get fewer bogus files on Gnutella.
http://www-2.cs.cmu.edu/~tom7/papers/peer.pdf
...
.sig
The problem isn't the evil master mind making salt for his henchmen,
the problem is the evil master mind who makes thousands of mules. (Identities for himself.)
Signed salts do not prevent the mule problem.
I don't believe you can so easily tune the amount of work needed to create an Identity either.
The RIAA probably has over 100 computers that sit idle every night.
If it takes 8 hours to make an identity, then they could churn out over 100 every day, virtually free.
With backing, the number could easily be 10,000 a day, or even more.
If the EMM isn't constrained by legality,
then he releases a virus and generates millions of keys in a single day.
If variable strength keys can be used,
then in the processes of generating a strength K key,
the EMM also generates 2 strength K-1 keys, 4 strength K-2 keys
I think it's better to concentrate on whitelisting than blacklisting.
-- this is not a
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Drop packets from them. Get everyone you know to drop packets from them. Get your company to drop packets with them. Complain to their upstream. Send them email telling them how stupid they are.
Couldn't P2P clients use a 'shit-list' method to ignore files from companies like Overpeer?
There's no place like ~/
...Just build in something to P2P client applications which is aware of Overpeer's IP addresses. If there's unused bandwidth, download anything they're offering (and just throw it away). Drive up their bandwidth costs while simultaneously ignoring the junk they're sending out.
Easy.
Cheers
-b
GNU project page
Some of) RIAA's clients could give bad votes to good files, nullifying positive votes by others, and making the whole rank system worthless.
My idea was to only give one vote per IP address - so that making multiple votes from one site would have no extra benefit.
Michael
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
Actually, the correct answer is the U.S government was responsible for the 9/11 attacks, along with the U.S media.
So great. we are going to create a web of trust that a law suit can force the P2P network providers to invert and therefore blocking all wanted content that might actually block legit uses of P2P.
Creating this web of trust, might actually self-destruct the entire P2P system by creating
a system that can be used to stop file sharing.
Kazaa and programs based on it's code (Grokster?), have a rating system that allows you to rate a file (very good, goo, bad, very bad). I'm not sure if it average the ratings of all the users who have it and who have rated it, so it's not fool proof. In addition...not one ever really pays attention to the ratings, most don't even know their there. But you do have the ability to filter results. ***BTW, while I was testing all the differen't P2P apps, Morpheus installed a little "shopping helper". The jist of it is that certain websites (mainly retail sites), when visited prompt a "would you like to view special offers from this company" box, and this is supposedly intented to list offers on the page which wouldn't otherwise be availabe (i.e. discounts). In reality, I'm sure the program is just used to create a user profile to tailor the retail site based on your downloads. However the weirdest thing is the ATT Broadband has a partnership with this spyware company, so you get the prompt when you go to their site. Isn't it odd that ATT, who is suppose to be outraged over P2P and bandwidth consumption, is paying a spyware company associated with them? It's the equivalent of Sony making mp3 players and bitching about their poor record sales.
Only the meek get pinched. The bold survive.
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA !
That is fucking hilarious!!! When is your cameo on Letterman?
The record companies are nothing more than money grubbing pricks who bend both the artists and the public over the table and give us a right royal shafting. The only difference between the a record companies office and a cactus is tha on a cactus the pricks are on the outside.
Don't take life too seriously. It is only a temporary situation. Usual disclaimers apply.
Thanks for reading...
...
> The problem isn't the evil master mind making salt for his henchmen,
> the problem is the evil master mind who makes thousands of mules. (Identities for
> himself.) Signed salts do not prevent the mule problem.
The entire purpose of computationally intensive identity generation is to prevent the "mule problem". Are you saying it doesn't? Why not? While it's true that the RIAA has some computational resources to generate keys, it does in fact cost them resources to generate them. Users of the network can tune the strength of the keys they accept to a level appropriate for the amount of effort that attackers are using against the network.
> I don't believe you can so easily tune the amount of work needed to create an Identity
> either.
Why not? It's easy to double the amount of work needed by increasing the number of colliding bits by 1.
> If variable strength keys can be used,
> then in the processes of generating a strength K key,
> the EMM also generates 2 strength K-1 keys, 4 strength K-2 keys
Yes, but they're all the same key, since a key is the public key part, not the public key and its salt.
I downloaded one of these looped mp3s and preferred it! Nothing but chorus!!
Signing salts is a way to insure that the person who generates them knows the private key of the identity.
This makes it hard for someone who is interested in protecting their identity to get someone else to do the work,
but does nothing if they do not.
Mules don't care if their master knows their private key. Because the real problem isn't in adjusting the difficulty of the problem, but in deciding what difficulty is appropriate.
My mother uses a 133 Megahertz PC.
I use an 800 Megahertz PC.
At work I have access to more than 60 PCs, all
more powerful than my personal computer.
So what's the "right" computational difficulty?
If it takes my mother 6 hours, it takes me 1 hour
at home, and 1 minute at work.
Note that I'm not saying that setting the computational difficulty is impossible,
just that it's a non-trival task, with certain inherent weaknesses.
That assumes that EMM creates keys the way you've outlined.
But he doesn't. Instead he generates a new key and a new salt each time he gets a success.
For example, suppose you wanted to generate keys of stength 32, but knew that strength 28 was acceptable.
You start testing salts until you find one that's strength 28 or more.
You record the result, pick a new key, and continue.
By the time you find a strength 32 key, you will have (on average) found 2 strength 31, 4 strength 30....
> For example, suppose you wanted to generate keys of stength 32, but knew that strength 28 was acceptable.
> You start testing salts until you find one that's strength 28 or more.
> You record the result, pick a new key, and continue.
Good point. Of course, RSA key generation is probably a million times slower than MD5 hashing, so this isn't really feasible from a practical standpoint. But I hadn't thought of that.
But the major difficulty in generating keys is finding the large primes to multiply together.
Finding 2 primes for one RSA key may be 1,000,000 times harder, but with 101 primes, you
can generate over 50,000 keys. Generating a million keys is only about 1,500 times as hard as generating one.
(and if a square root reduction in difficulty isn't enough, you can use three primes for the key)
-- this is not
> Even if generating a key is a million times harder, when you're testing 2^24 salts per
> key, that only makes the overall problem 7% harder.
Oops, you're right, I wasn't thinking. Anyway, being able to generate lots of weaker keys is only a problem if users trust weak keys (which becomes less likely the more that attacks like this are attempted!)
Dude, I think this is sweet. The only good part of mainstream songs is the hook. I've only gotten one of these, but it sounded awesome as it were. Eminem - Say What You Say, to be specific. But I played it backwards in sndrec32 and I think it had some slow-mo subliminal messages..